npm - flowent - Versions diffs - 0.2.0 → 0.2.1 - Mend

flowent 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

package/backend/tests/test_patch.py DELETED Viewed

@@ -1,112 +0,0 @@
-import pytest
-from flowent.patch import PatchError, affected_paths, apply_patch
-def test_apply_patch_applies_context_hunk_with_interleaved_changes(tmp_path) -> None:
-    target = tmp_path / "notes.txt"
-    target.write_text("start\nalpha\nmiddle\nbeta\nend\n")
-    patch = """*** Begin Patch
-*** Update File: notes.txt
-@@
- start
--alpha
-+one
- middle
--beta
-+two
- end
-*** End Patch
-"""
-    result = apply_patch(patch, tmp_path)
-    assert result == {"files": [{"path": str(target), "status": "modified"}]}
-    assert target.read_text() == "start\none\nmiddle\ntwo\nend\n"
-def test_apply_patch_reports_context_mismatch(tmp_path) -> None:
-    target = tmp_path / "notes.txt"
-    target.write_text("start\nalpha\nend\n")
-    patch = """*** Begin Patch
-*** Update File: notes.txt
-@@
- missing
--alpha
-+beta
- end
-*** End Patch
-"""
-    with pytest.raises(PatchError, match=r"Patch context was not found\."):
-        apply_patch(patch, tmp_path)
-    assert target.read_text() == "start\nalpha\nend\n"
-def test_apply_patch_applies_multiple_hunks_in_order(tmp_path) -> None:
-    target = tmp_path / "notes.txt"
-    target.write_text("first\nsame\nend first\nsecond\nsame\nend second\n")
-    patch = """*** Begin Patch
-*** Update File: notes.txt
-@@
- first
--same
-+one
- end first
-@@
- second
--same
-+two
- end second
-*** End Patch
-"""
-    apply_patch(patch, tmp_path)
-    assert target.read_text() == "first\none\nend first\nsecond\ntwo\nend second\n"
-def test_apply_patch_keeps_simple_contiguous_replacement(tmp_path) -> None:
-    target = tmp_path / "notes.txt"
-    target.write_text("alpha\nbeta\n")
-    patch = """*** Begin Patch
-*** Update File: notes.txt
-@@
--alpha
--beta
-+ready
-*** End Patch
-"""
-    apply_patch(patch, tmp_path)
-    assert target.read_text() == "ready\n"
-def test_affected_paths_reads_structured_patch_write_targets(tmp_path) -> None:
-    patch = """*** Begin Patch
-*** Update File: notes.txt
-@@
--alpha
-+beta
-*** Add File: created.txt
-+hello
-*** Delete File: old.txt
-*** Update File: before.txt
-*** Move to: after.txt
-@@
--before
-+after
-*** End Patch
-"""
-    paths = affected_paths(patch, tmp_path)
-    assert paths == [
-        (tmp_path / "notes.txt").resolve(strict=False),
-        (tmp_path / "created.txt").resolve(strict=False),
-        (tmp_path / "old.txt").resolve(strict=False),
-        (tmp_path / "before.txt").resolve(strict=False),
-        (tmp_path / "after.txt").resolve(strict=False),
-    ]

package/backend/tests/test_permissions.py DELETED Viewed

@@ -1,588 +0,0 @@
-from pathlib import Path
-import pytest
-from fastapi.testclient import TestClient
-from flowent.approval import ApprovalReviewDecision, ApprovalReviewRequest
-from flowent.main import create_app
-from flowent.permissions import run_tool_with_path_permissions
-from flowent.sandbox import CommandResult, SandboxRunner
-from flowent.storage import StateStore
-from flowent.tools import ToolContext
-def test_app_state_persists_writable_paths_across_app_instances(
-    tmp_path, monkeypatch
-) -> None:
-    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
-    monkeypatch.chdir(tmp_path)
-    client = TestClient(create_app(serve_frontend=False))
-    response = client.post(
-        "/api/permissions/writable-paths",
-        json={"path": "cache"},
-    )
-    assert response.status_code == 200
-    restarted_client = TestClient(create_app(serve_frontend=False))
-    state_response = restarted_client.get("/api/state")
-    assert state_response.status_code == 200
-    assert state_response.json()["writable_paths"][0]["path"] == str(tmp_path / "cache")
-    assert isinstance(state_response.json()["writable_paths"][0]["created_at"], int)
-def test_delete_writable_path_removes_permission(tmp_path, monkeypatch) -> None:
-    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
-    monkeypatch.chdir(tmp_path)
-    client = TestClient(create_app(serve_frontend=False))
-    client.post("/api/permissions/writable-paths", json={"path": "cache"})
-    response = client.request(
-        "DELETE",
-        "/api/permissions/writable-paths",
-        json={"path": str(tmp_path / "cache")},
