@gotgenes/pi-permission-system 5.6.2 → 5.7.0

package/tests/external-directory.test.ts

@@ -1,346 +0,0 @@
-import { afterEach, beforeEach, describe, expect, test, vi } from "vitest";
-
-// Hoisted stubs for mocks that reference them in vi.mock factories.
-const { mockSpawnSync, mockExistsSync } = vi.hoisted(() => ({
-  mockSpawnSync: vi.fn(),
-  mockExistsSync: vi.fn(),
-}));
-
-// Mock node:child_process so tests don't spawn real subprocesses.
-vi.mock("node:child_process", () => ({
-  spawnSync: mockSpawnSync,
-  default: { spawnSync: mockSpawnSync },
-}));
-
-// Mock node:fs so existsSync is controllable.
-vi.mock("node:fs", () => ({
-  existsSync: mockExistsSync,
-  default: { existsSync: mockExistsSync },
-}));
-
-// Mock node:os so tilde-expansion is deterministic across platforms.
-vi.mock("node:os", () => {
-  const homedir = vi.fn(() => "/mock/home");
-  return {
-    homedir,
-    default: { homedir },
-  };
-});
-
-import {
-  discoverGlobalNodeModulesRoot,
-  formatExternalDirectoryAskPrompt,
-  formatExternalDirectoryDenyReason,
-  formatExternalDirectoryHardStopHint,
-  formatExternalDirectoryUserDeniedReason,
-  getPathBearingToolPath,
-  isPathOutsideWorkingDirectory,
-  isSafeSystemPath,
-  PATH_BEARING_TOOLS,
-  SAFE_SYSTEM_PATHS,
-} from "../src/external-directory";
-
-afterEach(() => {
-  vi.restoreAllMocks();
-});
-
-describe("PATH_BEARING_TOOLS", () => {
-  test("contains the expected tool names", () => {
-    for (const tool of ["read", "write", "edit", "find", "grep", "ls"]) {
-      expect(PATH_BEARING_TOOLS.has(tool)).toBe(true);
-    }
-  });
-
-  test("does not contain bash or mcp", () => {
-    expect(PATH_BEARING_TOOLS.has("bash")).toBe(false);
-    expect(PATH_BEARING_TOOLS.has("mcp")).toBe(false);
-  });
-});
-
-describe("SAFE_SYSTEM_PATHS", () => {
-  test("contains /dev/null, /dev/stdin, /dev/stdout, /dev/stderr", () => {
-    expect(SAFE_SYSTEM_PATHS.has("/dev/null")).toBe(true);
-    expect(SAFE_SYSTEM_PATHS.has("/dev/stdin")).toBe(true);
-    expect(SAFE_SYSTEM_PATHS.has("/dev/stdout")).toBe(true);
-    expect(SAFE_SYSTEM_PATHS.has("/dev/stderr")).toBe(true);
-  });
-});
-
-describe("isSafeSystemPath", () => {
-  test("returns true for /dev/null", () => {
-    expect(isSafeSystemPath("/dev/null")).toBe(true);
-  });
-
-  test("returns true for /dev/stdin", () => {
-    expect(isSafeSystemPath("/dev/stdin")).toBe(true);
-  });
-
-  test("returns true for /dev/stdout", () => {
-    expect(isSafeSystemPath("/dev/stdout")).toBe(true);
-  });
-
-  test("returns true for /dev/stderr", () => {
-    expect(isSafeSystemPath("/dev/stderr")).toBe(true);
-  });
-
-  test("returns false for an arbitrary absolute path", () => {
-    expect(isSafeSystemPath("/etc/passwd")).toBe(false);
-  });
-
-  test("returns false for a path prefixed with a safe system path", () => {
-    expect(isSafeSystemPath("/dev/null/subdir")).toBe(false);
-  });
-
-  test("returns false for an empty string", () => {
-    expect(isSafeSystemPath("")).toBe(false);
-  });
-
-  test("returns false for a relative path", () => {
-    expect(isSafeSystemPath("dev/null")).toBe(false);
-  });
-});
-
-describe("getPathBearingToolPath", () => {
-  test("returns path for a path-bearing tool", () => {
-    expect(getPathBearingToolPath("read", { path: "/src/foo.ts" })).toBe(
-      "/src/foo.ts",
-    );
-  });
-
-  test("returns null for a non-path-bearing tool", () => {
-    expect(getPathBearingToolPath("bash", { path: "/src/foo.ts" })).toBeNull();
-    expect(getPathBearingToolPath("mcp", { path: "/src/foo.ts" })).toBeNull();
-    expect(getPathBearingToolPath("task", { path: "/src/foo.ts" })).toBeNull();
-  });
-
-  test("returns null when input has no path", () => {
