(t *testing.T)
| 1887 | } |
| 1888 | |
| 1889 | func TestPermissions_AllowAutoApprovesTool(t *testing.T) { |
| 1890 | t.Parallel() |
| 1891 | |
| 1892 | // Test that tools matching allow patterns are auto-approved without --yolo |
| 1893 | permChecker := permissions.NewChecker(&latest.PermissionsConfig{ |
| 1894 | Allow: []string{"safe_*"}, |
| 1895 | }) |
| 1896 | |
| 1897 | var executed bool |
| 1898 | agentTools := []tools.Tool{{ |
| 1899 | Name: "safe_tool", |
| 1900 | Parameters: map[string]any{}, |
| 1901 | Handler: func(ctx context.Context, tc tools.ToolCall) (*tools.ToolCallResult, error) { |
| 1902 | executed = true |
| 1903 | return tools.ResultSuccess("executed"), nil |
| 1904 | }, |
| 1905 | }} |
| 1906 | |
| 1907 | prov := &mockProvider{id: "test/mock-model", stream: &mockStream{}} |
| 1908 | root := agent.New("root", "You are a test agent", |
| 1909 | agent.WithModel(prov), |
| 1910 | agent.WithToolSets(newStubToolSet(nil, agentTools, nil)), |
| 1911 | ) |
| 1912 | tm := team.New( |
| 1913 | team.WithAgents(root), |
| 1914 | team.WithPermissions(permChecker), |
| 1915 | ) |
| 1916 | |
| 1917 | rt, err := NewLocalRuntime(t.Context(), tm, WithSessionCompaction(false), WithModelStore(mockModelStore{})) |
| 1918 | require.NoError(t, err) |
| 1919 | |
| 1920 | sess := session.New(session.WithUserMessage("Test")) |
| 1921 | // Note: ToolsApproved is false (no --yolo) |
| 1922 | require.False(t, sess.ToolsApproved) |
| 1923 | |
| 1924 | calls := []tools.ToolCall{{ |
| 1925 | ID: "call_1", |
| 1926 | Type: "function", |
| 1927 | Function: tools.FunctionCall{Name: "safe_tool", Arguments: "{}"}, |
| 1928 | }} |
| 1929 | |
| 1930 | events := make(chan Event, 10) |
| 1931 | rt.processToolCalls(t.Context(), sess, calls, agentTools, NewChannelSink(events)) |
| 1932 | close(events) |
| 1933 | |
| 1934 | // The tool should have been executed due to allow pattern |
| 1935 | require.True(t, executed, "expected tool to be auto-approved and executed") |
| 1936 | } |
| 1937 | |
| 1938 | func TestPermissions_DenyTakesPriorityOverAllow(t *testing.T) { |
| 1939 | t.Parallel() |
nothing calls this directly
no test coverage detected