-    )
-    assert response.status_code == 200
-    assert response.json() == {"writable_paths": []}
-def test_writable_paths_are_saved_as_normalized_absolute_paths(
-    tmp_path, monkeypatch
-) -> None:
-    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
-    monkeypatch.chdir(tmp_path)
-    store = StateStore()
-    store.save_writable_path(Path("cache") / ".." / "cache")
-    store.save_writable_path(tmp_path / "cache")
-    writable_paths = store.read_writable_paths()
-    assert [path.path for path in writable_paths] == [str(tmp_path / "cache")]
-@pytest.mark.anyio
-async def test_approved_declared_write_path_runs_command_with_extra_permission(
-    tmp_path, monkeypatch
-) -> None:
-    cache_dir = tmp_path / "cache"
-    calls: list[list[Path]] = []
-    reviews: list[ApprovalReviewRequest] = []
-    async def fake_run_async(self, command, **kwargs):
-        calls.append(self.writable_roots)
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        reviews.append(request)
-        return ApprovalReviewDecision(
-            decision="approved", reason="Needed for cache writes."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
-            "command": f"echo created > {cache_dir / 'file.txt'}",
-            "sandbox_permissions": "with_additional_permissions",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert result.ok
-    assert result.content == "created"
-    assert len(calls) == 1
-    assert cache_dir in calls[0]
-    assert reviews[0].tool_name == "shell_command"
-    assert reviews[0].action == "additional_permissions"
-    assert reviews[0].write_paths == [cache_dir]
-    assert result.data["approval"] == {
-        "action": "additional_permissions",
-        "decision": "approved",
-        "reason": "Needed for cache writes.",
-        "tool_name": "shell_command",
-        "tool_result": "",
-        "write_paths": [str(cache_dir)],
-    }
-@pytest.mark.anyio
-async def test_approved_declared_write_path_does_not_persist_runtime_permission(
-    tmp_path, monkeypatch
-) -> None:
-    monkeypatch.setenv("FLOWENT_DATA_DIR", str(tmp_path / "data"))
-    store = StateStore()
-    cache_dir = tmp_path / "cache"
-    async def fake_run_async(self, command, **kwargs):
-        assert cache_dir in self.writable_roots
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        return ApprovalReviewDecision(
-            decision="approved", reason="Needed for cache writes."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
-            "command": f"mkdir -p {cache_dir}",
-            "sandbox_permissions": "with_additional_permissions",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert result.ok
-    assert store.read_writable_paths() == []
-@pytest.mark.anyio
-async def test_denied_declared_write_path_returns_failed_result_before_running_command(
-    tmp_path, monkeypatch
-) -> None:
-    cache_dir = tmp_path / "cache"
-    calls = 0
-    async def fake_run_async(self, command, **kwargs):
-        nonlocal calls
-        calls += 1
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def deny(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        return ApprovalReviewDecision(
-            decision="denied", reason="Outside the task scope."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
-            "command": f"echo created > {cache_dir / 'file.txt'}",
-            "sandbox_permissions": "with_additional_permissions",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=deny,
-        writable_paths=[],
-    )
-    assert not result.ok
-    assert "Automatic approval review denied this action" in result.content
-    assert "Outside the task scope." in result.content
-    assert "must not work around" in result.content
-    assert result.data["approval"]["decision"] == "denied"
-    assert result.data["approval"]["reason"] == "Outside the task scope."
-    assert calls == 0
-@pytest.mark.anyio
-async def test_existing_writable_path_covers_declared_review(
-    tmp_path, monkeypatch
-) -> None:
-    cache_dir = tmp_path / "cache"
-    requests = 0
-    async def fake_run_async(self, command, **kwargs):
-        assert cache_dir in self.writable_roots
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        nonlocal requests
-        requests += 1
-        return ApprovalReviewDecision(decision="approved", reason="Already allowed.")
