@jaguilar87/gaia-ops 2.2.1 → 2.2.2

package/tests/system/permissions_helpers.py

@@ -0,0 +1,318 @@
+"""
+Helper utilities for permissions system tests.
+
+Provides functions for:
+- Loading project and shared settings
+- Merging settings with proper precedence
+- Finding Claude configuration directories
+- Detecting environment mode (production vs development)
+"""
+
+import json
+from pathlib import Path
+from typing import Dict, Any, Optional, List
+import re
+
+
+def load_project_settings(project_root: Path) -> Optional[Dict[str, Any]]:
+    """
+    Load project-specific settings.json.
+    
+    Args:
+        project_root: Root directory of the project
+        
+    Returns:
+        Dict of settings, or None if not found
+    """
+    settings_path = project_root / ".claude" / "settings.json"
+    
+    if not settings_path.exists():
+        return None
+    
+    try:
+        with open(settings_path, 'r') as f:
+            return json.load(f)
+    except (json.JSONDecodeError, IOError) as e:
+        print(f"Error loading project settings: {e}")
+        return None
+
+
+def load_shared_settings(shared_root: Path) -> Optional[Dict[str, Any]]:
+    """
+    Load shared settings.json from .claude-shared.
+    
+    Args:
+        shared_root: Root directory of .claude-shared
+        
+    Returns:
+        Dict of settings, or None if not found
+    """
+    settings_path = shared_root / ".claude" / "settings.json"
+    
+    if not settings_path.exists():
+        return None
+    
+    try:
+        with open(settings_path, 'r') as f:
+            return json.load(f)
+    except (json.JSONDecodeError, IOError) as e:
+        print(f"Error loading shared settings: {e}")
+        return None
+
+
+def merge_settings(project: Dict[str, Any], shared: Dict[str, Any]) -> Dict[str, Any]:
+    """
+    Merge project and shared settings with proper precedence.
+    
+    Rules:
+    - Project settings override shared settings for same keys
+    - Nested dicts are merged recursively
+    - Lists are replaced (not merged)
+    
+    Args:
+        project: Project-specific settings
+        shared: Shared settings
+        
+    Returns:
+        Merged settings dict
+    """
+    if not project:
+        return shared.copy() if shared else {}
+    
+    if not shared:
+        return project.copy()
+    
+    # Start with a copy of shared
+    result = shared.copy()
+    
+    # Recursively merge project settings
+    for key, value in project.items():
+        if key in result and isinstance(result[key], dict) and isinstance(value, dict):
+            # Recursively merge nested dicts
+            result[key] = merge_settings(value, result[key])
+        else:
+            # Replace value (project overrides shared)
+            result[key] = value
+    
+    return result
+
+
+def find_claude_config(project_root: Path) -> Optional[Path]:
+    """
+    Find .claude configuration directory.
+    
+    Args:
+        project_root: Root directory to search from
+        
+    Returns:
+        Path to .claude directory, or None if not found
+    """
+    claude_dir = project_root / ".claude"
+    
+    if claude_dir.exists() and claude_dir.is_dir():
+        return claude_dir
+    
+    # Try parent directories (up to 3 levels)
+    for parent in [project_root.parent, project_root.parent.parent]:
+        claude_dir = parent / ".claude"
+        if claude_dir.exists() and claude_dir.is_dir():
+            return claude_dir
+    
+    return None
+
+
+def get_environment_mode(project_root: Path) -> str:
+    """
+    Detect environment mode (production vs development).
