saeeol 1.3.0 → 1.4.0

package/test/permission/next.toConfig.test.ts

@@ -0,0 +1,110 @@
+import { test, expect } from "bun:test"
+import { Permission } from "../../src/permission"
+
+// toConfig tests (inverse of fromConfig)
+
+test("toConfig - single wildcard rule uses object format", () => {
+  const result = Permission.toConfig([{ permission: "read", pattern: "*", action: "allow" }])
+  expect(result).toEqual({ read: { "*": "allow" } })
+})
+
+test("toConfig - single non-wildcard rule uses object format", () => {
+  const result = Permission.toConfig([{ permission: "bash", pattern: "npm *", action: "allow" }])
+  expect(result).toEqual({ bash: { "npm *": "allow" } })
+})
+
+test("toConfig - multiple rules for same permission use object format", () => {
+  const result = Permission.toConfig([
+    { permission: "bash", pattern: "*", action: "ask" },
+    { permission: "bash", pattern: "npm *", action: "allow" },
+  ])
+  expect(result).toEqual({ bash: { "*": "ask", "npm *": "allow" } })
+})
+
+test("toConfig - mixed permissions", () => {
+  const result = Permission.toConfig([
+    { permission: "read", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "npm *", action: "allow" },
+    { permission: "bash", pattern: "git *", action: "allow" },
+  ])
+  expect(result).toEqual({
+    read: { "*": "allow" },
+    bash: { "npm *": "allow", "git *": "allow" },
+  })
+})
+
+test("toConfig - empty rules returns empty object", () => {
+  const result = Permission.toConfig([])
+  expect(result).toEqual({})
+})
+
+test("toConfig - wildcard then specific promotes to object", () => {
+  const result = Permission.toConfig([
+    { permission: "bash", pattern: "*", action: "ask" },
+    { permission: "bash", pattern: "rm *", action: "deny" },
+  ])
+  expect(result).toEqual({ bash: { "*": "ask", "rm *": "deny" } })
+})
+
+test("toConfig - roundtrip with fromConfig (simple) always uses object format", () => {
+  const config = { read: "allow" as const, bash: "ask" as const }
+  const rules = Permission.fromConfig(config)
+  const result = Permission.toConfig(rules)
+  // toConfig always uses object format to avoid erasing existing granular rules on merge
+  expect(result).toEqual({ read: { "*": "allow" }, bash: { "*": "ask" } })
+})
+
+test("toConfig - roundtrip with fromConfig (object)", () => {
+  const config = { bash: { "*": "ask" as const, "npm *": "allow" as const, "git *": "allow" as const } }
+  const rules = Permission.fromConfig(config)
+  const result = Permission.toConfig(rules)
+  expect(result).toEqual(config)
+})
+
+test("toConfig - scalar-only permission uses scalar format", () => {
+  const result = Permission.toConfig([{ permission: "websearch", pattern: "*", action: "allow" }])
+  expect(result).toEqual({ websearch: "allow" })
+})
+
+test("toConfig - scalar-only permission with non-wildcard pattern is skipped", () => {
+  // doom_loop uses always: [toolName], so pattern can be "bash" etc.
+  // Non-wildcard patterns for scalar-only permissions can't be represented
+  // in the config schema — they only work in-memory (known limitation).
+  const result = Permission.toConfig([{ permission: "doom_loop", pattern: "bash", action: "allow" }])
+  expect(result).toEqual({})
+})
+
+test("toConfig - mixed scalar-only and rule-capable permissions", () => {
+  const result = Permission.toConfig([
+    { permission: "websearch", pattern: "*", action: "allow" },
+    { permission: "todowrite", pattern: "*", action: "allow" },
+    { permission: "bash", pattern: "npm *", action: "allow" },
+  ])
+  expect(result).toEqual({
+    websearch: "allow",
+    todowrite: "allow",
+    bash: { "npm *": "allow" },
+  })
+})
+
+// Tests for null delete sentinel handling (null = "remove this key from config")
+
+test("fromConfig - null entries in PermissionObject are skipped", () => {
+  const config = { bash: { "*": "ask" as const, "npm *": null } }
+  const rules = Permission.fromConfig(config)
+  // null is a delete sentinel — only the non-null entry should produce a rule
+  expect(rules).toEqual([{ permission: "bash", pattern: "*", action: "ask" }])
+})
+
+test("fromConfig - null top-level PermissionRule is skipped", () => {
+  const config = { bash: null }
+  const rules = Permission.fromConfig(config)
+  expect(rules).toEqual([])
+})
+
+test("toConfig - null existing entry is treated as absent (new rule wins)", () => {
+  // If result[permission] is null (shouldn't happen in practice but defensive),
+  // the new rule should be written as a fresh object entry.
