mirror of
https://gitea.toothfairyai.com/ToothFairyAI/tf_code.git
synced 2026-03-31 22:32:28 +00:00
a8b73fd754
- Rename packages/opencode → packages/tfcode (directory only) - Rename bin/opencode → bin/tfcode (CLI binary) - Rename .opencode → .tfcode (config directory) - Update package.json name and bin field - Update config directory path references (.tfcode) - Keep internal code references as 'opencode' for easy upstream sync - Keep @opencode-ai/* workspace package names This minimal branding approach allows clean merges from upstream opencode repository while providing tfcode branding for users.
1149 lines
35 KiB
TypeScript
1149 lines
35 KiB
TypeScript
import { afterEach, test, expect } from "bun:test"
|
|
import os from "os"
|
|
import { Bus } from "../../src/bus"
|
|
import { Permission } from "../../src/permission"
|
|
import { PermissionID } from "../../src/permission/schema"
|
|
import { Instance } from "../../src/project/instance"
|
|
import { tmpdir } from "../fixture/fixture"
|
|
import { MessageID, SessionID } from "../../src/session/schema"
|
|
|
|
afterEach(async () => {
|
|
await Instance.disposeAll()
|
|
})
|
|
|
|
async function rejectAll(message?: string) {
|
|
for (const req of await Permission.list()) {
|
|
await Permission.reply({
|
|
requestID: req.id,
|
|
reply: "reject",
|
|
message,
|
|
})
|
|
}
|
|
}
|
|
|
|
async function waitForPending(count: number) {
|
|
for (let i = 0; i < 20; i++) {
|
|
const list = await Permission.list()
|
|
if (list.length === count) return list
|
|
await Bun.sleep(0)
|
|
}
|
|
return Permission.list()
|
|
}
|
|
|
|
// fromConfig tests
|
|
|
|
test("fromConfig - string value becomes wildcard rule", () => {
|
|
const result = Permission.fromConfig({ bash: "allow" })
|
|
expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
|
|
})
|
|
|
|
test("fromConfig - object value converts to rules array", () => {
|
|
const result = Permission.fromConfig({ bash: { "*": "allow", rm: "deny" } })
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
])
|
|
})
|
|
|
|
test("fromConfig - mixed string and object values", () => {
|
|
const result = Permission.fromConfig({
|
|
bash: { "*": "allow", rm: "deny" },
|
|
edit: "allow",
|
|
webfetch: "ask",
|
|
})
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
{ permission: "edit", pattern: "*", action: "allow" },
|
|
{ permission: "webfetch", pattern: "*", action: "ask" },
|
|
])
|
|
})
|
|
|
|
test("fromConfig - empty object", () => {
|
|
const result = Permission.fromConfig({})
|
|
expect(result).toEqual([])
|
|
})
|
|
|
|
test("fromConfig - expands tilde to home directory", () => {
|
|
const result = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } })
|
|
expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }])
|
|
})
|
|
|
|
test("fromConfig - expands $HOME to home directory", () => {
|
|
const result = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } })
|
|
expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }])
|
|
})
|
|
|
|
test("fromConfig - expands $HOME without trailing slash", () => {
|
|
const result = Permission.fromConfig({ external_directory: { $HOME: "allow" } })
|
|
expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }])
|
|
})
|
|
|
|
test("fromConfig - does not expand tilde in middle of path", () => {
|
|
const result = Permission.fromConfig({ external_directory: { "/some/~/path": "allow" } })
|
|
expect(result).toEqual([{ permission: "external_directory", pattern: "/some/~/path", action: "allow" }])
|
|
})
|
|
|
|
test("fromConfig - expands exact tilde to home directory", () => {
|
|
const result = Permission.fromConfig({ external_directory: { "~": "allow" } })
|
|
expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }])
|
|
})
|
|
|
|
test("evaluate - matches expanded tilde pattern", () => {
|
|
const ruleset = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } })
|
|
const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset)
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - matches expanded $HOME pattern", () => {
|
|
const ruleset = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } })
|
|
const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset)
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
// merge tests
|
|
|
|
test("merge - simple concatenation", () => {
|
|
const result = Permission.merge(
|
|
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
