tweek 0.4.0__tar.gz → 0.4.2__tar.gz

{tweek-0.4.0/tweek.egg-info → tweek-0.4.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tweek
-Version: 0.4.0
+Version: 0.4.2
 Summary: Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks
 Author: Tommy Mancino
 License-Expression: Apache-2.0

{tweek-0.4.0 → tweek-0.4.2}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "tweek"
-version = "0.4.0"
+version = "0.4.2"
 description = "Defense-in-depth security for AI coding assistants - protect credentials, code, and system from prompt injection attacks"
 readme = "README.md"
 requires-python = ">=3.9"

{tweek-0.4.0 → tweek-0.4.2}/tests/test_break_glass.py

@@ -522,3 +522,68 @@ class TestExpiryBehavior:
 
         active = list_active_overrides()
         assert len(active) == 0
+
+
+# =============================================================================
+# FILE LOCKING TESTS (F4)
+# =============================================================================
+
+class TestFileLocking:
+    """Tests for fcntl.flock-based file locking in break-glass operations."""
+
+    def test_lock_file_created(self, isolate_state):
+        """Lock file should be created during break-glass operations."""
+        from tweek.hooks.break_glass import BREAK_GLASS_LOCK
+        create_override(pattern_name="lock_test", mode="once", reason="test")
+        assert BREAK_GLASS_LOCK.parent.exists()
+
+    def test_concurrent_single_use_override(self, isolate_state):
+        """Two threads consuming the same single-use override: exactly one should get it."""
+        import threading
+
+        create_override(pattern_name="concurrent_test", mode="once", reason="test")
+
+        results = []
+        errors = []
+
+        def check_in_thread():
+            try:
+                result = check_override("concurrent_test")
+                results.append(result)
+            except Exception as e:
+                errors.append(e)
+
+        t1 = threading.Thread(target=check_in_thread)
+        t2 = threading.Thread(target=check_in_thread)
+        t1.start()
+        t2.start()
+        t1.join()
+        t2.join()
+
+        assert len(errors) == 0
+        assert len(results) == 2
+        # Exactly one thread should get the override, the other gets None
+        non_none = [r for r in results if r is not None]
+        nones = [r for r in results if r is None]
+        assert len(non_none) == 1
+        assert len(nones) == 1
+        assert non_none[0]["pattern"] == "concurrent_test"
+
+    def test_existing_tests_still_pass_with_locking(self, isolate_state):
+        """Basic create/check/clear cycle works with file locking."""
+        override = create_override(
+            pattern_name="basic_lock_test", mode="once", reason="verify locking"
+        )
+        assert override["pattern"] == "basic_lock_test"
+
+        result = check_override("basic_lock_test")
+        assert result is not None
+        assert result["used"] is True
+
+        # Second check should return None (consumed)
+        result2 = check_override("basic_lock_test")
+        assert result2 is None
+
+        # Clear should work
+        count = clear_overrides()
+        assert count >= 1

{tweek-0.4.0 → tweek-0.4.2}/tests/test_cli.py

@@ -103,7 +103,7 @@ class TestInstallCommand:
         assert "paranoid" in result.output.lower() or result.exit_code == 0
 
     def test_install_skip_proxy_check(self, runner, tmp_path):
-        """Test protect claude-code with --skip-proxy-check skips openclaw detection."""
+        """Test protect claude-code with --skip-proxy-check skips openclaw proxy detection."""
         with patch.dict(os.environ, {'HOME': str(tmp_path)}):
             with patch.object(Path, 'home', return_value=tmp_path):
                 with patch('tweek.cli_install.Path.home', return_value=tmp_path):
@@ -112,8 +112,9 @@ class TestInstallCommand:
                         ['protect', 'claude-code', '--skip-env-scan', '--skip-proxy-check']
                     )
 
