import { afterEach, test, expect } from "bun:test" import os from "os" import { Bus } from "../../src/bus" import { Permission } from "../../src/permission" import { PermissionID } from "../../src/permission/schema" import { Instance } from "../../src/project/instance" import { tmpdir } from "../fixture/fixture" import { MessageID, SessionID } from "../../src/session/schema" afterEach(async () => { await Instance.disposeAll() }) async function rejectAll(message?: string) { for (const req of await Permission.list()) { await Permission.reply({ requestID: req.id, reply: "reject", message, }) } } async function waitForPending(count: number) { for (let i = 0; i < 20; i++) { const list = await Permission.list() if (list.length === count) return list await Bun.sleep(0) } return Permission.list() } // fromConfig tests test("fromConfig - string value becomes wildcard rule", () => { const result = Permission.fromConfig({ bash: "allow" }) expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }]) }) test("fromConfig - object value converts to rules array", () => { const result = Permission.fromConfig({ bash: { "*": "allow", rm: "deny" } }) expect(result).toEqual([ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm", action: "deny" }, ]) }) test("fromConfig - mixed string and object values", () => { const result = Permission.fromConfig({ bash: { "*": "allow", rm: "deny" }, edit: "allow", webfetch: "ask", }) expect(result).toEqual([ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm", action: "deny" }, { permission: "edit", pattern: "*", action: "allow" }, { permission: "webfetch", pattern: "*", action: "ask" }, ]) }) test("fromConfig - empty object", () => { const result = Permission.fromConfig({}) expect(result).toEqual([]) }) test("fromConfig - expands tilde to home directory", () => { const result = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } }) expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }]) }) test("fromConfig - expands $HOME to home directory", () => { const result = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } }) expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }]) }) test("fromConfig - expands $HOME without trailing slash", () => { const result = Permission.fromConfig({ external_directory: { $HOME: "allow" } }) expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }]) }) test("fromConfig - does not expand tilde in middle of path", () => { const result = Permission.fromConfig({ external_directory: { "/some/~/path": "allow" } }) expect(result).toEqual([{ permission: "external_directory", pattern: "/some/~/path", action: "allow" }]) }) test("fromConfig - expands exact tilde to home directory", () => { const result = Permission.fromConfig({ external_directory: { "~": "allow" } }) expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }]) }) test("evaluate - matches expanded tilde pattern", () => { const ruleset = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } }) const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset) expect(result.action).toBe("allow") }) test("evaluate - matches expanded $HOME pattern", () => { const ruleset = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } }) const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset) expect(result.action).toBe("allow") }) // merge tests test("merge - simple concatenation", () => { const result = Permission.merge( [{ permission: "bash", pattern: "*", action: "allow" }], [{ permission: "bash", pattern: "*", action: "deny" }], ) expect(result).toEqual([ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "*", action: "deny" }, ]) }) test("merge - adds new permission", () => { const result = Permission.merge( [{ permission: "bash", pattern: "*", action: "allow" }], [{ permission: "edit", pattern: "*", action: "deny" }], ) expect(result).toEqual([ { permission: "bash", pattern: "*", action: "allow" }, { permission: "edit", pattern: "*", action: "deny" }, ]) }) test("merge - concatenates rules for same permission", () => { const result = Permission.merge( [{ permission: "bash", pattern: "foo", action: "ask" }], [{ permission: "bash", pattern: "*", action: "deny" }], ) expect(result).toEqual([ { permission: "bash", pattern: "foo", action: "ask" }, { permission: "bash", pattern: "*", action: "deny" }, ]) }) test("merge - multiple rulesets", () => { const result = Permission.merge( [{ permission: "bash", pattern: "*", action: "allow" }], [{ permission: "bash", pattern: "rm", action: "ask" }], [{ permission: "edit", pattern: "*", action: "allow" }], ) expect(result).toEqual([ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm", action: "ask" }, { permission: "edit", pattern: "*", action: "allow" }, ]) }) test("merge - empty ruleset does nothing", () => { const result = Permission.merge([{ permission: "bash", pattern: "*", action: "allow" }], []) expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }]) }) test("merge - preserves rule order", () => { const result = Permission.merge( [ { permission: "edit", pattern: "src/*", action: "allow" }, { permission: "edit", pattern: "src/secret/*", action: "deny" }, ], [{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" }], ) expect(result).toEqual([ { permission: "edit", pattern: "src/*", action: "allow" }, { permission: "edit", pattern: "src/secret/*", action: "deny" }, { permission: "edit", pattern: "src/secret/ok.ts", action: "allow" }, ]) }) test("merge - config permission overrides default ask", () => { // Simulates: defaults have "*": "ask", config sets bash: "allow" const defaults: Permission.Ruleset = [{ permission: "*", pattern: "*", action: "ask" }] const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }] const merged = Permission.merge(defaults, config) // Config's bash allow should override default ask expect(Permission.evaluate("bash", "ls", merged).action).toBe("allow") // Other permissions should still be ask (from defaults) expect(Permission.evaluate("edit", "foo.ts", merged).action).toBe("ask") }) test("merge - config ask overrides default allow", () => { // Simulates: defaults have bash: "allow", config sets bash: "ask" const defaults: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }] const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "ask" }] const merged = Permission.merge(defaults, config) // Config's ask should override default allow expect(Permission.evaluate("bash", "ls", merged).action).toBe("ask") }) // evaluate tests test("evaluate - exact pattern match", () => { const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "rm", action: "deny" }]) expect(result.action).toBe("deny") }) test("evaluate - wildcard pattern match", () => { const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "*", action: "allow" }]) expect(result.action).toBe("allow") }) test("evaluate - last matching rule wins", () => { const result = Permission.evaluate("bash", "rm", [ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm", action: "deny" }, ]) expect(result.action).toBe("deny") }) test("evaluate - last matching rule wins (wildcard after specific)", () => { const result = Permission.evaluate("bash", "rm", [ { permission: "bash", pattern: "rm", action: "deny" }, { permission: "bash", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - glob pattern match", () => { const result = Permission.evaluate("edit", "src/foo.ts", [{ permission: "edit", pattern: "src/*", action: "allow" }]) expect(result.action).toBe("allow") }) test("evaluate - last matching glob wins", () => { const result = Permission.evaluate("edit", "src/components/Button.tsx", [ { permission: "edit", pattern: "src/*", action: "deny" }, { permission: "edit", pattern: "src/components/*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - order matters for specificity", () => { // If more specific rule comes first, later wildcard overrides it const result = Permission.evaluate("edit", "src/components/Button.tsx", [ { permission: "edit", pattern: "src/components/*", action: "allow" }, { permission: "edit", pattern: "src/*", action: "deny" }, ]) expect(result.action).toBe("deny") }) test("evaluate - unknown permission returns ask", () => { const result = Permission.evaluate("unknown_tool", "anything", [ { permission: "bash", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("ask") }) test("evaluate - empty ruleset returns ask", () => { const result = Permission.evaluate("bash", "rm", []) expect(result.action).toBe("ask") }) test("evaluate - no matching pattern returns ask", () => { const result = Permission.evaluate("edit", "etc/passwd", [{ permission: "edit", pattern: "src/*", action: "allow" }]) expect(result.action).toBe("ask") }) test("evaluate - empty rules array returns ask", () => { const result = Permission.evaluate("bash", "rm", []) expect(result.action).toBe("ask") }) test("evaluate - multiple matching patterns, last wins", () => { const result = Permission.evaluate("edit", "src/secret.ts", [ { permission: "edit", pattern: "*", action: "ask" }, { permission: "edit", pattern: "src/*", action: "allow" }, { permission: "edit", pattern: "src/secret.ts", action: "deny" }, ]) expect(result.action).toBe("deny") }) test("evaluate - non-matching patterns are skipped", () => { const result = Permission.evaluate("edit", "src/foo.ts", [ { permission: "edit", pattern: "*", action: "ask" }, { permission: "edit", pattern: "test/*", action: "deny" }, { permission: "edit", pattern: "src/*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - exact match at end wins over earlier wildcard", () => { const result = Permission.evaluate("bash", "/bin/rm", [ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "/bin/rm", action: "deny" }, ]) expect(result.action).toBe("deny") }) test("evaluate - wildcard at end overrides earlier exact match", () => { const result = Permission.evaluate("bash", "/bin/rm", [ { permission: "bash", pattern: "/bin/rm", action: "deny" }, { permission: "bash", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("allow") }) // wildcard permission tests test("evaluate - wildcard permission matches any permission", () => { const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "*", action: "deny" }]) expect(result.action).toBe("deny") }) test("evaluate - wildcard permission with specific pattern", () => { const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "rm", action: "deny" }]) expect(result.action).toBe("deny") }) test("evaluate - glob permission pattern", () => { const result = Permission.evaluate("mcp_server_tool", "anything", [ { permission: "mcp_*", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - specific permission and wildcard permission combined", () => { const result = Permission.evaluate("bash", "rm", [ { permission: "*", pattern: "*", action: "deny" }, { permission: "bash", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - wildcard permission does not match when specific exists", () => { const result = Permission.evaluate("edit", "src/foo.ts", [ { permission: "*", pattern: "*", action: "deny" }, { permission: "edit", pattern: "src/*", action: "allow" }, ]) expect(result.action).toBe("allow") }) test("evaluate - multiple matching permission patterns combine rules", () => { const result = Permission.evaluate("mcp_dangerous", "anything", [ { permission: "*", pattern: "*", action: "ask" }, { permission: "mcp_*", pattern: "*", action: "allow" }, { permission: "mcp_dangerous", pattern: "*", action: "deny" }, ]) expect(result.action).toBe("deny") }) test("evaluate - wildcard permission fallback for unknown tool", () => { const result = Permission.evaluate("unknown_tool", "anything", [ { permission: "*", pattern: "*", action: "ask" }, { permission: "bash", pattern: "*", action: "allow" }, ]) expect(result.action).toBe("ask") }) test("evaluate - permission patterns sorted by length regardless of object order", () => { // specific permission listed before wildcard, but specific should still win const result = Permission.evaluate("bash", "rm", [ { permission: "bash", pattern: "*", action: "allow" }, { permission: "*", pattern: "*", action: "deny" }, ]) // With flat list, last matching rule wins - so "*" matches bash and wins expect(result.action).toBe("deny") }) test("evaluate - merges multiple rulesets", () => { const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }] const approved: Permission.Ruleset = [{ permission: "bash", pattern: "rm", action: "deny" }] // approved comes after config, so rm should be denied const result = Permission.evaluate("bash", "rm", config, approved) expect(result.action).toBe("deny") }) // disabled tests test("disabled - returns empty set when all tools allowed", () => { const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "allow" }]) expect(result.size).toBe(0) }) test("disabled - disables tool when denied", () => { const result = Permission.disabled( ["bash", "edit", "read"], [ { permission: "*", pattern: "*", action: "allow" }, { permission: "bash", pattern: "*", action: "deny" }, ], ) expect(result.has("bash")).toBe(true) expect(result.has("edit")).toBe(false) expect(result.has("read")).toBe(false) }) test("disabled - disables edit/write/apply_patch/multiedit when edit denied", () => { const result = Permission.disabled( ["edit", "write", "apply_patch", "multiedit", "bash"], [ { permission: "*", pattern: "*", action: "allow" }, { permission: "edit", pattern: "*", action: "deny" }, ], ) expect(result.has("edit")).toBe(true) expect(result.has("write")).toBe(true) expect(result.has("apply_patch")).toBe(true) expect(result.has("multiedit")).toBe(true) expect(result.has("bash")).toBe(false) }) test("disabled - does not disable when partially denied", () => { const result = Permission.disabled( ["bash"], [ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm *", action: "deny" }, ], ) expect(result.has("bash")).toBe(false) }) test("disabled - does not disable when action is ask", () => { const result = Permission.disabled(["bash", "edit"], [{ permission: "*", pattern: "*", action: "ask" }]) expect(result.size).toBe(0) }) test("disabled - does not disable when specific allow after wildcard deny", () => { // Tool is NOT disabled because a specific allow after wildcard deny means // there's at least some usage allowed const result = Permission.disabled( ["bash"], [ { permission: "bash", pattern: "*", action: "deny" }, { permission: "bash", pattern: "echo *", action: "allow" }, ], ) expect(result.has("bash")).toBe(false) }) test("disabled - does not disable when wildcard allow after deny", () => { const result = Permission.disabled( ["bash"], [ { permission: "bash", pattern: "rm *", action: "deny" }, { permission: "bash", pattern: "*", action: "allow" }, ], ) expect(result.has("bash")).toBe(false) }) test("disabled - disables multiple tools", () => { const result = Permission.disabled( ["bash", "edit", "webfetch"], [ { permission: "bash", pattern: "*", action: "deny" }, { permission: "edit", pattern: "*", action: "deny" }, { permission: "webfetch", pattern: "*", action: "deny" }, ], ) expect(result.has("bash")).toBe(true) expect(result.has("edit")).toBe(true) expect(result.has("webfetch")).toBe(true) }) test("disabled - wildcard permission denies all tools", () => { const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "deny" }]) expect(result.has("bash")).toBe(true) expect(result.has("edit")).toBe(true) expect(result.has("read")).toBe(true) }) test("disabled - specific allow overrides wildcard deny", () => { const result = Permission.disabled( ["bash", "edit", "read"], [ { permission: "*", pattern: "*", action: "deny" }, { permission: "bash", pattern: "*", action: "allow" }, ], ) expect(result.has("bash")).toBe(false) expect(result.has("edit")).toBe(true) expect(result.has("read")).toBe(true) }) // ask tests test("ask - resolves immediately when action is allow", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const result = await Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [{ permission: "bash", pattern: "*", action: "allow" }], }) expect(result).toBeUndefined() }, }) }) test("ask - throws RejectedError when action is deny", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { await expect( Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["rm -rf /"], metadata: {}, always: [], ruleset: [{ permission: "bash", pattern: "*", action: "deny" }], }), ).rejects.toBeInstanceOf(Permission.DeniedError) }, }) }) test("ask - returns pending promise when action is ask", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const promise = Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [{ permission: "bash", pattern: "*", action: "ask" }], }) // Promise should be pending, not resolved expect(promise).toBeInstanceOf(Promise) // Don't await - just verify it returns a promise await rejectAll() await promise.catch(() => {}) }, }) }) test("ask - adds request to pending list", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const ask = Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: { cmd: "ls" }, always: ["ls"], tool: { messageID: MessageID.make("msg_test"), callID: "call_test", }, ruleset: [], }) const list = await Permission.list() expect(list).toHaveLength(1) expect(list[0]).toMatchObject({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: { cmd: "ls" }, always: ["ls"], tool: { messageID: MessageID.make("msg_test"), callID: "call_test", }, }) await rejectAll() await ask.catch(() => {}) }, }) }) test("ask - publishes asked event", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { let seen: Permission.Request | undefined const unsub = Bus.subscribe(Permission.Event.Asked, (event) => { seen = event.properties }) const ask = Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: { cmd: "ls" }, always: ["ls"], tool: { messageID: MessageID.make("msg_test"), callID: "call_test", }, ruleset: [], }) expect(await Permission.list()).toHaveLength(1) expect(seen).toBeDefined() expect(seen).toMatchObject({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], }) unsub() await rejectAll() await ask.catch(() => {}) }, }) }) // reply tests test("reply - once resolves the pending ask", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const askPromise = Permission.ask({ id: PermissionID.make("per_test1"), sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(1) await Permission.reply({ requestID: PermissionID.make("per_test1"), reply: "once", }) await expect(askPromise).resolves.toBeUndefined() }, }) }) test("reply - reject throws RejectedError", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const askPromise = Permission.ask({ id: PermissionID.make("per_test2"), sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(1) await