@aliou/pi-guardrails 0.12.0 → 0.13.0

package/src/core/paths/path.test.ts

@@ -1,293 +0,0 @@
-import { homedir } from "node:os";
-import { describe, expect, it } from "vitest";
-import {
-  expandHomePath,
-  isWithinBoundary,
-  maybePathLike,
-  normalizeForDisplay,
-  resolveFromCwd,
-  toStorageForm,
-} from "./path";
-
-const HOME = homedir();
-
-describe("expandHomePath", () => {
-  it.each([
-    { desc: "bare ~", input: "~", expected: HOME },
-    { desc: "~/foo", input: "~/foo", expected: `${HOME}/foo` },
-    {
-      desc: "~\\foo (Windows tilde)",
-      input: "~\\foo",
-      expected: `${HOME}/foo`,
-    },
-    {
-      desc: "an absolute path",
-      input: "/absolute/path",
-      expected: "/absolute/path",
-    },
-    {
-      desc: "a relative path",
-      input: "relative/path",
-      expected: "relative/path",
-    },
-    { desc: "an empty string", input: "", expected: "" },
-  ])("given $desc, returns the expanded path", ({ input, expected }) => {
-    expect(expandHomePath(input)).toBe(expected);
-  });
-});
-
-describe("resolveFromCwd", () => {
-  const cwd = "/some/cwd";
-
-  it.each([
-    {
-      desc: "a relative path",
-      input: "sub/file",
-      expected: "/some/cwd/sub/file",
-    },
-    { desc: "an absolute path", input: "/etc/hosts", expected: "/etc/hosts" },
-    { desc: "a ~ path", input: "~/foo", expected: `${HOME}/foo` },
-    { desc: "'.'", input: ".", expected: "/some/cwd" },
-  ])("given $desc, resolves against cwd", ({ input, expected }) => {
-    expect(resolveFromCwd(input, cwd)).toBe(expected);
-  });
-});
-
-describe("isWithinBoundary", () => {
-  it.each([
-    {
-      desc: "paths are identical",
-      target: "/foo/bar",
-      root: "/foo/bar",
-      expected: true,
-    },
-    {
-      desc: "target is a direct child",
-      target: "/foo/bar/baz",
-      root: "/foo/bar",
-      expected: true,
-    },
-    {
-      desc: "target is a grandchild",
-      target: "/foo/bar/baz/qux",
-      root: "/foo/bar",
-      expected: true,
-    },
-    {
-      desc: "target is a parent",
-      target: "/foo",
-      root: "/foo/bar",
-      expected: false,
-    },
-    {
-      desc: "target is a sibling",
-      target: "/foo/other",
-      root: "/foo/bar",
-      expected: false,
-    },
-    {
-      desc: "target shares a string prefix but is not a child (critical case)",
-      target: "/foo/barbaz",
-      root: "/foo/bar",
-      expected: false,
-    },
-    {
-      desc: "paths are completely unrelated",
-      target: "/tmp",
-      root: "/home/user",
-      expected: false,
-    },
-  ])("when $desc, returns $expected", ({ target, root, expected }) => {
-    expect(isWithinBoundary(target, root)).toBe(expected);
-  });
-});
-
-describe("normalizeForDisplay", () => {
-  const cwd = "/work/project";
-
-  it.each([
-    { desc: "path equals cwd", input: cwd, expected: "." },
-    {
-      desc: "path is a child of cwd",
-      input: "/work/project/src/file.ts",
-      expected: "src/file.ts",
-    },
-    {
-      desc: "path is under home but not cwd",
-      input: `${HOME}/config/file`,
-      expected: "~/config/file",
-    },
-    {
-      desc: "path is outside both cwd and home",
-      input: "/etc/hosts",
-      expected: "/etc/hosts",
-    },
-    { desc: "path is home itself", input: HOME, expected: "~" },
-  ])("when $desc, returns $expected", ({ input, expected }) => {
-    expect(normalizeForDisplay(input, cwd)).toBe(expected);
-  });
-});
-
-describe("toStorageForm", () => {
-  it.each([
-    {
-      desc: "file under home",