-        # Should not mention openclaw
-        assert "openclaw" not in result.output.lower()
+        # Should not trigger openclaw proxy conflict detection (step 4)
+        # Note: openclaw may appear in the tool detection table (step 14) — that's expected
+        assert "proxy conflict" not in result.output.lower()
         assert result.exit_code == 0 or "Installation complete" in result.output
 
     def test_install_detects_openclaw_installed(self, runner, tmp_path):

{tweek-0.4.0 → tweek-0.4.2}/tests/test_config_models.py

@@ -611,9 +611,20 @@ class TestOpenClawConfig:
         assert cfg.plugin_installed is True
         assert cfg.preset == "paranoid"
 
-    def test_extra_fields_allowed(self):
-        cfg = OpenClawConfig(extra_key="value")
-        assert cfg.extra_key == "value"
+    def test_extra_fields_rejected(self):
+        with pytest.raises(ValidationError):
+            OpenClawConfig(extra_key="value")
+
+    def test_preset_validation(self):
+        for valid in ("paranoid", "cautious", "balanced", "trusted"):
+            cfg = OpenClawConfig(preset=valid)
+            assert cfg.preset == valid
+        with pytest.raises(ValidationError):
+            OpenClawConfig(preset="invalid")
+
+    def test_port_collision_rejected(self):
+        with pytest.raises(ValidationError, match="must differ"):
+            OpenClawConfig(gateway_port=9000, scanner_port=9000)
 
 
 # =============================================================================

tweek-0.4.2/tests/test_heuristic_chaining.py

@@ -0,0 +1,106 @@
+"""Tests for heuristic scorer benign dampening chain detection (Finding F7).
+
+Validates that command chaining operators (&&, ||, ;) prevent benign
+dampening from being applied, since a benign prefix does not make the
+entire chained command benign.
+"""
+
+import pytest
+
+from tweek.plugins.screening.heuristic_scorer import HeuristicScorerPlugin
+
+
+@pytest.fixture
+def scorer():
+    return HeuristicScorerPlugin()
+
+
+class TestBenignDampeningChainDetection:
+    """Tests for _is_benign() rejecting chained commands."""
+
+    def test_simple_git_status_is_benign(self, scorer):
+        """A simple benign command (no chaining) should be detected as benign."""
+        result = scorer._is_benign("git status")
+        assert result is not None
+
+    def test_simple_pip_install_is_benign(self, scorer):
+        """pip install without chaining should be detected as benign."""
+        result = scorer._is_benign("pip install requests")
+        assert result is not None
+
+    def test_simple_make_is_benign(self, scorer):
+        """'make' without chaining should be benign."""
+        result = scorer._is_benign("make clean")
+        assert result is not None
+
+    def test_simple_ls_is_benign(self, scorer):
+        """'ls' without chaining should be benign."""
+        result = scorer._is_benign("ls -la")
+        assert result is not None
+
+    def test_and_and_chaining_not_benign(self, scorer):
+        """Benign prefix with && chaining should NOT be benign."""
+        result = scorer._is_benign("git commit && some_other_command")
+        assert result is None
+
+    def test_semicolon_chaining_not_benign(self, scorer):
+        """Benign prefix with ; chaining should NOT be benign."""
+        result = scorer._is_benign("pip install foo; some_other_command")
+        assert result is None
+
+    def test_or_chaining_not_benign(self, scorer):
+        """Benign prefix with || chaining should NOT be benign."""
+        result = scorer._is_benign("echo hello || some_other_command")
+        assert result is None
+
+    def test_make_with_chaining_not_benign(self, scorer):
+        """'make' with chaining should NOT be benign."""
+        result = scorer._is_benign("make clean && some_other_command")
+        assert result is None
+
+    def test_docker_with_chaining_not_benign(self, scorer):
+        """'docker build' with chaining should NOT be benign."""
+        result = scorer._is_benign("docker build . && some_other_command")
+        assert result is None
+
+    def test_non_matching_command_not_benign(self, scorer):
+        """A command that doesn't match any benign pattern returns None."""
+        result = scorer._is_benign("some_unknown_tool --flag")
+        assert result is None
+
+
+class TestBenignDampeningScoreImpact:
+    """Tests that chaining detection affects the overall score correctly."""
+
+    def test_simple_benign_command_scores_zero(self, scorer):
+        """A simple benign command with no suspicious signals scores 0."""
+        result = scorer._score_content("git commit -m 'test message'")
+        assert result.total_score == 0.0
+
+    def test_chained_command_not_dampened(self, scorer):
+        """A chained command should not have dampening applied."""
+        # Use a command with chaining -- even if prefix is benign,
+        # dampening should be skipped
+        result = scorer._score_content("git status && some_other_command")
+        assert result.dampened is False
+
+    def test_unchained_benign_with_signals_is_dampened(self, scorer):
+        """An unchained benign command that happens to have signals gets dampened."""
+        # 'cat' on a regular code file is benign
+        result = scorer._score_content("cat test_file.py")
+        # Should be dampened if it matches a benign pattern
+        # Score is 0 anyway for benign content, so dampening is a no-op
+        # Just verify no crash
+        assert result.total_score >= 0.0
+
+    def test_pipe_only_is_still_benign(self, scorer):
+        """Pipe (|) alone should NOT prevent benign detection.
+
+        Pipes are different from command chaining (&&, ||, ;).
+        A pipe sends output to another command but is a single pipeline,
+        not multiple independent commands.
+        """
+        result = scorer._is_benign("git log | head -20")
+        # This should still be detected as benign (git log matches benign pattern)
+        # and the pipe is not a chaining operator
+        assert result is not None

