@gotgenes/pi-permission-system 18.1.1 → 18.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (122) hide show
  1. package/CHANGELOG.md +16 -0
  2. package/docs/configuration.md +11 -0
  3. package/package.json +1 -2
  4. package/src/access-intent/access-path.ts +29 -4
  5. package/src/access-intent/bash/bash-path-resolver.ts +39 -18
  6. package/src/access-intent/bash/msys-bash-tokens.ts +64 -0
  7. package/src/path-normalizer.ts +105 -2
  8. package/test/access-intent/access-path.test.ts +0 -277
  9. package/test/access-intent/bash/node-text.test.ts +0 -148
  10. package/test/access-intent/bash/parser.test.ts +0 -19
  11. package/test/access-intent/bash/program.test.ts +0 -673
  12. package/test/access-intent/bash/token-classification.test.ts +0 -363
  13. package/test/access-intent/bash/token-collection.test.ts +0 -300
  14. package/test/active-agent.test.ts +0 -155
  15. package/test/async-cache.test.ts +0 -48
  16. package/test/bash-arity.test.ts +0 -144
  17. package/test/bash-external-directory.test.ts +0 -1022
  18. package/test/builtin-tool-input-formatters.test.ts +0 -109
  19. package/test/canonicalize-path.test.ts +0 -119
  20. package/test/composition-root.test.ts +0 -698
  21. package/test/config-loader.test.ts +0 -740
  22. package/test/config-modal.test.ts +0 -320
  23. package/test/config-paths.test.ts +0 -83
  24. package/test/config-pipeline.test.ts +0 -90
  25. package/test/config-reporter.test.ts +0 -147
  26. package/test/config-store.test.ts +0 -466
  27. package/test/decision-audit.test.ts +0 -72
  28. package/test/decision-reporter.test.ts +0 -112
  29. package/test/denial-messages.test.ts +0 -714
  30. package/test/detect-permissive-bash-fallback.test.ts +0 -56
  31. package/test/expand-home.test.ts +0 -93
  32. package/test/extension-config.test.ts +0 -129
  33. package/test/extension-paths.test.ts +0 -108
  34. package/test/forwarded-permissions/io.test.ts +0 -251
  35. package/test/forwarding-manager.test.ts +0 -200
  36. package/test/handlers/before-agent-start.test.ts +0 -314
  37. package/test/handlers/external-directory-integration.test.ts +0 -515
  38. package/test/handlers/external-directory-session-dedup.test.ts +0 -175
  39. package/test/handlers/external-directory-symlink-acceptance.test.ts +0 -167
  40. package/test/handlers/gates/bash-command-metamorphic.test.ts +0 -88
  41. package/test/handlers/gates/bash-command.test.ts +0 -257
  42. package/test/handlers/gates/bash-external-directory.test.ts +0 -268
  43. package/test/handlers/gates/bash-path.test.ts +0 -346
  44. package/test/handlers/gates/candidate-check.test.ts +0 -52
  45. package/test/handlers/gates/external-directory-messages.test.ts +0 -85
  46. package/test/handlers/gates/external-directory-policy.test.ts +0 -134
  47. package/test/handlers/gates/external-directory.test.ts +0 -267
  48. package/test/handlers/gates/helpers.test.ts +0 -165
  49. package/test/handlers/gates/path.test.ts +0 -369
  50. package/test/handlers/gates/runner.test.ts +0 -408
  51. package/test/handlers/gates/skill-input-gate-pipeline.test.ts +0 -176
  52. package/test/handlers/gates/skill-input.test.ts +0 -128
  53. package/test/handlers/gates/skill-read.test.ts +0 -161
  54. package/test/handlers/gates/tool-call-gate-pipeline.test.ts +0 -356
  55. package/test/handlers/gates/tool.test.ts +0 -244
  56. package/test/handlers/input-events.test.ts +0 -168
  57. package/test/handlers/input.test.ts +0 -199
  58. package/test/handlers/lifecycle.test.ts +0 -221
  59. package/test/handlers/tool-call-boundary.test.ts +0 -145
