@tinfoilsh/tinfoil-terminal 0.1.0

package/test/permission-task.test.ts

@@ -0,0 +1,319 @@
+import { describe, test, expect } from "bun:test"
+import { PermissionNext } from "../src/permission/next"
+import { Config } from "../src/config/config"
+import { Instance } from "../src/project/instance"
+import { tmpdir } from "./fixture/fixture"
+
+describe("PermissionNext.evaluate for permission.task", () => {
+  const createRuleset = (rules: Record<string, "allow" | "deny" | "ask">): PermissionNext.Ruleset =>
+    Object.entries(rules).map(([pattern, action]) => ({
+      permission: "task",
+      pattern,
+      action,
+    }))
+
+  test("returns ask when no match (default)", () => {
+    expect(PermissionNext.evaluate("task", "code-reviewer", []).action).toBe("ask")
+  })
+
+  test("returns deny for explicit deny", () => {
+    const ruleset = createRuleset({ "code-reviewer": "deny" })
+    expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+  })
+
+  test("returns allow for explicit allow", () => {
+    const ruleset = createRuleset({ "code-reviewer": "allow" })
+    expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("allow")
+  })
+
+  test("returns ask for explicit ask", () => {
+    const ruleset = createRuleset({ "code-reviewer": "ask" })
+    expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("ask")
+  })
+
+  test("matches wildcard patterns with deny", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "deny" })
+    expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("deny")
+    expect(PermissionNext.evaluate("task", "orchestrator-slow", ruleset).action).toBe("deny")
+    expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("ask")
+  })
+
+  test("matches wildcard patterns with allow", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "allow" })
+    expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+    expect(PermissionNext.evaluate("task", "orchestrator-slow", ruleset).action).toBe("allow")
+  })
+
+  test("matches wildcard patterns with ask", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "ask" })
+    expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("ask")
+    const globalRuleset = createRuleset({ "*": "ask" })
+    expect(PermissionNext.evaluate("task", "code-reviewer", globalRuleset).action).toBe("ask")
+  })
+
+  test("later rules take precedence (last match wins)", () => {
+    const ruleset = createRuleset({
+      "orchestrator-*": "deny",
+      "orchestrator-fast": "allow",
+    })
+    expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+    expect(PermissionNext.evaluate("task", "orchestrator-slow", ruleset).action).toBe("deny")
+  })
+
+  test("matches global wildcard", () => {
+    expect(PermissionNext.evaluate("task", "any-agent", createRuleset({ "*": "allow" })).action).toBe("allow")
+    expect(PermissionNext.evaluate("task", "any-agent", createRuleset({ "*": "deny" })).action).toBe("deny")
+    expect(PermissionNext.evaluate("task", "any-agent", createRuleset({ "*": "ask" })).action).toBe("ask")
+  })
+})
+
+describe("PermissionNext.disabled for task tool", () => {
+  // Note: The `disabled` function checks if a TOOL should be completely removed from the tool list.
+  // It only disables a tool when there's a rule with `pattern: "*"` and `action: "deny"`.
+  // It does NOT evaluate complex subagent patterns - those are handled at runtime by `evaluate`.