-    expect(getPathBearingToolPath("read", {})).toBeNull();
-    expect(getPathBearingToolPath("read", { path: "" })).toBeNull();
-    expect(getPathBearingToolPath("read", null)).toBeNull();
-  });
-});
-
-describe("isPathOutsideWorkingDirectory", () => {
-  const cwd = "/projects/my-app";
-
-  test("returns false when path is inside cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/projects/my-app/src", cwd)).toBe(
-      false,
-    );
-  });
-
-  test("returns false when path equals cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/projects/my-app", cwd)).toBe(false);
-  });
-
-  test("returns true when path is outside cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/etc/passwd", cwd)).toBe(true);
-  });
-
-  test("returns true for home directory when outside cwd", () => {
-    expect(isPathOutsideWorkingDirectory("~/secrets", cwd)).toBe(true);
-  });
-
-  test("returns false for relative path resolving inside cwd", () => {
-    expect(isPathOutsideWorkingDirectory("src/index.ts", cwd)).toBe(false);
-  });
-
-  test("returns false for empty path (normalizes to empty string)", () => {
-    expect(isPathOutsideWorkingDirectory("", cwd)).toBe(false);
-  });
-
-  test("returns false for /dev/null regardless of cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/dev/null", cwd)).toBe(false);
-  });
-
-  test("returns false for /dev/stdin regardless of cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/dev/stdin", cwd)).toBe(false);
-  });
-
-  test("returns false for /dev/stdout regardless of cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/dev/stdout", cwd)).toBe(false);
-  });
-
-  test("returns false for /dev/stderr regardless of cwd", () => {
-    expect(isPathOutsideWorkingDirectory("/dev/stderr", cwd)).toBe(false);
-  });
-
-  test("returns true for /dev/null/subdir (not a safe path)", () => {
-    expect(isPathOutsideWorkingDirectory("/dev/null/subdir", cwd)).toBe(true);
-  });
-});
-
-describe("formatExternalDirectoryHardStopHint", () => {
-  test("returns the hard stop instruction string", () => {
-    const hint = formatExternalDirectoryHardStopHint();
-    expect(hint).toContain("Hard stop");
-    expect(hint).toContain("external directory");
-  });
-});
-
-describe("formatExternalDirectoryAskPrompt", () => {
-  test("uses 'Current agent' when no agent name provided", () => {
-    const result = formatExternalDirectoryAskPrompt(
-      "read",
-      "/etc/passwd",
-      "/projects/my-app",
-    );
-    expect(result).toContain("Current agent");
-    expect(result).toContain("read");
-    expect(result).toContain("/etc/passwd");
-    expect(result).toContain("/projects/my-app");
-  });
-
-  test("uses agent name when provided", () => {
-    const result = formatExternalDirectoryAskPrompt(
-      "write",
-      "/tmp/out.txt",
-      "/projects/my-app",
-      "my-agent",
-    );
-    expect(result).toContain("Agent 'my-agent'");
-    expect(result).toContain("write");
-    expect(result).toContain("/tmp/out.txt");
-  });
-});
-
-describe("formatExternalDirectoryDenyReason", () => {
-  test("includes tool name, path, cwd, agent name, and hard stop hint", () => {
-    const result = formatExternalDirectoryDenyReason(
-      "read",
-      "/etc/passwd",
-      "/projects/my-app",
-      "sec-agent",
-    );
-    expect(result).toContain("Agent 'sec-agent'");
-    expect(result).toContain("read");
-    expect(result).toContain("/etc/passwd");
-    expect(result).toContain("/projects/my-app");
-    expect(result).toContain("Hard stop");
-  });
-
-  test("uses 'Current agent' without agent name", () => {
-    const result = formatExternalDirectoryDenyReason(
-      "read",
-      "/etc",
-      "/projects",
-    );
-    expect(result).toContain("Current agent");
