@semalt-ai/code 1.8.5 → 1.20.0

package/test/executors.test.js

@@ -0,0 +1,599 @@
+'use strict';
+
+// Characterization tests for the agentExecFile branch executors (Task 1.4b).
+// Written BEFORE the executors are moved into the tool registry, and must stay
+// green after the move. fs mutations are real but isolated: a temp $HOME (so
+// config.json / memory.json / audit.log resolve under it) and a temp working
+// directory (so isPathSafe permits writes). Captures current behavior exactly,
+// including quirks — reported, not fixed.
+
+const os = require('node:os');
+const fs = require('node:fs');
+const path = require('node:path');
+
+// Redirect home-based paths (memory store, audit log, config) into a temp dir
+// BEFORE any lib module is required — those paths are computed at module load.
+const TMP_HOME = fs.mkdtempSync(path.join(os.tmpdir(), 'semalt-home-'));
+const PREV_HOME = process.env.HOME;
+const PREV_USERPROFILE = process.env.USERPROFILE;
+process.env.HOME = TMP_HOME;
+process.env.USERPROFILE = TMP_HOME;
+
+const { test, before, after, beforeEach } = require('node:test');
+const assert = require('node:assert');
+const http = require('node:http');
+
+const ui = require('../lib/ui');
+const { createPermissionManager } = require('../lib/permissions');
+const { createToolExecutor } = require('../lib/tools');
+
+let exec;          // { agentExecFile, agentExecShell, describePermission }
+let CWD;           // temp working directory (also process.cwd during the suite)
+let PREV_CWD;
+
+before(() => {
+  PREV_CWD = process.cwd();
+  CWD = fs.mkdtempSync(path.join(os.tmpdir(), 'semalt-cwd-'));
+  process.chdir(CWD);
+  const pm = createPermissionManager(ui, {});
+  exec = createToolExecutor(pm, ui, () => ({ max_file_size_kb: 512, command_timeout_ms: 30000 }));
+});
+
+after(() => {
+  process.chdir(PREV_CWD);
+  if (PREV_HOME === undefined) delete process.env.HOME; else process.env.HOME = PREV_HOME;
+  if (PREV_USERPROFILE === undefined) delete process.env.USERPROFILE; else process.env.USERPROFILE = PREV_USERPROFILE;
+});
+
+const ef = (...a) => exec.agentExecFile(...a);
+const read = (p) => fs.readFileSync(path.join(CWD, p), 'utf8');
+
+// ---------------------------------------------------------------------------
+// write / append / read
+// ---------------------------------------------------------------------------
+
+test('write creates a file (and parent dirs) and returns byte count', async () => {
+  const r = await ef('write', 'sub/dir/a.txt', 'hello');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.path, 'sub/dir/a.txt');
+  assert.strictEqual(r.bytes, 5);
+  assert.strictEqual(read('sub/dir/a.txt'), 'hello');
+});
+
+test('write overwrites existing content', async () => {
+  await ef('write', 'ow.txt', 'first');
+  await ef('write', 'ow.txt', 'second');
+  assert.strictEqual(read('ow.txt'), 'second');
+});
+
+test('QUIRK: write/append byte count is the NEW content length, not total file size', async () => {
+  await ef('write', 'ap.txt', 'AAAA');
+  const r = await ef('append', 'ap.txt', 'BB');
+  assert.strictEqual(read('ap.txt'), 'AAAABB');
+  assert.strictEqual(r.bytes, 2, 'bytes reflects only the appended chunk');
+});
+
+test('write outside the working tree is sandbox-blocked', async () => {
+  const r = await ef('write', '/etc/should-not-write.txt', 'x');
+  assert.ok(r.error && /outside allowed area/i.test(r.error));
+});
+
+test('read returns content + byte length', async () => {