+  const createRuleset = (rules: Record<string, "allow" | "deny" | "ask">): PermissionNext.Ruleset =>
+    Object.entries(rules).map(([pattern, action]) => ({
+      permission: "task",
+      pattern,
+      action,
+    }))
+
+  test("task tool is disabled when global deny pattern exists (even with specific allows)", () => {
+    // When "*": "deny" exists, the task tool is disabled because the disabled() function
+    // only checks for wildcard deny patterns - it doesn't consider that specific subagents might be allowed
+    const ruleset = createRuleset({
+      "orchestrator-*": "allow",
+      "*": "deny",
+    })
+    const disabled = PermissionNext.disabled(["task", "bash", "read"], ruleset)
+    // The task tool IS disabled because there's a pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is disabled when global deny pattern exists (even with ask overrides)", () => {
+    const ruleset = createRuleset({
+      "orchestrator-*": "ask",
+      "*": "deny",
+    })
+    const disabled = PermissionNext.disabled(["task"], ruleset)
+    // The task tool IS disabled because there's a pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is disabled when global deny pattern exists", () => {
+    const ruleset = createRuleset({ "*": "deny" })
+    const disabled = PermissionNext.disabled(["task"], ruleset)
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is NOT disabled when only specific patterns are denied (no wildcard)", () => {
+    // The disabled() function only disables tools when pattern: "*" && action: "deny"
+    // Specific subagent denies don't disable the task tool - those are handled at runtime
+    const ruleset = createRuleset({
+      "orchestrator-*": "deny",
+      general: "deny",
+    })
+    const disabled = PermissionNext.disabled(["task"], ruleset)
+    // The task tool is NOT disabled because no rule has pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(false)
+  })
+
+  test("task tool is enabled when no task rules exist (default ask)", () => {
+    const disabled = PermissionNext.disabled(["task"], [])
+    expect(disabled.has("task")).toBe(false)
+  })
+
+  test("task tool is NOT disabled when last wildcard pattern is allow", () => {
+    // Last matching rule wins - if wildcard allow comes after wildcard deny, tool is enabled
+    const ruleset = createRuleset({
+      "*": "deny",
+      "orchestrator-coder": "allow",
+    })
+    const disabled = PermissionNext.disabled(["task"], ruleset)
+    // The disabled() function uses findLast and checks if the last matching rule
+    // has pattern: "*" and action: "deny". In this case, the last rule matching
+    // "task" permission has pattern "orchestrator-coder", not "*", so not disabled
+    expect(disabled.has("task")).toBe(false)
+  })
+})
+
+// Integration tests that load permissions from real config files
+describe("permission.task with real config files", () => {
+  test("loads task permissions from opencode.json config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "allow",
+            "code-reviewer": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+        // general and orchestrator-fast should be allowed, code-reviewer denied
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+      },
+    })
+  })
+
+  test("loads task permissions with wildcard patterns from config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "ask",
+            "orchestrator-*": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+        // general and code-reviewer should be ask, orchestrator-* denied
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("ask")
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("ask")
+        expect(PermissionNext.evaluate("task", "orchestrator-fast", ruleset).action).toBe("deny")
+      },
+    })
+  })
+
+  test("evaluate respects task permission from config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            general: "allow",
+            "code-reviewer": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+        // Unspecified agents default to "ask"
+        expect(PermissionNext.evaluate("task", "unknown-agent", ruleset).action).toBe("ask")
+      },
+    })
+  })
+
+  test("mixed permission config with task and other tools", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          bash: "allow",
+          edit: "ask",
+          task: {
+            "*": "deny",
+            general: "allow",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+
+        // Verify task permissions
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+
+        // Verify other tool permissions
+        expect(PermissionNext.evaluate("bash", "*", ruleset).action).toBe("allow")