tweek-0.4.2/tests/test_install_flow.py

@@ -0,0 +1,150 @@
+"""Tests for install flow improvements.
+
+Covers: auto model deps, multi-tool detection, API key validation,
+preset descriptions, and doctor --fix mode.
+"""
+from __future__ import annotations
+
+import os
+import pytest
+from unittest.mock import patch, MagicMock
+from pathlib import Path
+
+
+@pytest.mark.cli
+class TestAutoModelDeps:
+    """_ensure_local_model_deps installs missing packages."""
+
+    def test_deps_already_available(self):
+        """Returns True immediately when deps are importable."""
+        from tweek.cli_install import _ensure_local_model_deps
+
+        with patch("builtins.__import__", side_effect=lambda name, *a, **kw: MagicMock()):
+            result = _ensure_local_model_deps()
+            assert result is True
+
+    def test_deps_install_failure_returns_false(self):
+        """Returns False when pip install fails."""
+        from tweek.cli_install import _ensure_local_model_deps
+
+        # First import raises ImportError, subprocess fails
+        original_import = __builtins__.__import__ if hasattr(__builtins__, '__import__') else __import__
+
+        def mock_import(name, *args, **kwargs):
+            if name in ("onnxruntime", "tokenizers", "numpy"):
+                raise ImportError(f"No module named '{name}'")
+            return original_import(name, *args, **kwargs)
+
+        with patch("builtins.__import__", side_effect=mock_import):
+            with patch("subprocess.run") as mock_run:
+                mock_run.return_value = MagicMock(returncode=1, stderr="pip error")
+                result = _ensure_local_model_deps()
+                assert result is False
+
+
+@pytest.mark.cli
+class TestDetectLlmProvider:
+    """_detect_llm_provider checks both API key and SDK availability."""
+
+    def test_google_key_without_sdk_skipped(self):
+        """Google key present but SDK not importable returns None."""
+        from importlib import import_module as real_import_module
+        from tweek.cli_install import _detect_llm_provider
+
+        def selective_import(name, *args, **kwargs):
+            """Block only the SDK modules, let everything else through."""
+            if name in ("google.generativeai", "openai", "anthropic"):
+                raise ImportError(f"No module named '{name}'")
+            return real_import_module(name, *args, **kwargs)
+
+        # Ensure no other API keys leak through
+        env_clean = {
+            "GOOGLE_API_KEY": "test-key",
+            "OPENAI_API_KEY": "",
+            "XAI_API_KEY": "",
+            "ANTHROPIC_API_KEY": "",
+            "GEMINI_API_KEY": "",
+        }
+
+        with patch.dict(os.environ, env_clean, clear=False):
+            with patch("tweek.cli_install.LOCAL_MODEL_AVAILABLE", False, create=True):
+                with patch("importlib.import_module", side_effect=selective_import):
+                    result = _detect_llm_provider()
+                    assert result is None
+
+    def test_google_key_with_sdk_detected(self):
+        """Google key + SDK returns Google provider."""
+        from tweek.cli_install import _detect_llm_provider
+
+        with patch.dict(os.environ, {"GOOGLE_API_KEY": "test-key"}, clear=False):