-      absPath: `${HOME}/code/file.ts`,
-      isDirectory: false,
-      expected: "~/code/file.ts",
-    },
-    {
-      desc: "directory under home",
-      absPath: `${HOME}/code`,
-      isDirectory: true,
-      expected: "~/code/",
-    },
-    {
-      desc: "absolute file outside home",
-      absPath: "/etc/hosts",
-      isDirectory: false,
-      expected: "/etc/hosts",
-    },
-    {
-      desc: "absolute directory outside home",
-      absPath: "/etc",
-      isDirectory: true,
-      expected: "/etc/",
-    },
-    {
-      desc: "input has trailing slash but isDirectory=false",
-      absPath: "/etc/hosts/",
-      isDirectory: false,
-      expected: "/etc/hosts",
-    },
-    {
-      desc: "input uses Windows backslashes",
-      absPath: "C:\\Users\\foo",
-      isDirectory: false,
-      expected: "C:/Users/foo",
-    },
-    {
-      desc: "input is home itself with isDirectory=true",
-      absPath: HOME,
-      isDirectory: true,
-      expected: "~/",
-    },
-  ])("when $desc, returns $expected", ({ absPath, isDirectory, expected }) => {
-    expect(toStorageForm(absPath, isDirectory)).toBe(expected);
-  });
-});
-
-describe("maybePathLike", () => {
-  it.each([
-    // --- True cases: structural path signals ---
-    {
-      desc: "absolute Unix path",
-      input: "/etc/hosts",
-      expected: true,
-    },
-    {
-      desc: "relative path with /",
-      input: "src/index.ts",
-      expected: true,
-    },
-    {
-      desc: "./ prefix",
-      input: "./foo",
-      expected: true,
-    },
-    {
-      desc: "../ prefix",
-      input: "../bar",
-      expected: true,
-    },
-    {
-      desc: "backslash path (Windows)",
-      input: "foo\\bar",
-      expected: true,
-    },
-    {
-      desc: "Windows drive letter",
-      input: "C:\\tmp",
-      expected: true,
-    },
-    {
-      desc: "Windows drive with forward slash",
-      input: "C:/tmp",
-      expected: true,
-    },
-    {
-      desc: "tilde home path",
-      input: "~/code",
-      expected: true,
-    },
-    {
-      desc: "MIME type (has / — safe false positive)",
-      input: "application/json",
-      expected: true,
-    },
-    {
-      desc: "regular expression with braces (has / — safe false positive)",
-      input: "/abc/{2,3}",
-      expected: true,
-    },
-    // --- False cases: non-path tokens ---
-    {
-      desc: "empty string",
-      input: "",
-      expected: false,
-    },
-    {
-      desc: "simple command name",
-      input: "rm",
-      expected: false,
-    },
-    {
-      desc: "flag",
-      input: "--force",
-      expected: false,
-    },
-    {
-      desc: "short flag",
-      input: "-rf",
-      expected: false,
-    },
-    {
-      desc: "bare word",
-      input: "build",
-      expected: false,
-    },
-    {
-      desc: "bare tilde (no slash)",
-      input: "~",
-      expected: false,
-    },
-    {
-      desc: "version number",
-      input: "3.14",
-      expected: false,
-    },
-    {
-      desc: "domain name",
-      input: "example.com",
-      expected: false,
-    },
-    {
-      desc: "bare filename with extension",
-      input: "README.md",
-      expected: false,
-    },
-    {
-      desc: "dotfile without slash",
-      input: ".env",
-      expected: false,
-    },
-  ])("when $desc, returns $expected", ({ input, expected }) => {
-    expect(maybePathLike(input)).toBe(expected);
-  });
-
-  // maybePathLike is command-agnostic. Command-specific regex/code args are
-  // filtered by extractBashPathCandidates before this fallback heuristic runs.