  60. package/test/handlers/tool-call-events.test.ts +0 -277
  61. package/test/handlers/tool-call.test.ts +0 -395
  62. package/test/handlers/validate-requested-tool.test.ts +0 -92
  63. package/test/helpers/external-directory-fixtures.ts +0 -269
  64. package/test/helpers/gate-fixtures.ts +0 -316
  65. package/test/helpers/handler-fixtures.ts +0 -335
  66. package/test/helpers/make-fake-pi.ts +0 -100
  67. package/test/helpers/manager-harness.ts +0 -112
  68. package/test/helpers/session-fixtures.ts +0 -199
  69. package/test/input-normalizer.test.ts +0 -325
  70. package/test/logging.test.ts +0 -51
  71. package/test/mcp-targets.test.ts +0 -233
  72. package/test/node-modules-discovery.test.ts +0 -97
  73. package/test/normalize.test.ts +0 -247
  74. package/test/path-containment.test.ts +0 -161
  75. package/test/path-normalization.test.ts +0 -233
  76. package/test/path-normalizer.test.ts +0 -196
  77. package/test/path-surfaces.test.ts +0 -55
  78. package/test/pattern-suggest.test.ts +0 -248
  79. package/test/permission-dialog.test.ts +0 -205
  80. package/test/permission-event-rpc.test.ts +0 -560
  81. package/test/permission-events.test.ts +0 -400
  82. package/test/permission-forwarder.test.ts +0 -370
  83. package/test/permission-forwarding.test.ts +0 -315
  84. package/test/permission-gate.test.ts +0 -269
  85. package/test/permission-manager-unified.test.ts +0 -3714
  86. package/test/permission-merge.test.ts +0 -61
  87. package/test/permission-prompter.test.ts +0 -518
  88. package/test/permission-prompts.test.ts +0 -363
  89. package/test/permission-resolver.test.ts +0 -277
  90. package/test/permission-session.test.ts +0 -404
  91. package/test/permission-ui-prompt.test.ts +0 -146
  92. package/test/permissions-service.test.ts +0 -192
  93. package/test/pi-infrastructure-read.test.ts +0 -432
  94. package/test/policy-loader.test.ts +0 -561
  95. package/test/prompting-gateway.test.ts +0 -231
  96. package/test/rule.test.ts +0 -650
  97. package/test/safe-system-paths.test.ts +0 -46
  98. package/test/scope-merge.test.ts +0 -116
  99. package/test/service-lifecycle.test.ts +0 -163
  100. package/test/service.test.ts +0 -261
  101. package/test/session-approval.test.ts +0 -75
  102. package/test/session-logger.test.ts +0 -200
  103. package/test/session-rules.test.ts +0 -321
  104. package/test/session-start.test.ts +0 -112
  105. package/test/skill-prompt-sanitizer.test.ts +0 -418
  106. package/test/status.test.ts +0 -10
  107. package/test/subagent-context.test.ts +0 -372
  108. package/test/subagent-lifecycle-events.test.ts +0 -132
  109. package/test/subagent-registry.test.ts +0 -145
  110. package/test/synthesize.test.ts +0 -302
  111. package/test/system-prompt-sanitizer.test.ts +0 -382
  112. package/test/tool-access-extractor-registry.test.ts +0 -77
  113. package/test/tool-input-formatter-registry.test.ts +0 -75
  114. package/test/tool-input-path.test.ts +0 -84
  115. package/test/tool-input-preview.test.ts +0 -129
  116. package/test/tool-input-prompt-formatters.test.ts +0 -115
  117. package/test/tool-preview-formatter.test.ts +0 -458
  118. package/test/tool-registry.test.ts +0 -197
  119. package/test/value-guards.test.ts +0 -193
  120. package/test/wildcard-matcher.test.ts +0 -424
  121. package/test/yaml-frontmatter.test.ts +0 -91
  122. package/test/yolo-mode.test.ts +0 -188
package/test/rule.test.ts DELETED
@@ -1,650 +0,0 @@
1
- import { describe, expect, test } from "vitest";
2
- import type { Rule, RuleOrigin, Ruleset } from "#src/rule";
3
- import {