+  await ef('write', 'r.txt', 'abcdef');
+  const r = await ef('read', 'r.txt');
+  assert.strictEqual(r.content, 'abcdef');
+  assert.strictEqual(r.bytes, 6);
+  assert.strictEqual(r.path, 'r.txt');
+});
+
+test('read refuses a protected secret path (config.json)', async () => {
+  const cfgPath = path.join(os.homedir(), '.semalt-ai', 'config.json');
+  const r = await ef('read', cfgPath);
+  assert.ok(r.error && /secrets|credentials/i.test(r.error));
+});
+
+test('read rejects a file over max_file_size_kb', async () => {
+  const pm = createPermissionManager(ui, {});
+  const tinyExec = createToolExecutor(pm, ui, () => ({ max_file_size_kb: 1 }));
+  await ef('write', 'big.txt', 'x'.repeat(2000)); // ~2 KB > 1 KB limit
+  const r = await tinyExec.agentExecFile('read', path.join(CWD, 'big.txt'));
+  assert.ok(r.error && /too large/i.test(r.error));
+});
+
+test('QUIRK: max_file_size_kb of 0 falls back to the byte backstop default (Task W.7)', async () => {
+  // The byte cap is now a BACKSTOP (DEFAULT_READ_MAX_FILE_KB = 50 MB), not the
+  // primary bound — pagination is. A falsy limit falls back to that default, so a
+  // 2 KB file reads fine (it would also paginate via formatReadResult if large).
+  const pm = createPermissionManager(ui, {});
+  const zeroExec = createToolExecutor(pm, ui, () => ({ max_file_size_kb: 0 }));
+  await ef('write', 'small.txt', 'x'.repeat(2000));
+  const r = await zeroExec.agentExecFile('read', path.join(CWD, 'small.txt'));
+  assert.strictEqual(r.error, undefined, 'a falsy limit is treated as the backstop default, not 0');
+  assert.strictEqual(r.content.length, 2000);
+});
+
+test('read of a missing file returns an error', async () => {
+  const r = await ef('read', 'nope.txt');
+  assert.ok(r.error);
+});
+
+// ---------------------------------------------------------------------------
+// delete / make_dir / remove_dir
+// ---------------------------------------------------------------------------
+
+test('delete_file removes a file', async () => {
+  await ef('write', 'del.txt', 'x');
+  const r = await ef('delete_file', 'del.txt');
+  assert.strictEqual(r.status, 'ok');
+  assert.ok(!fs.existsSync(path.join(CWD, 'del.txt')));
+});
+
+test('delete_file outside the tree is blocked', async () => {
+  const r = await ef('delete_file', '/etc/hosts');
+  assert.ok(r.error && /outside allowed area/i.test(r.error));
+});
+
+test('make_dir then remove_dir (recursive)', async () => {
+  const mk = await ef('make_dir', 'd1/d2');
+  assert.strictEqual(mk.status, 'ok');
+  assert.ok(fs.existsSync(path.join(CWD, 'd1/d2')));
+  await ef('write', 'd1/d2/f.txt', 'y');
+  const rm = await ef('remove_dir', 'd1');
+  assert.strictEqual(rm.status, 'ok');
+  assert.ok(!fs.existsSync(path.join(CWD, 'd1')));
+});
+
+// ---------------------------------------------------------------------------
+// move / copy
+// ---------------------------------------------------------------------------
+
+test('move_file relocates a file', async () => {
+  await ef('write', 'm-src.txt', 'data');
+  const r = await ef('move_file', 'm-src.txt', 'moved/m-dst.txt');
+  assert.strictEqual(r.status, 'ok');
+  assert.ok(!fs.existsSync(path.join(CWD, 'm-src.txt')));
+  assert.strictEqual(read('moved/m-dst.txt'), 'data');
+});
+
+test('copy_file duplicates a file', async () => {
+  await ef('write', 'c-src.txt', 'data');
+  const r = await ef('copy_file', 'c-src.txt', 'c-dst.txt');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(read('c-src.txt'), 'data');