-  it("treats awk-looking regex text as path-like without command context", () => {
-    expect(maybePathLike("/aaa/{flag=1} flag{print}")).toBe(true);
-  });
-});

package/src/core/shell/command-args.test.ts

@@ -1,94 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { classifyCommandArgs } from "./command-args";
-
-const tokens = (command: string, args: string[]) =>
-  classifyCommandArgs(command, args).map((arg) => arg.token);
-
-describe("classifyCommandArgs", () => {
-  it("keeps unknown command arguments unchanged", () => {
-    expect(tokens("cat", ["/etc/hosts", "./file"])).toEqual([
-      "/etc/hosts",
-      "./file",
-    ]);
-  });
-
-  it("normalizes command basenames", () => {
-    expect(tokens("/usr/bin/awk", ["/aaa/{print}", "./input"])).toEqual([
-      "./input",
-    ]);
-  });
-
-  it("ignores awk inline program and keeps file operands", () => {
-    expect(tokens("awk", ["/aaa/{print}", "./input"])).toEqual(["./input"]);
-  });
-
-  it.each([
-    ["-f as separate option", ["-f", "./prog.awk", "./input"]],
-    ["-f as joined option", ["-f./prog.awk", "./input"]],
-  ])("keeps awk program files with %s", (_label, args) => {
-    expect(tokens("awk", args)).toEqual(["./prog.awk", "./input"]);
-  });
-
-  it("ignores sed inline scripts and keeps file operands", () => {
-    expect(tokens("sed", ["s#/old#/new#g", "./file"])).toEqual(["./file"]);
-  });
-
-  it.each([
-    ["-f as separate option", ["-f", "./script.sed", "./file"]],
-    ["--file as long option", ["--file", "./script.sed", "./file"]],
-    ["-f as joined option", ["-f./script.sed", "./file"]],
-  ])("keeps sed script files with %s", (_label, args) => {
-    expect(tokens("sed", args)).toEqual(["./script.sed", "./file"]);
-  });
-
-  it("ignores grep patterns and keeps file operands", () => {
-    expect(tokens("grep", ["/api/v1", "./src"])).toEqual(["./src"]);
-  });
-
-  it.each([
-    ["-f as separate option", ["-f", "./patterns", "./src"]],
-    ["--file as long option", ["--file", "./patterns", "./src"]],
-    ["-f as joined option", ["-f./patterns", "./src"]],
-  ])("keeps grep pattern files with %s", (_label, args) => {
-    expect(tokens("grep", args)).toEqual(["./patterns", "./src"]);
-  });
-
-  it("keeps find roots and ignores expression patterns", () => {
-    expect(tokens("find", ["./src", "-regex", ".*/test/.*"])).toEqual([
-      "./src",
-    ]);
-  });
-
-  it("ignores jq filters and keeps file operands", () => {
-    expect(tokens("jq", ['.path | test("^/tmp/")', "./data.json"])).toEqual([
-      "./data.json",
-    ]);
-  });
-
-  it.each([
-    ["-f as separate option", ["-f", "./filter.jq", "./data.json"]],
-    [
-      "--from-file as long option",
-      ["--from-file", "./filter.jq", "./data.json"],
-    ],
-  ])("keeps jq filter files with %s", (_label, args) => {
-    expect(tokens("jq", args)).toEqual(["./filter.jq", "./data.json"]);
-  });
-
-  it("ignores interpreter inline code", () => {
-    expect(tokens("python3", ["-c", 'open("/etc/passwd")'])).toEqual([]);
-  });
-
-  it("keeps interpreter script operands", () => {
-    expect(tokens("python3", ["./script.py", "./data.json"])).toEqual([
-      "./script.py",
-      "./data.json",
-    ]);
-  });
-
-  it("ignores delimiter args", () => {
-    expect(tokens("cut", ["-d", "/", "./file"])).toEqual(["./file"]);
-    expect(tokens("sort", ["-t", "/", "./file"])).toEqual(["./file"]);
-    expect(tokens("tr", ["/", ":"])).toEqual([]);
-  });
-});

package/src/shared/matching.test.ts

@@ -1,86 +0,0 @@
-import { describe, expect, it } from "vitest";
-import {
-  compileCommandPattern,
-  compileFilePattern,
-  normalizeFilePath,
-} from "./matching";
-import { drainPendingWarnings } from "./warnings";
-
-describe("normalizeFilePath", () => {
-  it.each([
-    ["./src//file.ts", "src/file.ts"],
-    ["src\\file.ts", "src/file.ts"],
-    ["./foo\\bar//baz", "foo/bar/baz"],
-  ])("normalizes %s", (input, expected) => {
-    expect(normalizeFilePath(input)).toBe(expected);
-  });
-});
-
