admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

test: expand approval binding helper coverage

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-13 19:21:17 +00:00
parent 03d076283c
commit 0ece3834f8
1 changed files with 245 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

245
src/infra/system-run-approval-binding.test.ts Normal file
View File

@@ -0,0 +1,245 @@
import { describe, expect, it } from "vitest";
import {
buildSystemRunApprovalBinding,
buildSystemRunApprovalEnvBinding,
matchSystemRunApprovalBinding,
matchSystemRunApprovalEnvHash,
missingSystemRunApprovalBinding,
normalizeSystemRunApprovalPlan,
} from "./system-run-approval-binding.js";
describe("normalizeSystemRunApprovalPlan", () => {
it("accepts commandText and normalized mutable file operands", () => {
expect(
normalizeSystemRunApprovalPlan({
argv: ["bash", "-lc", "echo hi"],
commandText: 'bash -lc "echo hi"',
commandPreview: "echo hi",
cwd: " /tmp ",
agentId: " main ",
sessionKey: " agent:main:main ",
mutableFileOperand: {
argvIndex: 2,
path: " /tmp/payload.txt ",
sha256: " abc123 ",
},
}),
).toEqual({
argv: ["bash", "-lc", "echo hi"],
commandText: 'bash -lc "echo hi"',
commandPreview: "echo hi",
cwd: "/tmp",
agentId: "main",
sessionKey: "agent:main:main",
mutableFileOperand: {
argvIndex: 2,
path: "/tmp/payload.txt",
sha256: "abc123",
},
});
});
it("falls back to rawCommand and rejects invalid file operands", () => {
expect(
normalizeSystemRunApprovalPlan({
argv: ["bash", "-lc", "echo hi"],
rawCommand: 'bash -lc "echo hi"',
}),
).toEqual({
argv: ["bash", "-lc", "echo hi"],
commandText: 'bash -lc "echo hi"',
commandPreview: null,
cwd: null,
agentId: null,
sessionKey: null,
mutableFileOperand: undefined,
});
expect(
normalizeSystemRunApprovalPlan({
argv: ["bash", "-lc", "echo hi"],
commandText: 'bash -lc "echo hi"',
mutableFileOperand: {
argvIndex: -1,
path: "/tmp/payload.txt",
sha256: "abc123",
},
}),
).toBeNull();
});
});
describe("buildSystemRunApprovalEnvBinding", () => {
it("normalizes, filters, and sorts env keys before hashing", () => {
const normalized = buildSystemRunApprovalEnvBinding({
z_key: "b",
" bad key ": "ignored",
alpha: "a",
EMPTY: 1,
});
const reordered = buildSystemRunApprovalEnvBinding({
alpha: "a",
z_key: "b",
});
expect(normalized).toEqual({
envHash: reordered.envHash,
envKeys: ["alpha", "z_key"],
});
expect(normalized.envHash).toBeTypeOf("string");
expect(normalized.envHash).toHaveLength(64);
});
it("returns a null hash when no usable env entries remain", () => {
expect(buildSystemRunApprovalEnvBinding(null)).toEqual({
envHash: null,
envKeys: [],
});
expect(
buildSystemRunApprovalEnvBinding({
bad: 1,
}),
).toEqual({
envHash: null,
envKeys: [],
});
});
});
describe("buildSystemRunApprovalBinding", () => {
it("normalizes argv and metadata into a binding", () => {
const envBinding = buildSystemRunApprovalEnvBinding({
beta: "2",
alpha: "1",
});
expect(
buildSystemRunApprovalBinding({
argv: ["bash", "-lc", 12],
cwd: " /tmp ",
agentId: " main ",
sessionKey: " agent:main:main ",
env: {
beta: "2",
alpha: "1",
},
}),
).toEqual({
binding: {
argv: ["bash", "-lc", "12"],
cwd: "/tmp",
agentId: "main",
sessionKey: "agent:main:main",
envHash: envBinding.envHash,
},
envKeys: ["alpha", "beta"],
});
});
});
describe("matchSystemRunApprovalEnvHash", () => {
it("handles matching, missing, and mismatched env bindings", () => {
expect(
matchSystemRunApprovalEnvHash({
expectedEnvHash: null,
actualEnvHash: null,
actualEnvKeys: [],
}),
).toEqual({ ok: true });
expect(
matchSystemRunApprovalEnvHash({
expectedEnvHash: null,
actualEnvHash: "abc",
actualEnvKeys: ["ALPHA"],
}),
).toEqual({
ok: false,
code: "APPROVAL_ENV_BINDING_MISSING",
message: "approval id missing env binding for requested env overrides",
details: { envKeys: ["ALPHA"] },
});
expect(
matchSystemRunApprovalEnvHash({
expectedEnvHash: "abc",
actualEnvHash: "def",
actualEnvKeys: ["ALPHA"],
}),
).toEqual({
ok: false,
code: "APPROVAL_ENV_MISMATCH",
message: "approval id env binding mismatch",
details: {
envKeys: ["ALPHA"],
expectedEnvHash: "abc",
actualEnvHash: "def",
},
});
});
});
describe("matchSystemRunApprovalBinding", () => {
const expected = {
argv: ["bash", "-lc", "echo hi"],
cwd: "/tmp",
agentId: "main",
sessionKey: "agent:main:main",
envHash: "abc",
};
it("accepts exact matches", () => {
expect(
matchSystemRunApprovalBinding({
expected,
actual: { ...expected },
actualEnvKeys: ["ALPHA"],
}),
).toEqual({ ok: true });
});
it.each([
{
name: "argv mismatch",
actual: { ...expected, argv: ["bash", "-lc", "echo bye"] },
},
{
name: "cwd mismatch",
actual: { ...expected, cwd: "/var/tmp" },
},
{
name: "agent mismatch",
actual: { ...expected, agentId: "other" },
},
{
name: "session mismatch",
actual: { ...expected, sessionKey: "agent:main:other" },
},
])("rejects $name", ({ actual }) => {
expect(
matchSystemRunApprovalBinding({
expected,
actual,
actualEnvKeys: ["ALPHA"],
}),
).toEqual({
ok: false,
code: "APPROVAL_REQUEST_MISMATCH",
message: "approval id does not match request",
details: undefined,
});
});
});
describe("missingSystemRunApprovalBinding", () => {
it("reports env keys with request mismatches", () => {
expect(missingSystemRunApprovalBinding({ actualEnvKeys: ["ALPHA", "BETA"] })).toEqual({
ok: false,
code: "APPROVAL_REQUEST_MISMATCH",
message: "approval id does not match request",
details: {
envKeys: ["ALPHA", "BETA"],
},
});
});
});