+  assert.strictEqual(read('c-dst.txt'), 'data');
+});
+
+test('copy_file to a path outside the tree is blocked', async () => {
+  await ef('write', 'cc.txt', 'data');
+  const r = await ef('copy_file', 'cc.txt', '/etc/x');
+  assert.ok(r.error && /outside allowed area/i.test(r.error));
+});
+
+// ---------------------------------------------------------------------------
+// edit / search_in_file / replace_in_file / search_files / file_stat
+// ---------------------------------------------------------------------------
+
+test('edit_file replaces a 1-based line', async () => {
+  await ef('write', 'e.txt', 'l1\nl2\nl3');
+  const r = await ef('edit_file', 'e.txt', 2, 'REPLACED');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(read('e.txt'), 'l1\nREPLACED\nl3');
+});
+
+test('edit_file out-of-range line returns an error', async () => {
+  await ef('write', 'e2.txt', 'only one line');
+  const r = await ef('edit_file', 'e2.txt', 99, 'x');
+  assert.ok(r.error && /out of range/i.test(r.error));
+});
+
+// Part 2: line-range edit_file (regex-free block replacement) ----------------
+
+test('edit_file replaces a contiguous line range with multi-line content', async () => {
+  await ef('write', 'range.txt', 'l1\nl2\nl3\nl4\nl5');
+  const r = await ef('edit_file', 'range.txt', 2, 'A\nB\nC', 4);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.line, 2);
+  assert.strictEqual(r.end_line, 4);
+  assert.strictEqual(read('range.txt'), 'l1\nA\nB\nC\nl5', 'lines 2-4 replaced wholesale');
+});
+
+test('edit_file line-range collapses several lines into one', async () => {
+  await ef('write', 'range2.txt', 'keep\nx\ny\nz\nkeep2');
+  const r = await ef('edit_file', 'range2.txt', 2, 'ONE', 4);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(read('range2.txt'), 'keep\nONE\nkeep2');
+});
+
+test('edit_file line-range out of range returns an error (no mutation)', async () => {
+  await ef('write', 'range3.txt', 'a\nb\nc');
+  const r = await ef('edit_file', 'range3.txt', 2, 'X', 99);
+  assert.ok(r.error && /out of range/i.test(r.error));
+  assert.strictEqual(read('range3.txt'), 'a\nb\nc');
+});
+
+test('edit_file rejects an inverted range (end before start)', async () => {
+  await ef('write', 'range4.txt', 'a\nb\nc\nd');
+  const r = await ef('edit_file', 'range4.txt', 3, 'X', 2);
+  assert.ok(r.error && /out of range/i.test(r.error));
+  assert.strictEqual(read('range4.txt'), 'a\nb\nc\nd');
+});
+
+test('edit_file single-line (no end_line) is unchanged (paired no-regression)', async () => {
+  await ef('write', 'single.txt', 'l1\nl2\nl3');
+  const r = await ef('edit_file', 'single.txt', 2, 'REPLACED');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.line, 2);
+  assert.strictEqual(r.end_line, undefined, 'no end_line reported for a single-line edit');
+  assert.strictEqual(read('single.txt'), 'l1\nREPLACED\nl3');
+});
+
+test('edit_file round-trip: read a file, then replace an exact line range by number', async () => {
+  // Mirrors the intended large-edit workflow: read_file (a numbered slice tells
+  // the agent the 1-based line numbers), then edit_file with line..end_line.
+  const src = ['def race(self):', '    speed = 0', '    # broken', '    pass', 'done()'].join('\n');
+  await ef('write', 'cligames.py', src);
+  const rd = await ef('read', 'cligames.py', null, null, true);
+  const lines = rd.content.split('\n');
+  // Locate the broken body (lines 2..4, 1-based) the way an agent would from numbers.
