saeeol 1.2.5 → 1.2.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +17 -12
- package/src/ltm/config.ts +15 -15
- package/src/ltm/events.ts +1 -1
- package/src/ltm/index.ts +1 -1
- package/src/ltm/pipeline.ts +22 -22
- package/src/ltm/scheduler.ts +20 -20
- package/src/ltm/store.ts +9 -7
- package/src/ltm/types.ts +16 -16
- package/src/provider/local/embedder.ts +21 -21
- package/src/provider/models-snapshot.d.ts +2 -0
- package/src/provider/models-snapshot.js +3 -0
- package/src/session/core/session.ts +1 -39
- package/src/session/message/message-errors.ts +1 -1
- package/src/session/message/message-parts.ts +1 -1
- package/src/session/message/message-transform.ts +1 -1
- package/src/session/message/message-types.ts +1 -1
- package/src/tool/core/tool.ts +1 -1
- package/AGENTS.md +0 -72
- package/BUN_SHELL_MIGRATION_PLAN.md +0 -136
- package/Dockerfile +0 -18
- package/assets/saeeol.ico +0 -0
- package/bunfig.toml +0 -7
- package/database.db +0 -0
- package/drizzle.config.ts +0 -10
- package/git +0 -0
- package/migration/20260127222353_familiar_lady_ursula/migration.sql +0 -90
- package/migration/20260127222353_familiar_lady_ursula/snapshot.json +0 -796
- package/migration/20260211171708_add_project_commands/migration.sql +0 -1
- package/migration/20260211171708_add_project_commands/snapshot.json +0 -806
- package/migration/20260213144116_wakeful_the_professor/migration.sql +0 -11
- package/migration/20260213144116_wakeful_the_professor/snapshot.json +0 -897
- package/migration/20260225215848_workspace/migration.sql +0 -7
- package/migration/20260225215848_workspace/snapshot.json +0 -959
- package/migration/20260227213759_add_session_workspace_id/migration.sql +0 -2
- package/migration/20260227213759_add_session_workspace_id/snapshot.json +0 -983
- package/migration/20260228203230_blue_harpoon/migration.sql +0 -17
- package/migration/20260228203230_blue_harpoon/snapshot.json +0 -1102
- package/migration/20260303231226_add_workspace_fields/migration.sql +0 -5
- package/migration/20260303231226_add_workspace_fields/snapshot.json +0 -1013
- package/migration/20260309230000_move_org_to_state/migration.sql +0 -3
- package/migration/20260309230000_move_org_to_state/snapshot.json +0 -1156
- package/migration/20260312043431_session_message_cursor/migration.sql +0 -4
- package/migration/20260312043431_session_message_cursor/snapshot.json +0 -1168
- package/migration/20260323234822_events/migration.sql +0 -13
- package/migration/20260323234822_events/snapshot.json +0 -1271
- package/migration/20260410174513_workspace-name/migration.sql +0 -16
- package/migration/20260410174513_workspace-name/snapshot.json +0 -1271
- package/migration/20260413175956_chief_energizer/migration.sql +0 -13
- package/migration/20260413175956_chief_energizer/snapshot.json +0 -1399
- package/migration/20260423070820_add_icon_url_override/migration.sql +0 -2
- package/migration/20260423070820_add_icon_url_override/snapshot.json +0 -1409
- package/migration/20260428004200_add_session_path/migration.sql +0 -1
- package/migration/20260428004200_add_session_path/snapshot.json +0 -1419
- package/npm/bin/saeeol +0 -42
- package/npm/package.json +0 -39
- package/npm/postinstall.js +0 -162
- package/parsers-config.ts +0 -289
- package/script/build.ts +0 -393
- package/script/check-migrations.ts +0 -16
- package/script/fix-node-pty.ts +0 -34
- package/script/generate.ts +0 -23
- package/script/postinstall.mjs +0 -189
- package/script/publish.ts +0 -200
- package/script/run-workspace-server +0 -106
- package/script/schema.ts +0 -63
- package/script/test-runner.ts +0 -420
- package/script/time.ts +0 -6
- package/script/trace-imports.ts +0 -153
- package/script/upgrade-opentui.ts +0 -64
- package/scripts/diff-sdk-types.sh +0 -52
- package/specs/effect/facades.md +0 -221
- package/specs/effect/http-api.md +0 -401
- package/specs/effect/instance-context.md +0 -309
- package/specs/effect/loose-ends.md +0 -34
- package/specs/effect/migration.md +0 -299
- package/specs/effect/routes.md +0 -64
- package/specs/effect/schema.md +0 -399
- package/specs/effect/server-package.md +0 -668
- package/specs/effect/tools.md +0 -90
- package/specs/tui-plugins.md +0 -433
- package/specs/v2/api.ts +0 -67
- package/specs/v2/keymappings.md +0 -10
- package/specs/v2/message-shape.md +0 -136
- package/src/tool/apply_patch.txt +0 -33
- package/src/tool/bash.txt +0 -119
- package/src/tool/edit.txt +0 -10
- package/src/tool/glob.txt +0 -6
- package/src/tool/grep.txt +0 -8
- package/src/tool/lsp.txt +0 -24
- package/src/tool/plan-enter.txt +0 -14
- package/src/tool/plan-exit.txt +0 -13
- package/src/tool/question.txt +0 -11
- package/src/tool/read.txt +0 -14
- package/src/tool/recall.txt +0 -12
- package/src/tool/skill.txt +0 -5
- package/src/tool/task.txt +0 -57
- package/src/tool/todowrite.txt +0 -167
- package/src/tool/warpgrep.txt +0 -10
- package/src/tool/webfetch.txt +0 -13
- package/src/tool/websearch.txt +0 -14
- package/src/tool/write.txt +0 -8
- package/sst-env.d.ts +0 -10
- package/test/AGENTS.md +0 -133
- package/test/account/repo.test.ts +0 -352
- package/test/account/service.test.ts +0 -456
- package/test/acp/agent-interface.test.ts +0 -51
- package/test/acp/event-subscription.test.ts +0 -725
- package/test/agent/agent.test.ts +0 -890
- package/test/auth/auth.test.ts +0 -86
- package/test/bun/registry.test.ts +0 -75
- package/test/bus/bus-effect.test.ts +0 -161
- package/test/bus/bus-integration.test.ts +0 -87
- package/test/bus/bus.test.ts +0 -219
- package/test/cli/account.test.ts +0 -26
- package/test/cli/auto-mode.test.ts +0 -75
- package/test/cli/bin-saeeol.test.ts +0 -8
- package/test/cli/cmd/tui/prompt-part.test.ts +0 -47
- package/test/cli/cmd/tui/prompt-traits.test.ts +0 -38
- package/test/cli/cmd/tui/sync.test.tsx +0 -159
- package/test/cli/error.test.ts +0 -18
- package/test/cli/github-action.test.ts +0 -198
- package/test/cli/github-remote.test.ts +0 -85
- package/test/cli/import.test.ts +0 -97
- package/test/cli/install-artifact.test.ts +0 -72
- package/test/cli/plugin-auth-picker.test.ts +0 -120
- package/test/cli/pr.test.ts +0 -59
- package/test/cli/tui/editor-context-zed.test.ts +0 -356
- package/test/cli/tui/editor-context.test.tsx +0 -228
- package/test/cli/tui/keybind-plugin.test.ts +0 -90
- package/test/cli/tui/markdown.test.ts +0 -161
- package/test/cli/tui/plugin-add.test.ts +0 -111
- package/test/cli/tui/plugin-install.test.ts +0 -87
- package/test/cli/tui/plugin-lifecycle.test.ts +0 -224
- package/test/cli/tui/plugin-loader-entrypoint.test.ts +0 -484
- package/test/cli/tui/plugin-loader-pure.test.ts +0 -71
- package/test/cli/tui/plugin-loader.test.ts +0 -816
- package/test/cli/tui/plugin-toggle.test.ts +0 -157
- package/test/cli/tui/revert-diff.test.ts +0 -35
- package/test/cli/tui/slot-replace.test.tsx +0 -47
- package/test/cli/tui/theme-store.test.ts +0 -54
- package/test/cli/tui/thread.test.ts +0 -28
- package/test/cli/tui/transcript.test.ts +0 -426
- package/test/cli/tui/usage.test.ts +0 -60
- package/test/cli/tui/use-event.test.tsx +0 -175
- package/test/config/agent-color.test.ts +0 -67
- package/test/config/config.test.ts +0 -2544
- package/test/config/fixtures/empty-frontmatter.md +0 -4
- package/test/config/fixtures/frontmatter.md +0 -28
- package/test/config/fixtures/markdown-header.md +0 -11
- package/test/config/fixtures/no-frontmatter.md +0 -1
- package/test/config/fixtures/weird-model-id.md +0 -13
- package/test/config/lsp.test.ts +0 -87
- package/test/config/markdown.test.ts +0 -228
- package/test/config/plugin.test.ts +0 -0
- package/test/config/tui.test.ts +0 -624
- package/test/control-plane/adapters.test.ts +0 -71
- package/test/control-plane/workspace.test.ts +0 -1526
- package/test/effect/app-runtime-logger.test.ts +0 -98
- package/test/effect/config-service.test.ts +0 -65
- package/test/effect/instance-state.test.ts +0 -394
- package/test/effect/run-service.test.ts +0 -89
- package/test/effect/runner.test.ts +0 -523
- package/test/fake/provider.ts +0 -82
- package/test/file/fsmonitor.test.ts +0 -68
- package/test/file/ignore.test.ts +0 -10
- package/test/file/index.test.ts +0 -954
- package/test/file/path-traversal.test.ts +0 -205
- package/test/file/ripgrep.test.ts +0 -226
- package/test/file/watcher.test.ts +0 -249
- package/test/filesystem/filesystem.test.ts +0 -319
- package/test/fixture/db.ts +0 -11
- package/test/fixture/fixture.test.ts +0 -26
- package/test/fixture/fixture.ts +0 -175
- package/test/fixture/flock-worker.ts +0 -72
- package/test/fixture/log-init-worker.ts +0 -62
- package/test/fixture/lsp/fake-lsp-server.js +0 -249
- package/test/fixture/plug-worker.ts +0 -93
- package/test/fixture/plugin-meta-worker.ts +0 -19
- package/test/fixture/skills/agents-sdk/SKILL.md +0 -152
- package/test/fixture/skills/cloudflare/SKILL.md +0 -211
- package/test/fixture/skills/index.json +0 -6
- package/test/fixture/tui-plugin.ts +0 -323
- package/test/fixture/tui-runtime.ts +0 -31
- package/test/format/format.test.ts +0 -272
- package/test/git/git.test.ts +0 -128
- package/test/ide/ide.test.ts +0 -82
- package/test/installation/installation.test.ts +0 -168
- package/test/keybind.test.ts +0 -421
- package/test/lib/effect.ts +0 -53
- package/test/lib/filesystem.ts +0 -10
- package/test/lib/llm-server.ts +0 -778
- package/test/lib/websocket.ts +0 -46
- package/test/lsp/client.test.ts +0 -482
- package/test/lsp/index.test.ts +0 -160
- package/test/lsp/launch.test.ts +0 -22
- package/test/lsp/lifecycle.test.ts +0 -184
- package/test/ltm/ltm.test.ts +0 -230
- package/test/mcp/headers.test.ts +0 -178
- package/test/mcp/lifecycle.test.ts +0 -787
- package/test/mcp/oauth-auto-connect.test.ts +0 -311
- package/test/mcp/oauth-browser.test.ts +0 -276
- package/test/mcp/oauth-callback.test.ts +0 -34
- package/test/memory/abort-leak-webfetch.ts +0 -49
- package/test/memory/abort-leak.test.ts +0 -128
- package/test/patch/patch.test.ts +0 -348
- package/test/permission/arity.test.ts +0 -33
- package/test/permission/next.test.ts +0 -1227
- package/test/permission/next.toConfig.test.ts +0 -110
- package/test/permission-task.test.ts +0 -326
- package/test/plugin/auth-override.test.ts +0 -79
- package/test/plugin/cloudflare.test.ts +0 -68
- package/test/plugin/codex.test.ts +0 -123
- package/test/plugin/github-copilot-models.test.ts +0 -261
- package/test/plugin/install-concurrency.test.ts +0 -140
- package/test/plugin/install.test.ts +0 -570
- package/test/plugin/loader-shared.test.ts +0 -1169
- package/test/plugin/meta.test.ts +0 -137