+  const result = Permission.toConfig([{ permission: "bash", pattern: "npm *", action: "allow" }])
+  expect(result).toEqual({ bash: { "npm *": "allow" } })
+})

package/test/permission-task.test.ts

@@ -0,0 +1,326 @@
+import { afterEach, describe, test, expect } from "bun:test"
+import { Permission } from "../src/permission"
+import { Config } from "@/config/config"
+import { Instance } from "../src/project/instance"
+import { disposeAllInstances, tmpdir } from "./fixture/fixture"
+import { AppRuntime } from "../src/effect/app-runtime"
+
+const load = () => AppRuntime.runPromise(Config.Service.use((svc) => svc.get()))
+
+afterEach(async () => {
+  await disposeAllInstances()
+})
+
+describe("Permission.evaluate for permission.task", () => {
+  const createRuleset = (rules: Record<string, "allow" | "deny" | "ask">): Permission.Ruleset =>
+    Object.entries(rules).map(([pattern, action]) => ({
+      permission: "task",
+      pattern,
+      action,
+    }))
+
+  test("returns ask when no match (default)", () => {
+    expect(Permission.evaluate("task", "code-reviewer", []).action).toBe("ask")
+  })
+
+  test("returns deny for explicit deny", () => {
+    const ruleset = createRuleset({ "code-reviewer": "deny" })
+    expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+  })
+
+  test("returns allow for explicit allow", () => {
+    const ruleset = createRuleset({ "code-reviewer": "allow" })
+    expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("allow")
+  })
+
+  test("returns ask for explicit ask", () => {
+    const ruleset = createRuleset({ "code-reviewer": "ask" })
+    expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("ask")
+  })
+
+  test("matches wildcard patterns with deny", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "deny" })
+    expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("deny")
+    expect(Permission.evaluate("task", "orchestrator-slow", ruleset).action).toBe("deny")
+    expect(Permission.evaluate("task", "general", ruleset).action).toBe("ask")
+  })
+
+  test("matches wildcard patterns with allow", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "allow" })
+    expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+    expect(Permission.evaluate("task", "orchestrator-slow", ruleset).action).toBe("allow")
+  })
+
+  test("matches wildcard patterns with ask", () => {
+    const ruleset = createRuleset({ "orchestrator-*": "ask" })
+    expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("ask")
+    const globalRuleset = createRuleset({ "*": "ask" })
+    expect(Permission.evaluate("task", "code-reviewer", globalRuleset).action).toBe("ask")
+  })
+
+  test("later rules take precedence (last match wins)", () => {
+    const ruleset = createRuleset({
+      "orchestrator-*": "deny",
+      "orchestrator-fast": "allow",
+    })
+    expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+    expect(Permission.evaluate("task", "orchestrator-slow", ruleset).action).toBe("deny")
+  })
+
+  test("matches global wildcard", () => {
+    expect(Permission.evaluate("task", "any-agent", createRuleset({ "*": "allow" })).action).toBe("allow")
+    expect(Permission.evaluate("task", "any-agent", createRuleset({ "*": "deny" })).action).toBe("deny")
+    expect(Permission.evaluate("task", "any-agent", createRuleset({ "*": "ask" })).action).toBe("ask")
+  })
+})
+
+describe("Permission.disabled for task tool", () => {
+  // Note: The `disabled` function checks if a TOOL should be completely removed from the tool list.
+  // It only disables a tool when there's a rule with `pattern: "*"` and `action: "deny"`.