+  const start = lines.findIndex((l) => l.includes('speed = 0')) + 1;
+  const end = lines.findIndex((l) => l.includes('pass')) + 1;
+  assert.deepStrictEqual([start, end], [2, 4]);
+  const r = await ef('edit_file', 'cligames.py', start, '    speed = 10\n    move()', end);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(read('cligames.py'), 'def race(self):\n    speed = 10\n    move()\ndone()');
+});
+
+test('search_in_file returns matching lines with 1-based numbers', async () => {
+  await ef('write', 's.txt', 'alpha\nbeta\ngamma beta');
+  const r = await ef('search_in_file', 's.txt', 'beta');
+  assert.deepStrictEqual(r.matches, [
+    { line: 2, content: 'beta' },
+    { line: 3, content: 'gamma beta' },
+  ]);
+});
+
+test('search_in_file refuses a protected secret path', async () => {
+  const r = await ef('search_in_file', path.join(os.homedir(), '.semalt-ai', 'config.json'), 'x');
+  assert.ok(r.error && /secrets|credentials/i.test(r.error));
+});
+
+test('replace_in_file with replace_all replaces all occurrences and reports the count', async () => {
+  // Literal is now the default; replacing more than one occurrence requires the
+  // explicit replace_all flag (positional arg 6) — without it the >1-match guard
+  // would refuse (see the ambiguity test below).
+  await ef('write', 'repg.txt', 'a a a');
+  const r = await ef('replace_in_file', 'repg.txt', 'a', 'b', '', false, true);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 3);
+  assert.strictEqual(read('repg.txt'), 'b b b');
+});
+
+test('replace_in_file REFUSES an ambiguous (>1) match when replace_all is not set, file unchanged', async () => {
+  // Was: silently replaced only the FIRST of three (wrong-span corruption risk).
+  // Now: the uniqueness guard refuses and names the count, file untouched.
+  await ef('write', 'rep.txt', 'a a a');
+  const r = await ef('replace_in_file', 'rep.txt', 'a', 'b', '');
+  assert.ok(r.error && /found 3 matches/i.test(r.error), `expected ambiguity error, got ${JSON.stringify(r)}`);
+  assert.ok(/replace_all/i.test(r.error));
+  assert.strictEqual(read('rep.txt'), 'a a a', 'file must be unchanged on refusal');
+});
+
+test('replace_in_file REFUSES when there is no match (count 0 is an error, file unchanged)', async () => {
+  // Was: returned {status:'ok', count:0} — masking a no-op as success. Now errors.
+  await ef('write', 'rep0.txt', 'xyz');
+  const r = await ef('replace_in_file', 'rep0.txt', 'q', 'b', '');
+  assert.ok(r.error && /not found/i.test(r.error), `expected not-found error, got ${JSON.stringify(r)}`);
+  assert.strictEqual(read('rep0.txt'), 'xyz');
+});
+
+// ---------------------------------------------------------------------------
+// replace_in_file: LITERAL-by-default + uniqueness guard (Claude Code Edit model)
+// Literal is the DEFAULT for ALL searches — a block with ( ) { } . [ ] is matched
+// byte-for-byte, never as a regex (so "Nothing to repeat" can't happen on real
+// code). Regex is opt-in via regex:true and keeps the ReDoS guard. The match must
+// be UNIQUE: 0 → error, >1 → error unless replace_all. These tests are PAIRED:
+// the now-allowed literals and the still-blocked regex bombs share one mechanism.
+
+test('replace_in_file: a ~5,000-char literal block on a 40 KB file is allowed and replaces correctly (the reported bug)', async () => {
+  // A plain block, NO regex metacharacters — only words, spaces, newlines.