- package/test/plugin/shared.test.ts +0 -88
- package/test/plugin/trigger.test.ts +0 -102
- package/test/plugin/workspace-adapter.test.ts +0 -109
- package/test/preload.ts +0 -77
- package/test/project/instance.test.ts +0 -276
- package/test/project/migrate-global.test.ts +0 -152
- package/test/project/project.test.ts +0 -600
- package/test/project/vcs.test.ts +0 -286
- package/test/project/worktree-remove.test.ts +0 -126
- package/test/project/worktree.test.ts +0 -223
- package/test/provider/amazon-bedrock.test.ts +0 -462
- package/test/provider/copilot/convert-to-copilot-messages.test.ts +0 -523
- package/test/provider/copilot/copilot-chat-model.test.ts +0 -592
- package/test/provider/gitlab-duo.test.ts +0 -413
- package/test/provider/local.test.ts +0 -208
- package/test/provider/models.test.ts +0 -261
- package/test/provider/provider-category.test.ts +0 -190
- package/test/provider/provider.test.ts +0 -2758
- package/test/provider/transform.test.ts +0 -3681
- package/test/pty/pty-output-isolation.test.ts +0 -147
- package/test/pty/pty-session.test.ts +0 -102
- package/test/pty/pty-shell.test.ts +0 -104
- package/test/question/question.test.ts +0 -490
- package/test/saeeol/agent-global-config-dirs.test.ts +0 -24
- package/test/saeeol/agent-manager-tool.test.ts +0 -71
- package/test/saeeol/agent-permission-overrides.test.ts +0 -75
- package/test/saeeol/agent-skill-permissions.test.ts +0 -37
- package/test/saeeol/ask-agent-permissions.test.ts +0 -303
- package/test/saeeol/bash-hierarchy.test.ts +0 -64
- package/test/saeeol/bash-permission-metadata.test.ts +0 -66
- package/test/saeeol/bash-security-extended.test.ts +0 -243
- package/test/saeeol/bedrock-claude-empty-content.test.ts +0 -138
- package/test/saeeol/boxes-integration.test.ts +0 -415
- package/test/saeeol/builtin-skills.test.ts +0 -75
- package/test/saeeol/cleanup.ts +0 -28
- package/test/saeeol/cli/dev-setup.test.ts +0 -74
- package/test/saeeol/cli/roll-call.test.ts +0 -161
- package/test/saeeol/cli-run-auto-helper.test.ts +0 -58
- package/test/saeeol/codex-auth-refresh.test.ts +0 -124
- package/test/saeeol/commit-message/generate.test.ts +0 -188
- package/test/saeeol/commit-message/git-context.test.ts +0 -303
- package/test/saeeol/commit-message-windows.test.ts +0 -38
- package/test/saeeol/compaction-payload-recovery.test.ts +0 -406
- package/test/saeeol/compaction-preservation-audit.test.ts +0 -122
- package/test/saeeol/compaction-skip-guard.test.ts +0 -224
- package/test/saeeol/compaction-smart-select.test.ts +0 -100
- package/test/saeeol/config/config.test.ts +0 -166
- package/test/saeeol/config/indexing-default-plugin.test.ts +0 -82
- package/test/saeeol/config/opentelemetry-default.test.ts +0 -29
- package/test/saeeol/config-gitignore.test.ts +0 -70
- package/test/saeeol/config-injector.test.ts +0 -305
- package/test/saeeol/config-resilience.test.ts +0 -234
- package/test/saeeol/config-validation.test.ts +0 -183
- package/test/saeeol/cost-propagation.test.ts +0 -94
- package/test/saeeol/cost-tracker-extended.test.ts +0 -141
- package/test/saeeol/cost-tracker.test.ts +0 -64
- package/test/saeeol/custom-provider-delete.test.ts +0 -149
- package/test/saeeol/diff-full.test.ts +0 -226
- package/test/saeeol/edit-permission-filediff.test.ts +0 -223
- package/test/saeeol/encoding.test.ts +0 -364
- package/test/saeeol/enhance-prompt.test.ts +0 -61
- package/test/saeeol/ensure-plan-dir.test.ts +0 -32
- package/test/saeeol/errors.test.ts +0 -144
- package/test/saeeol/external-directory-boundary.test.ts +0 -96
- package/test/saeeol/gateway-headers.test.ts +0 -88
- package/test/saeeol/help.test.ts +0 -191
- package/test/saeeol/ignore-migrator.test.ts +0 -308
- package/test/saeeol/indexing-auth.test.ts +0 -45
- package/test/saeeol/indexing-feature.test.ts +0 -44
- package/test/saeeol/indexing-label.test.ts +0 -70
- package/test/saeeol/indexing-startup.test.ts +0 -381
- package/test/saeeol/indexing-worktree.test.ts +0 -73
- package/test/saeeol/instruction.test.ts +0 -136
- package/test/saeeol/lancedb-runtime.test.ts +0 -116
- package/test/saeeol/loader-auth.test.ts +0 -168
- package/test/saeeol/local-model.test.ts +0 -621
- package/test/saeeol/logo.test.ts +0 -31
- package/test/saeeol/lsp-typescript-lightweight.test.ts +0 -89
- package/test/saeeol/mcp-branding.test.ts +0 -33
- package/test/saeeol/mcp-docker-rm.test.ts +0 -32
- package/test/saeeol/mcp-migrator.test.ts +0 -736
- package/test/saeeol/mcp-oauth-callback.test.ts +0 -33
- package/test/saeeol/memory-io.test.ts +0 -198
- package/test/saeeol/memory-paths.test.ts +0 -87
- package/test/saeeol/memory-security.test.ts +0 -166
- package/test/saeeol/model-cache-org.test.ts +0 -164
- package/test/saeeol/model-info-panel-utils.test.ts +0 -52
- package/test/saeeol/model-info-panel.types.test.ts +0 -7
- package/test/saeeol/models-401-fallback.test.ts +0 -52
- package/test/saeeol/modes-migrator.test.ts +0 -320
- package/test/saeeol/nvidia-headers.test.ts +0 -74
- package/test/saeeol/patch-jsonc.test.ts +0 -73
- package/test/saeeol/patch.test.ts +0 -172
- package/test/saeeol/paths.test.ts +0 -265
- package/test/saeeol/permission/config-paths.test.ts +0 -174
- package/test/saeeol/permission/env-read.test.ts +0 -149
- package/test/saeeol/permission/external-directory-allow.test.ts +0 -327
- package/test/saeeol/permission/next.always-rules.test.ts +0 -882
- package/test/saeeol/permission/next.reply-http.test.ts +0 -205
- package/test/saeeol/permission/next.reply-routing.test.ts +0 -184
- package/test/saeeol/plan-exit-detection.test.ts +0 -494
- package/test/saeeol/plan-followup.test.ts +0 -1376
- package/test/saeeol/project-config-update.test.ts +0 -120
- package/test/saeeol/project-id.test.ts +0 -455
- package/test/saeeol/provider-cost.test.ts +0 -171
- package/test/saeeol/provider-list-failed-state.test.ts +0 -100
- package/test/saeeol/question-dismiss-all.test.ts +0 -174
- package/test/saeeol/read-directory.test.ts +0 -116
- package/test/saeeol/rules-migrator.test.ts +0 -257
- package/test/saeeol/run-auto.test.ts +0 -176
- package/test/saeeol/run-network.test.ts +0 -224
- package/test/saeeol/semantic-search.test.ts +0 -186
- package/test/saeeol/server/permission-allow-everything.test.ts +0 -125
- package/test/saeeol/session/instruction-substitution.test.ts +0 -72
- package/test/saeeol/session/platform-attribution.test.ts +0 -118
- package/test/saeeol/session/session.test.ts +0 -105
- package/test/saeeol/session-compaction-cap.test.ts +0 -399
- package/test/saeeol/session-compaction-chunks.test.ts +0 -501
- package/test/saeeol/session-compaction-safety.test.ts +0 -481
- package/test/saeeol/session-fork-remap.test.ts +0 -251
- package/test/saeeol/session-import-service.test.ts +0 -114
- package/test/saeeol/session-list.test.ts +0 -47
- package/test/saeeol/session-message-metadata.test.ts +0 -128
- package/test/saeeol/session-overflow.test.ts +0 -78
- package/test/saeeol/session-processor-empty-tool-calls.test.ts +0 -571
- package/test/saeeol/session-processor-network-offline.test.ts +0 -204
- package/test/saeeol/session-processor-retry-limit.test.ts +0 -238
- package/test/saeeol/session-processor-review-telemetry.test.ts +0 -82
- package/test/saeeol/session-prompt-compaction-safety.test.ts +0 -517
- package/test/saeeol/session-prompt-queue.test.ts +0 -815
- package/test/saeeol/sessions/inflight-cache.test.ts +0 -157
- package/test/saeeol/sessions/ingest-queue.test.ts +0 -402
- package/test/saeeol/sessions/remote-protocol.test.ts +0 -258
- package/test/saeeol/sessions/remote-sender.test.ts +0 -1036
- package/test/saeeol/sessions/remote-ws.test.ts +0 -367
- package/test/saeeol/sessions/sessions-enable-remote.test.disable +0 -181
- package/test/saeeol/slot-prop-reactivity.test.ts +0 -142
- package/test/saeeol/snapshot-cache.test.ts +0 -84
- package/test/saeeol/snapshot-freeze-repro.test.ts +0 -100
- package/test/saeeol/snapshot-track-timeout.test.ts +0 -519
- package/test/saeeol/stats-subagent-cost.test.ts +0 -123
- package/test/saeeol/suggestion/auto-dismiss.test.ts +0 -65
- package/test/saeeol/suggestion/suggestion.test.ts +0 -145
- package/test/saeeol/suggestion/tool.test.ts +0 -298
- package/test/saeeol/summary-file-diff.test.ts +0 -28
- package/test/saeeol/system-prompt.test.ts +0 -142
- package/test/saeeol/task-nesting.test.ts +0 -193
- package/test/saeeol/telemetry/feedback.test.ts +0 -8
- package/test/saeeol/todo-view.test.ts +0 -57
- package/test/saeeol/tool-encoding.test.ts +0 -455
- package/test/saeeol/tool-registry-indexing-import-failure.test.ts +0 -49
- package/test/saeeol/tool-registry-indexing.test.ts +0 -236
- package/test/saeeol/tool-registry-semantic-import-failure.test.ts +0 -55
- package/test/saeeol/tool-task-model.test.ts +0 -352
- package/test/saeeol/transform-opus-4.7.test.ts +0 -89
- package/test/saeeol/tui-diff.test.ts +0 -91
- package/test/saeeol/tui-sync.test.ts +0 -80
- package/test/saeeol/util/url.test.ts +0 -141
- package/test/saeeol/workflows-migrator.test.ts +0 -261
- package/test/saeeol/worktree-diff-summary.test.ts +0 -64
- package/test/saeeol/worktree-diff.test.ts +0 -223
- package/test/saeeol/worktree-remove-lock.test.ts +0 -82
- package/test/server/AGENTS.md +0 -15
- package/test/server/contract.test.ts +0 -231
- package/test/server/experimental-session-list.test.ts +0 -157
- package/test/server/global-session-list.test.ts +0 -155
- package/test/server/httpapi-authorization.test.ts +0 -103
- package/test/server/httpapi-bridge.test.ts +0 -440
- package/test/server/httpapi-config.test.ts +0 -67
- package/test/server/httpapi-cors.test.ts +0 -89
- package/test/server/httpapi-event.test.ts +0 -57
- package/test/server/httpapi-experimental.test.ts +0 -219
- package/test/server/httpapi-file.test.ts +0 -79
- package/test/server/httpapi-instance-context.test.ts +0 -237
- package/test/server/httpapi-instance.legacy.test.ts +0 -140
- package/test/server/httpapi-instance.test.ts +0 -83
- package/test/server/httpapi-json-parity.test.ts +0 -263
- package/test/server/httpapi-mcp-oauth.test.ts +0 -76
- package/test/server/httpapi-mcp.test.ts +0 -189
- package/test/server/httpapi-provider.test.ts +0 -153
- package/test/server/httpapi-pty-websocket.test.ts +0 -16
- package/test/server/httpapi-pty.test.ts +0 -175
- package/test/server/httpapi-raw-route-auth.test.ts +0 -89
- package/test/server/httpapi-sdk.test.ts +0 -679
- package/test/server/httpapi-session.test.ts +0 -464
- package/test/server/httpapi-sync.test.ts +0 -130
- package/test/server/httpapi-tui.test.ts +0 -121