Permission.reply({ requestID: PermissionID.make("per_test2"), reply: "reject", }) await expect(askPromise).rejects.toBeInstanceOf(Permission.RejectedError) }, }) }) test("reply - reject with message throws CorrectedError", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const ask = Permission.ask({ id: PermissionID.make("per_test2b"), sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(1) await Permission.reply({ requestID: PermissionID.make("per_test2b"), reply: "reject", message: "Use a safer command", }) const err = await ask.catch((err) => err) expect(err).toBeInstanceOf(Permission.CorrectedError) expect(err.message).toContain("Use a safer command") }, }) }) test("reply - always persists approval and resolves", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const askPromise = Permission.ask({ id: PermissionID.make("per_test3"), sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: ["ls"], ruleset: [], }) await waitForPending(1) await Permission.reply({ requestID: PermissionID.make("per_test3"), reply: "always", }) await expect(askPromise).resolves.toBeUndefined() }, }) // Re-provide to reload state with stored permissions await Instance.provide({ directory: tmp.path, fn: async () => { // Stored approval should allow without asking const result = await Permission.ask({ sessionID: SessionID.make("session_test2"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) expect(result).toBeUndefined() }, }) }) test("reply - reject cancels all pending for same session", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const askPromise1 = Permission.ask({ id: PermissionID.make("per_test4a"), sessionID: SessionID.make("session_same"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) const askPromise2 = Permission.ask({ id: PermissionID.make("per_test4b"), sessionID: SessionID.make("session_same"), permission: "edit", patterns: ["foo.ts"], metadata: {}, always: [], ruleset: [], }) await waitForPending(2) // Catch rejections before they become unhandled const result1 = askPromise1.catch((e) => e) const result2 = askPromise2.catch((e) => e) // Reject the first one await Permission.reply({ requestID: PermissionID.make("per_test4a"), reply: "reject", }) // Both should be rejected expect(await result1).toBeInstanceOf(Permission.RejectedError) expect(await result2).toBeInstanceOf(Permission.RejectedError) }, }) }) test("reply - always resolves matching pending requests in same session", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const a = Permission.ask({ id: PermissionID.make("per_test5a"), sessionID: SessionID.make("session_same"), permission: "bash", patterns: ["ls"], metadata: {}, always: ["ls"], ruleset: [], }) const b = Permission.ask({ id: PermissionID.make("per_test5b"), sessionID: SessionID.make("session_same"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(2) await Permission.reply({ requestID: PermissionID.make("per_test5a"), reply: "always", }) await expect(a).resolves.toBeUndefined() await expect(b).resolves.toBeUndefined() expect(await Permission.list()).toHaveLength(0) }, }) }) test("reply - always keeps other session pending", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const a = Permission.ask({ id: PermissionID.make("per_test6a"), sessionID: SessionID.make("session_a"), permission: "bash", patterns: ["ls"], metadata: {}, always: ["ls"], ruleset: [], }) const b = Permission.ask({ id: PermissionID.make("per_test6b"), sessionID: SessionID.make("session_b"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(2) await Permission.reply({ requestID: PermissionID.make("per_test6a"), reply: "always", }) await expect(a).resolves.toBeUndefined() expect((await Permission.list()).map((x) => x.id)).toEqual([PermissionID.make("per_test6b")]) await rejectAll() await b.catch(() => {}) }, }) }) test("reply - publishes replied event", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const ask = Permission.ask({ id: PermissionID.make("per_test7"), sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }) await waitForPending(1) let seen: | { sessionID: SessionID requestID: PermissionID reply: Permission.Reply } | undefined const unsub = Bus.subscribe(Permission.Event.Replied, (event) => { seen = event.properties }) await Permission.reply({ requestID: PermissionID.make("per_test7"), reply: "once", }) await expect(ask).resolves.toBeUndefined() expect(seen).toEqual({ sessionID: SessionID.make("session_test"), requestID: PermissionID.make("per_test7"), reply: "once", }) unsub() }, }) }) test("permission requests stay isolated by directory", async () => { await using one = await tmpdir({ git: true }) await using