+        expect(PermissionNext.evaluate("edit", "*", ruleset).action).toBe("ask")
+
+        // Verify disabled tools
+        const disabled = PermissionNext.disabled(["bash", "edit", "task"], ruleset)
+        expect(disabled.has("bash")).toBe(false)
+        expect(disabled.has("edit")).toBe(false)
+        // task is NOT disabled because disabled() uses findLast, and the last rule
+        // matching "task" permission is {pattern: "general", action: "allow"}, not pattern: "*"
+        expect(disabled.has("task")).toBe(false)
+      },
+    })
+  })
+
+  test("task tool disabled when global deny comes last in config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            general: "allow",
+            "code-reviewer": "allow",
+            "*": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+
+        // Last matching rule wins - "*" deny is last, so all agents are denied
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("deny")
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+        expect(PermissionNext.evaluate("task", "unknown", ruleset).action).toBe("deny")
+
+        // Since "*": "deny" is the last rule, disabled() finds it with findLast
+        // and sees pattern: "*" with action: "deny", so task is disabled
+        const disabled = PermissionNext.disabled(["task"], ruleset)
+        expect(disabled.has("task")).toBe(true)
+      },
+    })
+  })
+
+  test("task tool NOT disabled when specific allow comes last in config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "deny",
+            general: "allow",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await Config.get()
+        const ruleset = PermissionNext.fromConfig(config.permission ?? {})
+
+        // Evaluate uses findLast - "general" allow comes after "*" deny
+        expect(PermissionNext.evaluate("task", "general", ruleset).action).toBe("allow")
+        // Other agents still denied by the earlier "*" deny
+        expect(PermissionNext.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+
+        // disabled() uses findLast and checks if the last rule has pattern: "*" with action: "deny"
+        // In this case, the last rule is {pattern: "general", action: "allow"}, not pattern: "*"
+        // So the task tool is NOT disabled (even though most subagents are denied)
+        const disabled = PermissionNext.disabled(["task"], ruleset)
+        expect(disabled.has("task")).toBe(false)
+      },
+    })
+  })
+})

package/test/plugin/codex.test.ts

@@ -0,0 +1,123 @@
+import { describe, expect, test } from "bun:test"
+import {
+  parseJwtClaims,
+  extractAccountIdFromClaims,
+  extractAccountId,
+  type IdTokenClaims,
+} from "../../src/plugin/codex"
+
+function createTestJwt(payload: object): string {
+  const header = Buffer.from(JSON.stringify({ alg: "none" })).toString("base64url")
+  const body = Buffer.from(JSON.stringify(payload)).toString("base64url")
+  return `${header}.${body}.sig`
+}
+
+describe("plugin.codex", () => {
+  describe("parseJwtClaims", () => {
+    test("parses valid JWT with claims", () => {
+      const payload = { email: "test@example.com", chatgpt_account_id: "acc-123" }
+      const jwt = createTestJwt(payload)
+      const claims = parseJwtClaims(jwt)
+      expect(claims).toEqual(payload)
+    })
+
+    test("returns undefined for JWT with less than 3 parts", () => {
+      expect(parseJwtClaims("invalid")).toBeUndefined()
+      expect(parseJwtClaims("only.two")).toBeUndefined()
+    })
+
+    test("returns undefined for invalid base64", () => {
+      expect(parseJwtClaims("a.!!!invalid!!!.b")).toBeUndefined()
+    })
+
+    test("returns undefined for invalid JSON payload", () => {
+      const header = Buffer.from("{}").toString("base64url")
+      const invalidJson = Buffer.from("not json").toString("base64url")
+      expect(parseJwtClaims(`${header}.${invalidJson}.sig`)).toBeUndefined()
+    })
+  })
+
+  describe("extractAccountIdFromClaims", () => {
+    test("extracts chatgpt_account_id from root", () => {
+      const claims: IdTokenClaims = { chatgpt_account_id: "acc-root" }
+      expect(extractAccountIdFromClaims(claims)).toBe("acc-root")
+    })
+
+    test("extracts chatgpt_account_id from nested https://api.openai.com/auth", () => {
+      const claims: IdTokenClaims = {
+        "https://api.openai.com/auth": { chatgpt_account_id: "acc-nested" },
+      }
+      expect(extractAccountIdFromClaims(claims)).toBe("acc-nested")
+    })
+
+    test("prefers root over nested", () => {
+      const claims: IdTokenClaims = {
+        chatgpt_account_id: "acc-root",