+  const block = Array.from({ length: 250 }, (_, i) => `line number ${i} of the copied block`).join('\n');
+  assert.ok(block.length >= 5000, `block is ${block.length} chars`);
+  const filler = ('x'.repeat(79) + '\n').repeat(500); // ~40 KB of surrounding file
+  await ef('write', 'big-literal.txt', filler + block + '\n' + filler);
+  const r = await ef('replace_in_file', 'big-literal.txt', block, 'REPLACED_BLOCK', '');
+  assert.strictEqual(r.status, 'ok', `expected ok, got ${JSON.stringify(r)}`);
+  assert.strictEqual(r.count, 1);
+  assert.ok(read('big-literal.txt').includes('REPLACED_BLOCK'));
+  assert.ok(!read('big-literal.txt').includes('line number 0 of the copied block'));
+});
+
+test('replace_in_file: a ~1,500-char literal block is allowed (default literal, no flag needed)', async () => {
+  const block = Array.from({ length: 60 }, (_, i) => `const value_${i} = compute(${i});`).join('\n');
+  // contains ( ) ; — matched verbatim by default (no regex, no literal flag needed)
+  assert.ok(block.length >= 1500, `block is ${block.length} chars`);
+  await ef('write', 'mid-literal.txt', 'header\n' + block + '\nfooter');
+  const r = await ef('replace_in_file', 'mid-literal.txt', block, 'X', '');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('mid-literal.txt'), 'header\nX\nfooter');
+});
+
+test('replace_in_file: dangerous regexes stay BLOCKED with regex:true (ReDoS protection intact)', async () => {
+  await ef('write', 'redos.txt', 'aaaaaaaaaaaaaaaaaaaa,');
+  for (const bomb of ['(a+)+$', '(.*,)*']) {
+    const r = await ef('replace_in_file', 'redos.txt', bomb, 'x', 'g', true);
+    assert.ok(r.error && /backtracking/i.test(r.error), `${bomb} must be rejected, got ${JSON.stringify(r)}`);
+  }
+});
+
+test('replace_in_file: a ~2,000-char metacharacter-heavy regex stays BLOCKED with regex:true', async () => {
+  // Heavy with active metacharacters → regex path → length cap rejects it.
+  const heavy = 'a.*b+c?'.repeat(300); // ~2,100 chars, full of . * + ?
+  assert.ok(heavy.length >= 2000, `heavy is ${heavy.length} chars`);
+  await ef('write', 'heavy.txt', 'abc');
+  const r = await ef('replace_in_file', 'heavy.txt', heavy, 'x', 'g', true);
+  assert.ok(r.error && /exceeds 1000 chars/i.test(r.error), `expected length rejection, got ${JSON.stringify(r)}`);
+});
+
+test('replace_in_file: a metacharacter-heavy string is matched LITERALLY by default (no length bound, no ReDoS check)', async () => {
+  // Same string that is length-rejected as a regex is matched VERBATIM by default
+  // — literal cannot backtrack, so its length is irrelevant. This is the trap the
+  // old auto-detect created: it routed this to the regex path and rejected it.
+  const heavy = 'a.*b+c?'.repeat(300);
+  await ef('write', 'litheavy.txt', 'head\n' + heavy + '\ntail');
+  const r = await ef('replace_in_file', 'litheavy.txt', heavy, 'Z', '');
+  assert.strictEqual(r.status, 'ok', `default-literal must match verbatim: ${JSON.stringify(r).slice(0, 160)}`);
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('litheavy.txt'), 'head\nZ\ntail');
+});
+
+test('replace_in_file: a literal block containing regex-special chars (parens) is matched literally, not as a group', async () => {
+  // foo(x) as a REGEX would match "foox" capturing x — never the literal text.
+  // By default (literal) it must match the verbatim "foo(x)".
+  await ef('write', 'parens.txt', 'before foo(x) after');
+  const r = await ef('replace_in_file', 'parens.txt', 'foo(x)', 'bar(y)', '');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('parens.txt'), 'before bar(y) after');
+});
+
+test('replace_in_file: default-literal with brackets/quantifier chars replaces a copied code line verbatim', async () => {
+  const line = 'arr[i] = items.map(x => x * 2);';
+  await ef('write', 'code.txt', 'a\n' + line + '\nb');
+  const r = await ef('replace_in_file', 'code.txt', line, 'arr[i] = items;', '');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('code.txt'), 'a\narr[i] = items;\nb');
+});
+
+test('replace_in_file: regex mode works (back-references) only when regex:true is set', async () => {
+  // Single group, so it does NOT trip the nested-quantifier guard. $1 honored.