4
- evaluate,
5
- evaluateAnyValue,
6
- evaluateFirst,
7
- evaluateMostRestrictive,
8
- } from "#src/rule";
9
-
10
- describe("evaluate", () => {
11
- const allowBashGit: Rule = {
12
- surface: "bash",
13
- pattern: "git *",
14
- action: "allow",
15
- origin: "global",
16
- };
17
- const denyBashGitPush: Rule = {
18
- surface: "bash",
19
- pattern: "git push *",
20
- action: "deny",
21
- origin: "global",
22
- };
23
- const allowRead: Rule = {
24
- surface: "read",
25
- pattern: "*",
26
- action: "allow",
27
- origin: "global",
28
- };
29
- const askMcp: Rule = {
30
- surface: "mcp",
31
- pattern: "*",
32
- action: "ask",
33
- origin: "global",
34
- };
35
- const allowSkillLibrarian: Rule = {
36
- surface: "skill",
37
- pattern: "librarian",
38
- action: "allow",
39
- origin: "global",
40
- };
41
- const askSpecialExtDir: Rule = {
42
- surface: "special",
43
- pattern: "external_directory",
44
- action: "ask",
45
- origin: "global",
46
- };
47
-
48
- test("returns matching rule when a rule matches", () => {
49
- const ruleset: Ruleset = [allowBashGit];
50
- const result = evaluate("bash", "git status", ruleset, "linux");
51
- expect(result).toEqual(allowBashGit);
52
- });
53
-
54
- test("returns synthetic rule with 'ask' when no rules match and no defaultAction", () => {
55
- const result = evaluate("bash", "npm install", [allowBashGit], "linux");
56
- expect(result.surface).toBe("bash");
57
- expect(result.pattern).toBe("npm install");
58
- expect(result.action).toBe("ask");
59
- });
60
-
61
- test("returns synthetic rule with custom defaultAction when no rules match", () => {
62
- const result = evaluate(
63
- "bash",
64
- "npm install",
65
- [allowBashGit],
66
- "linux",
67
- "deny",
68
- );
69
- expect(result.surface).toBe("bash");
70
- expect(result.pattern).toBe("npm install");
71
- expect(result.action).toBe("deny");
72
- });
73
-
74
- test("defaultAction does not affect matched rules", () => {
75
- const result = evaluate(
76
- "bash",
77
- "git status",
78
- [allowBashGit],
79
- "linux",
80
- "deny",
81
- );
82
- expect(result).toEqual(allowBashGit);
83
- });
84
-
85
- test("returns synthetic rule for empty ruleset", () => {
86
- const result = evaluate("mcp", "exa_search", [], "linux");
87
- expect(result.surface).toBe("mcp");
88
- expect(result.pattern).toBe("exa_search");
89
- expect(result.action).toBe("ask");
90
- });
91
-
92
- test("matches rules for all permission surfaces", () => {
93
- expect(evaluate("read", "src/foo.ts", [allowRead], "linux").action).toBe(
94
- "allow",
95
- );
96
- expect(evaluate("mcp", "exa_search", [askMcp], "linux").action).toBe("ask");
97
- expect(
98
- evaluate("skill", "librarian", [allowSkillLibrarian], "linux").action,
99
- ).toBe("allow");
100
- expect(
101
- evaluate("special", "external_directory", [askSpecialExtDir], "linux")
102
- .action,
103
- ).toBe("ask");
104
- });
105
-
106
- test("last-match-wins: later conflicting rule overrides earlier", () => {
107
- const ruleset: Ruleset = [allowBashGit, denyBashGitPush];
108
- const result = evaluate("bash", "git push origin main", ruleset, "linux");
109
- expect(result).toEqual(denyBashGitPush);
110
- });
111
-
112
- test("last-match-wins: broad deny followed by specific allow", () => {
113
- const denyAll: Rule = {
114
- surface: "bash",
115
- pattern: "*",
116
- action: "deny",
117
- origin: "global",
118
- };
119
- const allowStatus: Rule = {
120
- surface: "bash",
121
- pattern: "git status",
122
- action: "allow",
123
- origin: "global",
124
- };
125
- const result = evaluate(
126
- "bash",