- package/test/server/httpapi-workspace-routing.test.ts +0 -471
- package/test/server/httpapi-workspace.test.ts +0 -427
- package/test/server/project-init-git.test.ts +0 -113
- package/test/server/proxy-util.test.ts +0 -113
- package/test/server/session-actions.test.ts +0 -49
- package/test/server/session-list.test.ts +0 -238
- package/test/server/session-messages.test.ts +0 -167
- package/test/server/session-select.test.ts +0 -100
- package/test/server/trace-attributes.test.ts +0 -76
- package/test/server/workspace-proxy.test.ts +0 -165
- package/test/server/workspace-routing.test.ts +0 -85
- package/test/session/compaction.test.ts +0 -2420
- package/test/session/instruction.test.ts +0 -247
- package/test/session/llm.test.ts +0 -1273
- package/test/session/message-v2.test.ts +0 -1291
- package/test/session/messages-pagination.test.ts +0 -1173
- package/test/session/network.test.ts +0 -249
- package/test/session/processor-effect.test.ts +0 -847
- package/test/session/prompt.test.ts +0 -2131
- package/test/session/retry.test.ts +0 -340
- package/test/session/revert-compact.test.ts +0 -639
- package/test/session/schema-decoding.test.ts +0 -311
- package/test/session/session-entry-stepper.test.ts +0 -917
- package/test/session/session-schema.test.ts +0 -76
- package/test/session/snapshot-tool-race.test.ts +0 -257
- package/test/session/structured-output-integration.test.ts +0 -265
- package/test/session/structured-output.test.ts +0 -381
- package/test/session/system.test.ts +0 -73
- package/test/share/share-next.test.ts +0 -333
- package/test/shell/shell.test.ts +0 -99
- package/test/skill/discovery.test.ts +0 -116
- package/test/skill/skill.test.ts +0 -393
- package/test/snapshot/snapshot.test.ts +0 -1531
- package/test/storage/db.test.ts +0 -23
- package/test/storage/json-migration.test.ts +0 -832
- package/test/storage/storage.test.ts +0 -293
- package/test/suggestion/suggestion.test.ts +0 -1
- package/test/sync/index.test.ts +0 -256
- package/test/tool/__snapshots__/parameters.test.ts.snap +0 -500
- package/test/tool/__snapshots__/tool.test.ts.snap +0 -9
- package/test/tool/apply_patch.test.ts +0 -614
- package/test/tool/bash.test.ts +0 -1225
- package/test/tool/diagnostics-filter.test.ts +0 -55
- package/test/tool/edit.test.ts +0 -754
- package/test/tool/external-directory.test.ts +0 -169
- package/test/tool/fixtures/large-image.png +0 -0
- package/test/tool/fixtures/models-api.json +0 -65179
- package/test/tool/glob.test.ts +0 -107
- package/test/tool/grep.test.ts +0 -114
- package/test/tool/lsp.test.ts +0 -187
- package/test/tool/parameters.test.ts +0 -243
- package/test/tool/question.test.ts +0 -129
- package/test/tool/read.test.ts +0 -500
- package/test/tool/recall.test.ts +0 -151
- package/test/tool/registry.test.ts +0 -203
- package/test/tool/skill.test.ts +0 -135
- package/test/tool/suggest.test.ts +0 -1
- package/test/tool/task.test.ts +0 -612
- package/test/tool/tool-define.test.ts +0 -99
- package/test/tool/truncation.test.ts +0 -260
- package/test/tool/webfetch.test.ts +0 -103
- package/test/tool/write.test.ts +0 -291
- package/test/util/data-url.test.ts +0 -14
- package/test/util/effect-zod.test.ts +0 -754
- package/test/util/error.test.ts +0 -38
- package/test/util/filesystem.test.ts +0 -656
- package/test/util/format.test.ts +0 -59
- package/test/util/glob.test.ts +0 -164
- package/test/util/iife.test.ts +0 -36
- package/test/util/lazy.test.ts +0 -50
- package/test/util/lock.test.ts +0 -72
- package/test/util/log.test.ts +0 -86
- package/test/util/module.test.ts +0 -59
- package/test/util/process.test.ts +0 -128
- package/test/util/timeout.test.ts +0 -21
- package/test/util/which.test.ts +0 -100
- package/test/util/wildcard.test.ts +0 -90
- package/test/workspace/workspace-restore.test.ts +0 -296
|
@@ -1,1227 +0,0 @@
|
|
|
1
|
-
import { afterAll, afterEach, test, expect } from "bun:test"
|
|
2
|
-
import fs from "fs/promises"
|
|
3
|
-
import os from "os"
|
|
4
|
-
import path from "path"
|
|
5
|
-
import { Cause, Effect, Exit, Fiber, Layer } from "effect"
|
|
6
|
-
import { Bus } from "../../src/bus"
|
|
7
|
-
import { Config } from "../../src/config/config"
|
|
8
|
-
import { Global } from "@saeeol/core/global"
|
|
9
|
-
import { CrossSpawnSpawner } from "@saeeol/core/cross-spawn-spawner"
|
|
10
|
-
import { Permission } from "../../src/permission"
|
|
11
|
-
import { PermissionID } from "../../src/permission/schema"
|
|
12
|
-
import { Instance } from "../../src/project/instance"
|
|
13
|
-
import { InstanceStore } from "../../src/project/instance-store"
|
|
14
|
-
import { disposeAllInstances, provideInstance, provideTmpdirInstance, tmpdirScoped } from "../fixture/fixture"
|
|
15
|
-
import { testEffect } from "../lib/effect"
|
|
16
|
-
import { MessageID, SessionID } from "../../src/session/schema"
|
|
17
|
-
|
|
18
|
-
const bus = Bus.layer
|
|
19
|
-
const env = Layer.mergeAll(Permission.layer.pipe(Layer.provide(bus)), bus, CrossSpawnSpawner.defaultLayer)
|
|
20
|
-
const it = testEffect(env)
|
|
21
|
-
|
|
22
|
-
afterEach(async () => {
|
|
23
|
-
await disposeAllInstances()
|
|
24
|
-
})
|
|
25
|
-
afterAll(async () => {
|
|
26
|
-
const dir = Global.Path.config
|
|
27
|
-
for (const file of ["saeeol.jsonc", "saeeol.json", "config.json", "saeeol.json", "saeeol.jsonc"]) {
|
|
28
|
-
await fs.rm(path.join(dir, file), { force: true }).catch(() => {})
|
|
29
|
-
}
|
|
30
|
-
await Config.invalidate(true)
|
|
31
|
-
})
|
|
32
|
-
|
|
33
|
-
const rejectAll = (message?: string) =>
|
|
34
|
-
Effect.gen(function* () {
|
|
35
|
-
const permission = yield* Permission.Service
|
|
36
|
-
for (const req of yield* permission.list()) {
|
|
37
|
-
yield* permission.reply({
|
|
38
|
-
requestID: req.id,
|
|
39
|
-
reply: "reject",
|
|
40
|
-
message,
|
|
41
|
-
})
|
|
42
|
-
}
|
|
43
|
-
})
|
|
44
|
-
|
|
45
|
-
const waitForPending = (count: number) =>
|
|
46
|
-
Effect.gen(function* () {
|
|
47
|
-
const permission = yield* Permission.Service
|
|
48
|
-
for (let i = 0; i < 100; i++) {
|
|
49
|
-
const list = yield* permission.list()
|
|
50
|
-
if (list.length === count) return list
|
|
51
|
-
yield* Effect.sleep("10 millis")
|
|
52
|
-
}
|
|
53
|
-
return yield* Effect.fail(new Error(`timed out waiting for ${count} pending permission request(s)`))
|
|
54
|
-
})
|
|
55
|
-
|
|
56
|
-
const fail = <A, E, R>(self: Effect.Effect<A, E, R>) =>
|
|
57
|
-
Effect.gen(function* () {
|
|
58
|
-
const exit = yield* self.pipe(Effect.exit)
|
|
59
|
-
if (Exit.isFailure(exit)) return Cause.squash(exit.cause)
|
|
60
|
-
throw new Error("expected permission effect to fail")
|
|
61
|
-
})
|
|
62
|
-
|
|
63
|
-
const ask = (input: Parameters<Permission.Interface["ask"]>[0]) =>
|
|
64
|
-
Effect.gen(function* () {
|
|
65
|
-
const permission = yield* Permission.Service
|
|
66
|
-
return yield* permission.ask(input)
|
|
67
|
-
})
|
|
68
|
-
|
|
69
|
-
const reply = (input: Parameters<Permission.Interface["reply"]>[0]) =>
|
|
70
|
-
Effect.gen(function* () {
|
|
71
|
-
const permission = yield* Permission.Service
|
|
72
|
-
return yield* permission.reply(input)
|
|
73
|
-
})
|
|
74
|
-
|
|
75
|
-
const list = () =>
|
|
76
|
-
Effect.gen(function* () {
|
|
77
|
-
const permission = yield* Permission.Service
|
|
78
|
-
return yield* permission.list()
|
|
79
|
-
})
|
|
80
|
-
|
|
81
|
-
function withDir(options: { git?: boolean } | undefined, self: (dir: string) => Effect.Effect<any, any, any>) {
|
|
82
|
-
return provideTmpdirInstance(self, options)
|
|
83
|
-
}
|
|
84
|
-
|
|
85
|
-
function withProvided(dir: string) {
|
|
86
|
-
return <A, E, R>(self: Effect.Effect<A, E, R>) => self.pipe(provideInstance(dir))
|
|
87
|
-
}
|
|
88
|
-
|
|
89
|
-
// fromConfig tests
|
|
90
|
-
|
|
91
|
-
test("fromConfig - string value becomes wildcard rule", () => {
|
|
92
|
-
const result = Permission.fromConfig({ bash: "allow" })
|
|
93
|
-
expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
|
|
94
|
-
})
|
|
95
|
-
|
|
96
|
-
test("fromConfig - object value converts to rules array", () => {
|
|
97
|
-
const result = Permission.fromConfig({ bash: { "*": "allow", rm: "deny" } })
|
|
98
|
-
expect(result).toEqual([
|
|
99
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
100
|
-
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
101
|
-
])
|
|
102
|
-
})
|
|
103
|
-
|
|
104
|
-
test("fromConfig - mixed string and object values", () => {
|
|
105
|
-
const result = Permission.fromConfig({
|
|
106
|
-
bash: { "*": "allow", rm: "deny" },
|
|
107
|
-
edit: "allow",
|
|
108
|
-
webfetch: "ask",
|
|
109
|
-
})
|
|
110
|
-
expect(result).toEqual([
|
|
111
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
112
|
-
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
113
|
-
{ permission: "edit", pattern: "*", action: "allow" },
|
|
114
|
-
{ permission: "webfetch", pattern: "*", action: "ask" },
|
|
115
|
-
])
|
|
116
|
-
})
|
|
117
|
-
|
|
118
|
-
test("fromConfig - empty object", () => {
|
|
119
|
-
const result = Permission.fromConfig({})
|
|
120
|
-
expect(result).toEqual([])
|
|
121
|
-
})
|
|
122
|
-
|
|
123
|
-
test("fromConfig - expands tilde to home directory", () => {
|
|
124
|
-
const result = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } })
|
|
125
|
-
expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }])
|
|
126
|
-
})
|
|
127
|
-
|
|
128
|
-
test("fromConfig - expands $HOME to home directory", () => {
|
|
129
|
-
const result = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } })
|
|
130
|
-
expect(result).toEqual([{ permission: "external_directory", pattern: `${os.homedir()}/projects/*`, action: "allow" }])
|
|
131
|
-
})
|
|
132
|
-
|
|
133
|
-
test("fromConfig - expands $HOME without trailing slash", () => {
|
|
134
|
-
const result = Permission.fromConfig({ external_directory: { $HOME: "allow" } })
|
|
135
|
-
expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }])
|
|
136
|
-
})
|
|
137
|
-
|
|
138
|
-
test("fromConfig - does not expand tilde in middle of path", () => {
|
|
139
|
-
const result = Permission.fromConfig({ external_directory: { "/some/~/path": "allow" } })
|
|
140
|
-
expect(result).toEqual([{ permission: "external_directory", pattern: "/some/~/path", action: "allow" }])
|
|
141
|
-
})
|
|
142
|
-
|
|
143
|
-
// Permission precedence follows config insertion order. `evaluate()` uses the
|
|
144
|
-
// last matching rule, so later config entries intentionally override earlier
|
|
145
|
-
// entries even when a wildcard appears after a specific permission.