+  // It does NOT evaluate complex subagent patterns - those are handled at runtime by `evaluate`.
+  const createRuleset = (rules: Record<string, "allow" | "deny" | "ask">): Permission.Ruleset =>
+    Object.entries(rules).map(([pattern, action]) => ({
+      permission: "task",
+      pattern,
+      action,
+    }))
+
+  test("task tool is disabled when global deny pattern exists (even with specific allows)", () => {
+    // When "*": "deny" exists, the task tool is disabled because the disabled() function
+    // only checks for wildcard deny patterns - it doesn't consider that specific subagents might be allowed
+    const ruleset = createRuleset({
+      "orchestrator-*": "allow",
+      "*": "deny",
+    })
+    const disabled = Permission.disabled(["task", "bash", "read"], ruleset)
+    // The task tool IS disabled because there's a pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is disabled when global deny pattern exists (even with ask overrides)", () => {
+    const ruleset = createRuleset({
+      "orchestrator-*": "ask",
+      "*": "deny",
+    })
+    const disabled = Permission.disabled(["task"], ruleset)
+    // The task tool IS disabled because there's a pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is disabled when global deny pattern exists", () => {
+    const ruleset = createRuleset({ "*": "deny" })
+    const disabled = Permission.disabled(["task"], ruleset)
+    expect(disabled.has("task")).toBe(true)
+  })
+
+  test("task tool is NOT disabled when only specific patterns are denied (no wildcard)", () => {
+    // The disabled() function only disables tools when pattern: "*" && action: "deny"
+    // Specific subagent denies don't disable the task tool - those are handled at runtime
+    const ruleset = createRuleset({
+      "orchestrator-*": "deny",
+      general: "deny",
+    })
+    const disabled = Permission.disabled(["task"], ruleset)
+    // The task tool is NOT disabled because no rule has pattern: "*" with action: "deny"
+    expect(disabled.has("task")).toBe(false)
+  })
+
+  test("task tool is enabled when no task rules exist (default ask)", () => {
+    const disabled = Permission.disabled(["task"], [])
+    expect(disabled.has("task")).toBe(false)
+  })
+
+  test("task tool is NOT disabled when last wildcard pattern is allow", () => {
+    // Last matching rule wins - if wildcard allow comes after wildcard deny, tool is enabled
+    const ruleset = createRuleset({
+      "*": "deny",
+      "orchestrator-coder": "allow",
+    })
+    const disabled = Permission.disabled(["task"], ruleset)
+    // The disabled() function uses findLast and checks if the last matching rule
+    // has pattern: "*" and action: "deny". In this case, the last rule matching
+    // "task" permission has pattern "orchestrator-coder", not "*", so not disabled
+    expect(disabled.has("task")).toBe(false)
+  })
+})
+
+// Integration tests that load permissions from real config files
+describe("permission.task with real config files", () => {
+  test("loads task permissions from saeeol.json config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "allow",
+            "code-reviewer": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+        // general and orchestrator-fast should be allowed, code-reviewer denied
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("allow")
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+      },
+    })
+  })
+
+  test("loads task permissions with wildcard patterns from config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "ask",
+            "orchestrator-*": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+        // general and code-reviewer should be ask, orchestrator-* denied
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("ask")
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("ask")
+        expect(Permission.evaluate("task", "orchestrator-fast", ruleset).action).toBe("deny")
+      },
+    })
+  })
+
+  test("evaluate respects task permission from config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            general: "allow",
+            "code-reviewer": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+        // Unspecified agents default to "ask"
+        expect(Permission.evaluate("task", "unknown-agent", ruleset).action).toBe("ask")
+      },
+    })
+  })
+