+        "https://api.openai.com/auth": { chatgpt_account_id: "acc-nested" },
+      }
+      expect(extractAccountIdFromClaims(claims)).toBe("acc-root")
+    })
+
+    test("extracts from organizations array as fallback", () => {
+      const claims: IdTokenClaims = {
+        organizations: [{ id: "org-123" }, { id: "org-456" }],
+      }
+      expect(extractAccountIdFromClaims(claims)).toBe("org-123")
+    })
+
+    test("returns undefined when no accountId found", () => {
+      const claims: IdTokenClaims = { email: "test@example.com" }
+      expect(extractAccountIdFromClaims(claims)).toBeUndefined()
+    })
+  })
+
+  describe("extractAccountId", () => {
+    test("extracts from id_token first", () => {
+      const idToken = createTestJwt({ chatgpt_account_id: "from-id-token" })
+      const accessToken = createTestJwt({ chatgpt_account_id: "from-access-token" })
+      expect(
+        extractAccountId({
+          id_token: idToken,
+          access_token: accessToken,
+          refresh_token: "rt",
+        }),
+      ).toBe("from-id-token")
+    })
+
+    test("falls back to access_token when id_token has no accountId", () => {
+      const idToken = createTestJwt({ email: "test@example.com" })
+      const accessToken = createTestJwt({
+        "https://api.openai.com/auth": { chatgpt_account_id: "from-access" },
+      })
+      expect(
+        extractAccountId({
+          id_token: idToken,
+          access_token: accessToken,
+          refresh_token: "rt",
+        }),
+      ).toBe("from-access")
+    })
+
+    test("returns undefined when no tokens have accountId", () => {
+      const token = createTestJwt({ email: "test@example.com" })
+      expect(
+        extractAccountId({
+          id_token: token,
+          access_token: token,
+          refresh_token: "rt",
+        }),
+      ).toBeUndefined()
+    })
+
+    test("handles missing id_token", () => {
+      const accessToken = createTestJwt({ chatgpt_account_id: "acc-123" })
+      expect(
+        extractAccountId({
+          id_token: "",
+          access_token: accessToken,
+          refresh_token: "rt",
+        }),
+      ).toBe("acc-123")
+    })
+  })
+})

package/test/preload.ts

@@ -0,0 +1,65 @@
+// IMPORTANT: Set env vars BEFORE any imports from src/ directory
+// xdg-basedir reads env vars at import time, so we must set these first
+import os from "os"
+import path from "path"
+import fs from "fs/promises"
+import fsSync from "fs"
+import { afterAll } from "bun:test"
+
+const dir = path.join(os.tmpdir(), "opencode-test-data-" + process.pid)
+await fs.mkdir(dir, { recursive: true })
+afterAll(() => {
+  fsSync.rmSync(dir, { recursive: true, force: true })
+})
+// Set test home directory to isolate tests from user's actual home directory
+// This prevents tests from picking up real user configs/skills from ~/.claude/skills
+const testHome = path.join(dir, "home")
+await fs.mkdir(testHome, { recursive: true })
+process.env["OPENCODE_TEST_HOME"] = testHome
+
+process.env["XDG_DATA_HOME"] = path.join(dir, "share")
+process.env["XDG_CACHE_HOME"] = path.join(dir, "cache")
+process.env["XDG_CONFIG_HOME"] = path.join(dir, "config")
+process.env["XDG_STATE_HOME"] = path.join(dir, "state")
+
+// Pre-fetch models.json so tests don't need the macro fallback
+// Also write the cache version file to prevent global/index.ts from clearing the cache
+const cacheDir = path.join(dir, "cache", "opencode")
+await fs.mkdir(cacheDir, { recursive: true })
+await fs.writeFile(path.join(cacheDir, "version"), "14")
+const response = await fetch("https://models.dev/api.json")
+if (response.ok) {
+  await fs.writeFile(path.join(cacheDir, "models.json"), await response.text())
+}
+// Disable models.dev refresh to avoid race conditions during tests
+process.env["OPENCODE_DISABLE_MODELS_FETCH"] = "true"
+
+// Clear provider env vars to ensure clean test state
+delete process.env["ANTHROPIC_API_KEY"]
+delete process.env["OPENAI_API_KEY"]
+delete process.env["GOOGLE_API_KEY"]
+delete process.env["GOOGLE_GENERATIVE_AI_API_KEY"]
+delete process.env["AZURE_OPENAI_API_KEY"]
+delete process.env["AWS_ACCESS_KEY_ID"]
+delete process.env["AWS_PROFILE"]
+delete process.env["AWS_REGION"]
+delete process.env["AWS_BEARER_TOKEN_BEDROCK"]
+delete process.env["OPENROUTER_API_KEY"]
+delete process.env["GROQ_API_KEY"]
+delete process.env["MISTRAL_API_KEY"]
+delete process.env["PERPLEXITY_API_KEY"]
+delete process.env["TOGETHER_API_KEY"]
+delete process.env["XAI_API_KEY"]
+delete process.env["DEEPSEEK_API_KEY"]
+delete process.env["FIREWORKS_API_KEY"]
+delete process.env["CEREBRAS_API_KEY"]
+delete process.env["SAMBANOVA_API_KEY"]
+
+// Now safe to import from src/