|
|
146
|
-
|
|
147
|
-
test("fromConfig - preserves top-level config key order", () => {
|
|
148
|
-
const wildcardFirst = Permission.fromConfig({ "*": "deny", bash: "allow" })
|
|
149
|
-
const specificFirst = Permission.fromConfig({ bash: "allow", "*": "deny" })
|
|
150
|
-
|
|
151
|
-
expect(wildcardFirst.map((r) => r.permission)).toEqual(["*", "bash"])
|
|
152
|
-
expect(specificFirst.map((r) => r.permission)).toEqual(["bash", "*"])
|
|
153
|
-
|
|
154
|
-
expect(Permission.evaluate("bash", "ls", wildcardFirst).action).toBe("allow")
|
|
155
|
-
expect(Permission.evaluate("bash", "ls", specificFirst).action).toBe("deny")
|
|
156
|
-
})
|
|
157
|
-
|
|
158
|
-
test("fromConfig - wildcard acts as fallback when it appears before specifics", () => {
|
|
159
|
-
const ruleset = Permission.fromConfig({ "*": "ask", bash: "allow" })
|
|
160
|
-
expect(Permission.evaluate("edit", "foo.ts", ruleset).action).toBe("ask")
|
|
161
|
-
expect(Permission.evaluate("bash", "ls", ruleset).action).toBe("allow")
|
|
162
|
-
})
|
|
163
|
-
|
|
164
|
-
test("fromConfig - top-level ordering is not sorted by wildcard specificity", () => {
|
|
165
|
-
const ruleset = Permission.fromConfig({
|
|
166
|
-
bash: "allow",
|
|
167
|
-
"*": "ask",
|
|
168
|
-
edit: "deny",
|
|
169
|
-
"mcp_*": "allow",
|
|
170
|
-
})
|
|
171
|
-
expect(ruleset.map((r) => r.permission)).toEqual(["bash", "*", "edit", "mcp_*"])
|
|
172
|
-
})
|
|
173
|
-
|
|
174
|
-
test("fromConfig - sub-pattern insertion order inside a tool key is preserved", () => {
|
|
175
|
-
const ruleset = Permission.fromConfig({ bash: { "*": "deny", "git *": "allow" } })
|
|
176
|
-
expect(ruleset.map((r) => r.pattern)).toEqual(["*", "git *"])
|
|
177
|
-
expect(Permission.evaluate("bash", "rm foo", ruleset).action).toBe("deny")
|
|
178
|
-
expect(Permission.evaluate("bash", "git status", ruleset).action).toBe("allow")
|
|
179
|
-
})
|
|
180
|
-
|
|
181
|
-
test("fromConfig - documented fallback-first example", () => {
|
|
182
|
-
const ruleset = Permission.fromConfig({ "*": "ask", bash: "allow", edit: "deny" })
|
|
183
|
-
expect(Permission.evaluate("bash", "ls", ruleset).action).toBe("allow")
|
|
184
|
-
expect(Permission.evaluate("edit", "foo.ts", ruleset).action).toBe("deny")
|
|
185
|
-
expect(Permission.evaluate("read", "foo.ts", ruleset).action).toBe("ask")
|
|
186
|
-
})
|
|
187
|
-
|
|
188
|
-
test("fromConfig - expands exact tilde to home directory", () => {
|
|
189
|
-
const result = Permission.fromConfig({ external_directory: { "~": "allow" } })
|
|
190
|
-
expect(result).toEqual([{ permission: "external_directory", pattern: os.homedir(), action: "allow" }])
|
|
191
|
-
})
|
|
192
|
-
|
|
193
|
-
test("evaluate - matches expanded tilde pattern", () => {
|
|
194
|
-
const ruleset = Permission.fromConfig({ external_directory: { "~/projects/*": "allow" } })
|
|
195
|
-
const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset)
|
|
196
|
-
expect(result.action).toBe("allow")
|
|
197
|
-
})
|
|
198
|
-
|
|
199
|
-
test("evaluate - matches expanded $HOME pattern", () => {
|
|
200
|
-
const ruleset = Permission.fromConfig({ external_directory: { "$HOME/projects/*": "allow" } })
|
|
201
|
-
const result = Permission.evaluate("external_directory", `${os.homedir()}/projects/file.txt`, ruleset)
|
|
202
|
-
expect(result.action).toBe("allow")
|
|
203
|
-
})
|
|
204
|
-
|
|
205
|
-
// merge tests
|
|
206
|
-
|
|
207
|
-
test("merge - simple concatenation", () => {
|
|
208
|
-
const result = Permission.merge(
|
|
209
|
-
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
210
|
-
[{ permission: "bash", pattern: "*", action: "deny" }],
|
|
211
|
-
)
|
|
212
|
-
expect(result).toEqual([
|
|
213
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
214
|
-
{ permission: "bash", pattern: "*", action: "deny" },
|
|
215
|
-
])
|
|
216
|
-
})
|
|
217
|
-
|
|
218
|
-
test("merge - adds new permission", () => {
|
|
219
|
-
const result = Permission.merge(
|
|
220
|
-
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
221
|
-
[{ permission: "edit", pattern: "*", action: "deny" }],
|
|
222
|
-
)
|
|
223
|
-
expect(result).toEqual([
|
|
224
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
225
|
-
{ permission: "edit", pattern: "*", action: "deny" },
|
|
226
|
-
])
|
|
227
|
-
})
|
|
228
|
-
|
|
229
|
-
test("merge - concatenates rules for same permission", () => {
|
|
230
|
-
const result = Permission.merge(
|
|
231
|
-
[{ permission: "bash", pattern: "foo", action: "ask" }],
|
|
232
|
-
[{ permission: "bash", pattern: "*", action: "deny" }],
|
|
233
|
-
)
|
|
234
|
-
expect(result).toEqual([
|
|
235
|
-
{ permission: "bash", pattern: "foo", action: "ask" },
|
|
236
|
-
{ permission: "bash", pattern: "*", action: "deny" },
|
|
237
|
-
])
|
|
238
|
-
})
|
|
239
|
-
|
|
240
|
-
test("merge - multiple rulesets", () => {
|
|
241
|
-
const result = Permission.merge(
|
|
242
|
-
[{ permission: "bash", pattern: "*", action: "allow" }],
|
|
243
|
-
[{ permission: "bash", pattern: "rm", action: "ask" }],
|
|
244
|
-
[{ permission: "edit", pattern: "*", action: "allow" }],
|
|
245
|
-
)
|
|
246
|
-
expect(result).toEqual([
|
|
247
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
248
|
-
{ permission: "bash", pattern: "rm", action: "ask" },
|
|
249
|
-
{ permission: "edit", pattern: "*", action: "allow" },
|
|
250
|
-
])
|
|
251
|
-
})
|
|
252
|
-
|
|
253
|
-
test("merge - empty ruleset does nothing", () => {
|
|
254
|
-
const result = Permission.merge([{ permission: "bash", pattern: "*", action: "allow" }], [])
|
|
255
|
-
expect(result).toEqual([{ permission: "bash", pattern: "*", action: "allow" }])
|
|
256
|
-
})
|
|
257
|
-
|
|
258
|
-
test("merge - preserves rule order", () => {
|
|
259
|
-
const result = Permission.merge(
|
|
260
|
-
[
|
|
261
|
-
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
262
|
-
{ permission: "edit", pattern: "src/secret/*", action: "deny" },
|
|
263
|
-
],
|
|
264
|
-
[{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" }],
|
|
265
|
-
)
|
|
266
|
-
expect(result).toEqual([
|
|
267
|
-
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
268
|
-
{ permission: "edit", pattern: "src/secret/*", action: "deny" },
|
|
269
|
-
{ permission: "edit", pattern: "src/secret/ok.ts", action: "allow" },
|
|
270
|
-
])
|
|
271
|
-
})
|
|
272
|
-
|
|
273
|
-
test("merge - config permission overrides default ask", () => {
|
|
274
|
-
const defaults: Permission.Ruleset = [{ permission: "*", pattern: "*", action: "ask" }]
|
|
275
|
-
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
276
|
-
const merged = Permission.merge(defaults, config)
|
|
277
|
-
|
|
278
|
-
expect(Permission.evaluate("bash", "ls", merged).action).toBe("allow")
|
|
279
|
-
expect(Permission.evaluate("edit", "foo.ts", merged).action).toBe("ask")
|
|
280
|
-
})
|
|
281
|
-
|
|
282
|
-
test("merge - config ask overrides default allow", () => {
|
|
283
|
-
const defaults: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
284
|
-
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "ask" }]
|
|
285
|
-
const merged = Permission.merge(defaults, config)
|
|
286
|
-
|
|
287
|
-
expect(Permission.evaluate("bash", "ls", merged).action).toBe("ask")
|
|
288
|
-
})
|
|
289
|
-
|
|
290
|
-
// evaluate tests
|
|
291
|
-
|
|
292
|
-
test("evaluate - exact pattern match", () => {
|
|
293
|
-
const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "rm", action: "deny" }])
|
|
294
|
-
expect(result.action).toBe("deny")
|
|
295
|
-
})
|
|
296
|
-
|
|
297
|
-
test("evaluate - wildcard pattern match", () => {
|
|
298
|
-
const result = Permission.evaluate("bash", "rm", [{ permission: "bash", pattern: "*", action: "allow" }])
|
|
299
|
-
expect(result.action).toBe("allow")
|
|
300
|
-
})
|
|
301
|
-
|
|
302
|
-
test("evaluate - last matching rule wins", () => {
|
|
303
|
-
const result = Permission.evaluate("bash", "rm", [
|
|
304
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
305
|
-
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
306
|
-
])
|
|
307
|
-
expect(result.action).toBe("deny")
|
|
308
|
-
})
|
|
309
|
-
|
|
310
|
-
test("evaluate - last matching rule wins (wildcard after specific)", () => {
|
|
311
|
-
const result = Permission.evaluate("bash", "rm", [
|
|
312
|
-
{ permission: "bash", pattern: "rm", action: "deny" },
|
|
313
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
314
|
-
])
|
|
315
|
-
expect(result.action).toBe("allow")
|
|
316
|
-
})
|
|
317
|
-
|
|
318
|
-
test("evaluate - glob pattern match", () => {
|
|
319
|
-
const result = Permission.evaluate("edit", "src/foo.ts", [{ permission: "edit", pattern: "src/*", action: "allow" }])
|
|
320
|
-
expect(result.action).toBe("allow")
|
|
321
|
-
})
|
|
322
|
-
|
|
323
|
-