-describe("compileFilePattern", () => {
-  it("matches basename when the pattern has no slash", () => {
-    const pattern = compileFilePattern({ pattern: ".env" });
-
-    expect(pattern.test(".env")).toBe(true);
-    expect(pattern.test("config/.env")).toBe(true);
-    expect(pattern.test("config/.env.local")).toBe(false);
-  });
-
-  it("matches full normalized paths when the pattern has a slash", () => {
-    const pattern = compileFilePattern({ pattern: "config/*.env" });
-
-    expect(pattern.test("config/app.env")).toBe(true);
-    expect(pattern.test("./config//app.env")).toBe(true);
-    expect(pattern.test("nested/config/app.env")).toBe(false);
-  });
-
-  it("uses case-insensitive regex matching for file patterns", () => {
-    const pattern = compileFilePattern({
-      pattern: "SECRET\\.TXT$",
-      regex: true,
-    });
-
-    expect(pattern.test("docs/secret.txt")).toBe(true);
-    expect(pattern.test("docs/public.txt")).toBe(false);
-  });
-
-  it("records a warning and returns a non-matching pattern for invalid regex", () => {
-    drainPendingWarnings();
-
-    const pattern = compileFilePattern({ pattern: "[", regex: true });
-
-    expect(pattern.test("anything")).toBe(false);
-    expect(drainPendingWarnings()).toEqual([
-      "Invalid regex in guardrails config: [",
-    ]);
-  });
-});
-
-describe("compileCommandPattern", () => {
-  it("uses substring matching by default", () => {
-    const pattern = compileCommandPattern({ pattern: "deploy production" });
-
-    expect(pattern.test("please deploy production now")).toBe(true);
-    expect(pattern.test("deploy staging")).toBe(false);
-  });
-
-  it("uses regex matching when requested", () => {
-    const pattern = compileCommandPattern({
-      pattern: "terraform\\s+apply",
-      regex: true,
-    });
-
-    expect(pattern.test("terraform apply -auto-approve")).toBe(true);
-    expect(pattern.test("terraform plan")).toBe(false);
-  });
-
-  it("records a warning and returns a non-matching pattern for invalid regex", () => {
-    drainPendingWarnings();
-
-    const pattern = compileCommandPattern({ pattern: "[", regex: true });
-
-    expect(pattern.test("anything")).toBe(false);
-    expect(drainPendingWarnings()).toEqual([
-      "Invalid regex in guardrails config: [",
-    ]);
-  });
-});

package/src/shared/paths/bash-paths.test.ts

@@ -1,150 +0,0 @@
-import { homedir } from "node:os";
-import { describe, expect, it } from "vitest";
-import { extractBashPathCandidates } from "./bash-paths";
-
-const CWD = "/work/project";
-const HOME = homedir();
-
-describe("extractBashPathCandidates", () => {
-  describe("when a command has regular expression arguments", () => {
-    it("ignores sed expressions and extracts file operands", async () => {
-      const result = await extractBashPathCandidates(
-        "sed 's/abc/{2,3}/g' ./file",
-        CWD,
-      );
-      expect(result).toEqual(["/work/project/file"]);
-    });
-
-    it("ignores grep patterns and extracts file operands", async () => {
-      const result = await extractBashPathCandidates(
-        "grep '/api/v1' ./src",
-        CWD,
-      );
-      expect(result).toEqual(["/work/project/src"]);
-    });
-
-    it("ignores ripgrep patterns and extracts search roots", async () => {
-      const result = await extractBashPathCandidates("rg '/api/v1' ./src", CWD);
-      expect(result).toEqual(["/work/project/src"]);
-    });
-
-    it("ignores jq filters and extracts file operands", async () => {
-      const result = await extractBashPathCandidates(
-        "jq '.path | test(\"^/tmp/\")' ./data.json",
-        CWD,
-      );
-      expect(result).toEqual(["/work/project/data.json"]);
-    });
-
-    it("ignores interpreter inline code", async () => {
-      const result = await extractBashPathCandidates(
-        "python3 -c 'open(\"/etc/passwd\").read()'",
-        CWD,
-      );
-      expect(result).toEqual([]);
-    });
-  });
-
-  // Regression: github issue #32 — awk regex patterns should not be
-  // treated as file paths.
