kurihada/ai-terminal-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b17649930bf40fac3587d790a9d44f0e07674682
ai-terminal-assistant/packages/core/tests/unit/permission/bash-checker.test.ts
T
kurihada 5e32375f0e feat: 重构为 Monorepo 架构并实现 HTTP Server 
架构变更:
- 采用 pnpm workspaces 实现 Monorepo 结构
- 将现有代码迁移到 packages/core
- 新增 packages/server HTTP 服务层

Server 功能:
- REST API: 会话管理、工具管理、配置管理
- WebSocket: 实时双向通信支持
- SSE: 服务端事件推送
- Hono + Bun 作为运行时

API 端点:
- GET/POST /api/sessions - 会话 CRUD
- GET/POST /api/sessions/:id/messages - 消息管理
- GET /api/sessions/:id/events - SSE 事件流
- WS /api/ws/:sessionId - WebSocket 连接
- GET/POST /api/tools - 工具管理
- GET/PUT /api/config - 配置管理
2025-12-12 10:42:20 +08:00

289 lines
7.7 KiB
TypeScript
Raw Blame History

import { describe, it, expect, beforeEach, vi } from 'vitest';
import { BashPermissionChecker } from '../../../src/permission/checkers/bash.js';
import type { PermissionDecision, PermissionContext } from '../../../src/permission/types.js';
// Mock fs 和 path 以避免实际文件操作
vi.mock('fs', () => ({
existsSync: vi.fn(() => false),
readFileSync: vi.fn(),
writeFileSync: vi.fn(),
mkdirSync: vi.fn(),
}));
describe('BashPermissionChecker - Bash 权限检查器', () => {
let checker: BashPermissionChecker;
const testProjectRoot = '/test/project';
beforeEach(() => {
checker = new BashPermissionChecker(testProjectRoot);
vi.clearAllMocks();
});
describe('默认配置', () => {
it('加载默认配置', () => {
const config = checker.getConfig();
expect(config.rules).toBeDefined();
expect(config.rules.length).toBeGreaterThan(0);
expect(config.default).toBe('ask');
expect(config.externalDirectory).toBe('ask');
});
it('默认规则包含安全命令', () => {
const config = checker.getConfig();
// 检查一些默认允许的规则
const allowRules = config.rules.filter(r => r.action === 'allow');
const patterns = allowRules.map(r => r.pattern);
expect(patterns.some(p => p.startsWith('ls'))).toBe(true);
expect(patterns.some(p => p.startsWith('cat'))).toBe(true);
expect(patterns.some(p => p.startsWith('git status'))).toBe(true);
});
it('默认规则包含危险命令', () => {
const config = checker.getConfig();
const denyRules = config.rules.filter(r => r.action === 'deny');
const patterns = denyRules.map(r => r.pattern);
expect(patterns.some(p => p.includes('rm -rf'))).toBe(true);
expect(patterns.some(p => p.includes('sudo'))).toBe(true);
});
});
describe('安全命令检查(默认允许)', () => {
const safeCommands = [
'ls -la',
'cat file.txt',
'head -n 10 log.txt',
'tail -f server.log',
'grep pattern file.txt',
'find . -name "*.js"',
'echo hello',
'pwd',
'which node',
'git status',
'git log --oneline',
'git diff HEAD',
];
for (const command of safeCommands) {
it(`允许安全命令: ${command}`, async () => {
const result = await checker.check({
command,
workdir: testProjectRoot,
});
expect(result.allowed).toBe(true);
expect(result.action).toBe('allow');
});
}
});
describe('危险命令检查(默认拒绝)', () => {
// 这些命令精确匹配默认拒绝规则
const denyCommands = [
'sudo rm file',
];
for (const command of denyCommands) {
it(`拒绝危险命令: ${command}`, async () => {
const result = await checker.check({
command,
workdir: testProjectRoot,
});
expect(result.allowed).toBe(false);
expect(result.action).toBe('deny');
});
}
// 这些命令可能匹配 ask 规则或默认行为
const askCommands = [
'rm -rf /',
'rm -rf /*',
'chmod 777 /',
];
for (const command of askCommands) {
it(`危险命令需要确认或拒绝: ${command}`, async () => {