127
- "git status",
128
- [denyAll, allowStatus],
129
- "linux",
130
- );
131
- expect(result).toEqual(allowStatus);
132
- });
133
-
134
- test("wildcard surface in rule matches any surface value", () => {
135
- const universalAllow: Rule = {
136
- surface: "*",
137
- pattern: "*",
138
- action: "allow",
139
- origin: "global",
140
- };
141
- expect(evaluate("bash", "anything", [universalAllow], "linux").action).toBe(
142
- "allow",
143
- );
144
- expect(evaluate("mcp", "something", [universalAllow], "linux").action).toBe(
145
- "allow",
146
- );
147
- expect(
148
- evaluate("skill", "librarian", [universalAllow], "linux").action,
149
- ).toBe("allow");
150
- });
151
-
152
- test("specific surface rule does not match a different surface", () => {
153
- const ruleset: Ruleset = [allowBashGit];
154
- // bash rule should not match mcp surface
155
- const result = evaluate("mcp", "git status", ruleset, "linux");
156
- expect(result.action).toBe("ask"); // falls back to default
157
- });
158
-
159
- test("merged rulesets: rules from later scope take priority", () => {
160
- const globalRules: Ruleset = [
161
- { surface: "bash", pattern: "git *", action: "ask", origin: "global" },
162
- ];
163
- const agentRules: Ruleset = [
164
- { surface: "bash", pattern: "git *", action: "allow", origin: "agent" },
165
- ];
166
- const merged = [...globalRules, ...agentRules];
167
- const result = evaluate("bash", "git status", merged, "linux");
168
- expect(result.action).toBe("allow"); // agent rule wins
169
- });
170
-
171
- test("merged rulesets: earlier scope used when later scope has no match", () => {
172
- const globalRules: Ruleset = [
173
- { surface: "bash", pattern: "git *", action: "allow", origin: "global" },
174
- ];
175
- const agentRules: Ruleset = [
176
- { surface: "bash", pattern: "npm *", action: "deny", origin: "agent" },
177
- ];
178
- // git status matches global but not agent rule
179
- const merged = [...globalRules, ...agentRules];
180
- const result = evaluate("bash", "git status", merged, "linux");
181
- expect(result.action).toBe("allow"); // global rule is the last match for this pattern
182
- });
183
-
184
- test("empty ruleset returns synthetic default", () => {
185
- const result = evaluate("bash", "git status", [], "linux");
186
- expect(result.surface).toBe("bash");
187
- expect(result.pattern).toBe("git status");
188
- expect(result.action).toBe("ask");
189
- });
190
-
191
- test("rule.layer is ignored by evaluate() — matching is identical with or without it", () => {
192
- const withLayer: Rule = {
193
- surface: "bash",
194
- pattern: "git *",
195
- action: "allow",
196
- layer: "config",
197
- origin: "global",
198
- };
199
- const withoutLayer: Rule = {
200
- surface: "bash",
201
- pattern: "git *",
202
- action: "allow",
203
- origin: "global",
204
- };
205
- const withDefault: Rule = {
206
- surface: "bash",
207
- pattern: "*",
208
- action: "ask",
209
- layer: "default",
210
- origin: "builtin",
211
- };
212
- // Both rules with and without layer field produce the same match.
213
- expect(evaluate("bash", "git status", [withLayer], "linux").action).toBe(
214
- "allow",
215
- );
216
- expect(evaluate("bash", "git status", [withoutLayer], "linux").action).toBe(
217
- "allow",
218
- );
219
- // Layer metadata does not affect last-match-wins ordering.
220
- const ruleset: Rule[] = [withDefault, withLayer];
221
- expect(evaluate("bash", "git status", ruleset, "linux")).toEqual(withLayer);
222
- // A rule with layer: "default" still wins if it is last in the array.