-  });
-});
-
-describe("formatExternalDirectoryUserDeniedReason", () => {
-  test("includes tool name and path", () => {
-    const result = formatExternalDirectoryUserDeniedReason(
-      "edit",
-      "/etc/hosts",
-    );
-    expect(result).toContain("edit");
-    expect(result).toContain("/etc/hosts");
-    expect(result).toContain("Hard stop");
-  });
-
-  test("appends denial reason when provided", () => {
-    const result = formatExternalDirectoryUserDeniedReason(
-      "edit",
-      "/etc/hosts",
-      "too risky",
-    );
-    expect(result).toContain("Reason: too risky");
-  });
-
-  test("omits reason suffix when not provided", () => {
-    const result = formatExternalDirectoryUserDeniedReason(
-      "edit",
-      "/etc/hosts",
-    );
-    expect(result).not.toContain("Reason:");
-  });
-});
-
-describe("discoverGlobalNodeModulesRoot", () => {
-  // The walk-up-from-self strategy uses import.meta.url which resolves to a
-  // path inside the source tree during tests — there is no node_modules
-  // ancestor. So the fallback path is exercised naturally here.
-  //
-  // For the "walk-up succeeds" case, we verify the subprocess is NOT called
-  // by confirming spawnSync call count stays at zero when the URL has a
-  // node_modules ancestor.
-
-  beforeEach(() => {
-    mockSpawnSync.mockReset();
-    mockExistsSync.mockReset();
-  });
-
-  test("returns node_modules root when URL is inside a node_modules tree", () => {
-    // Simulate a URL whose file path contains a node_modules ancestor.
-    const fakeUrl =
-      "file:///opt/homebrew/lib/node_modules/@gotgenes/pi-permission-system/dist/external-directory.js";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-    expect(result).toBe("/opt/homebrew/lib/node_modules");
-    // Subprocess should NOT have been invoked — walk-up succeeds.
-    expect(mockSpawnSync).not.toHaveBeenCalled();
-  });
-
-  test("calls npm root -g as fallback when walk-up finds no node_modules ancestor", () => {
-    const npmRootPath = "/opt/homebrew/lib/node_modules";
-    mockSpawnSync.mockReturnValue({
-      status: 0,
-      stdout: `${npmRootPath}\n`,
-    });
-    mockExistsSync.mockReturnValue(true);
-
-    // Use a file URL with no node_modules ancestor.
-    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-
-    expect(mockSpawnSync).toHaveBeenCalledWith(
-      "npm",
-      ["root", "-g"],
-      expect.objectContaining({ encoding: "utf-8" }),
-    );
-    expect(result).toBe(npmRootPath);
-  });
-
-  test("returns null when walk-up fails and npm root -g returns non-zero exit", () => {
-    mockSpawnSync.mockReturnValue({ status: 1, stdout: "" });
-
-    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-
-    expect(result).toBeNull();
-  });
-
-  test("returns null when walk-up fails and spawnSync throws", () => {
-    mockSpawnSync.mockImplementation(() => {
-      throw new Error("ENOENT");
-    });
-
-    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-
-    expect(result).toBeNull();
-  });
-
-  test("returns null when walk-up fails and npm root -g returns non-existent path", () => {
-    mockSpawnSync.mockReturnValue({
-      status: 0,
-      stdout: "/some/nonexistent/node_modules\n",
-    });
-    mockExistsSync.mockReturnValue(false);
-
-    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-
-    expect(result).toBeNull();
-  });
-
-  test("returns null when walk-up fails and npm root -g returns empty stdout", () => {
-    mockSpawnSync.mockReturnValue({ status: 0, stdout: "   " });
-
-    const fakeUrl = "file:///Users/dev/my-project/src/external-directory.ts";
-    const result = discoverGlobalNodeModulesRoot(fakeUrl);
-
-    expect(result).toBeNull();
-  });
-});