test("evaluate - last matching glob wins", () => {
|
|
324
|
-
const result = Permission.evaluate("edit", "src/components/Button.tsx", [
|
|
325
|
-
{ permission: "edit", pattern: "src/*", action: "deny" },
|
|
326
|
-
{ permission: "edit", pattern: "src/components/*", action: "allow" },
|
|
327
|
-
])
|
|
328
|
-
expect(result.action).toBe("allow")
|
|
329
|
-
})
|
|
330
|
-
|
|
331
|
-
test("evaluate - order matters for specificity", () => {
|
|
332
|
-
const result = Permission.evaluate("edit", "src/components/Button.tsx", [
|
|
333
|
-
{ permission: "edit", pattern: "src/components/*", action: "allow" },
|
|
334
|
-
{ permission: "edit", pattern: "src/*", action: "deny" },
|
|
335
|
-
])
|
|
336
|
-
expect(result.action).toBe("deny")
|
|
337
|
-
})
|
|
338
|
-
|
|
339
|
-
test("evaluate - unknown permission returns ask", () => {
|
|
340
|
-
const result = Permission.evaluate("unknown_tool", "anything", [
|
|
341
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
342
|
-
])
|
|
343
|
-
expect(result.action).toBe("ask")
|
|
344
|
-
})
|
|
345
|
-
|
|
346
|
-
test("evaluate - empty ruleset returns ask", () => {
|
|
347
|
-
const result = Permission.evaluate("bash", "rm", [])
|
|
348
|
-
expect(result.action).toBe("ask")
|
|
349
|
-
})
|
|
350
|
-
|
|
351
|
-
test("evaluate - no matching pattern returns ask", () => {
|
|
352
|
-
const result = Permission.evaluate("edit", "etc/passwd", [{ permission: "edit", pattern: "src/*", action: "allow" }])
|
|
353
|
-
expect(result.action).toBe("ask")
|
|
354
|
-
})
|
|
355
|
-
|
|
356
|
-
test("evaluate - empty rules array returns ask", () => {
|
|
357
|
-
const result = Permission.evaluate("bash", "rm", [])
|
|
358
|
-
expect(result.action).toBe("ask")
|
|
359
|
-
})
|
|
360
|
-
|
|
361
|
-
test("evaluate - multiple matching patterns, last wins", () => {
|
|
362
|
-
const result = Permission.evaluate("edit", "src/secret.ts", [
|
|
363
|
-
{ permission: "edit", pattern: "*", action: "ask" },
|
|
364
|
-
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
365
|
-
{ permission: "edit", pattern: "src/secret.ts", action: "deny" },
|
|
366
|
-
])
|
|
367
|
-
expect(result.action).toBe("deny")
|
|
368
|
-
})
|
|
369
|
-
|
|
370
|
-
test("evaluate - non-matching patterns are skipped", () => {
|
|
371
|
-
const result = Permission.evaluate("edit", "src/foo.ts", [
|
|
372
|
-
{ permission: "edit", pattern: "*", action: "ask" },
|
|
373
|
-
{ permission: "edit", pattern: "test/*", action: "deny" },
|
|
374
|
-
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
375
|
-
])
|
|
376
|
-
expect(result.action).toBe("allow")
|
|
377
|
-
})
|
|
378
|
-
|
|
379
|
-
test("evaluate - exact match at end wins over earlier wildcard", () => {
|
|
380
|
-
const result = Permission.evaluate("bash", "/bin/rm", [
|
|
381
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
382
|
-
{ permission: "bash", pattern: "/bin/rm", action: "deny" },
|
|
383
|
-
])
|
|
384
|
-
expect(result.action).toBe("deny")
|
|
385
|
-
})
|
|
386
|
-
|
|
387
|
-
test("evaluate - wildcard at end overrides earlier exact match", () => {
|
|
388
|
-
const result = Permission.evaluate("bash", "/bin/rm", [
|
|
389
|
-
{ permission: "bash", pattern: "/bin/rm", action: "deny" },
|
|
390
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
391
|
-
])
|
|
392
|
-
expect(result.action).toBe("allow")
|
|
393
|
-
})
|
|
394
|
-
|
|
395
|
-
// wildcard permission tests
|
|
396
|
-
|
|
397
|
-
test("evaluate - wildcard permission matches any permission", () => {
|
|
398
|
-
const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "*", action: "deny" }])
|
|
399
|
-
expect(result.action).toBe("deny")
|
|
400
|
-
})
|
|
401
|
-
|
|
402
|
-
test("evaluate - wildcard permission with specific pattern", () => {
|
|
403
|
-
const result = Permission.evaluate("bash", "rm", [{ permission: "*", pattern: "rm", action: "deny" }])
|
|
404
|
-
expect(result.action).toBe("deny")
|
|
405
|
-
})
|
|
406
|
-
|
|
407
|
-
test("evaluate - glob permission pattern", () => {
|
|
408
|
-
const result = Permission.evaluate("mcp_server_tool", "anything", [
|
|
409
|
-
{ permission: "mcp_*", pattern: "*", action: "allow" },
|
|
410
|
-
])
|
|
411
|
-
expect(result.action).toBe("allow")
|
|
412
|
-
})
|
|
413
|
-
|
|
414
|
-
test("evaluate - specific permission and wildcard permission combined", () => {
|
|
415
|
-
const result = Permission.evaluate("bash", "rm", [
|
|
416
|
-
{ permission: "*", pattern: "*", action: "deny" },
|
|
417
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
418
|
-
])
|
|
419
|
-
expect(result.action).toBe("allow")
|
|
420
|
-
})
|
|
421
|
-
|
|
422
|
-
test("evaluate - wildcard permission does not match when specific exists", () => {
|
|
423
|
-
const result = Permission.evaluate("edit", "src/foo.ts", [
|
|
424
|
-
{ permission: "*", pattern: "*", action: "deny" },
|
|
425
|
-
{ permission: "edit", pattern: "src/*", action: "allow" },
|
|
426
|
-
])
|
|
427
|
-
expect(result.action).toBe("allow")
|
|
428
|
-
})
|
|
429
|
-
|
|
430
|
-
test("evaluate - multiple matching permission patterns combine rules", () => {
|
|
431
|
-
const result = Permission.evaluate("mcp_dangerous", "anything", [
|
|
432
|
-
{ permission: "*", pattern: "*", action: "ask" },
|
|
433
|
-
{ permission: "mcp_*", pattern: "*", action: "allow" },
|
|
434
|
-
{ permission: "mcp_dangerous", pattern: "*", action: "deny" },
|
|
435
|
-
])
|
|
436
|
-
expect(result.action).toBe("deny")
|
|
437
|
-
})
|
|
438
|
-
|
|
439
|
-
test("evaluate - wildcard permission fallback for unknown tool", () => {
|
|
440
|
-
const result = Permission.evaluate("unknown_tool", "anything", [
|
|
441
|
-
{ permission: "*", pattern: "*", action: "ask" },
|
|
442
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
443
|
-
])
|
|
444
|
-
expect(result.action).toBe("ask")
|
|
445
|
-
})
|
|
446
|
-
|
|
447
|
-
test("evaluate - later wildcard permission can override earlier specific permission", () => {
|
|
448
|
-
const result = Permission.evaluate("bash", "rm", [
|
|
449
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
450
|
-
{ permission: "*", pattern: "*", action: "deny" },
|
|
451
|
-
])
|
|
452
|
-
expect(result.action).toBe("deny")
|
|
453
|
-
})
|
|
454
|
-
|
|
455
|
-
test("evaluate - merges multiple rulesets", () => {
|
|
456
|
-
const config: Permission.Ruleset = [{ permission: "bash", pattern: "*", action: "allow" }]
|
|
457
|
-
const approved: Permission.Ruleset = [{ permission: "bash", pattern: "rm", action: "deny" }]
|
|
458
|
-
const result = Permission.evaluate("bash", "rm", config, approved)
|
|
459
|
-
expect(result.action).toBe("deny")
|
|
460
|
-
})
|
|
461
|
-
|
|
462
|
-
// disabled tests
|
|
463
|
-
|
|
464
|
-
test("disabled - returns empty set when all tools allowed", () => {
|
|
465
|
-
const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "allow" }])
|
|
466
|
-
expect(result.size).toBe(0)
|
|
467
|
-
})
|
|
468
|
-
|
|
469
|
-
test("disabled - disables tool when denied", () => {
|
|
470
|
-
const result = Permission.disabled(
|
|
471
|
-
["bash", "edit", "read"],
|
|
472
|
-
[
|
|
473
|
-
{ permission: "*", pattern: "*", action: "allow" },
|
|
474
|
-
{ permission: "bash", pattern: "*", action: "deny" },
|
|
475
|
-
],
|
|
476
|
-
)
|
|
477
|
-
expect(result.has("bash")).toBe(true)
|
|
478
|
-
expect(result.has("edit")).toBe(false)
|
|
479
|
-
expect(result.has("read")).toBe(false)
|
|
480
|
-
})
|
|
481
|
-
|
|
482
|
-
test("disabled - disables edit/write/apply_patch when edit denied", () => {
|
|
483
|
-
const result = Permission.disabled(
|
|
484
|
-
["edit", "write", "apply_patch", "bash"],
|
|
485
|
-
[
|
|
486
|
-
{ permission: "*", pattern: "*", action: "allow" },
|
|
487
|
-
{ permission: "edit", pattern: "*", action: "deny" },
|
|
488
|
-
],
|
|
489
|
-
)
|
|
490
|
-
expect(result.has("edit")).toBe(true)
|
|
491
|
-
expect(result.has("write")).toBe(true)
|
|
492
|
-
expect(result.has("apply_patch")).toBe(true)
|
|
493
|
-
expect(result.has("bash")).toBe(false)
|
|
494
|
-
})
|
|
495
|
-
|
|
496
|
-
test("disabled - does not disable when partially denied", () => {
|
|
497
|
-
const result = Permission.disabled(
|
|
498
|
-
["bash"],
|
|
499
|
-
[
|
|
500
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
501
|
-
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
502
|
-
],
|
|
503
|
-
)
|
|
504
|
-
expect(result.has("bash")).toBe(false)
|
|
505
|
-
})
|
|
506
|
-
|
|
507
|
-
test("disabled - does not disable when action is ask", () => {
|
|
508
|
-
const result = Permission.disabled(["bash", "edit"], [{ permission: "*", pattern: "*", action: "ask" }])
|
|
509
|
-
expect(result.size).toBe(0)
|
|
510
|
-
})
|
|
511
|
-
|
|
512
|
-
test("disabled - does not disable when specific allow after wildcard deny", () => {