+    
+    Checks for indicators like:
+    - Project path contains "prod", "production"
+    - Project path contains "dev", "development"
+    - Environment variable CLAUDE_ENV
+    - settings.json "environment" field
+    
+    Args:
+        project_root: Root directory of the project
+        
+    Returns:
+        "production" or "development" (defaults to "development")
+    """
+    import os
+    
+    # Check environment variable
+    env = os.getenv("CLAUDE_ENV", "").lower()
+    if "prod" in env:
+        return "production"
+    if "dev" in env:
+        return "development"
+    
+    # Check project path
+    path_str = str(project_root).lower()
+    if "prod" in path_str or "production" in path_str:
+        return "production"
+    if "dev" in path_str or "development" in path_str:
+        return "development"
+    
+    # Check settings.json
+    settings = load_project_settings(project_root)
+    if settings and "environment" in settings:
+        env_setting = settings["environment"].lower()
+        if "prod" in env_setting:
+            return "production"
+        if "dev" in env_setting:
+            return "development"
+    
+    # Default to development (safer)
+    return "development"
+
+
+def load_merged_settings(project_root: Path, shared_root: Path) -> Dict[str, Any]:
+    """
+    Load and merge project + shared settings in one call.
+    
+    Args:
+        project_root: Root directory of the project
+        shared_root: Root directory of .claude-shared
+        
+    Returns:
+        Merged settings dict
+    """
+    project_settings = load_project_settings(project_root) or {}
+    shared_settings = load_shared_settings(shared_root) or {}
+    
+    return merge_settings(project_settings, shared_settings)
+
+
+
+
+def matches_any_pattern(command: str, patterns: List[str]) -> bool:
+    """
+    Check if command matches any pattern in the list.
+    
+    Supports:
+    - Simple substring matching
+    - Wildcard patterns with * (converted to regex)
+    - Regex patterns (if they contain regex special chars)
+    
+    Args:
+        command: Command to check
+        patterns: List of patterns to match against
+        
+    Returns:
+        True if command matches any pattern
+    """
+    for pattern in patterns:
+        # Simple substring match
+        if pattern in command:
+            return True
+        
+        # Wildcard pattern (convert * to .*)
+        if '*' in pattern:
+            regex_pattern = pattern.replace('*', '.*')
+            if re.search(regex_pattern, command, re.IGNORECASE):
+                return True
+        
+        # Try as regex pattern
+        try:
+            if re.search(pattern, command, re.IGNORECASE):
+                return True
+        except re.error:
+            # Not a valid regex, skip
+            pass
+    
+    return False
+
+
+def get_permission_decision(command: str, tool: str, settings: Dict[str, Any]) -> str:
+    """
+    Get permission decision for a command using priority rules.
+    
+    Priority: deny > ask > allow > default_deny
+    
+    Args:
+        command: Command to check
+        tool: Tool name (e.g., "bash")
+        settings: Merged settings dict
+        
+    Returns:
+        "deny", "ask", "allow", or "default_deny"
+    """
+    if "permissions" not in settings:
+        return "default_deny"
+    
+    if tool not in settings["permissions"]:
+        return "default_deny"
+    
+    tool_permissions = settings["permissions"][tool]
+    
+    # Priority 1: Check deny list (highest priority)
+    deny_patterns = tool_permissions.get("deny", [])
+    if matches_any_pattern(command, deny_patterns):
+        return "deny"
+    
+    # Priority 2: Check ask dict (medium priority)
+    ask_patterns = list(tool_permissions.get("ask", {}).keys())
+    if matches_any_pattern(command, ask_patterns):
+        return "ask"
+    
+    # Priority 3: Check allow list (lowest priority)
+    allow_patterns = tool_permissions.get("allow", [])
+    if matches_any_pattern(command, allow_patterns):
+        return "allow"
+    
+    # Default: deny if not explicitly allowed
+    return "default_deny"
+
+
+def get_permission_level(settings: Dict[str, Any], tool: str, command: str) -> str:
+    """
+    Determine permission level for a command.
+    
+    Priority: deny > ask > allow > default_deny
+    
+    Args:
+        settings: Merged settings dict
+        tool: Tool name (e.g., "bash")
+        command: Command to check
+        
+    Returns:
+        "deny", "ask", "allow", or "default_deny"
+    """
+    return get_permission_decision(command, tool, settings)
+
+
+def validate_settings_schema(settings: Dict[str, Any]) -> bool:
+    """
+    Validate that settings dict has correct structure.
