215 lines
6.6 KiB
Go
215 lines
6.6 KiB
Go
package agents
|
|
|
|
import (
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
)
|
|
|
|
func TestListAgentsReadsTomlFiles(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
content := `name = "产品经理"
|
|
description = "负责产品定义"
|
|
developer_instructions = """
|
|
用中文定义产品需求。
|
|
"""
|
|
role = "planning"
|
|
`
|
|
if err := os.WriteFile(filepath.Join(agentsDir, "product-manager.toml"), []byte(content), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List returned error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ID != "product-manager" || got[0].FileName != "product-manager.toml" {
|
|
t.Fatalf("unexpected agent identity: %#v", got[0])
|
|
}
|
|
if got[0].Name != "产品经理" || got[0].Description != "负责产品定义" {
|
|
t.Fatalf("unexpected agent fields: %#v", got[0])
|
|
}
|
|
if strings.TrimSpace(got[0].DeveloperInstructions) != "用中文定义产品需求。" {
|
|
t.Fatalf("unexpected developer instructions: %q", got[0].DeveloperInstructions)
|
|
}
|
|
if got[0].ExtraFields["role"] != "planning" {
|
|
t.Fatalf("unexpected extra fields: %#v", got[0].ExtraFields)
|
|
}
|
|
if got[0].ParseStatus != "valid" || got[0].DraftStatus != "clean" {
|
|
t.Fatalf("unexpected statuses: %#v", got[0])
|
|
}
|
|
}
|
|
|
|
func TestListAgentsReportsParseError(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(agentsDir, "bad.toml"), []byte(`name = "`), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List should return parse status, not fatal error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
|
|
t.Fatalf("expected invalid parse status, got %#v", got[0])
|
|
}
|
|
assertChineseTOMLError(t, got[0].ParseError)
|
|
}
|
|
|
|
func TestListAgentsReportsDuplicateKeyAsParseError(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
content := "name = \"a\"\nname = \"b\"\n"
|
|
if err := os.WriteFile(filepath.Join(agentsDir, "duplicate.toml"), []byte(content), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List should return parse status, not fatal error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
|
|
t.Fatalf("expected duplicate key to be invalid, got %#v", got[0])
|
|
}
|
|
}
|
|
|
|
func TestListAgentsReportsInvalidKeyAsParseError(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
content := "bad key = \"value\"\n"
|
|
if err := os.WriteFile(filepath.Join(agentsDir, "bad-key.toml"), []byte(content), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List should return parse status, not fatal error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
|
|
t.Fatalf("expected invalid key to be invalid, got %#v", got[0])
|
|
}
|
|
}
|
|
|
|
func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(root, "auth.json"), []byte(`name = "secret"`), 0o600); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.Symlink("../auth.json", filepath.Join(agentsDir, "leak.toml")); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List should report unsafe files per item, not fatal error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ParseStatus != "invalid" {
|
|
t.Fatalf("expected unsafe symlink to be invalid, got %#v", got[0])
|
|
}
|
|
if strings.Contains(got[0].Name, "secret") || strings.Contains(got[0].ParseError, "secret") {
|
|
t.Fatalf("sensitive file content leaked: %#v", got[0])
|
|
}
|
|
}
|
|
|
|
func TestListAgentsRejectsSymlinkToNonAgentToml(t *testing.T) {
|
|
root := t.TempDir()
|
|
agentsDir := filepath.Join(root, "agents")
|
|
if err := os.MkdirAll(agentsDir, 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(`name = "project-secret"`), 0o600); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.Symlink("../config.toml", filepath.Join(agentsDir, "leak.toml")); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err != nil {
|
|
t.Fatalf("List should report unsafe files per item, not fatal error: %v", err)
|
|
}
|
|
if len(got) != 1 {
|
|
t.Fatalf("agent count = %d, want 1", len(got))
|
|
}
|
|
if got[0].ParseStatus != "invalid" {
|
|
t.Fatalf("expected non-agent symlink target to be invalid, got %#v", got[0])
|
|
}
|
|
if strings.Contains(got[0].Name, "project-secret") ||
|
|
strings.Contains(got[0].Description, "project-secret") ||
|
|
strings.Contains(got[0].ParseError, "project-secret") {
|
|
t.Fatalf("non-agent TOML content leaked: %#v", got[0])
|
|
}
|
|
}
|
|
|
|
func TestListAgentsRejectsSymlinkedAgentsDirectory(t *testing.T) {
|
|
root := t.TempDir()
|
|
if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(`name = "project-secret"`), 0o600); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.Symlink(".", filepath.Join(root, "agents")); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
store := Store{CodexHome: root}
|
|
got, err := store.List()
|
|
if err == nil {
|
|
t.Fatalf("expected symlinked agents directory to be rejected, got %#v", got)
|
|
}
|
|
if strings.Contains(err.Error(), "project-secret") {
|
|
t.Fatalf("symlinked agents directory leaked sensitive content in error: %v", err)
|
|
}
|
|
for _, item := range got {
|
|
if strings.Contains(item.Name, "project-secret") ||
|
|
strings.Contains(item.Description, "project-secret") ||
|
|
strings.Contains(item.DeveloperInstructions, "project-secret") ||
|
|
strings.Contains(item.ParseError, "project-secret") {
|
|
t.Fatalf("symlinked agents directory leaked sensitive content: %#v", item)
|
|
}
|
|
for key, value := range item.ExtraFields {
|
|
if strings.Contains(key, "project-secret") || strings.Contains(value, "project-secret") {
|
|
t.Fatalf("symlinked agents directory leaked sensitive extra field: %#v", item.ExtraFields)
|
|
}
|
|
}
|
|
}
|
|
}
|