two = await tmpdir({ git: true }) const a = Instance.provide({ directory: one.path, fn: () => Permission.ask({ id: PermissionID.make("per_dir_a"), sessionID: SessionID.make("session_dir_a"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }), }) const b = Instance.provide({ directory: two.path, fn: () => Permission.ask({ id: PermissionID.make("per_dir_b"), sessionID: SessionID.make("session_dir_b"), permission: "bash", patterns: ["pwd"], metadata: {}, always: [], ruleset: [], }), }) const onePending = await Instance.provide({ directory: one.path, fn: () => waitForPending(1), }) const twoPending = await Instance.provide({ directory: two.path, fn: () => waitForPending(1), }) expect(onePending).toHaveLength(1) expect(twoPending).toHaveLength(1) expect(onePending[0].id).toBe(PermissionID.make("per_dir_a")) expect(twoPending[0].id).toBe(PermissionID.make("per_dir_b")) await Instance.provide({ directory: one.path, fn: () => Permission.reply({ requestID: onePending[0].id, reply: "reject" }), }) await Instance.provide({ directory: two.path, fn: () => Permission.reply({ requestID: twoPending[0].id, reply: "reject" }), }) await a.catch(() => {}) await b.catch(() => {}) }) test("pending permission rejects on instance dispose", async () => { await using tmp = await tmpdir({ git: true }) const ask = Instance.provide({ directory: tmp.path, fn: () => Permission.ask({ id: PermissionID.make("per_dispose"), sessionID: SessionID.make("session_dispose"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }), }) const result = ask.then( () => "resolved" as const, (err) => err, ) await Instance.provide({ directory: tmp.path, fn: async () => { const pending = await waitForPending(1) expect(pending).toHaveLength(1) await Instance.dispose() }, }) expect(await result).toBeInstanceOf(Permission.RejectedError) }) test("pending permission rejects on instance reload", async () => { await using tmp = await tmpdir({ git: true }) const ask = Instance.provide({ directory: tmp.path, fn: () => Permission.ask({ id: PermissionID.make("per_reload"), sessionID: SessionID.make("session_reload"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [], }), }) const result = ask.then( () => "resolved" as const, (err) => err, ) await Instance.provide({ directory: tmp.path, fn: async () => { const pending = await waitForPending(1) expect(pending).toHaveLength(1) await Instance.reload({ directory: tmp.path }) }, }) expect(await result).toBeInstanceOf(Permission.RejectedError) }) test("reply - does nothing for unknown requestID", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { await Permission.reply({ requestID: PermissionID.make("per_unknown"), reply: "once", }) expect(await Permission.list()).toHaveLength(0) }, }) }) test("ask - checks all patterns and stops on first deny", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { await expect( Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["echo hello", "rm -rf /"], metadata: {}, always: [], ruleset: [ { permission: "bash", pattern: "*", action: "allow" }, { permission: "bash", pattern: "rm *", action: "deny" }, ], }), ).rejects.toBeInstanceOf(Permission.DeniedError) }, }) }) test("ask - allows all patterns when all match allow rules", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const result = await Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["echo hello", "ls -la", "pwd"], metadata: {}, always: [], ruleset: [{ permission: "bash", pattern: "*", action: "allow" }], }) expect(result).toBeUndefined() }, }) }) test("ask - should deny even when an earlier pattern is ask", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const err = await Permission.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["echo hello", "rm -rf /"], metadata: {}, always: [], ruleset: [ { permission: "bash", pattern: "echo *", action: "ask" }, { permission: "bash", pattern: "rm *", action: "deny" }, ], }).then( () => undefined, (err) => err, ) expect(err).toBeInstanceOf(Permission.DeniedError) expect(await Permission.list()).toHaveLength(0) }, }) }) test("ask - abort should clear pending request", async () => { await using tmp = await tmpdir({ git: true }) await Instance.provide({ directory: tmp.path, fn: async () => { const ctl = new AbortController() const ask = Permission.runPromise( (svc) => svc.ask({ sessionID: SessionID.make("session_test"), permission: "bash", patterns: ["ls"], metadata: {}, always: [], ruleset: [{ permission: "bash", pattern: "*", action: "ask" }], }), { signal: ctl.signal }, ) await waitForPending(1) ctl.abort() await ask.catch(() => {}) try { expect(await Permission.list()).toHaveLength(0) } finally { await rejectAll() } }, }) })