+  test("mixed permission config with task and other tools", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          bash: "allow",
+          edit: "ask",
+          task: {
+            "*": "deny",
+            general: "allow",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+
+        // Verify task permissions
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("allow")
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+
+        // Verify other tool permissions
+        expect(Permission.evaluate("bash", "*", ruleset).action).toBe("allow")
+        expect(Permission.evaluate("edit", "*", ruleset).action).toBe("ask")
+
+        // Verify disabled tools
+        const disabled = Permission.disabled(["bash", "edit", "task"], ruleset)
+        expect(disabled.has("bash")).toBe(false)
+        expect(disabled.has("edit")).toBe(false)
+        // task is NOT disabled because disabled() uses findLast, and the last rule
+        // matching "task" permission is {pattern: "general", action: "allow"}, not pattern: "*"
+        expect(disabled.has("task")).toBe(false)
+      },
+    })
+  })
+
+  test("task tool disabled when global deny comes last in config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            general: "allow",
+            "code-reviewer": "allow",
+            "*": "deny",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+
+        // Last matching rule wins - "*" deny is last, so all agents are denied
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("deny")
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+        expect(Permission.evaluate("task", "unknown", ruleset).action).toBe("deny")
+
+        // Since "*": "deny" is the last rule, disabled() finds it with findLast
+        // and sees pattern: "*" with action: "deny", so task is disabled
+        const disabled = Permission.disabled(["task"], ruleset)
+        expect(disabled.has("task")).toBe(true)
+      },
+    })
+  })
+
+  test("task tool NOT disabled when specific allow comes last in config", async () => {
+    await using tmp = await tmpdir({
+      git: true,
+      config: {
+        permission: {
+          task: {
+            "*": "deny",
+            general: "allow",
+          },
+        },
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const config = await load()
+        const ruleset = Permission.fromConfig(config.permission ?? {})
+
+        // Evaluate uses findLast - "general" allow comes after "*" deny
+        expect(Permission.evaluate("task", "general", ruleset).action).toBe("allow")
+        // Other agents still denied by the earlier "*" deny
+        expect(Permission.evaluate("task", "code-reviewer", ruleset).action).toBe("deny")
+
+        // disabled() uses findLast and checks if the last rule has pattern: "*" with action: "deny"
+        // In this case, the last rule is {pattern: "general", action: "allow"}, not pattern: "*"
+        // So the task tool is NOT disabled (even though most subagents are denied)
+        const disabled = Permission.disabled(["task"], ruleset)
+        expect(disabled.has("task")).toBe(false)
+      },
+    })
+  })
+})

package/test/plugin/auth-override.test.ts

@@ -0,0 +1,79 @@
+import { describe, expect, test } from "bun:test"
+import path from "path"
+import fs from "fs/promises"
+import { Effect } from "effect"
+import { tmpdir } from "../fixture/fixture"
+import { Instance } from "../../src/project/instance"
+import { ProviderAuth } from "@/provider/auth"
+import { ProviderID } from "../../src/provider/schema"
+
+describe("plugin.auth-override", () => {
+  test("user plugin overrides built-in github-copilot auth", async () => {
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        const pluginDir = path.join(dir, ".saeeol", "plugin")
+        await fs.mkdir(pluginDir, { recursive: true })
+
+        await Bun.write(
+          path.join(pluginDir, "custom-copilot-auth.ts"),
+          [
+            "export default {",
+            '  id: "demo.custom-copilot-auth",',
+            "  server: async () => ({",
+            "    auth: {",
+            '      provider: "github-copilot",',
+            "      methods: [",
+            '        { type: "api", label: "Test Override Auth" },',
+            "      ],",
+            "      loader: async () => ({ access: 'test-token' }),",
+            "    },",