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
-            "command": f"echo created > {cache_dir / 'file.txt'}",
-            "sandbox_permissions": "with_additional_permissions",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[cache_dir],
-    )
-    assert result.ok
-    assert requests == 0
-@pytest.mark.anyio
-async def test_multiple_declared_write_paths_request_each_missing_path(
-    tmp_path, monkeypatch
-) -> None:
-    first = tmp_path / "cache"
-    second = tmp_path / "downloads"
-    reviews: list[ApprovalReviewRequest] = []
-    async def fake_run_async(self, command, **kwargs):
-        assert first in self.writable_roots
-        assert second in self.writable_roots
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        reviews.append(request)
-        return ApprovalReviewDecision(
-            decision="approved", reason="Needed for generated files."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {
-                "file_system": {"write": [str(first), str(second)]}
-            },
-            "command": "touch done",
-            "sandbox_permissions": "with_additional_permissions",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert result.ok
-    assert len(reviews) == 1
-    assert reviews[0].write_paths == [first, second]
-@pytest.mark.anyio
-async def test_sandbox_denied_shell_command_is_reviewed_and_retried_without_sandbox(
-    tmp_path, monkeypatch
-) -> None:
-    calls: list[str] = []
-    reviews: list[ApprovalReviewRequest] = []
-    async def fake_run_async(self, command, **kwargs):
-        calls.append("sandbox")
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=1,
-            stderr="failed to write file: Read-only file system\n",
-            stdout="",
-        )
-    async def fake_run_unsandboxed_async(self, command, **kwargs):
-        calls.append("unsandboxed")
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        reviews.append(request)
-        return ApprovalReviewDecision(
-            decision="approved", reason="Retry is consistent with the task."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    monkeypatch.setattr(
-        SandboxRunner,
-        "run_unsandboxed_async",
-        fake_run_unsandboxed_async,
-        raising=False,
-    )
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {"command": "touch output.txt"},
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert result.ok
-    assert result.content == "created"
-    assert calls == ["sandbox", "unsandboxed"]
-    assert reviews[0].action == "sandbox_failure"
-    assert "Read-only file system" in reviews[0].tool_result
-    assert result.data["approval"]["action"] == "sandbox_failure"
-    assert result.data["approval"]["decision"] == "approved"
-@pytest.mark.anyio
-async def test_sandbox_denied_shell_command_is_not_retried_when_reviewer_denies(
-    tmp_path, monkeypatch
-) -> None:
-    calls: list[str] = []
-    async def fake_run_async(self, command, **kwargs):
-        calls.append("sandbox")
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=1,
-            stderr="failed to write file: Read-only file system\n",
-            stdout="",
-        )
-    async def fake_run_unsandboxed_async(self, command, **kwargs):
-        calls.append("unsandboxed")
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def deny(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        return ApprovalReviewDecision(decision="denied", reason="Too broad.")
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    monkeypatch.setattr(
-        SandboxRunner,
-        "run_unsandboxed_async",
-        fake_run_unsandboxed_async,
-        raising=False,
-    )
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {"command": "touch output.txt"},
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=deny,
-        writable_paths=[],
-    )
-    assert not result.ok
-    assert calls == ["sandbox"]
-    assert "Too broad." in result.content
-    assert result.data["approval"]["decision"] == "denied"
-@pytest.mark.anyio
-async def test_command_text_is_not_used_to_guess_write_paths(
-    tmp_path, monkeypatch
-) -> None:
-    outside = tmp_path / "outside"
-    reviews: list[ApprovalReviewRequest] = []
-    async def fake_run_async(self, command, **kwargs):
-        assert outside not in self.writable_roots
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=1,
-            stderr=f"rm: cannot remove '{outside / 'file.txt'}': Read-only file system\n",
-            stdout="",
-        )
-    async def deny(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        reviews.append(request)
-        return ApprovalReviewDecision(
-            decision="denied", reason="No extra write paths were declared."
-        )
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {"command": f"rm -f {outside / 'file.txt'}"},
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=deny,
-        writable_paths=[],
-    )
-    assert not result.ok
-    assert reviews[0].action == "sandbox_failure"
-    assert reviews[0].write_paths == []
-@pytest.mark.anyio
-async def test_additional_permissions_require_matching_sandbox_permissions(
-    tmp_path, monkeypatch
-) -> None:
-    cache_dir = tmp_path / "cache"
-    calls = 0
-    reviews = 0
-    async def fake_run_async(self, command, **kwargs):
-        nonlocal calls
-        calls += 1
-        return CommandResult(
-            command=" ".join(command),
-            exit_code=0,
-            stderr="",
-            stdout="created",
-        )
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        nonlocal reviews
-        reviews += 1
-        return ApprovalReviewDecision(decision="approved", reason="Allowed.")