|
|
513
|
-
const result = Permission.disabled(
|
|
514
|
-
["bash"],
|
|
515
|
-
[
|
|
516
|
-
{ permission: "bash", pattern: "*", action: "deny" },
|
|
517
|
-
{ permission: "bash", pattern: "echo *", action: "allow" },
|
|
518
|
-
],
|
|
519
|
-
)
|
|
520
|
-
expect(result.has("bash")).toBe(false)
|
|
521
|
-
})
|
|
522
|
-
|
|
523
|
-
test("disabled - does not disable when wildcard allow after deny", () => {
|
|
524
|
-
const result = Permission.disabled(
|
|
525
|
-
["bash"],
|
|
526
|
-
[
|
|
527
|
-
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
528
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
529
|
-
],
|
|
530
|
-
)
|
|
531
|
-
expect(result.has("bash")).toBe(false)
|
|
532
|
-
})
|
|
533
|
-
|
|
534
|
-
test("disabled - disables multiple tools", () => {
|
|
535
|
-
const result = Permission.disabled(
|
|
536
|
-
["bash", "edit", "webfetch"],
|
|
537
|
-
[
|
|
538
|
-
{ permission: "bash", pattern: "*", action: "deny" },
|
|
539
|
-
{ permission: "edit", pattern: "*", action: "deny" },
|
|
540
|
-
{ permission: "webfetch", pattern: "*", action: "deny" },
|
|
541
|
-
],
|
|
542
|
-
)
|
|
543
|
-
expect(result.has("bash")).toBe(true)
|
|
544
|
-
expect(result.has("edit")).toBe(true)
|
|
545
|
-
expect(result.has("webfetch")).toBe(true)
|
|
546
|
-
})
|
|
547
|
-
|
|
548
|
-
test("disabled - wildcard permission denies all tools", () => {
|
|
549
|
-
const result = Permission.disabled(["bash", "edit", "read"], [{ permission: "*", pattern: "*", action: "deny" }])
|
|
550
|
-
expect(result.has("bash")).toBe(true)
|
|
551
|
-
expect(result.has("edit")).toBe(true)
|
|
552
|
-
expect(result.has("read")).toBe(true)
|
|
553
|
-
})
|
|
554
|
-
|
|
555
|
-
test("disabled - specific allow overrides wildcard deny", () => {
|
|
556
|
-
const result = Permission.disabled(
|
|
557
|
-
["bash", "edit", "read"],
|
|
558
|
-
[
|
|
559
|
-
{ permission: "*", pattern: "*", action: "deny" },
|
|
560
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
561
|
-
],
|
|
562
|
-
)
|
|
563
|
-
expect(result.has("bash")).toBe(false)
|
|
564
|
-
expect(result.has("edit")).toBe(true)
|
|
565
|
-
expect(result.has("read")).toBe(true)
|
|
566
|
-
})
|
|
567
|
-
|
|
568
|
-
// ask tests
|
|
569
|
-
|
|
570
|
-
it.live("ask - resolves immediately when action is allow", () =>
|
|
571
|
-
withDir({ git: true }, () =>
|
|
572
|
-
Effect.gen(function* () {
|
|
573
|
-
const result = yield* ask({
|
|
574
|
-
sessionID: SessionID.make("session_test"),
|
|
575
|
-
permission: "bash",
|
|
576
|
-
patterns: ["ls"],
|
|
577
|
-
metadata: {},
|
|
578
|
-
always: [],
|
|
579
|
-
ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
|
|
580
|
-
})
|
|
581
|
-
expect(result).toBeUndefined()
|
|
582
|
-
}),
|
|
583
|
-
),
|
|
584
|
-
)
|
|
585
|
-
|
|
586
|
-
it.live("ask - throws DeniedError when action is deny", () =>
|
|
587
|
-
withDir({ git: true }, () =>
|
|
588
|
-
Effect.gen(function* () {
|
|
589
|
-
const err = yield* fail(
|
|
590
|
-
ask({
|
|
591
|
-
sessionID: SessionID.make("session_test"),
|
|
592
|
-
permission: "bash",
|
|
593
|
-
patterns: ["rm -rf /"],
|
|
594
|
-
metadata: {},
|
|
595
|
-
always: [],
|
|
596
|
-
ruleset: [{ permission: "bash", pattern: "*", action: "deny" }],
|
|
597
|
-
}),
|
|
598
|
-
)
|
|
599
|
-
expect(err).toBeInstanceOf(Permission.DeniedError)
|
|
600
|
-
}),
|
|
601
|
-
),
|
|
602
|
-
)
|
|
603
|
-
|
|
604
|
-
it.live("ask - stays pending when action is ask", () =>
|
|
605
|
-
withDir({ git: true }, () =>
|
|
606
|
-
Effect.gen(function* () {
|
|
607
|
-
const fiber = yield* ask({
|
|
608
|
-
sessionID: SessionID.make("session_test"),
|
|
609
|
-
permission: "bash",
|
|
610
|
-
patterns: ["ls"],
|
|
611
|
-
metadata: {},
|
|
612
|
-
always: [],
|
|
613
|
-
ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
|
|
614
|
-
}).pipe(Effect.forkScoped)
|
|
615
|
-
|
|
616
|
-
expect(yield* waitForPending(1)).toHaveLength(1)
|
|
617
|
-
yield* rejectAll()
|
|
618
|
-
yield* Fiber.await(fiber)
|
|
619
|
-
}),
|
|
620
|
-
),
|
|
621
|
-
)
|
|
622
|
-
|
|
623
|
-
it.live("ask - adds request to pending list", () =>
|
|
624
|
-
withDir({ git: true }, () =>
|
|
625
|
-
Effect.gen(function* () {
|
|
626
|
-
const fiber = yield* ask({
|
|
627
|
-
sessionID: SessionID.make("session_test"),
|
|
628
|
-
permission: "bash",
|
|
629
|
-
patterns: ["ls"],
|
|
630
|
-
metadata: { cmd: "ls" },
|
|
631
|
-
always: ["ls"],
|
|
632
|
-
tool: {
|
|
633
|
-
messageID: MessageID.make("msg_test"),
|
|
634
|
-
callID: "call_test",
|
|
635
|
-
},
|
|
636
|
-
ruleset: [],
|
|
637
|
-
}).pipe(Effect.forkScoped)
|
|
638
|
-
|
|
639
|
-
const items = yield* waitForPending(1)
|
|
640
|
-
expect(items).toHaveLength(1)
|
|
641
|
-
expect(items[0]).toMatchObject({
|
|
642
|
-
sessionID: SessionID.make("session_test"),
|
|
643
|
-
permission: "bash",
|
|
644
|
-
patterns: ["ls"],
|
|
645
|
-
metadata: { cmd: "ls" },
|
|
646
|
-
always: ["ls"],
|
|
647
|
-
tool: {
|
|
648
|
-
messageID: MessageID.make("msg_test"),
|
|
649
|
-
callID: "call_test",
|
|
650
|
-
},
|
|
651
|
-
})
|
|
652
|
-
|
|
653
|
-
yield* rejectAll()
|
|
654
|
-
yield* Fiber.await(fiber)
|
|
655
|
-
}),
|
|
656
|
-
),
|
|
657
|
-
)
|
|
658
|
-
|
|
659
|
-
it.live("ask - publishes asked event", () =>
|
|
660
|
-
withDir({ git: true }, () =>
|
|
661
|
-
Effect.gen(function* () {
|
|
662
|
-
const bus = yield* Bus.Service
|
|
663
|
-
let seen: Permission.Request | undefined
|
|
664
|
-
const unsub = yield* bus.subscribeCallback(Permission.Event.Asked, (event) => {
|
|
665
|
-
seen = event.properties
|
|
666
|
-
})
|
|
667
|
-
|
|
668
|
-
try {
|
|
669
|
-
const fiber = yield* ask({
|
|
670
|
-
sessionID: SessionID.make("session_test"),
|
|
671
|
-
permission: "bash",
|
|
672
|
-
patterns: ["ls"],
|
|
673
|
-
metadata: { cmd: "ls" },
|
|
674
|
-
always: ["ls"],
|
|
675
|
-
tool: {
|
|
676
|
-
messageID: MessageID.make("msg_test"),
|
|
677
|
-
callID: "call_test",
|
|
678
|
-
},
|
|
679
|
-
ruleset: [],
|
|
680
|
-
}).pipe(Effect.forkScoped)
|
|
681
|
-
|
|
682
|
-
expect(yield* waitForPending(1)).toHaveLength(1)
|
|
683
|
-
expect(seen).toBeDefined()
|
|
684
|
-
expect(seen).toMatchObject({
|
|
685
|
-
sessionID: SessionID.make("session_test"),
|
|
686
|
-
permission: "bash",
|
|
687
|
-
patterns: ["ls"],
|
|
688
|
-
})
|
|
689
|
-
|
|
690
|
-
yield* rejectAll()
|
|
691
|
-
yield* Fiber.await(fiber)
|
|
692
|
-
} finally {
|
|
693
|
-
unsub()
|
|
694
|
-
}
|
|
695
|
-
}),
|
|
696
|
-
),
|
|
697
|
-
)
|
|
698
|
-
|
|
699
|
-
// reply tests
|
|
700
|
-
|
|
701
|
-
it.live("reply - once resolves the pending ask", () =>
|
|
702
|
-
withDir({ git: true }, () =>
|
|
703
|
-
Effect.gen(function* () {
|
|
704
|
-
const fiber = yield* ask({
|
|
705
|
-
id: PermissionID.make("per_test1"),
|
|
706
|
-
sessionID: SessionID.make("session_test"),
|
|
707
|
-
permission: "bash",
|
|
708
|
-
patterns: ["ls"],
|
|
709
|
-
metadata: {},
|
|
710
|
-
always: [],
|
|
711
|
-
ruleset: [],
|
|
712
|
-
}).pipe(Effect.forkScoped)
|
|
713
|
-
|
|
714
|
-
yield* waitForPending(1)
|
|
715
|
-
yield* reply({ requestID: PermissionID.make("per_test1"), reply: "once" })
|
|
716
|
-
yield* Fiber.join(fiber)
|
|
717
|
-
}),
|
|
718
|
-
),
|
|
719
|
-
)
|
|
720
|
-
|
|
721
|
-
it.live("reply - reject throws RejectedError", () =>
|
|
722
|
-
withDir({ git: true }, () =>
|
|
723
|
-
Effect.gen(function* () {
|
|
724
|
-
const fiber = yield* ask({
|
|
725
|
-
id: PermissionID.make("per_test2"),
|
|
726
|
-
sessionID: SessionID.make("session_test"),
|
|
727
|
-
permission: "bash",
|
|
728
|
-
patterns: ["ls"],
|
|
729
|
-
metadata: {},
|
|
730
|
-
always: [],
|
|
731
|
-
ruleset: [],
|
|
732
|
-
}).pipe(Effect.forkScoped)
|
|
733
|
-
|
|
734
|
-
yield* waitForPending(1)
|
|
735
|
-
yield* reply({ requestID: PermissionID.make("per_test2"), reply: "reject" })
|
|
736
|
-
|
|
737
|
-
const exit = yield* Fiber.await(fiber)
|
|
738
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
739
|
-
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
740
|
-
}),
|
|
741
|
-
),
|
|
742
|
-
)
|
|
743
|
-
|
|
744
|
-
it.live("reply - reject with message throws CorrectedError", () =>
|
|
745
|
-
withDir({ git: true }, () =>
|
|
746
|
-
Effect.gen(function* () {
|
|
747
|
-
const fiber = yield* ask({
|
|
748
|
-
id: PermissionID.make("per_test2b"),
|
|
749
|
-
sessionID: SessionID.make("session_test"),
|
|
750
|
-
permission: "bash",
|
|
751
|
-
patterns: ["ls"],
|
|
752
|
-
metadata: {},
|
|
753
|
-
always: [],
|
|
754
|
-
ruleset: [],
|
|
755
|
-
}).pipe(Effect.forkScoped)
|
|
756
|
-
|
|
757
|
-
yield* waitForPending(1)
|
|
758
|
-
yield* reply({
|
|
759
|
-
requestID: PermissionID.make("per_test2b"),
|
|
760
|
-
reply: "reject",
|
|
761
|
-
message: "Use a safer command",