+    
+    Args:
+        settings: Settings dict to validate
+        
+    Returns:
+        True if valid, False otherwise
+    """
+    if not isinstance(settings, dict):
+        return False
+    
+    # Check for required top-level keys
+    if "permissions" in settings:
+        permissions = settings["permissions"]
+        if not isinstance(permissions, dict):
+            return False
+        
+        # Validate each tool's permissions
+        for tool, perms in permissions.items():
+            if not isinstance(perms, dict):
+                return False
+            
+            # Check that deny/allow are lists
+            if "deny" in perms and not isinstance(perms["deny"], list):
+                return False
+            if "allow" in perms and not isinstance(perms["allow"], list):
+                return False
+            
+            # Check that ask is a dict
+            if "ask" in perms and not isinstance(perms["ask"], dict):
+                return False
+    
+    return True

package/tests/system/test_agent_definitions.py

@@ -0,0 +1,166 @@
+"""
+Test suite for agent definition files
+Validates agent prompts have required sections and structure
+"""
+
+import pytest
+from pathlib import Path
+
+
+class TestAgentStructure:
+    """Test that agent files have proper structure"""
+
+    @pytest.fixture
+    def agents_dir(self):
+        """Get the agents directory path"""
+        agents = Path(__file__).resolve().parents[2] / "agents"
+        return agents.resolve() if agents.is_symlink() else agents
+
+    @pytest.fixture
+    def all_agents(self, agents_dir):
+        """Get all agent markdown files"""
+        return list(agents_dir.glob("*.md"))
+
+    def test_all_agents_have_title(self, all_agents):
+        """All agents should have a title heading"""
+        for agent_file in all_agents:
+            content = agent_file.read_text()
+            # Check for any heading (# or ##)
+            has_heading = any(line.strip().startswith('#') for line in content.split('\n'))
+            assert has_heading, \
+                f"{agent_file.name} should have at least one heading"
+
+    def test_all_agents_have_role_section(self, all_agents):
+        """All agents should define their role"""
+        for agent_file in all_agents:
+            content = agent_file.read_text()
+            # Check for role-related sections or keywords
+            role_indicators = [
+                "## Role", "## Primary Role", "## Core Identity",
+                "role", "responsibility", "specialize"
+            ]
+            has_role = any(indicator.lower() in content.lower() for indicator in role_indicators)
+            assert has_role, f"{agent_file.name} missing role definition"
+
+    def test_all_agents_have_capabilities(self, all_agents):
+        """All agents should list their capabilities"""
+        for agent_file in all_agents:
+            content = agent_file.read_text()
+            capability_indicators = [
+                "## Capabilities",
+                "## Core Capabilities", 
+                "## What I Do",
+                "## Responsibilities",
+                "capabilities",
+                "can do",
+                "will handle"
+            ]
+            has_capabilities = any(ind.lower() in content.lower() for ind in capability_indicators)
+            assert has_capabilities, \
+                f"{agent_file.name} missing capabilities section"
+
+    def test_all_agents_have_workflow(self, all_agents):
+        """All agents should document their workflow"""
+        for agent_file in all_agents:
+            content = agent_file.read_text()
+            workflow_indicators = [
+                "## Workflow",
+                "## Operating Protocol",
+                "## Process",
+                "## Execution Protocol",
+                "workflow",
+                "protocol",
+                "procedure",
+                "steps"
+            ]
+            has_workflow = any(ind.lower() in content.lower() for ind in workflow_indicators)
+            assert has_workflow, f"{agent_file.name} missing workflow description"
+
+
+class TestProjectAgents:
+    """Test project agent specific requirements"""
+
+    @pytest.fixture
+    def agents_dir(self):
+        """Get the agents directory path"""
+        agents = Path(__file__).resolve().parents[2] / "agents"
+        return agents.resolve() if agents.is_symlink() else agents
+
+    def test_terraform_architect_exists(self, agents_dir):
+        """terraform-architect.md must exist"""
+        tf_agent = agents_dir / "terraform-architect.md"
+        assert tf_agent.exists(), "terraform-architect.md not found"
+
+    def test_gitops_operator_exists(self, agents_dir):
+        """gitops-operator.md must exist"""
+        gitops_agent = agents_dir / "gitops-operator.md"
+        assert gitops_agent.exists(), "gitops-operator.md not found"
+
+    def test_gcp_troubleshooter_exists(self, agents_dir):
+        """gcp-troubleshooter.md must exist"""
+        gcp_agent = agents_dir / "gcp-troubleshooter.md"
+        assert gcp_agent.exists(), "gcp-troubleshooter.md not found"
+
+    def test_aws_troubleshooter_exists(self, agents_dir):
+        """aws-troubleshooter.md must exist"""
+        aws_agent = agents_dir / "aws-troubleshooter.md"
+        assert aws_agent.exists(), "aws-troubleshooter.md not found"
+
+    def test_devops_developer_exists(self, agents_dir):
+        """devops-developer.md must exist"""
+        devops_agent = agents_dir / "devops-developer.md"
+        assert devops_agent.exists(), "devops-developer.md not found"
+
+
+class TestAgentSecurity:
+    """Test that agents document security tiers"""
+
+    @pytest.fixture
+    def agents_dir(self):
+        """Get the agents directory path"""
+        agents = Path(__file__).resolve().parents[2] / "agents"
+        return agents.resolve() if agents.is_symlink() else agents
+
+    def test_agents_document_security_tiers(self, agents_dir):
+        """Agents should document their security tier capabilities"""
+        for agent_file in agents_dir.glob("*.md"):
+            content = agent_file.read_text()
+            
+            # Should mention security tiers or permissions
+            tier_indicators = ["T0", "T1", "T2", "T3", "tier", "security", "permission"]
+            mentions_tiers = any(indicator.lower() in content.lower() for indicator in tier_indicators)
+            
+            assert mentions_tiers, \
+                f"{agent_file.name} should document security tier usage or permissions"
+
+
+class TestAgentConsistency:
+    """Test consistency across agent definitions"""
+
+    @pytest.fixture
+    def agents_dir(self):
+        """Get the agents directory path"""
+        agents = Path(__file__).resolve().parents[2] / "agents"
+        return agents.resolve() if agents.is_symlink() else agents
+
+    def test_no_duplicate_agent_names(self, agents_dir):
+        """Agent names should be unique"""
+        agent_files = list(agents_dir.glob("*.md"))
+        agent_names = [f.stem for f in agent_files]
+        
+        assert len(agent_names) == len(set(agent_names)), \
+            "Duplicate agent names detected"
+
+    def test_agent_naming_convention(self, agents_dir):
+        """Agent files should follow naming convention (kebab-case)"""
+        for agent_file in agents_dir.glob("*.md"):
+            name = agent_file.stem
+            # Should be lowercase with hyphens (or all lowercase)
+            assert name.islower() or "-" in name, \
+                f"{agent_file.name} should use kebab-case or lowercase naming"
+            assert " " not in name, \
+                f"{agent_file.name} should not contain spaces"
+
+
+if __name__ == "__main__":
+    pytest.main([__file__, "-v"])

package/tests/system/test_configuration_files.py

@@ -0,0 +1,121 @@
+"""
+Test suite for configuration files
+Validates settings.json, git_standards.json, and other configs
+"""
+
+import pytest
+import json
+from pathlib import Path
+
+
+class TestSettingsTemplate:
+    """Test templates/settings.template.json structure and validity"""
+
+    @pytest.fixture
+    def settings_path(self):
+        """Get settings template path (gaia-ops is a package, not installed project)"""
+        return Path(__file__).resolve().parents[2] / "templates" / "settings.template.json"