223
- const reversedRuleset: Rule[] = [withLayer, withDefault];
224
- expect(evaluate("bash", "git status", reversedRuleset, "linux")).toEqual(
225
- withDefault,
226
- );
227
- });
228
-
229
- test("evaluate() preserves origin on a matched rule", () => {
230
- const origin: RuleOrigin = "project";
231
- const rule: Rule = {
232
- surface: "bash",
233
- pattern: "git *",
234
- action: "allow",
235
- layer: "config",
236
- origin,
237
- };
238
- const result = evaluate("bash", "git status", [rule], "linux");
239
- expect(result.origin).toBe("project");
240
- });
241
-
242
- test("evaluate() synthetic fallback rule has origin 'builtin'", () => {
243
- const result = evaluate("bash", "npm install", [], "linux");
244
- expect(result.origin).toBe("builtin");
245
- });
246
-
247
- test("evaluate() propagates reason from the matched deny rule", () => {
248
- const rule: Rule = {
249
- surface: "bash",
250
- pattern: "npm *",
251
- action: "deny",
252
- reason: "Use pnpm instead",
253
- layer: "config",
254
- origin: "global",
255
- };
256
- const result = evaluate("bash", "npm install", [rule], "linux");
257
- expect(result.action).toBe("deny");
258
- expect(result.reason).toBe("Use pnpm instead");
259
- });
260
-
261
- test("evaluate() carries reason through last-match-wins when deny wins", () => {
262
- const allowAll: Rule = {
263
- surface: "bash",
264
- pattern: "*",
265
- action: "allow",
266
- layer: "config",
267
- origin: "global",
268
- };
269
- const denyNpm: Rule = {
270
- surface: "bash",
271
- pattern: "npm *",
272
- action: "deny",
273
- reason: "Use pnpm",
274
- layer: "config",
275
- origin: "global",
276
- };
277
- const result = evaluate(
278
- "bash",
279
- "npm install",
280
- [allowAll, denyNpm],
281
- "linux",
282
- );
283
- expect(result.action).toBe("deny");
284
- expect(result.reason).toBe("Use pnpm");
285
- });
286
-
287
- test("evaluate() drops reason when a later allow overrides the deny", () => {
288
- const denyNpm: Rule = {
289
- surface: "bash",
290
- pattern: "npm *",
291
- action: "deny",
292
- reason: "Use pnpm",
293
- layer: "config",
294
- origin: "global",
295
- };
296
- const allowInstall: Rule = {
297
- surface: "bash",
298
- pattern: "npm install",
299
- action: "allow",
300
- layer: "config",
301
- origin: "global",
302
- };
303
- const result = evaluate(
304
- "bash",
305
- "npm install",
306
- [denyNpm, allowInstall],
307
- "linux",
308
- );
309
- expect(result.action).toBe("allow");
310
- expect(result.reason).toBeUndefined();
311
- });
312
-
313
- test("evaluate() synthetic fallback rule has no reason", () => {
314
- const result = evaluate("bash", "npm install", [], "linux");
315
- expect(result.reason).toBeUndefined();
316
- });
317
-
318
- test("RuleOrigin covers all seven provenance values", () => {
319
- const origins: RuleOrigin[] = [
320
- "global",
321
- "project",
322
- "agent",
323
- "project-agent",
324
- "builtin",
325
- "baseline",
326
- "session",
327
- ];
328
- for (const origin of origins) {
329
- const rule: Rule = {
330
- surface: "read",
331
- pattern: "*",
332
- action: "allow",
333
- layer: "config",
334
- origin,
335
- };
336
- expect(evaluate("read", "*", [rule], "linux").origin).toBe(origin);
337
- }
338
- });
339
-
340
- // ── Windows: path-surface patterns fold case (last-match-wins) ──────────
341
-
342
- const denyExternalAll: Rule = {
343
- surface: "external_directory",
344
- pattern: "*",
345
- action: "deny",
346
- layer: "config",
347
- origin: "global",
348
- };
349
- const allowExternalPi: Rule = {
350
- surface: "external_directory",
351
- pattern: "C:\\Users\\Foo\\pi\\*",
352
- action: "allow",
353
- layer: "config",
354
- origin: "global",
355
- };
356
-
357
- test("win32: external_directory allow override matches a lowercased path over a preceding deny", () => {
358
- const result = evaluate(
359