|
|
762
|
-
})
|
|
763
|
-
|
|
764
|
-
const exit = yield* Fiber.await(fiber)
|
|
765
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
766
|
-
if (Exit.isFailure(exit)) {
|
|
767
|
-
const err = Cause.squash(exit.cause)
|
|
768
|
-
expect(err).toBeInstanceOf(Permission.CorrectedError)
|
|
769
|
-
expect(String(err)).toContain("Use a safer command")
|
|
770
|
-
}
|
|
771
|
-
}),
|
|
772
|
-
),
|
|
773
|
-
)
|
|
774
|
-
|
|
775
|
-
it.live("reply - always persists approval and resolves", () =>
|
|
776
|
-
Effect.gen(function* () {
|
|
777
|
-
const dir = yield* tmpdirScoped({ git: true })
|
|
778
|
-
const run = withProvided(dir)
|
|
779
|
-
const fiber = yield* ask({
|
|
780
|
-
id: PermissionID.make("per_test3"),
|
|
781
|
-
sessionID: SessionID.make("session_test"),
|
|
782
|
-
permission: "bash",
|
|
783
|
-
patterns: ["ls"],
|
|
784
|
-
metadata: {},
|
|
785
|
-
always: ["ls"],
|
|
786
|
-
ruleset: [],
|
|
787
|
-
}).pipe(run, Effect.forkScoped)
|
|
788
|
-
|
|
789
|
-
yield* waitForPending(1).pipe(run)
|
|
790
|
-
yield* reply({ requestID: PermissionID.make("per_test3"), reply: "always" }).pipe(run)
|
|
791
|
-
yield* Fiber.join(fiber)
|
|
792
|
-
|
|
793
|
-
const result = yield* ask({
|
|
794
|
-
sessionID: SessionID.make("session_test2"),
|
|
795
|
-
permission: "bash",
|
|
796
|
-
patterns: ["ls"],
|
|
797
|
-
metadata: {},
|
|
798
|
-
always: [],
|
|
799
|
-
ruleset: [],
|
|
800
|
-
}).pipe(run)
|
|
801
|
-
expect(result).toBeUndefined()
|
|
802
|
-
}),
|
|
803
|
-
)
|
|
804
|
-
it.live("allowEverything - session-scoped enable stays within one session", () =>
|
|
805
|
-
withDir({ git: true }, () =>
|
|
806
|
-
Effect.gen(function* () {
|
|
807
|
-
const permission = yield* Permission.Service
|
|
808
|
-
|
|
809
|
-
const first = yield* ask({
|
|
810
|
-
id: PermissionID.make("permission_session_allow"),
|
|
811
|
-
sessionID: SessionID.make("session_allowed"),
|
|
812
|
-
permission: "bash",
|
|
813
|
-
patterns: ["pwd"],
|
|
814
|
-
metadata: {},
|
|
815
|
-
always: [],
|
|
816
|
-
ruleset: [],
|
|
817
|
-
}).pipe(Effect.forkScoped)
|
|
818
|
-
|
|
819
|
-
yield* waitForPending(1)
|
|
820
|
-
yield* permission.allowEverything({
|
|
821
|
-
enable: true,
|
|
822
|
-
requestID: "permission_session_allow",
|
|
823
|
-
sessionID: "session_allowed",
|
|
824
|
-
})
|
|
825
|
-
|
|
826
|
-
yield* Fiber.join(first)
|
|
827
|
-
|
|
828
|
-
const allowed = yield* ask({
|
|
829
|
-
sessionID: SessionID.make("session_allowed"),
|
|
830
|
-
permission: "bash",
|
|
831
|
-
patterns: ["ls"],
|
|
832
|
-
metadata: {},
|
|
833
|
-
always: [],
|
|
834
|
-
ruleset: [],
|
|
835
|
-
})
|
|
836
|
-
expect(allowed).toBeUndefined()
|
|
837
|
-
|
|
838
|
-
const blocked = yield* ask({
|
|
839
|
-
id: PermissionID.make("permission_session_blocked"),
|
|
840
|
-
sessionID: SessionID.make("session_blocked"),
|
|
841
|
-
permission: "bash",
|
|
842
|
-
patterns: ["ls"],
|
|
843
|
-
metadata: {},
|
|
844
|
-
always: [],
|
|
845
|
-
ruleset: [],
|
|
846
|
-
}).pipe(Effect.forkScoped)
|
|
847
|
-
|
|
848
|
-
yield* waitForPending(1)
|
|
849
|
-
yield* reply({
|
|
850
|
-
requestID: PermissionID.make("permission_session_blocked"),
|
|
851
|
-
reply: "reject",
|
|
852
|
-
})
|
|
853
|
-
|
|
854
|
-
const exit = yield* Fiber.await(blocked)
|
|
855
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
856
|
-
if (Exit.isFailure(exit)) {
|
|
857
|
-
expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
858
|
-
}
|
|
859
|
-
}),
|
|
860
|
-
),
|
|
861
|
-
)
|
|
862
|
-
|
|
863
|
-
it.live("reply - reject cancels all pending for same session", () =>
|
|
864
|
-
withDir({ git: true }, () =>
|
|
865
|
-
Effect.gen(function* () {
|
|
866
|
-
const a = yield* ask({
|
|
867
|
-
id: PermissionID.make("per_test4a"),
|
|
868
|
-
sessionID: SessionID.make("session_same"),
|
|
869
|
-
permission: "bash",
|
|
870
|
-
patterns: ["ls"],
|
|
871
|
-
metadata: {},
|
|
872
|
-
always: [],
|
|
873
|
-
ruleset: [],
|
|
874
|
-
}).pipe(Effect.forkScoped)
|
|
875
|
-
|
|
876
|
-
const b = yield* ask({
|
|
877
|
-
id: PermissionID.make("per_test4b"),
|
|
878
|
-
sessionID: SessionID.make("session_same"),
|
|
879
|
-
permission: "edit",
|
|
880
|
-
patterns: ["foo.ts"],
|
|
881
|
-
metadata: {},
|
|
882
|
-
always: [],
|
|
883
|
-
ruleset: [],
|
|
884
|
-
}).pipe(Effect.forkScoped)
|
|
885
|
-
|
|
886
|
-
yield* waitForPending(2)
|
|
887
|
-
yield* reply({ requestID: PermissionID.make("per_test4a"), reply: "reject" })
|
|
888
|
-
|
|
889
|
-
const [ea, eb] = yield* Effect.all([Fiber.await(a), Fiber.await(b)])
|
|
890
|
-
expect(Exit.isFailure(ea)).toBe(true)
|
|
891
|
-
expect(Exit.isFailure(eb)).toBe(true)
|
|
892
|
-
if (Exit.isFailure(ea)) expect(Cause.squash(ea.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
893
|
-
if (Exit.isFailure(eb)) expect(Cause.squash(eb.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
894
|
-
}),
|
|
895
|
-
),
|
|
896
|
-
)
|
|
897
|
-
|
|
898
|
-
it.live("reply - always resolves matching pending requests in same session", () =>
|
|
899
|
-
withDir({ git: true }, () =>
|
|
900
|
-
Effect.gen(function* () {
|
|
901
|
-
const a = yield* ask({
|
|
902
|
-
id: PermissionID.make("per_test5a"),
|
|
903
|
-
sessionID: SessionID.make("session_same"),
|
|
904
|
-
permission: "bash",
|
|
905
|
-
patterns: ["ls"],
|
|
906
|
-
metadata: {},
|
|
907
|
-
always: ["ls"],
|
|
908
|
-
ruleset: [],
|
|
909
|
-
}).pipe(Effect.forkScoped)
|
|
910
|
-
|
|
911
|
-
const b = yield* ask({
|
|
912
|
-
id: PermissionID.make("per_test5b"),
|
|
913
|
-
sessionID: SessionID.make("session_same"),
|
|
914
|
-
permission: "bash",
|
|
915
|
-
patterns: ["ls"],
|
|
916
|
-
metadata: {},
|
|
917
|
-
always: [],
|
|
918
|
-
ruleset: [],
|
|
919
|
-
}).pipe(Effect.forkScoped)
|
|
920
|
-
|
|
921
|
-
yield* waitForPending(2)
|
|
922
|
-
yield* reply({ requestID: PermissionID.make("per_test5a"), reply: "always" })
|
|
923
|
-
|
|
924
|
-
yield* Fiber.join(a)
|
|
925
|
-
yield* Fiber.join(b)
|
|
926
|
-
expect(yield* list()).toHaveLength(0)
|
|
927
|
-
}),
|
|
928
|
-
),
|
|
929
|
-
)
|
|
930
|
-
it.live("reply - always resolves matching pending requests from other sessions", () =>
|
|
931
|
-
withDir({ git: true }, () =>
|
|
932
|
-
Effect.gen(function* () {
|
|
933
|
-
const a = yield* ask({
|
|
934
|
-
id: PermissionID.make("per_test6a"),
|
|
935
|
-
sessionID: SessionID.make("session_a"),
|
|
936
|
-
permission: "bash",
|
|
937
|
-
patterns: ["ls"],
|
|
938
|
-
metadata: {},
|
|
939
|
-
always: ["ls"],
|
|
940
|
-
ruleset: [],
|
|
941
|
-
}).pipe(Effect.forkScoped)
|
|
942
|
-
|
|
943
|
-
const b = yield* ask({
|
|
944
|
-
id: PermissionID.make("per_test6b"),
|
|
945
|
-
sessionID: SessionID.make("session_b"),
|
|
946
|
-
permission: "bash",
|
|
947
|
-
patterns: ["ls"],
|
|
948
|
-
metadata: {},
|
|
949
|
-
always: [],
|
|
950
|
-
ruleset: [],
|
|
951
|
-
}).pipe(Effect.forkScoped)
|
|
952
|
-
|
|
953
|
-
yield* waitForPending(2)
|
|
954
|
-
yield* reply({ requestID: PermissionID.make("per_test6a"), reply: "always" })
|
|
955
|
-
|
|
956
|
-
yield* Fiber.join(a)
|
|
957
|
-
yield* Fiber.join(b)
|
|
958
|
-
expect(yield* list()).toHaveLength(0)
|
|
959
|
-
}),
|
|
960
|
-
),
|
|
961
|
-
)
|
|
962
|
-
|
|
963
|
-
it.live("reply - always does not resolve dangerous variants from other sessions", () =>
|
|
964
|
-
withDir({ git: true }, () =>
|
|
965
|
-
Effect.gen(function* () {
|
|
966
|
-
const a = yield* ask({
|
|
967
|
-
id: PermissionID.make("per_test_safe_a"),
|
|
968
|
-
sessionID: SessionID.make("session_a"),
|
|
969
|
-
permission: "bash",
|
|
970
|
-
patterns: ["npm test"],
|
|
971
|
-
metadata: {},
|
|
972
|
-
always: ["npm test"],
|
|
973
|
-
ruleset: [],
|
|
974
|
-
}).pipe(Effect.forkScoped)
|
|
975
|
-
|
|
976
|
-
const b = yield* ask({
|
|
977
|
-
id: PermissionID.make("per_test_safe_b"),
|
|
978
|
-
sessionID: SessionID.make("session_b"),
|
|
979
|
-
permission: "bash",
|
|
980
|
-
patterns: ["npm test > ~/.ssh/authorized_keys"],
|
|
981
|
-
metadata: {},
|
|
982
|
-
always: [],
|
|
983
|
-
ruleset: [],
|
|
984
|
-
}).pipe(Effect.forkScoped)
|
|
985
|
-
|
|
986
|
-
yield* waitForPending(2)
|
|
987
|
-
yield* reply({ requestID: PermissionID.make("per_test_safe_a"), reply: "always" })
|
|
988
|
-
|
|
989
|
-
yield* Fiber.join(a)
|
|
990
|
-
expect((yield* list()).map((item) => item.id)).toEqual([PermissionID.make("per_test_safe_b")])
|
|
991
|
-
|
|
992
|
-
yield* rejectAll()
|
|
993
|
-
yield* Fiber.await(b)
|
|
994
|
-
}),
|
|
995
|
-
),
|
|
996
|
-
)
|
|
997
|
-
|
|
998
|
-
it.live("reply - publishes replied event", () =>
|
|
999
|
-
withDir({ git: true }, () =>
|
|
1000
|
-
Effect.gen(function* () {
|
|
1001
|
-
const bus = yield* Bus.Service
|
|
1002
|
-