+  await ef('write', 'rx.txt', 'key=value');
+  const r = await ef('replace_in_file', 'rx.txt', '(value)', '[$1]', '', true);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(read('rx.txt'), 'key=[value]');
+});
+
+// ---------------------------------------------------------------------------
+// replace_in_file: focused new tests for the literal-default + uniqueness guard
+// (Claude Code Edit model — change set for this task).
+
+test('replace_in_file (a): a literal block with ( ) { } . [ ] is matched VERBATIM (no "Nothing to repeat")', async () => {
+  const block = 'if (a[i].fn({x: 1}) && (b||c)) { return *p; }';
+  await ef('write', 'meta.js', 'top\n' + block + '\nbottom');
+  const r = await ef('replace_in_file', 'meta.js', block, 'noop();', '');
+  assert.ok(!r.error, `must not error on metacharacters: ${JSON.stringify(r)}`);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('meta.js'), 'top\nnoop();\nbottom');
+});
+
+test('replace_in_file (b): search not found → ERROR, file unchanged', async () => {
+  await ef('write', 'nf.txt', 'hello world');
+  const r = await ef('replace_in_file', 'nf.txt', 'goodbye', 'x', '');
+  assert.ok(r.error && /not found/i.test(r.error));
+  assert.strictEqual(read('nf.txt'), 'hello world');
+});
+
+test('replace_in_file (c): 2+ matches without replace_all → ERROR naming the count, file unchanged', async () => {
+  await ef('write', 'amb.txt', 'foo\nbar\nfoo\nbaz\nfoo');
+  const r = await ef('replace_in_file', 'amb.txt', 'foo', 'qux', '');
+  assert.ok(r.error && /found 3 matches/i.test(r.error), `got ${JSON.stringify(r)}`);
+  assert.ok(/line/i.test(r.error), 'error should surface match line numbers for disambiguation');
+  assert.strictEqual(read('amb.txt'), 'foo\nbar\nfoo\nbaz\nfoo');
+});
+
+test('replace_in_file (d): unique match → replaced, honest count 1', async () => {
+  await ef('write', 'uniq.txt', 'alpha\nbeta\ngamma');
+  const r = await ef('replace_in_file', 'uniq.txt', 'beta', 'BETA', '');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.strictEqual(read('uniq.txt'), 'alpha\nBETA\ngamma');
+});
+
+test('replace_in_file (e): replace_all:true with N matches → all replaced, honest count N', async () => {
+  await ef('write', 'all.txt', 'x x x x');
+  const r = await ef('replace_in_file', 'all.txt', 'x', 'y', '', false, true);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 4);
+  assert.strictEqual(read('all.txt'), 'y y y y');
+});
+
+test('replace_in_file (f): regex:true with a real regex works and the ReDoS guard is still active', async () => {
+  await ef('write', 'rxf.txt', 'id=42; id=7;');
+  const ok = await ef('replace_in_file', 'rxf.txt', 'id=\\d+', 'id=0', '', true, true);
+  assert.strictEqual(ok.status, 'ok');
+  assert.strictEqual(ok.count, 2);
+  assert.strictEqual(read('rxf.txt'), 'id=0; id=0;');
+  // ReDoS guard still fires in regex mode
+  await ef('write', 'rxbomb.txt', 'aaaaaaaaaa!');
+  const bomb = await ef('replace_in_file', 'rxbomb.txt', '(a+)+$', 'x', 'g', true);
+  assert.ok(bomb.error && /backtracking/i.test(bomb.error));
+});
+
+test('replace_in_file (g): the original multi-line corruption repro now errors instead of silently corrupting', async () => {
+  // The reported "newBullet duplication": a block that appears more than once
+  // used to silently replace only the first span (wrong-span corruption). Now the
+  // uniqueness guard refuses; adding context makes it unique and it replaces.