+            with patch("importlib.import_module", return_value=MagicMock()):
+                with patch("tweek.security.local_model.LOCAL_MODEL_AVAILABLE", False):
+                    result = _detect_llm_provider()
+                    assert result is not None
+                    assert result["name"] == "Google"
+
+    def test_local_model_takes_priority(self):
+        """Local model is preferred over cloud providers."""
+        from tweek.cli_install import _detect_llm_provider
+
+        with patch.dict(os.environ, {"GOOGLE_API_KEY": "test-key"}, clear=False):
+            with patch("tweek.security.local_model.LOCAL_MODEL_AVAILABLE", True):
+                with patch("tweek.security.model_registry.is_model_installed", return_value=True):
+                    with patch("tweek.security.model_registry.get_default_model_name", return_value="deberta"):
+                        result = _detect_llm_provider()
+                        assert result is not None
+                        assert result["name"] == "Local model"
+
+
+@pytest.mark.cli
+class TestDetectAndShowTools:
+    """_detect_and_show_tools returns unprotected tools."""
+
+    def test_returns_unprotected_only(self):
+        """Only installed+unprotected tools are returned."""
+        from tweek.cli_install import _detect_and_show_tools
+
+        mock_tools = [
+            ("claude-code", "Claude Code", True, True, ""),
+            ("gemini", "Gemini CLI", True, False, ""),
+            ("chatgpt", "ChatGPT Desktop", False, False, ""),
+        ]
+        with patch("tweek.cli_install._detect_all_tools", return_value=mock_tools):
+            result = _detect_and_show_tools()
+            assert len(result) == 1
+            assert result[0][0] == "gemini"
+
+    def test_returns_empty_when_all_protected(self):
+        """Returns empty list when all tools are already protected."""
+        from tweek.cli_install import _detect_and_show_tools
+
+        mock_tools = [
+            ("claude-code", "Claude Code", True, True, ""),
+        ]
+        with patch("tweek.cli_install._detect_all_tools", return_value=mock_tools):
+            result = _detect_and_show_tools()
+            assert len(result) == 0
+
+
+@pytest.mark.core
+class TestDoctorFixFlag:
+    """tweek doctor --fix triggers interactive mode."""
+
+    def test_run_health_checks_accepts_interactive(self):
+        """run_health_checks accepts interactive parameter."""
+        from tweek.diagnostics import run_health_checks
+
+        # Should not raise even with interactive=True
+        # (it just won't prompt since there may be no fixable issues)
+        with patch("tweek.diagnostics._offer_interactive_fixes") as mock_fix:
+            results = run_health_checks(verbose=False, interactive=True)
+            mock_fix.assert_called_once()
+            assert isinstance(results, list)
+
+    def test_non_interactive_skips_fixes(self):
+        """Default mode does not call _offer_interactive_fixes."""
+        from tweek.diagnostics import run_health_checks
+
+        with patch("tweek.diagnostics._offer_interactive_fixes") as mock_fix:
+            results = run_health_checks(verbose=False, interactive=False)
+            mock_fix.assert_not_called()