+
+    def test_settings_file_exists(self, settings_path):
+        """settings.template.json must exist in templates/"""
+        assert settings_path.exists(), f"settings.template.json not found at {settings_path}"
+
+    def test_settings_is_valid_json(self, settings_path):
+        """settings.template.json must be valid JSON"""
+        try:
+            with open(settings_path, 'r') as f:
+                json.load(f)
+        except json.JSONDecodeError as e:
+            pytest.fail(f"settings.template.json is not valid JSON: {e}")
+
+    def test_settings_has_required_sections(self, settings_path):
+        """settings.template.json should have required configuration sections"""
+        with open(settings_path, 'r') as f:
+            data = json.load(f)
+
+        # Check for core sections
+        assert 'hooks' in data, "settings.template.json missing hooks section"
+        assert 'permissions' in data, "settings.template.json missing permissions section"
+
+
+class TestGitStandards:
+    """Test git_standards.json configuration"""
+
+    @pytest.fixture
+    def git_standards_path(self):
+        """Get git_standards.json path"""
+        return Path(__file__).resolve().parents[2] / "config" / "git_standards.json"
+
+    def test_git_standards_exists(self, git_standards_path):
+        """git_standards.json must exist"""
+        assert git_standards_path.exists(), "git_standards.json not found"
+
+    def test_git_standards_is_valid_json(self, git_standards_path):
+        """git_standards.json must be valid JSON"""
+        try:
+            with open(git_standards_path, 'r') as f:
+                json.load(f)
+        except json.JSONDecodeError as e:
+            pytest.fail(f"git_standards.json is not valid JSON: {e}")
+
+    def test_git_standards_has_commit_types(self, git_standards_path):
+        """git_standards.json should define allowed commit types"""
+        with open(git_standards_path, 'r') as f:
+            data = json.load(f)
+        
+        # Structure is: data['commit_message']['type_allowed']
+        has_types = (
+            ('commit_message' in data and 'type_allowed' in data['commit_message']) or
+            'commit_types' in data or 
+            'allowed_types' in data
+        )
+        assert has_types, "git_standards.json missing commit types"
+
+    def test_git_standards_has_forbidden_footers(self, git_standards_path):
+        """git_standards.json should define forbidden footers"""
+        with open(git_standards_path, 'r') as f:
+            data = json.load(f)
+        
+        # Structure is: data['commit_message']['footer_forbidden']
+        has_forbidden = (
+            ('commit_message' in data and 'footer_forbidden' in data['commit_message']) or
+            'forbidden_footers' in data or 
+            'blocked_footers' in data or
+            'prohibited_footers' in data
+        )
+        assert has_forbidden, \
+            "git_standards.json missing forbidden footers config"
+
+
+class TestConfigConsistency:
+    """Test consistency across configuration files"""
+
+    @pytest.fixture
+    def config_dir(self):
+        """Get config directory path"""
+        return Path(__file__).resolve().parents[2] / "config"
+
+    def test_all_json_files_valid(self, config_dir):
+        """All JSON files in config/ should be valid"""
+        if not config_dir.exists():
+            pytest.skip("config/ directory not found")
+            
+        for json_file in config_dir.glob("*.json"):
+            try:
+                with open(json_file, 'r') as f:
+                    json.load(f)
+            except json.JSONDecodeError as e:
+                pytest.fail(f"Invalid JSON in {json_file.name}: {e}")
+
+    def test_no_empty_config_files(self, config_dir):
+        """Config files should not be empty"""
+        if not config_dir.exists():
+            pytest.skip("config/ directory not found")
+            
+        for config_file in config_dir.glob("*.json"):
+            size = config_file.stat().st_size
+            assert size > 10, f"{config_file.name} is too small or empty"
+
+
+if __name__ == "__main__":
+    pytest.main([__file__, "-v"])