+const { Log } = await import("../src/util/log")
+
+Log.init({
+  print: false,
+  dev: true,
+  level: "DEBUG",
+})

package/test/project/project.test.ts

@@ -0,0 +1,120 @@
+import { describe, expect, test } from "bun:test"
+import { Project } from "../../src/project/project"
+import { Log } from "../../src/util/log"
+import { Storage } from "../../src/storage/storage"
+import { $ } from "bun"
+import path from "path"
+import { tmpdir } from "../fixture/fixture"
+
+Log.init({ print: false })
+
+describe("Project.fromDirectory", () => {
+  test("should handle git repository with no commits", async () => {
+    await using tmp = await tmpdir()
+    await $`git init`.cwd(tmp.path).quiet()
+
+    const { project } = await Project.fromDirectory(tmp.path)
+
+    expect(project).toBeDefined()
+    expect(project.id).toBe("global")
+    expect(project.vcs).toBe("git")
+    expect(project.worktree).toBe(tmp.path)
+
+    const opencodeFile = path.join(tmp.path, ".git", "opencode")
+    const fileExists = await Bun.file(opencodeFile).exists()
+    expect(fileExists).toBe(false)
+  })
+
+  test("should handle git repository with commits", async () => {
+    await using tmp = await tmpdir({ git: true })
+
+    const { project } = await Project.fromDirectory(tmp.path)
+
+    expect(project).toBeDefined()
+    expect(project.id).not.toBe("global")
+    expect(project.vcs).toBe("git")
+    expect(project.worktree).toBe(tmp.path)
+
+    const opencodeFile = path.join(tmp.path, ".git", "opencode")
+    const fileExists = await Bun.file(opencodeFile).exists()
+    expect(fileExists).toBe(true)
+  })
+})
+
+describe("Project.fromDirectory with worktrees", () => {
+  test("should set worktree to root when called from root", async () => {
+    await using tmp = await tmpdir({ git: true })
+
+    const { project, sandbox } = await Project.fromDirectory(tmp.path)
+
+    expect(project.worktree).toBe(tmp.path)
+    expect(sandbox).toBe(tmp.path)
+    expect(project.sandboxes).not.toContain(tmp.path)
+  })
+
+  test("should set worktree to root when called from a worktree", async () => {
+    await using tmp = await tmpdir({ git: true })
+
+    const worktreePath = path.join(tmp.path, "..", "worktree-test")
+    await $`git worktree add ${worktreePath} -b test-branch`.cwd(tmp.path).quiet()
+
+    const { project, sandbox } = await Project.fromDirectory(worktreePath)
+
+    expect(project.worktree).toBe(tmp.path)
+    expect(sandbox).toBe(worktreePath)
+    expect(project.sandboxes).toContain(worktreePath)
+    expect(project.sandboxes).not.toContain(tmp.path)
+
+    await $`git worktree remove ${worktreePath}`.cwd(tmp.path).quiet()
+  })
+
+  test("should accumulate multiple worktrees in sandboxes", async () => {
+    await using tmp = await tmpdir({ git: true })
+
+    const worktree1 = path.join(tmp.path, "..", "worktree-1")
+    const worktree2 = path.join(tmp.path, "..", "worktree-2")
+    await $`git worktree add ${worktree1} -b branch-1`.cwd(tmp.path).quiet()
+    await $`git worktree add ${worktree2} -b branch-2`.cwd(tmp.path).quiet()
+
+    await Project.fromDirectory(worktree1)
+    const { project } = await Project.fromDirectory(worktree2)
+
+    expect(project.worktree).toBe(tmp.path)
+    expect(project.sandboxes).toContain(worktree1)
+    expect(project.sandboxes).toContain(worktree2)
+    expect(project.sandboxes).not.toContain(tmp.path)
+
+    await $`git worktree remove ${worktree1}`.cwd(tmp.path).quiet()
+    await $`git worktree remove ${worktree2}`.cwd(tmp.path).quiet()
+  })
+})
+
+describe("Project.discover", () => {
+  test("should discover favicon.png in root", async () => {
+    await using tmp = await tmpdir({ git: true })
+    const { project } = await Project.fromDirectory(tmp.path)
+
+    const pngData = Buffer.from([0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a])
+    await Bun.write(path.join(tmp.path, "favicon.png"), pngData)
+
+    await Project.discover(project)
+
+    const updated = await Storage.read<Project.Info>(["project", project.id])
+    expect(updated.icon).toBeDefined()
+    expect(updated.icon?.url).toStartWith("data:")
+    expect(updated.icon?.url).toContain("base64")
+    expect(updated.icon?.color).toBeUndefined()
+  })
+
+  test("should not discover non-image files", async () => {
+    await using tmp = await tmpdir({ git: true })
+    const { project } = await Project.fromDirectory(tmp.path)
+
+    await Bun.write(path.join(tmp.path, "favicon.txt"), "not an image")
+
+    await Project.discover(project)
+
+    const updated = await Storage.read<Project.Info>(["project", project.id])
+    expect(updated.icon).toBeUndefined()
+  })
+})