- "external_directory",
360
- "c:\\users\\foo\\pi\\docs\\readme.md",
361
- [denyExternalAll, allowExternalPi],
362
- "win32",
363
- );
364
- expect(result.action).toBe("allow");
365
- });
366
-
367
- test("posix: the same mixed-case override stays case-sensitive (falls through to deny)", () => {
368
- const result = evaluate(
369
- "external_directory",
370
- "c:\\users\\foo\\pi\\docs\\readme.md",
371
- [denyExternalAll, allowExternalPi],
372
- "linux",
373
- );
374
- expect(result.action).toBe("deny");
375
- });
376
-
377
- test("win32: a forward-slash external_directory pattern matches a backslash value", () => {
378
- const allowForwardSlash: Rule = {
379
- surface: "external_directory",
380
- pattern: "C:/Users/Foo/pi/*",
381
- action: "allow",
382
- layer: "config",
383
- origin: "global",
384
- };
385
- const result = evaluate(
386
- "external_directory",
387
- "c:\\users\\foo\\pi\\docs\\readme.md",
388
- [denyExternalAll, allowForwardSlash],
389
- "win32",
390
- );
391
- expect(result.action).toBe("allow");
392
- });
393
-
394
- test("win32: bash surface stays case-sensitive (not a path surface)", () => {
395
- const result = evaluate(
396
- "bash",
397
- "GIT push",
398
- [
399
- {
400
- surface: "bash",
401
- pattern: "git *",
402
- action: "allow",
403
- origin: "global",
404
- },
405
- ],
406
- "win32",
407
- );
408
- expect(result.action).toBe("ask");
409
- });
410
- });
411
-
412
- describe("evaluateFirst", () => {
413
- const defaultRule: Rule = {
414
- surface: "*",
415
- pattern: "*",
416
- action: "ask",
417
- layer: "default",
418
- origin: "builtin",
419
- };
420
- const allowBash: Rule = {
421
- surface: "bash",
422
- pattern: "git *",
423
- action: "allow",
424
- layer: "config",
425
- origin: "global",
426
- };
427
- const denyMcp: Rule = {
428
- surface: "mcp",
429
- pattern: "exa_search",
430
- action: "deny",
431
- layer: "config",
432
- origin: "global",
433
- };
434
-
435
- test("returns the first candidate that matches a non-default rule", () => {
436
- const rules: Ruleset = [defaultRule, allowBash];
437
- const result = evaluateFirst("bash", ["git status", "*"], rules, "linux");
438
- expect(result.rule).toEqual(allowBash);
439
- expect(result.value).toBe("git status");
440
- });
441
-
442
- test("skips candidates that only match the default rule", () => {
443
- // "npm install" matches only the default; "*" also matches only the
444
- // default — falls back to first candidate.
445
- const rules: Ruleset = [defaultRule];
446
- const result = evaluateFirst("bash", ["npm install", "*"], rules, "linux");
447
- expect(result.rule.layer).toBe("default");
448
- expect(result.value).toBe("npm install");
449
- });
450
-
451
- test("falls back to first candidate when all candidates match only the default", () => {
452
- const rules: Ruleset = [defaultRule];
453
- const result = evaluateFirst("bash", ["a", "b", "c"], rules, "linux");
454
- expect(result.value).toBe("a");
455
- });
456
-
457
- test("stops at first non-default match, does not continue to remaining candidates", () => {
458
- // "exa_search" matches denyMcp (non-default). The loop stops there;
459
- // "mcp" is never evaluated even though it would match a different rule.
460
- const allowMcpCatchAll: Rule = {
461
- surface: "mcp",
462
- pattern: "mcp",
463
- action: "allow",
464
- layer: "config",
465
- origin: "global",
466
- };
467
- const rules: Ruleset = [defaultRule, denyMcp, allowMcpCatchAll];
468
- const result = evaluateFirst("mcp", ["exa_search", "mcp"], rules, "linux");
469
- expect(result.rule).toEqual(denyMcp);
470
- expect(result.value).toBe("exa_search");
471
- });
472
-
473
- test("skips candidates that match only the default and continues to next", () => {
474
- // "unknown_tool" matches only the universal default;
475
- // "exa_search" matches denyMcp (non-default) — that is the result.