[{ permission: "bash", pattern: "*", action: "deny" }],
|
|
)
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "*", action: "deny" },
|
|
])
|
|
})
|
|
|
|
test("merge - adds new permission", () => {
|
|
const result = Permission.merge(
|
|
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
[{ permission: "edit", pattern: "*", action: "deny" }],
|
|
)
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "edit", pattern: "*", action: "deny" },
|
|
])
|
|
})
|
|
|
|
test("merge - concatenates rules for same permission", () => {
|
|
const result = Permission.merge(
|
|
[{ permission: "bash", pattern: "foo", action: "ask" }],
|
|
[{ permission: "bash", pattern: "*", action: "deny" }],
|
|
)
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "foo", action: "ask" },
|
|
{ permission: "bash", pattern: "*", action: "deny" },
|
|
])
|
|
})
|
|
|
|
test("merge - multiple rulesets", () => {
|
|
const result = Permission.merge(
|
|
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
[{ permission: "bash", pattern: "rm", action: "ask" }],
|
|
[{ permission: "edit", pattern: "*", action: "allow" }],
|
|
)
|
|
expect(result).toEqual([
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm", action: "ask" },
|
|
{ permission: "edit", pattern: "*", action: "allow" },
|
|
])
|
|
})
|
|
|
|
test("merge - empty ruleset does nothing", () => {
|
|
const result = Permission.merge([{ permission: "bash", pattern: "*", action: "allow" }], [])
|
|
expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
|
|
})
|
|
|
|
test("merge - preserves rule order", () => {
|
|
const result = Permission.merge(
|
|
[
|
|
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
{ permission: "edit", pattern: "src/secret/*", action: "deny" },
|
|
],
|
|
[{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" }],
|
|
)
|
|
expect(result).toEqual([
|
|
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
{ permission: "edit", pattern: "src/secret/*", action: "deny" },
|
|
{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" },
|
|
])
|
|
})
|
|
|
|
test("merge - config permission overrides default ask", () => {
|
|
// Simulates: defaults have "*": "ask", config sets bash: "allow"
|
|
const defaults: Permission.Ruleset = [{ permission: "*", pattern: "*", action: "ask" }]
|
|
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
const merged = Permission.merge(defaults, config)
|
|
|
|
// Config's bash allow should override default ask
|
|
expect(Permission.evaluate("bash", "ls", merged).action).toBe("allow")
|
|
// Other permissions should still be ask (from defaults)
|
|
expect(Permission.evaluate("edit", "foo.ts", merged).action).toBe("ask")
|
|
})
|
|
|
|
test("merge - config ask overrides default allow", () => {
|
|
// Simulates: defaults have bash: "allow", config sets bash: "ask"
|
|
const defaults: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "ask" }]
|
|
const merged = Permission.merge(defaults, config)
|
|
|
|
// Config's ask should override default allow
|
|
expect(Permission.evaluate("bash", "ls", merged).action).toBe("ask")
|
|
})
|
|
|
|
// evaluate tests
|
|
|
|
test("evaluate - exact pattern match", () => {
|
|
const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "rm", action: "deny" }])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - wildcard pattern match", () => {
|
|
const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "*", action: "allow" }])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - last matching rule wins", () => {
|
|
const result = Permission.evaluate("bash", "rm", [
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - last matching rule wins (wildcard after specific)", () => {
|
|
const result = Permission.evaluate("bash", "rm", [
|
|
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - glob pattern match", () => {
|
|
const result = Permission.evaluate("edit", "src/foo.ts", [{ permission: "edit", pattern: "src/*", action: "allow" }])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - last matching glob wins", () => {
|
|
const result = Permission.evaluate("edit", "src/components/Button.tsx", [
|
|
{ permission: "edit", pattern: "src/*", action: "deny" },
|
|
{ permission: "edit", pattern: "src/components/*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - order matters for specificity", () => {
|
|