-  it("does not extract awk regex patterns as paths", async () => {
-    const result = await extractBashPathCandidates(
-      "awk '/aaa/{flag=1} flag{print}' test.txt",
-      CWD,
-    );
-    // The awk program should NOT be treated as a path
-    expect(result).toEqual([]);
-  });
-
-  describe("when command has path arguments", () => {
-    it("extracts a single absolute path", async () => {
-      expect(await extractBashPathCandidates("cat /etc/hosts", CWD)).toEqual([
-        "/etc/hosts",
-      ]);
-    });
-
-    it("extracts multiple absolute paths", async () => {
-      expect(await extractBashPathCandidates("cp /a /b", CWD)).toEqual([
-        "/a",
-        "/b",
-      ]);
-    });
-
-    it("resolves a relative path with ./ against cwd", async () => {
-      expect(await extractBashPathCandidates("cat ./foo/bar", CWD)).toEqual([
-        "/work/project/foo/bar",
-      ]);
-    });
-
-    it("expands ~ to home", async () => {
-      expect(await extractBashPathCandidates("cat ~/file", CWD)).toEqual([
-        `${HOME}/file`,
-      ]);
-    });
-
-    it("detects Windows-style paths", async () => {
-      const result = await extractBashPathCandidates("type C:\\foo\\bar", CWD);
-
-      expect(result).toHaveLength(1);
-      expect(result[0]).toContain("C:\\foo\\bar");
-    });
-  });
-
-  describe("when command has flags and redirects", () => {
-    it("ignores flag arguments", async () => {
-      expect(await extractBashPathCandidates("ls -la /tmp", CWD)).toEqual([
-        "/tmp",
-      ]);
-    });
-
-    it("extracts redirect targets", async () => {
-      expect(
-        await extractBashPathCandidates("echo foo > /tmp/out", CWD),
-      ).toEqual(["/tmp/out"]);
-    });
-
-    it("extracts paths from multiple commands and redirects", async () => {
-      expect(
-        await extractBashPathCandidates(
-          "cat ./input && grep needle /tmp/log > ./out",
-          CWD,
-        ),
-      ).toEqual(["/work/project/input", "/tmp/log", "/work/project/out"]);
-    });
-  });
-
-  describe("when command has no path-like tokens", () => {
-    it("returns an empty array for bare filenames (no separators)", async () => {
-      expect(await extractBashPathCandidates("cat README.md", CWD)).toEqual([]);
-    });
-
-    it("returns an empty array for commands with no file arguments", async () => {
-      expect(await extractBashPathCandidates("echo hello", CWD)).toEqual([]);
-    });
-  });
-
-  describe("when command uses quoting", () => {
-    it("handles quoted paths with spaces", async () => {
-      expect(
-        await extractBashPathCandidates('cat "/tmp/hello world"', CWD),
-      ).toEqual(["/tmp/hello world"]);
-    });
-  });
-
-  describe("when command has duplicate paths", () => {
-    it("deduplicates results", async () => {
-      expect(await extractBashPathCandidates("cat /a /a", CWD)).toEqual(["/a"]);
-    });
-  });
-
-  describe("when command is malformed", () => {
-    it("falls back to regex tokenization on parse failure", async () => {
-      // Unbalanced quote triggers parse error; regex fallback still finds paths
-      const result = await extractBashPathCandidates(
-        "cat /tmp/foo 'unterminated",
-        CWD,
-      );
-      expect(result).toContain("/tmp/foo");
-    });
-  });
-});