clone/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-27 08:05:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
773177ec8b042a3cf7bdc62024024c9dcaace843
codex/codex-rs/execpolicy2/tests/basic.rs
kevin zhao 773177ec8b first pass at prefix rules
2025-11-13 22:07:37 -05:00

91 lines
2.6 KiB
Rust
Raw Blame History

use codex_execpolicy2::Decision;
use codex_execpolicy2::PolicyParser;
use codex_execpolicy2::tokenize_command;
#[test]
fn matches_default_git_status() {
let policy = codex_execpolicy2::load_default_policy().expect("parse");
let cmd = tokenize_command("git status").expect("tokenize");
let eval = policy.evaluate(&cmd).expect("match");
assert_eq!(eval.decision, Decision::Allow);
assert_eq!(eval.rule_id, "git_status");
}
#[test]
fn pattern_expands_alternatives() {
let policy_src = r#"
prefix_rule(
id = "npm_install",
pattern = ["npm", ["i", "install"]],
)
"#;
let parser = PolicyParser::new("test.policy", policy_src);
let policy = parser.parse().expect("parse policy");
for cmd in ["npm i", "npm install"] {
let tokens = tokenize_command(cmd).expect("tokenize");
let eval = policy.evaluate(&tokens).expect("match");
assert_eq!(eval.rule_id, "npm_install");
}
let no_match = tokenize_command("npmx install").expect("tokenize");
assert!(policy.evaluate(&no_match).is_none());
}
#[test]
fn match_and_not_match_examples_are_enforced() {
let policy_src = r#"
prefix_rule(
id = "git_status",
pattern = ["git", "status"],
match = ["git status"],
not_match = ["git reset --hard"],
)
"#;
let parser = PolicyParser::new("test.policy", policy_src);
let policy = parser.parse().expect("parse policy");
assert!(
policy
.evaluate(&tokenize_command("git status").expect("tokenize"))
.is_some()
);
assert!(
policy
.evaluate(&tokenize_command("git reset --hard").expect("tokenize"))
.is_none()
);
}
#[test]
fn strictest_decision_wins_across_matches() {
let policy_src = r#"
prefix_rule(
id = "allow_git_status",
pattern = ["git", "status"],
decision = "allow",
)
prefix_rule(
id = "prompt_git",
pattern = ["git"],
decision = "prompt",
)
prefix_rule(
id = "forbid_git_commit",
pattern = ["git", "commit"],
decision = "forbidden",
)
"#;
let parser = PolicyParser::new("test.policy", policy_src);
let policy = parser.parse().expect("parse policy");
let status = tokenize_command("git status").expect("tokenize");
let status_eval = policy.evaluate(&status).expect("match");
assert_eq!(status_eval.decision, Decision::Prompt);
assert_eq!(status_eval.rule_id, "prompt_git");
let commit = tokenize_command("git commit -m hi").expect("tokenize");
let commit_eval = policy.evaluate(&commit).expect("match");
assert_eq!(commit_eval.decision, Decision::Forbidden);
assert_eq!(commit_eval.rule_id, "forbid_git_commit");
}
Reference in New Issue View Git Blame Copy Permalink