// If more specific rule comes first, later wildcard overrides it
|
|
const result = Permission.evaluate("edit", "src/components/Button.tsx", [
|
|
{ permission: "edit", pattern: "src/components/*", action: "allow" },
|
|
{ permission: "edit", pattern: "src/*", action: "deny" },
|
|
])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - unknown permission returns ask", () => {
|
|
const result = Permission.evaluate("unknown_tool", "anything", [
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("ask")
|
|
})
|
|
|
|
test("evaluate - empty ruleset returns ask", () => {
|
|
const result = Permission.evaluate("bash", "rm", [])
|
|
expect(result.action).toBe("ask")
|
|
})
|
|
|
|
test("evaluate - no matching pattern returns ask", () => {
|
|
const result = Permission.evaluate("edit", "etc/passwd", [{ permission: "edit", pattern: "src/*", action: "allow" }])
|
|
expect(result.action).toBe("ask")
|
|
})
|
|
|
|
test("evaluate - empty rules array returns ask", () => {
|
|
const result = Permission.evaluate("bash", "rm", [])
|
|
expect(result.action).toBe("ask")
|
|
})
|
|
|
|
test("evaluate - multiple matching patterns, last wins", () => {
|
|
const result = Permission.evaluate("edit", "src/secret.ts", [
|
|
{ permission: "edit", pattern: "*", action: "ask" },
|
|
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
{ permission: "edit", pattern: "src/secret.ts", action: "deny" },
|
|
])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - non-matching patterns are skipped", () => {
|
|
const result = Permission.evaluate("edit", "src/foo.ts", [
|
|
{ permission: "edit", pattern: "*", action: "ask" },
|
|
{ permission: "edit", pattern: "test/*", action: "deny" },
|
|
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - exact match at end wins over earlier wildcard", () => {
|
|
const result = Permission.evaluate("bash", "/bin/rm", [
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "/bin/rm", action: "deny" },
|
|
])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - wildcard at end overrides earlier exact match", () => {
|
|
const result = Permission.evaluate("bash", "/bin/rm", [
|
|
{ permission: "bash", pattern: "/bin/rm", action: "deny" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
// wildcard permission tests
|
|
|
|
test("evaluate - wildcard permission matches any permission", () => {
|
|
const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "*", action: "deny" }])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - wildcard permission with specific pattern", () => {
|
|
const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "rm", action: "deny" }])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - glob permission pattern", () => {
|
|
const result = Permission.evaluate("mcp_server_tool", "anything", [
|
|
{ permission: "mcp_*", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - specific permission and wildcard permission combined", () => {
|
|
const result = Permission.evaluate("bash", "rm", [
|
|
{ permission: "*", pattern: "*", action: "deny" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - wildcard permission does not match when specific exists", () => {
|
|
const result = Permission.evaluate("edit", "src/foo.ts", [
|
|
{ permission: "*", pattern: "*", action: "deny" },
|
|
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("allow")
|
|
})
|
|
|
|
test("evaluate - multiple matching permission patterns combine rules", () => {
|
|
const result = Permission.evaluate("mcp_dangerous", "anything", [
|
|
{ permission: "*", pattern: "*", action: "ask" },
|
|
{ permission: "mcp_*", pattern: "*", action: "allow" },
|
|
{ permission: "mcp_dangerous", pattern: "*", action: "deny" },
|
|
])
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - wildcard permission fallback for unknown tool", () => {
|
|
const result = Permission.evaluate("unknown_tool", "anything", [
|
|
{ permission: "*", pattern: "*", action: "ask" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
])
|
|
expect(result.action).toBe("ask")
|
|
})
|
|
|
|
test("evaluate - permission patterns sorted by length regardless of object order", () => {
|
|
// specific permission listed before wildcard, but specific should still win
|
|
const result = Permission.evaluate("bash", "rm", [
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "*", pattern: "*", action: "deny" },
|
|
])
|
|