476
- const rules: Ruleset = [defaultRule, denyMcp];
477
- const result = evaluateFirst(
478
- "mcp",
479
- ["unknown_tool", "exa_search"],
480
- rules,
481
- "linux",
482
- );
483
- expect(result.rule).toEqual(denyMcp);
484
- expect(result.value).toBe("exa_search");
485
- });
486
-
487
- test("single-candidate array behaves like evaluate()", () => {
488
- const rules: Ruleset = [defaultRule, allowBash];
489
- const result = evaluateFirst("bash", ["git status"], rules, "linux");
490
- expect(result.rule).toEqual(allowBash);
491
- expect(result.value).toBe("git status");
492
- });
493
-
494
- test("uses '*' as fallback value when values array is empty", () => {
495
- const rules: Ruleset = [defaultRule];
496
- const result = evaluateFirst("bash", [], rules, "linux");
497
- expect(result.value).toBe("*");
498
- });
499
- });
500
-
501
- describe("evaluateAnyValue", () => {
502
- const catchAllAllow: Rule = {
503
- surface: "path",
504
- pattern: "*",
505
- action: "allow",
506
- layer: "config",
507
- origin: "global",
508
- };
509
- const catchAllAsk: Rule = {
510
- surface: "path",
511
- pattern: "*",
512
- action: "ask",
513
- layer: "config",
514
- origin: "global",
515
- };
516
- const relativeDeny: Rule = {
517
- surface: "path",
518
- pattern: "src/*",
519
- action: "deny",
520
- layer: "config",
521
- origin: "global",
522
- };
523
- const absoluteAllow: Rule = {
524
- surface: "path",
525
- pattern: "/proj/*",
526
- action: "allow",
527
- layer: "config",
528
- origin: "global",
529
- };
530
-
531
- test("a later relative rule wins over a catch-all matched by another alias", () => {
532
- const rules: Ruleset = [catchAllAllow, relativeDeny];
533
- const result = evaluateAnyValue(
534
- "path",
535
- ["/proj/src/foo.ts", "src/foo.ts"],
536
- rules,
537
- "linux",
538
- );
539
- expect(result.rule).toEqual(relativeDeny);
540
- expect(result.value).toBe("src/foo.ts");
541
- });
542
-
543
- test("uses an absolute alias when no later relative rule matches", () => {
544
- const rules: Ruleset = [catchAllAsk, absoluteAllow];
545
- const result = evaluateAnyValue(
546
- "path",
547
- ["/proj/src/foo.ts", "src/foo.ts"],
548
- rules,
549
- "linux",
550
- );
551
- expect(result.rule).toEqual(absoluteAllow);
552
- expect(result.value).toBe("/proj/src/foo.ts");
553
- });
554
-
555
- test("falls back to the first value's default when no rule matches", () => {
556
- const result = evaluateAnyValue(
557
- "path",
558
- ["/proj/src/foo.ts", "src/foo.ts"],
559
- [],
560
- "linux",
561
- );
562
- expect(result.rule.action).toBe("ask");
563
- expect(result.value).toBe("/proj/src/foo.ts");
564
- });
565
-
566
- test("uses '*' as fallback value when values array is empty", () => {
567
- const result = evaluateAnyValue("path", [], [], "linux");
568
- expect(result.value).toBe("*");
569
- });
570
- });
571
-
572
- describe("evaluateMostRestrictive", () => {
573
- const denyEnv: Rule = {
574
- surface: "path",
575
- pattern: "*.env",
576
- action: "deny",
577
- layer: "config",
578
- origin: "global",
579
- };
580
- const askSsh: Rule = {
581
- surface: "path",
582
- pattern: "/home/user/.ssh/*",
583
- action: "ask",
584
- layer: "config",
585
- origin: "global",
586
- };
587
- const allowAll: Rule = {
588
- surface: "path",
589
- pattern: "*",
590
- action: "allow",
591
- layer: "config",
592
- origin: "global",