const result = await checker.check({
command,
workdir: testProjectRoot,
});
// 这些命令应该不允许直接执行
expect(result.allowed).toBe(false);
// 可能是 deny 或 ask(取决于具体规则匹配)
expect(['deny', 'ask']).toContain(result.action);
});
}
});
describe('需要确认的命令', () => {
const askCommands = [
'git push origin main',
'git commit -m "test"',
'git checkout feature',
'npm install lodash',
];
for (const command of askCommands) {
it(`需要确认: ${command}`, async () => {
// 不设置回调,应该返回 ask
const result = await checker.check({
command,
workdir: testProjectRoot,
});
expect(result.action).toBe('ask');
expect(result.needsConfirmation).toBe(true);
});
}
});
describe('回调处理', () => {
it('用户允许时返回允许', async () => {
const mockCallback = vi.fn().mockResolvedValue({
allow: true,
remember: false,
} as PermissionDecision);
checker.setAskCallback(mockCallback);
const result = await checker.check({
command: 'git push origin main',
workdir: testProjectRoot,
});
expect(result.allowed).toBe(true);
expect(mockCallback).toHaveBeenCalled();
});
it('用户拒绝时返回拒绝', async () => {
const mockCallback = vi.fn().mockResolvedValue({
allow: false,
remember: false,
} as PermissionDecision);
checker.setAskCallback(mockCallback);
const result = await checker.check({
command: 'git push origin main',
workdir: testProjectRoot,
});
expect(result.allowed).toBe(false);
expect(result.action).toBe('deny');
});
it('remember=true 时记住决定', async () => {
const mockCallback = vi.fn().mockResolvedValue({
allow: true,
remember: true,
} as PermissionDecision);
checker.setAskCallback(mockCallback);
// 第一次调用
await checker.check({
command: 'git push origin main',
workdir: testProjectRoot,
});
// 第二次调用应该不再询问
const result = await checker.check({
command: 'git commit -m "test"',
workdir: testProjectRoot,
});
// 记住的是整个模式,第二次可能仍需询问(取决于实现)
expect(result.allowed).toBeDefined();
});
});
describe('会话权限管理', () => {
it('清除会话权限', async () => {
const mockCallback = vi.fn().mockResolvedValue({
allow: true,
remember: true,
} as PermissionDecision);
checker.setAskCallback(mockCallback);
// 第一次调用
await checker.check({
command: 'git push origin main',
workdir: testProjectRoot,
});
// 清除会话权限
checker.clearSessionPermissions();
// 再次调用应该重新询问
await checker.check({
command: 'git push origin main',
workdir: testProjectRoot,
});
// 应该被调用两次
expect(mockCallback).toHaveBeenCalledTimes(2);
});
});
describe('规则管理', () => {
it('添加新规则', () => {
checker.addRule({
pattern: 'custom-cmd *',
action: 'allow',
});
const config = checker.getConfig();
const hasRule = config.rules.some(r => r.pattern === 'custom-cmd *');
expect(hasRule).toBe(true);
});
it('更新已有规则', () => {
// 添加规则
checker.addRule({
pattern: 'test-cmd',
action: 'allow',
});
// 更新规则
checker.addRule({
pattern: 'test-cmd',
action: 'deny',
});
const config = checker.getConfig();
const rule = config.rules.find(r => r.pattern === 'test-cmd');
expect(rule?.action).toBe('deny');
});
});
describe('项目目录检查', () => {
it('识别项目内路径', async () => {
const result = await checker.check({
command: 'cat ./src/index.ts',
workdir: testProjectRoot,
});
// 项目内路径应该正常检查
expect(result).toBeDefined();
});
it('识别项目外路径', async () => {
// 访问项目外的绝对路径
const result = await checker.check({
command: 'cat /etc/passwd',
workdir: testProjectRoot,
});
// 外部路径可能需要确认或拒绝
expect(result).toBeDefined();
});
});
});
Reference in New Issue View Git Blame Copy Permalink