mirror of
https://github.com/anomalyco/opencode.git
synced 2026-04-30 01:36:47 +00:00
f31006b1cd
Replaces legacy Permission.respond with PermissionNext.reply for better async handling and updates server endpoints to use the new permission system. Improves error handling in session processor to work with both old and new permission rejection types.
151 lines
5.1 KiB
TypeScript
151 lines
5.1 KiB
TypeScript
import { describe, expect, test } from "bun:test"
|
|
import path from "path"
|
|
import { ReadTool } from "../../src/tool/read"
|
|
import { Instance } from "../../src/project/instance"
|
|
import { tmpdir } from "../fixture/fixture"
|
|
import type { PermissionNext } from "../../src/permission/next"
|
|
|
|
const ctx = {
|
|
sessionID: "test",
|
|
messageID: "",
|
|
callID: "",
|
|
agent: "build",
|
|
abort: AbortSignal.any([]),
|
|
metadata: () => {},
|
|
ask: async () => {},
|
|
}
|
|
|
|
describe("tool.read external_directory permission", () => {
|
|
test("allows reading absolute path inside project directory", async () => {
|
|
await using tmp = await tmpdir({
|
|
init: async (dir) => {
|
|
await Bun.write(path.join(dir, "test.txt"), "hello world")
|
|
},
|
|
})
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const result = await read.execute({ filePath: path.join(tmp.path, "test.txt") }, ctx)
|
|
expect(result.output).toContain("hello world")
|
|
},
|
|
})
|
|
})
|
|
|
|
test("allows reading file in subdirectory inside project directory", async () => {
|
|
await using tmp = await tmpdir({
|
|
init: async (dir) => {
|
|
await Bun.write(path.join(dir, "subdir", "test.txt"), "nested content")
|
|
},
|
|
})
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const result = await read.execute({ filePath: path.join(tmp.path, "subdir", "test.txt") }, ctx)
|
|
expect(result.output).toContain("nested content")
|
|
},
|
|
})
|
|
})
|
|
|
|
test("asks for external_directory permission when reading absolute path outside project", async () => {
|
|
await using outerTmp = await tmpdir({
|
|
init: async (dir) => {
|
|
await Bun.write(path.join(dir, "secret.txt"), "secret data")
|
|
},
|
|
})
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
|
|
const testCtx = {
|
|
...ctx,
|
|
ask: async (req: Omit<PermissionNext.Request, "id" | "sessionID" | "tool">) => {
|
|
requests.push(req)
|
|
},
|
|
}
|
|
await read.execute({ filePath: path.join(outerTmp.path, "secret.txt") }, testCtx)
|
|
const extDirReq = requests.find((r) => r.permission === "external_directory")
|
|
expect(extDirReq).toBeDefined()
|
|
expect(extDirReq!.patterns.some((p) => p.includes(outerTmp.path))).toBe(true)
|
|
},
|
|
})
|
|
})
|
|
|
|
test("asks for external_directory permission when reading relative path outside project", async () => {
|
|
await using tmp = await tmpdir({ git: true })
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
|
|
const testCtx = {
|
|
...ctx,
|
|
ask: async (req: Omit<PermissionNext.Request, "id" | "sessionID" | "tool">) => {
|
|
requests.push(req)
|
|
},
|
|
}
|
|
// This will fail because file doesn't exist, but we can check if permission was asked
|
|
await read.execute({ filePath: "../outside.txt" }, testCtx).catch(() => {})
|
|
const extDirReq = requests.find((r) => r.permission === "external_directory")
|
|
expect(extDirReq).toBeDefined()
|
|
},
|
|
})
|
|
})
|
|
|
|
test("does not ask for external_directory permission when reading inside project", async () => {
|
|
await using tmp = await tmpdir({
|
|
git: true,
|
|
init: async (dir) => {
|
|
await Bun.write(path.join(dir, "internal.txt"), "internal content")
|
|
},
|
|
})
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
|
|
const testCtx = {
|
|
...ctx,
|
|
ask: async (req: Omit<PermissionNext.Request, "id" | "sessionID" | "tool">) => {
|
|
requests.push(req)
|
|
},
|
|
}
|
|
await read.execute({ filePath: path.join(tmp.path, "internal.txt") }, testCtx)
|
|
const extDirReq = requests.find((r) => r.permission === "external_directory")
|
|
expect(extDirReq).toBeUndefined()
|
|
},
|
|
})
|
|
})
|
|
})
|
|
|
|
describe("tool.read env file blocking", () => {
|
|
test.each([
|
|
[".env", true],
|
|
[".env.local", true],
|
|
[".env.production", true],
|
|
[".env.sample", false],
|
|
[".env.example", false],
|
|
[".envrc", false],
|
|
["environment.ts", false],
|
|
])("%s blocked=%s", async (filename, blocked) => {
|
|
await using tmp = await tmpdir({
|
|
init: (dir) => Bun.write(path.join(dir, filename), "content"),
|
|
})
|
|
await Instance.provide({
|
|
directory: tmp.path,
|
|
fn: async () => {
|
|
const read = await ReadTool.init()
|
|
const promise = read.execute({ filePath: path.join(tmp.path, filename) }, ctx)
|
|
if (blocked) {
|
|
await expect(promise).rejects.toThrow("blocked")
|
|
} else {
|
|
expect((await promise).output).toContain("content")
|
|
}
|
|
},
|
|
})
|
|
})
|
|
})
|