593
- };
594
-
595
- test("deny short-circuits: returns immediately without evaluating remaining values", () => {
596
- const rules: Ruleset = [allowAll, denyEnv];
597
- const result = evaluateMostRestrictive(
598
- "path",
599
- [".env", "README.md"],
600
- rules,
601
- "linux",
602
- );
603
- expect(result).not.toBeNull();
604
- expect(result!.rule.action).toBe("deny");
605
- expect(result!.value).toBe(".env");
606
- });
607
-
608
- test("ask accumulates: returns first ask when no deny found", () => {
609
- const rules: Ruleset = [allowAll, askSsh];
610
- const result = evaluateMostRestrictive(
611
- "path",
612
- ["/home/user/.ssh/id_rsa", "README.md"],
613
- rules,
614
- "linux",
615
- );
616
- expect(result).not.toBeNull();
617
- expect(result!.rule.action).toBe("ask");
618
- expect(result!.value).toBe("/home/user/.ssh/id_rsa");
619
- });
620
-
621
- test("all allow: returns null", () => {
622
- const rules: Ruleset = [allowAll];
623
- const result = evaluateMostRestrictive(
624
- "path",
625
- ["README.md", "src/index.ts"],
626
- rules,
627
- "linux",
628
- );
629
- expect(result).toBeNull();
630
- });
631
-
632
- test("empty values: returns null", () => {
633
- const rules: Ruleset = [allowAll, denyEnv];
634
- const result = evaluateMostRestrictive("path", [], rules, "linux");
635
- expect(result).toBeNull();
636
- });
637
-
638
- test("deny wins over ask", () => {
639
- const rules: Ruleset = [allowAll, askSsh, denyEnv];
640
- const result = evaluateMostRestrictive(
641
- "path",
642
- ["/home/user/.ssh/id_rsa", ".env"],
643
- rules,
644
- "linux",
645
- );
646
- expect(result).not.toBeNull();
647
- expect(result!.rule.action).toBe("deny");
648
- expect(result!.value).toBe(".env");
649
- });
650
- });
@@ -1,46 +0,0 @@
1
- import { describe, expect, test } from "vitest";
2
-
3
- import { isSafeSystemPath, SAFE_SYSTEM_PATHS } from "#src/safe-system-paths";
4
-
5
- describe("SAFE_SYSTEM_PATHS", () => {
6
- test("contains /dev/null, /dev/stdin, /dev/stdout, /dev/stderr", () => {
7
- expect(SAFE_SYSTEM_PATHS.has("/dev/null")).toBe(true);
8
- expect(SAFE_SYSTEM_PATHS.has("/dev/stdin")).toBe(true);
9
- expect(SAFE_SYSTEM_PATHS.has("/dev/stdout")).toBe(true);
10
- expect(SAFE_SYSTEM_PATHS.has("/dev/stderr")).toBe(true);
11
- });
12
- });
13
-
14
- describe("isSafeSystemPath", () => {
15
- test("returns true for /dev/null", () => {
16
- expect(isSafeSystemPath("/dev/null")).toBe(true);
17
- });
18
-
19
- test("returns true for /dev/stdin", () => {
20
- expect(isSafeSystemPath("/dev/stdin")).toBe(true);
21
- });
22
-
23
- test("returns true for /dev/stdout", () => {
24
- expect(isSafeSystemPath("/dev/stdout")).toBe(true);
25
- });
26
-
27
- test("returns true for /dev/stderr", () => {
28
- expect(isSafeSystemPath("/dev/stderr")).toBe(true);
29
- });
30
-
31
- test("returns false for an arbitrary absolute path", () => {
32
- expect(isSafeSystemPath("/etc/passwd")).toBe(false);
33
- });
34
-
35
- test("returns false for a path prefixed with a safe system path", () => {
36
- expect(isSafeSystemPath("/dev/null/subdir")).toBe(false);
37
- });
38
-
39
- test("returns false for an empty string", () => {
40
- expect(isSafeSystemPath("")).toBe(false);
41
- });
42
-
43
- test("returns false for a relative path", () => {
44
- expect(isSafeSystemPath("dev/null")).toBe(false);
45
- });
46
- });