-    monkeypatch.setattr(SandboxRunner, "run_async", fake_run_async)
-    result = await run_tool_with_path_permissions(
-        "shell_command",
-        {
-            "additional_permissions": {"file_system": {"write": [str(cache_dir)]}},
-            "command": f"touch {cache_dir / 'file.txt'}",
-        },
-        ToolContext(cwd=tmp_path / "work"),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert not result.ok
-    assert "with_additional_permissions" in result.content
-    assert calls == 0
-    assert reviews == 0
-@pytest.mark.anyio
-async def test_apply_patch_uses_reviewer_before_writing_outside_workdir_file(
-    tmp_path, monkeypatch
-) -> None:
-    work_dir = tmp_path / "work"
-    work_dir.mkdir()
-    outside_dir = tmp_path / "outside"
-    outside_dir.mkdir()
-    target = outside_dir / "notes.txt"
-    target.write_text("alpha\n")
-    reviews: list[ApprovalReviewRequest] = []
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        reviews.append(request)
-        return ApprovalReviewDecision(
-            decision="approved", reason="The edit matches the request."
-        )
-    patch = f"""*** Begin Patch
-*** Update File: {target}
-@@
--alpha
-+beta
-*** End Patch
-"""
-    result = await run_tool_with_path_permissions(
-        "apply_patch",
-        {"patch": patch},
-        ToolContext(cwd=work_dir),
-        review_approval=approve,
-        writable_paths=[],
-    )
-    assert result.ok
-    assert reviews[0].tool_name == "apply_patch"
-    assert reviews[0].action == "edit"
-    assert reviews[0].write_paths == [outside_dir]
-    assert result.data["approval"]["action"] == "edit"
-    assert result.data["approval"]["decision"] == "approved"
-    assert target.read_text() == "beta\n"
-@pytest.mark.anyio
-async def test_apply_patch_uses_existing_writable_path_without_request(
-    tmp_path, monkeypatch
-) -> None:
-    work_dir = tmp_path / "work"
-    work_dir.mkdir()
-    outside_dir = tmp_path / "outside"
-    outside_dir.mkdir()
-    target = outside_dir / "notes.txt"
-    target.write_text("alpha\n")
-    requests = 0
-    async def approve(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        nonlocal requests
-        requests += 1
-        return ApprovalReviewDecision(decision="approved", reason="Already allowed.")
-    patch = f"""*** Begin Patch
-*** Update File: {target}
-@@
--alpha
-+beta
-*** End Patch
-"""
-    result = await run_tool_with_path_permissions(
-        "apply_patch",
-        {"patch": patch},
-        ToolContext(cwd=work_dir),
-        review_approval=approve,
-        writable_paths=[outside_dir],
-    )
-    assert result.ok
-    assert requests == 0
-    assert target.read_text() == "beta\n"
-@pytest.mark.anyio
-async def test_denied_apply_patch_does_not_modify_file(tmp_path) -> None:
-    work_dir = tmp_path / "work"
-    work_dir.mkdir()
-    outside_dir = tmp_path / "outside"
-    outside_dir.mkdir()
-    target = outside_dir / "notes.txt"
-    target.write_text("alpha\n")
-    async def deny(request: ApprovalReviewRequest) -> ApprovalReviewDecision:
-        return ApprovalReviewDecision(
-            decision="denied", reason="The target is outside the allowed scope."
-        )
-    patch = f"""*** Begin Patch
-*** Update File: {target}
-@@
--alpha
-+beta
-*** End Patch
-"""
-    result = await run_tool_with_path_permissions(
-        "apply_patch",
-        {"patch": patch},
-        ToolContext(cwd=work_dir),
-        review_approval=deny,
-        writable_paths=[],
-    )
-    assert not result.ok
-    assert "outside the allowed scope" in result.content
-    assert result.data["approval"]["action"] == "edit"
-    assert result.data["approval"]["decision"] == "denied"
-    assert target.read_text() == "alpha\n"