// With flat list, last matching rule wins - so "*" matches bash and wins
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
test("evaluate - merges multiple rulesets", () => {
|
|
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
const approved: Permission.Ruleset = [{ permission: "bash", pattern: "rm", action: "deny" }]
|
|
// approved comes after config, so rm should be denied
|
|
const result = Permission.evaluate("bash", "rm", config, approved)
|
|
expect(result.action).toBe("deny")
|
|
})
|
|
|
|
// disabled tests
|
|
|
|
test("disabled - returns empty set when all tools allowed", () => {
|
|
const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "allow" }])
|
|
expect(result.size).toBe(0)
|
|
})
|
|
|
|
test("disabled - disables tool when denied", () => {
|
|
const result = Permission.disabled(
|
|
["bash", "edit", "read"],
|
|
[
|
|
{ permission: "*", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "*", action: "deny" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(true)
|
|
expect(result.has("edit")).toBe(false)
|
|
expect(result.has("read")).toBe(false)
|
|
})
|
|
|
|
test("disabled - disables edit/write/apply_patch/multiedit when edit denied", () => {
|
|
const result = Permission.disabled(
|
|
["edit", "write", "apply_patch", "multiedit", "bash"],
|
|
[
|
|
{ permission: "*", pattern: "*", action: "allow" },
|
|
{ permission: "edit", pattern: "*", action: "deny" },
|
|
],
|
|
)
|
|
expect(result.has("edit")).toBe(true)
|
|
expect(result.has("write")).toBe(true)
|
|
expect(result.has("apply_patch")).toBe(true)
|
|
expect(result.has("multiedit")).toBe(true)
|
|
expect(result.has("bash")).toBe(false)
|
|
})
|
|
|
|
test("disabled - does not disable when partially denied", () => {
|
|
const result = Permission.disabled(
|
|
["bash"],
|
|
[
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(false)
|
|
})
|
|
|
|
test("disabled - does not disable when action is ask", () => {
|
|
const result = Permission.disabled(["bash", "edit"], [{ permission: "*", pattern: "*", action: "ask" }])
|
|
expect(result.size).toBe(0)
|
|
})
|
|
|
|
test("disabled - does not disable when specific allow after wildcard deny", () => {
|
|
// Tool is NOT disabled because a specific allow after wildcard deny means
|
|
// there's at least some usage allowed
|
|
const result = Permission.disabled(
|
|
["bash"],
|
|
[
|
|
{ permission: "bash", pattern: "*", action: "deny" },
|
|
{ permission: "bash", pattern: "echo *", action: "allow" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(false)
|
|
})
|
|
|
|
test("disabled - does not disable when wildcard allow after deny", () => {
|
|
const result = Permission.disabled(
|
|
["bash"],
|
|
[
|
|
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(false)
|
|
})
|
|
|
|
test("disabled - disables multiple tools", () => {
|
|
const result = Permission.disabled(
|
|
["bash", "edit", "webfetch"],
|
|
[
|
|
{ permission: "bash", pattern: "*", action: "deny" },
|
|
{ permission: "edit", pattern: "*", action: "deny" },
|
|
{ permission: "webfetch", pattern: "*", action: "deny" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(true)
|
|
expect(result.has("edit")).toBe(true)
|
|
expect(result.has("webfetch")).toBe(true)
|
|
})
|
|
|
|
test("disabled - wildcard permission denies all tools", () => {
|
|
const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "deny" }])
|
|
expect(result.has("bash")).toBe(true)
|
|
expect(result.has("edit")).toBe(true)
|
|
expect(result.has("read")).toBe(true)
|
|
})
|
|
|
|
test("disabled - specific allow overrides wildcard deny", () => {
|
|
const result = Permission.disabled(
|
|
["bash", "edit", "read"],
|
|
[
|
|
{ permission: "*", pattern: "*", action: "deny" },
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
],
|
|
)
|
|
expect(result.has("bash")).toBe(false)
|
|
expect(result.has("edit")).toBe(true)
|
|
expect(result.has("read")).toBe(true)
|
|
})
|
|
|
|
// ask tests
|
|
|
|
test("ask - resolves immediately when action is allow", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const result = await Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
|
|
})
|
|
expect(result).toBeUndefined()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - throws RejectedError when action is deny", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
await expect(
|
|
Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["rm -rf /"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [{ permission: "bash", pattern: "*", action: "deny" }],
|
|
}),
|
|
).rejects.toBeInstanceOf(Permission.DeniedError)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - returns pending promise when action is ask", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const promise = Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
|
|
})
|
|
// Promise should be pending, not resolved
|
|
expect(promise).toBeInstanceOf(Promise)
|
|
// Don't await - just verify it returns a promise
|
|
await rejectAll()
|
|
await promise.catch(() => {})
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - adds request to pending list", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const ask = Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: { cmd: "ls" },
|
|
always: ["ls"],
|
|
tool: {
|
|
messageID: MessageID.make("msg_test"),
|
|
callID: "call_test",
|
|
},
|
|
ruleset: [],
|
|
})
|
|
|
|
const list = await Permission.list()
|
|
expect(list).toHaveLength(1)
|
|
expect(list[0]).toMatchObject({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: { cmd: "ls" },
|
|
always: ["ls"],
|
|
tool: {
|
|
messageID: MessageID.make("msg_test"),
|
|
callID: "call_test",
|
|
},
|
|
})
|
|
|
|
await rejectAll()
|
|
await ask.catch(() => {})
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - publishes asked event", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
let seen: Permission.Request | undefined
|
|
const unsub = Bus.subscribe(Permission.Event.Asked, (event) => {
|
|
seen = event.properties
|
|
})
|
|
|
|
const ask = Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: { cmd: "ls" },
|
|
always: ["ls"],
|
|
tool: {
|
|
messageID: MessageID.make("msg_test"),
|
|
callID: "call_test",
|
|
},
|
|
ruleset: [],
|
|
})
|
|
|
|
expect(await Permission.list()).toHaveLength(1)
|
|
expect(seen).toBeDefined()
|
|
expect(seen).toMatchObject({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
})
|
|
|
|
unsub()
|
|
await rejectAll()
|
|
await ask.catch(() => {})
|
|
},
|
|
})
|
|
})
|
|
|
|
// reply tests
|
|
|
|
test("reply - once resolves the pending ask", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const askPromise = Permission.ask({
|
|
id: PermissionID.make("per_test1"),
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(1)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test1"),
|
|
reply: "once",
|
|
})
|
|
|
|
await expect(askPromise).resolves.toBeUndefined()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - reject throws RejectedError", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const askPromise = Permission.ask({
|
|
id: PermissionID.make("per_test2"),
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(1)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test2"),
|
|
reply: "reject",
|
|
})
|
|
|
|
await expect(askPromise).rejects.toBeInstanceOf(Permission.RejectedError)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - reject with message throws CorrectedError", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const ask = Permission.ask({
|
|
id: PermissionID.make("per_test2b"),
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(1)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test2b"),
|
|
reply: "reject",
|
|
message: "Use a safer command",
|
|
})
|
|
|
|
const err = await ask.catch((err) => err)
|
|
expect(err).toBeInstanceOf(Permission.CorrectedError)
|
|
expect(err.message).toContain("Use a safer command")
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - always persists approval and resolves", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const askPromise = Permission.ask({
|
|
id: PermissionID.make("per_test3"),
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: ["ls"],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(1)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test3"),
|
|
reply: "always",
|
|
})
|
|
|
|
await expect(askPromise).resolves.toBeUndefined()
|
|
},
|
|
})
|
|
// Re-provide to reload state with stored permissions
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
// Stored approval should allow without asking
|
|
const result = await Permission.ask({
|
|
sessionID: SessionID.make("session_test2"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