+            "  }),",
+            "}",
+            "",
+          ].join("\n"),
+        )
+      },
+    })
+
+    await using plain = await tmpdir()
+
+    const methods = await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        return Effect.runPromise(
+          ProviderAuth.Service.use((svc) => svc.methods()).pipe(Effect.provide(ProviderAuth.defaultLayer)),
+        )
+      },
+    })
+
+    const plainMethods = await Instance.provide({
+      directory: plain.path,
+      fn: async () => {
+        return Effect.runPromise(
+          ProviderAuth.Service.use((svc) => svc.methods()).pipe(Effect.provide(ProviderAuth.defaultLayer)),
+        )
+      },
+    })
+
+    const copilot = methods[ProviderID.make("github-copilot")]
+    expect(copilot).toBeDefined()
+    expect(copilot.length).toBe(1)
+    expect(copilot[0].label).toBe("Test Override Auth")
+    expect(plainMethods[ProviderID.make("github-copilot")][0].label).not.toBe("Test Override Auth")
+  }, 30000) // Increased timeout for plugin installation
+})
+
+const file = path.join(import.meta.dir, "../../src/plugin/index.ts")
+
+describe("plugin.config-hook-error-isolation", () => {
+  test("config hooks are individually error-isolated in the layer factory", async () => {
+    const src = await Bun.file(file).text()
+
+    // Each hook's config call is wrapped in Effect.tryPromise with error logging + Effect.ignore
+    expect(src).toContain("plugin config hook failed")
+
+    const pattern =
+      /for\s*\(const hook of hooks\)\s*\{[\s\S]*?Effect\.tryPromise[\s\S]*?\.config\?\.\([\s\S]*?plugin config hook failed[\s\S]*?Effect\.ignore/
+    expect(pattern.test(src)).toBe(true)
+  })
+})

package/test/plugin/cloudflare.test.ts

@@ -0,0 +1,68 @@
+import { expect, test } from "bun:test"
+import { CloudflareAIGatewayAuthPlugin } from "@/plugin/cloudflare"
+
+const pluginInput = {
+  client: {} as never,
+  project: {} as never,
+  directory: "",
+  worktree: "",
+  experimental_workspace: {
+    register() {},
+  },
+  serverUrl: new URL("https://example.com"),
+  $: {} as never,
+}
+
+function makeHookInput(overrides: { providerID?: string; apiId?: string; reasoning?: boolean }) {
+  return {
+    sessionID: "s",
+    agent: "a",
+    provider: {} as never,
+    message: {} as never,
+    model: {
+      providerID: overrides.providerID ?? "cloudflare-ai-gateway",
+      api: { id: overrides.apiId ?? "openai/gpt-5.2-codex", url: "", npm: "ai-gateway-provider" },
+      capabilities: {
+        reasoning: overrides.reasoning ?? true,
+        temperature: false,
+        attachment: true,
+        toolcall: true,
+        input: { text: true, audio: false, image: false, video: false, pdf: false },
+        output: { text: true, audio: false, image: false, video: false, pdf: false },
+        interleaved: false,
+      },
+    } as never,
+  }
+}
+
+function makeHookOutput() {
+  return { temperature: 0, topP: 1, topK: 0, maxOutputTokens: 32_000 as number | undefined, options: {} }
+}
+
+test("omits maxOutputTokens for openai reasoning models on cloudflare-ai-gateway", async () => {
+  const hooks = await CloudflareAIGatewayAuthPlugin(pluginInput)
+  const out = makeHookOutput()
+  await hooks["chat.params"]!(makeHookInput({ apiId: "openai/gpt-5.2-codex", reasoning: true }), out)
+  expect(out.maxOutputTokens).toBeUndefined()
+})
+
+test("keeps maxOutputTokens for openai non-reasoning models", async () => {
+  const hooks = await CloudflareAIGatewayAuthPlugin(pluginInput)
+  const out = makeHookOutput()
+  await hooks["chat.params"]!(makeHookInput({ apiId: "openai/gpt-4-turbo", reasoning: false }), out)
+  expect(out.maxOutputTokens).toBe(32_000)
+})
+
+test("keeps maxOutputTokens for non-openai reasoning models on cloudflare-ai-gateway", async () => {
+  const hooks = await CloudflareAIGatewayAuthPlugin(pluginInput)
+  const out = makeHookOutput()
+  await hooks["chat.params"]!(makeHookInput({ apiId: "anthropic/claude-sonnet-4-5", reasoning: true }), out)
+  expect(out.maxOutputTokens).toBe(32_000)
+})
+
+test("ignores non-cloudflare-ai-gateway providers", async () => {
+  const hooks = await CloudflareAIGatewayAuthPlugin(pluginInput)
+  const out = makeHookOutput()
+  await hooks["chat.params"]!(makeHookInput({ providerID: "openai", apiId: "gpt-5.2-codex", reasoning: true }), out)
+  expect(out.maxOutputTokens).toBe(32_000)
+})