let resolve!: (value: { sessionID: SessionID; requestID: PermissionID; reply: Permission.Reply }) => void
|
|
1003
|
-
const seen = Effect.promise<{
|
|
1004
|
-
sessionID: SessionID
|
|
1005
|
-
requestID: PermissionID
|
|
1006
|
-
reply: Permission.Reply
|
|
1007
|
-
}>(
|
|
1008
|
-
() =>
|
|
1009
|
-
new Promise((res) => {
|
|
1010
|
-
resolve = res
|
|
1011
|
-
}),
|
|
1012
|
-
)
|
|
1013
|
-
|
|
1014
|
-
const fiber = yield* ask({
|
|
1015
|
-
id: PermissionID.make("per_test7"),
|
|
1016
|
-
sessionID: SessionID.make("session_test"),
|
|
1017
|
-
permission: "bash",
|
|
1018
|
-
patterns: ["ls"],
|
|
1019
|
-
metadata: {},
|
|
1020
|
-
always: [],
|
|
1021
|
-
ruleset: [],
|
|
1022
|
-
}).pipe(Effect.forkScoped)
|
|
1023
|
-
|
|
1024
|
-
yield* waitForPending(1)
|
|
1025
|
-
|
|
1026
|
-
const unsub = yield* bus.subscribeCallback(Permission.Event.Replied, (event) => {
|
|
1027
|
-
resolve(event.properties)
|
|
1028
|
-
})
|
|
1029
|
-
|
|
1030
|
-
try {
|
|
1031
|
-
yield* reply({ requestID: PermissionID.make("per_test7"), reply: "once" })
|
|
1032
|
-
yield* Fiber.join(fiber)
|
|
1033
|
-
expect(yield* seen).toEqual({
|
|
1034
|
-
sessionID: SessionID.make("session_test"),
|
|
1035
|
-
requestID: PermissionID.make("per_test7"),
|
|
1036
|
-
reply: "once",
|
|
1037
|
-
})
|
|
1038
|
-
} finally {
|
|
1039
|
-
unsub()
|
|
1040
|
-
}
|
|
1041
|
-
}),
|
|
1042
|
-
),
|
|
1043
|
-
)
|
|
1044
|
-
|
|
1045
|
-
it.live("permission requests stay isolated by directory", () =>
|
|
1046
|
-
Effect.gen(function* () {
|
|
1047
|
-
const one = yield* tmpdirScoped({ git: true })
|
|
1048
|
-
const two = yield* tmpdirScoped({ git: true })
|
|
1049
|
-
const runOne = withProvided(one)
|
|
1050
|
-
const runTwo = withProvided(two)
|
|
1051
|
-
|
|
1052
|
-
const a = yield* ask({
|
|
1053
|
-
id: PermissionID.make("per_dir_a"),
|
|
1054
|
-
sessionID: SessionID.make("session_dir_a"),
|
|
1055
|
-
permission: "bash",
|
|
1056
|
-
patterns: ["ls"],
|
|
1057
|
-
metadata: {},
|
|
1058
|
-
always: [],
|
|
1059
|
-
ruleset: [],
|
|
1060
|
-
}).pipe(runOne, Effect.forkScoped)
|
|
1061
|
-
|
|
1062
|
-
const b = yield* ask({
|
|
1063
|
-
id: PermissionID.make("per_dir_b"),
|
|
1064
|
-
sessionID: SessionID.make("session_dir_b"),
|
|
1065
|
-
permission: "bash",
|
|
1066
|
-
patterns: ["pwd"],
|
|
1067
|
-
metadata: {},
|
|
1068
|
-
always: [],
|
|
1069
|
-
ruleset: [],
|
|
1070
|
-
}).pipe(runTwo, Effect.forkScoped)
|
|
1071
|
-
|
|
1072
|
-
const onePending = yield* waitForPending(1).pipe(runOne)
|
|
1073
|
-
const twoPending = yield* waitForPending(1).pipe(runTwo)
|
|
1074
|
-
expect(onePending).toHaveLength(1)
|
|
1075
|
-
expect(twoPending).toHaveLength(1)
|
|
1076
|
-
expect(onePending[0].id).toBe(PermissionID.make("per_dir_a"))
|
|
1077
|
-
expect(twoPending[0].id).toBe(PermissionID.make("per_dir_b"))
|
|
1078
|
-
|
|
1079
|
-
yield* reply({ requestID: onePending[0].id, reply: "reject" }).pipe(runOne)
|
|
1080
|
-
yield* reply({ requestID: twoPending[0].id, reply: "reject" }).pipe(runTwo)
|
|
1081
|
-
|
|
1082
|
-
yield* Fiber.await(a)
|
|
1083
|
-
yield* Fiber.await(b)
|
|
1084
|
-
}),
|
|
1085
|
-
)
|
|
1086
|
-
|
|
1087
|
-
it.live("pending permission rejects on instance dispose", () =>
|
|
1088
|
-
Effect.gen(function* () {
|
|
1089
|
-
const dir = yield* tmpdirScoped({ git: true })
|
|
1090
|
-
const run = withProvided(dir)
|
|
1091
|
-
const fiber = yield* ask({
|
|
1092
|
-
id: PermissionID.make("per_dispose"),
|
|
1093
|
-
sessionID: SessionID.make("session_dispose"),
|
|
1094
|
-
permission: "bash",
|
|
1095
|
-
patterns: ["ls"],
|
|
1096
|
-
metadata: {},
|
|
1097
|
-
always: [],
|
|
1098
|
-
ruleset: [],
|
|
1099
|
-
}).pipe(run, Effect.forkScoped)
|
|
1100
|
-
|
|
1101
|
-
expect(yield* waitForPending(1).pipe(run)).toHaveLength(1)
|
|
1102
|
-
yield* Effect.promise(() =>
|
|
1103
|
-
Instance.provide({ directory: dir, fn: () => void InstanceStore.disposeInstance(Instance.current) }),
|
|
1104
|
-
)
|
|
1105
|
-
|
|
1106
|
-
const exit = yield* Fiber.await(fiber)
|
|
1107
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
1108
|
-
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
1109
|
-
}),
|
|
1110
|
-
)
|
|
1111
|
-
|
|
1112
|
-
it.live("pending permission rejects on instance reload", () =>
|
|
1113
|
-
Effect.gen(function* () {
|
|
1114
|
-
const dir = yield* tmpdirScoped({ git: true })
|
|
1115
|
-
const run = withProvided(dir)
|
|
1116
|
-
const fiber = yield* ask({
|
|
1117
|
-
id: PermissionID.make("per_reload"),
|
|
1118
|
-
sessionID: SessionID.make("session_reload"),
|
|
1119
|
-
permission: "bash",
|
|
1120
|
-
patterns: ["ls"],
|
|
1121
|
-
metadata: {},
|
|
1122
|
-
always: [],
|
|
1123
|
-
ruleset: [],
|
|
1124
|
-
}).pipe(run, Effect.forkScoped)
|
|
1125
|
-
|
|
1126
|
-
expect(yield* waitForPending(1).pipe(run)).toHaveLength(1)
|
|
1127
|
-
yield* Effect.promise(() => InstanceStore.reloadInstance({ directory: dir }))
|
|
1128
|
-
|
|
1129
|
-
const exit = yield* Fiber.await(fiber)
|
|
1130
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
1131
|
-
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
1132
|
-
}),
|
|
1133
|
-
)
|
|
1134
|
-
it.live("reply - returns false for unknown requestID", () =>
|
|
1135
|
-
withDir({ git: true }, () =>
|
|
1136
|
-
Effect.gen(function* () {
|
|
1137
|
-
const accepted = yield* reply({ requestID: PermissionID.make("per_unknown"), reply: "once" })
|
|
1138
|
-
expect(accepted).toBe(false)
|
|
1139
|
-
expect(yield* list()).toHaveLength(0)
|
|
1140
|
-
}),
|
|
1141
|
-
),
|
|
1142
|
-
)
|
|
1143
|
-
|
|
1144
|
-
it.live("ask - checks all patterns and stops on first deny", () =>
|
|
1145
|
-
withDir({ git: true }, () =>
|
|
1146
|
-
Effect.gen(function* () {
|
|
1147
|
-
const err = yield* fail(
|
|
1148
|
-
ask({
|
|
1149
|
-
sessionID: SessionID.make("session_test"),
|
|
1150
|
-
permission: "bash",
|
|
1151
|
-
patterns: ["echo hello", "rm -rf /"],
|
|
1152
|
-
metadata: {},
|
|
1153
|
-
always: [],
|
|
1154
|
-
ruleset: [
|
|
1155
|
-
{ permission: "bash", pattern: "*", action: "allow" },
|
|
1156
|
-
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
1157
|
-
],
|
|
1158
|
-
}),
|
|
1159
|
-
)
|
|
1160
|
-
expect(err).toBeInstanceOf(Permission.DeniedError)
|
|
1161
|
-
}),
|
|
1162
|
-
),
|
|
1163
|
-
)
|
|
1164
|
-
|
|
1165
|
-
it.live("ask - allows all patterns when all match allow rules", () =>
|
|
1166
|
-
withDir({ git: true }, () =>
|
|
1167
|
-
Effect.gen(function* () {
|
|
1168
|
-
const result = yield* ask({
|
|
1169
|
-
sessionID: SessionID.make("session_test"),
|
|
1170
|
-
permission: "bash",
|
|
1171
|
-
patterns: ["echo hello", "ls -la", "pwd"],
|
|
1172
|
-
metadata: {},
|
|
1173
|
-
always: [],
|
|
1174
|
-
ruleset: [{ permission: "bash", pattern: "*", action: "allow" }],
|
|
1175
|
-
})
|
|
1176
|
-
expect(result).toBeUndefined()
|
|
1177
|
-
}),
|
|
1178
|
-
),
|
|
1179
|
-
)
|
|
1180
|
-
|
|
1181
|
-
it.live("ask - should deny even when an earlier pattern is ask", () =>
|
|
1182
|
-
withDir({ git: true }, () =>
|
|
1183
|
-
Effect.gen(function* () {
|
|
1184
|
-
const err = yield* fail(
|
|
1185
|
-
ask({
|
|
1186
|
-
sessionID: SessionID.make("session_test"),
|
|
1187
|
-
permission: "bash",
|
|
1188
|
-
patterns: ["echo hello", "rm -rf /"],
|
|
1189
|
-
metadata: {},
|
|
1190
|
-
always: [],
|
|
1191
|
-
ruleset: [
|
|
1192
|
-
{ permission: "bash", pattern: "echo *", action: "ask" },
|
|
1193
|
-
{ permission: "bash", pattern: "rm *", action: "deny" },
|
|
1194
|
-
],
|
|
1195
|
-
}),
|
|
1196
|
-
)
|
|
1197
|
-
|
|
1198
|
-
expect(err).toBeInstanceOf(Permission.DeniedError)
|
|
1199
|
-
expect(yield* list()).toHaveLength(0)
|
|
1200
|
-
}),
|
|
1201
|
-
),
|
|
1202
|
-
)
|
|
1203
|
-
|
|
1204
|
-
it.live("ask - abort should clear pending request", () =>
|
|
1205
|
-
Effect.gen(function* () {
|
|
1206
|
-
const dir = yield* tmpdirScoped({ git: true })
|
|
1207
|
-
const run = withProvided(dir)
|
|
1208
|
-
|
|
1209
|
-
const fiber = yield* ask({
|
|
1210
|
-
id: PermissionID.make("per_reload"),
|
|
1211
|
-
sessionID: SessionID.make("session_reload"),
|
|
1212
|
-
permission: "bash",
|
|
1213
|
-
patterns: ["ls"],
|
|
1214
|
-
metadata: {},
|
|
1215
|
-
always: [],
|
|
1216
|
-
ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
|
|
1217
|
-
}).pipe(run, Effect.forkScoped)
|
|
1218
|
-
|
|
1219
|
-
const pending = yield* waitForPending(1).pipe(run)
|
|
1220
|
-
expect(pending).toHaveLength(1)
|
|
1221
|
-
yield* Effect.promise(() => InstanceStore.reloadInstance({ directory: dir }))
|
|
1222
|
-
|
|
1223
|
-
const exit = yield* Fiber.await(fiber)
|
|
1224
|
-
expect(Exit.isFailure(exit)).toBe(true)
|
|
1225
|
-
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
|
|
1226
|
-
}),
|
|
1227
|
-
)
|