expect(result).toBeUndefined()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - reject cancels all pending for same session", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const askPromise1 = Permission.ask({
|
|
id: PermissionID.make("per_test4a"),
|
|
sessionID: SessionID.make("session_same"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
const askPromise2 = Permission.ask({
|
|
id: PermissionID.make("per_test4b"),
|
|
sessionID: SessionID.make("session_same"),
|
|
permission: "edit",
|
|
patterns: ["foo.ts"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(2)
|
|
|
|
// Catch rejections before they become unhandled
|
|
const result1 = askPromise1.catch((e) => e)
|
|
const result2 = askPromise2.catch((e) => e)
|
|
|
|
// Reject the first one
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test4a"),
|
|
reply: "reject",
|
|
})
|
|
|
|
// Both should be rejected
|
|
expect(await result1).toBeInstanceOf(Permission.RejectedError)
|
|
expect(await result2).toBeInstanceOf(Permission.RejectedError)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - always resolves matching pending requests in same session", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const a = Permission.ask({
|
|
id: PermissionID.make("per_test5a"),
|
|
sessionID: SessionID.make("session_same"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: ["ls"],
|
|
ruleset: [],
|
|
})
|
|
|
|
const b = Permission.ask({
|
|
id: PermissionID.make("per_test5b"),
|
|
sessionID: SessionID.make("session_same"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(2)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test5a"),
|
|
reply: "always",
|
|
})
|
|
|
|
await expect(a).resolves.toBeUndefined()
|
|
await expect(b).resolves.toBeUndefined()
|
|
expect(await Permission.list()).toHaveLength(0)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - always keeps other session pending", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const a = Permission.ask({
|
|
id: PermissionID.make("per_test6a"),
|
|
sessionID: SessionID.make("session_a"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: ["ls"],
|
|
ruleset: [],
|
|
})
|
|
|
|
const b = Permission.ask({
|
|
id: PermissionID.make("per_test6b"),
|
|
sessionID: SessionID.make("session_b"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(2)
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test6a"),
|
|
reply: "always",
|
|
})
|
|
|
|
await expect(a).resolves.toBeUndefined()
|
|
expect((await Permission.list()).map((x) => x.id)).toEqual([PermissionID.make("per_test6b")])
|
|
|
|
await rejectAll()
|
|
await b.catch(() => {})
|
|
},
|
|
})
|
|
})
|
|
|
|
test("reply - publishes replied event", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const ask = Permission.ask({
|
|
id: PermissionID.make("per_test7"),
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
})
|
|
|
|
await waitForPending(1)
|
|
|
|
let seen:
|
|
| {
|
|
sessionID: SessionID
|
|
requestID: PermissionID
|
|
reply: Permission.Reply
|
|
}
|
|
| undefined
|
|
const unsub = Bus.subscribe(Permission.Event.Replied, (event) => {
|
|
seen = event.properties
|
|
})
|
|
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_test7"),
|
|
reply: "once",
|
|
})
|
|
|
|
await expect(ask).resolves.toBeUndefined()
|
|
expect(seen).toEqual({
|
|
sessionID: SessionID.make("session_test"),
|
|
requestID: PermissionID.make("per_test7"),
|
|
reply: "once",
|
|
})
|
|
unsub()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("permission requests stay isolated by directory", async () => {
|
|
await using one = await tmpdir({ git: true })
|
|
await using two = await tmpdir({ git: true })
|
|
|
|
const a = Instance.provide({
|
|
directory: one.path,
|
|
fn: () =>
|
|
Permission.ask({
|
|
id: PermissionID.make("per_dir_a"),
|
|
sessionID: SessionID.make("session_dir_a"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
}),
|
|
})
|
|
|
|
const b = Instance.provide({
|
|
directory: two.path,
|
|
fn: () =>
|
|
Permission.ask({
|
|
id: PermissionID.make("per_dir_b"),
|
|
sessionID: SessionID.make("session_dir_b"),
|
|
permission: "bash",
|
|
patterns: ["pwd"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
}),
|
|
})
|
|
|
|
const onePending = await Instance.provide({
|
|
directory: one.path,
|
|
fn: () => waitForPending(1),
|
|
})
|
|
const twoPending = await Instance.provide({
|
|
directory: two.path,
|
|
fn: () => waitForPending(1),
|
|
})
|
|
|
|
expect(onePending).toHaveLength(1)