+  const dup = '  const newBullet = makeBullet();\n  list.push(newBullet);';
+  await ef('write', 'bullets.js', 'function a() {\n' + dup + '\n}\nfunction b() {\n' + dup + '\n}\n');
+  const ambiguous = await ef('replace_in_file', 'bullets.js', dup, '  // removed', '');
+  assert.ok(ambiguous.error && /found 2 matches/i.test(ambiguous.error), `should refuse, got ${JSON.stringify(ambiguous)}`);
+  assert.ok(read('bullets.js').split(dup).length - 1 === 2, 'file unchanged — both copies intact');
+  // Disambiguate with surrounding context → unique → replaces correctly.
+  const unique = await ef('replace_in_file', 'bullets.js', 'function b() {\n' + dup + '\n}', 'function b() {}', '');
+  assert.strictEqual(unique.status, 'ok');
+  assert.strictEqual(unique.count, 1);
+  assert.ok(read('bullets.js').includes('function a() {\n' + dup), 'function a copy preserved');
+});
+
+test('replace_in_file (h): post-replace verification warns when the search string still remains', async () => {
+  // Replacement CONTAINS the search string → after replacing, it still appears.
+  await ef('write', 'warn.txt', 'value');
+  const r = await ef('replace_in_file', 'warn.txt', 'value', '[value]', '');
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.count, 1);
+  assert.ok(r.warning && /still appears/i.test(r.warning), `expected warning, got ${JSON.stringify(r)}`);
+  assert.strictEqual(read('warn.txt'), '[value]');
+});
+
+test('search_in_file: a long literal pattern is no longer rejected for length', async () => {
+  const block = 'token '.repeat(400).trimEnd(); // 2,399 chars, no metacharacters
+  await ef('write', 'searchbig.txt', 'noise\n' + block + '\nnoise');
+  const r = await ef('search_in_file', 'searchbig.txt', block);
+  assert.ok(!r.error, `expected matches, got ${JSON.stringify(r).slice(0, 120)}`);
+  assert.deepStrictEqual(r.matches, [{ line: 2, content: block }]);
+});
+
+test('search_files finds files by glob', async () => {
+  await ef('write', 'find/x.ts', '1');
+  await ef('write', 'find/y.js', '2');
+  await ef('write', 'find/z.ts', '3');
+  const r = await ef('search_files', '*.ts', 'find');
+  assert.deepStrictEqual(r.files.sort(), ['x.ts', 'z.ts']);
+});
+
+test('file_stat returns size/type/mode/mtime', async () => {
+  await ef('write', 'st.txt', 'hello');
+  const r = await ef('file_stat', path.join(CWD, 'st.txt'));
+  assert.strictEqual(r.type, 'file');
+  assert.match(r.mode, /^0o\d+$/);
+  assert.ok(typeof r.size_kb === 'string');
+  assert.ok(!Number.isNaN(Date.parse(r.mtime)));
+});
+
+// ---------------------------------------------------------------------------
+// env / upload
+// ---------------------------------------------------------------------------
+
+test('set_env then get_env round-trips through process.env', async () => {
+  const set = await ef('set_env', 'SEMALT_TEST_VAR', 'hi');
+  assert.strictEqual(set.status, 'ok');
+  const got = await ef('get_env', 'SEMALT_TEST_VAR');
+  assert.strictEqual(got.value, 'hi');
+  delete process.env.SEMALT_TEST_VAR;
+});
+
+test('get_env returns null for an unset variable', async () => {
+  const r = await ef('get_env', 'DEFINITELY_NOT_SET_SEMALT_XYZ');
+  assert.strictEqual(r.value, null);
+});
+
+test('upload decodes base64 to a file and reports byte length', async () => {
+  const b64 = Buffer.from('binary-ish').toString('base64');
+  const r = await ef('upload', 'up.bin', b64);
+  assert.strictEqual(r.status, 'ok');
+  assert.strictEqual(r.bytes, 'binary-ish'.length);
+  assert.strictEqual(read('up.bin'), 'binary-ish');
+});
+
+// ---------------------------------------------------------------------------
+// memory store (isolated under the temp $HOME)
+// ---------------------------------------------------------------------------
+
+test('store_memory / recall_memory / list_memories round-trip', async () => {