|
|
expect(twoPending).toHaveLength(1)
|
|
expect(onePending[0].id).toBe(PermissionID.make("per_dir_a"))
|
|
expect(twoPending[0].id).toBe(PermissionID.make("per_dir_b"))
|
|
|
|
await Instance.provide({
|
|
directory: one.path,
|
|
fn: () => Permission.reply({ requestID: onePending[0].id, reply: "reject" }),
|
|
})
|
|
await Instance.provide({
|
|
directory: two.path,
|
|
fn: () => Permission.reply({ requestID: twoPending[0].id, reply: "reject" }),
|
|
})
|
|
|
|
await a.catch(() => {})
|
|
await b.catch(() => {})
|
|
})
|
|
|
|
test("pending permission rejects on instance dispose", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
|
|
const ask = Instance.provide({
|
|
directory: tmp.path,
|
|
fn: () =>
|
|
Permission.ask({
|
|
id: PermissionID.make("per_dispose"),
|
|
sessionID: SessionID.make("session_dispose"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
}),
|
|
})
|
|
const result = ask.then(
|
|
() => "resolved" as const,
|
|
(err) => err,
|
|
)
|
|
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const pending = await waitForPending(1)
|
|
expect(pending).toHaveLength(1)
|
|
await Instance.dispose()
|
|
},
|
|
})
|
|
|
|
expect(await result).toBeInstanceOf(Permission.RejectedError)
|
|
})
|
|
|
|
test("pending permission rejects on instance reload", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
|
|
const ask = Instance.provide({
|
|
directory: tmp.path,
|
|
fn: () =>
|
|
Permission.ask({
|
|
id: PermissionID.make("per_reload"),
|
|
sessionID: SessionID.make("session_reload"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [],
|
|
}),
|
|
})
|
|
const result = ask.then(
|
|
() => "resolved" as const,
|
|
(err) => err,
|
|
)
|
|
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const pending = await waitForPending(1)
|
|
expect(pending).toHaveLength(1)
|
|
await Instance.reload({ directory: tmp.path })
|
|
},
|
|
})
|
|
|
|
expect(await result).toBeInstanceOf(Permission.RejectedError)
|
|
})
|
|
|
|
test("reply - does nothing for unknown requestID", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
await Permission.reply({
|
|
requestID: PermissionID.make("per_unknown"),
|
|
reply: "once",
|
|
})
|
|
expect(await Permission.list()).toHaveLength(0)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - checks all patterns and stops on first deny", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
await expect(
|
|
Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["echo hello", "rm -rf /"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [
|
|
{ permission: "bash", pattern: "*", action: "allow" },
|
|
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
],
|
|
}),
|
|
).rejects.toBeInstanceOf(Permission.DeniedError)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - allows all patterns when all match allow rules", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const result = await Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["echo hello", "ls -la", "pwd"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
|
|
})
|
|
expect(result).toBeUndefined()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - should deny even when an earlier pattern is ask", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const err = await Permission.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["echo hello", "rm -rf /"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [
|
|
{ permission: "bash", pattern: "echo *", action: "ask" },
|
|
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
],
|
|
}).then(
|
|
() => undefined,
|
|
(err) => err,
|
|
)
|
|
|
|
expect(err).toBeInstanceOf(Permission.DeniedError)
|
|
expect(await Permission.list()).toHaveLength(0)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("ask - abort should clear pending request", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const ctl = new AbortController()
|
|
const ask = Permission.runPromise(
|
|
(svc) =>
|
|
svc.ask({
|
|
sessionID: SessionID.make("session_test"),
|
|
permission: "bash",
|
|
patterns: ["ls"],
|
|
metadata: {},
|
|
always: [],
|
|
ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
|
|
}),
|
|
{ signal: ctl.signal },
|
|
)
|
|
|
|
await waitForPending(1)
|
|
ctl.abort()
|
|
await ask.catch(() => {})
|
|
|
|
try {
|
|
expect(await Permission.list()).toHaveLength(0)
|
|
} finally {
|
|
await rejectAll()
|
|
}
|
|
},
|
|
})
|
|
})
|