+  const s = await ef('store_memory', 'lang', 'TypeScript');
+  assert.strictEqual(s.status, 'ok');
+  const rc = await ef('recall_memory', 'lang');
+  assert.deepStrictEqual(rc, { key: 'lang', value: 'TypeScript', found: true });
+  const miss = await ef('recall_memory', 'nope');
+  assert.deepStrictEqual(miss, { key: 'nope', value: null, found: false });
+  const list = await ef('list_memories');
+  assert.ok(list.keys.includes('lang'));
+});
+
+// ---------------------------------------------------------------------------
+// system_info / ask_user / unknown action
+// ---------------------------------------------------------------------------
+
+test('system_info returns host metadata', async () => {
+  const r = await ef('system_info');
+  assert.strictEqual(typeof r.platform, 'string');
+  assert.strictEqual(typeof r.node_version, 'string');
+  assert.strictEqual(r.cwd, process.cwd());
+});
+
+test('ask_user auto-answers "y" in non-TTY mode', async () => {
+  const r = await ef('ask_user', 'Proceed?');
+  assert.deepStrictEqual(r, { question: 'Proceed?', answer: 'y' });
+});
+
+test('unknown action returns an error', async () => {
+  const r = await ef('frobnicate', 'x');
+  assert.ok(r.error && /unknown action/i.test(r.error));
+});
+
+// ---------------------------------------------------------------------------
+// network executors against a localhost server (isolated, no external calls)
+// ---------------------------------------------------------------------------
+
+test('http_get fetches a body and status code from a local server', async () => {
+  const server = http.createServer((req, res) => { res.writeHead(200); res.end('pong'); });
+  await new Promise((r) => server.listen(0, '127.0.0.1', r));
+  const { port } = server.address();
+  try {
+    const r = await ef('http_get', `http://127.0.0.1:${port}/`);
+    assert.strictEqual(r.status_code, 200);
+    assert.strictEqual(r.body, 'pong');
+    assert.strictEqual(r.bytes, 4);
+  } finally {
+    await new Promise((r) => server.close(r));
+  }
+});
+
+test('download saves a URL to a file in cwd', async () => {
+  const server = http.createServer((req, res) => { res.writeHead(200); res.end('filedata'); });
+  await new Promise((r) => server.listen(0, '127.0.0.1', r));
+  const { port } = server.address();
+  try {
+    const r = await ef('download', `http://127.0.0.1:${port}/payload.txt`);
+    assert.strictEqual(r.status, 'ok');
+    assert.strictEqual(read('payload.txt'), 'filedata');
+  } finally {
+    await new Promise((r) => server.close(r));
+  }
+});
+
+// ---------------------------------------------------------------------------
+// describePermission — representative descriptors (moves alongside executors)
+// ---------------------------------------------------------------------------
+
+test('describePermission returns null for read-only ops, descriptors for gated ops', async () => {
+  assert.strictEqual(await exec.describePermission(['read', 'a.txt']), null);
+  assert.strictEqual(await exec.describePermission(['list_dir', '.']), null);
+  assert.deepStrictEqual(await exec.describePermission(['delete_file', 'x']), {
+    actionType: 'file', description: 'Delete x', tag: 'delete_file',
+  });
+  assert.deepStrictEqual(await exec.describePermission(['make_dir', 'd']), {
+    actionType: 'file', description: 'Create directory d', tag: 'make_dir',
+  });
+  const shellDesc = await exec.describePermission(['shell', 'ls']);
+  assert.deepStrictEqual(shellDesc, { actionType: 'shell', description: 'ls', tag: 'exec' });
+});
+
+test('describePermission for write includes a char count and write_file tag', async () => {
+  const d = await exec.describePermission(['write', 'w.txt', 'abc']);
+  assert.strictEqual(d.tag, 'write_file');
+  assert.strictEqual(d.actionType, 'file');
+  assert.match(d.description, /Write w\.txt \(3 chars\)/);
+});