mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-05-30 21:52:50 -07:00
Update tests
This commit is contained in:
Christine Betts
@@ -169,7 +169,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(rule).toBeDefined();
|
||||
expect(rule?.priority).toBeCloseTo(3.3, 5); // Command line allow
|
||||
expect(rule?.priority).toBeCloseTo(4.3, 5); // Command line allow
|
||||
});
|
||||
|
||||
it('should deny tools in tools.exclude', async () => {
|
||||
@@ -188,7 +188,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.DENY,
|
||||
);
|
||||
expect(rule).toBeDefined();
|
||||
expect(rule?.priority).toBeCloseTo(3.4, 5); // Command line exclude
|
||||
expect(rule?.priority).toBeCloseTo(4.4, 5); // Command line exclude
|
||||
});
|
||||
|
||||
it('should allow tools from allowed MCP servers', async () => {
|
||||
@@ -206,7 +206,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.toolName === 'my-server__*' && r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(rule).toBeDefined();
|
||||
expect(rule?.priority).toBe(3.1); // MCP allowed server
|
||||
expect(rule?.priority).toBe(4.1); // MCP allowed server
|
||||
});
|
||||
|
||||
it('should deny tools from excluded MCP servers', async () => {
|
||||
@@ -224,7 +224,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.toolName === 'my-server__*' && r.decision === PolicyDecision.DENY,
|
||||
);
|
||||
expect(rule).toBeDefined();
|
||||
expect(rule?.priority).toBe(3.9); // MCP excluded server
|
||||
expect(rule?.priority).toBe(4.9); // MCP excluded server
|
||||
});
|
||||
|
||||
it('should allow tools from trusted MCP servers', async () => {
|
||||
@@ -251,7 +251,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(trustedRule).toBeDefined();
|
||||
expect(trustedRule?.priority).toBe(3.2); // MCP trusted server
|
||||
expect(trustedRule?.priority).toBe(4.2); // MCP trusted server
|
||||
|
||||
// Untrusted server should not have an allow rule
|
||||
const untrustedRule = config.rules?.find(
|
||||
@@ -288,7 +288,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(allowedRule).toBeDefined();
|
||||
expect(allowedRule?.priority).toBe(3.1); // MCP allowed server
|
||||
expect(allowedRule?.priority).toBe(4.1); // MCP allowed server
|
||||
|
||||
// Check trusted server
|
||||
const trustedRule = config.rules?.find(
|
||||
@@ -297,7 +297,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(trustedRule).toBeDefined();
|
||||
expect(trustedRule?.priority).toBe(3.2); // MCP trusted server
|
||||
expect(trustedRule?.priority).toBe(4.2); // MCP trusted server
|
||||
|
||||
// Check excluded server
|
||||
const excludedRule = config.rules?.find(
|
||||
@@ -306,7 +306,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.decision === PolicyDecision.DENY,
|
||||
);
|
||||
expect(excludedRule).toBeDefined();
|
||||
expect(excludedRule?.priority).toBe(3.9); // MCP excluded server
|
||||
expect(excludedRule?.priority).toBe(4.9); // MCP excluded server
|
||||
});
|
||||
|
||||
it('should allow all tools in YOLO mode', async () => {
|
||||
@@ -387,11 +387,11 @@ describe('createPolicyEngineConfig', () => {
|
||||
);
|
||||
|
||||
expect(serverDenyRule).toBeDefined();
|
||||
expect(serverDenyRule?.priority).toBe(3.9); // MCP excluded server
|
||||
expect(serverDenyRule?.priority).toBe(4.9); // MCP excluded server
|
||||
expect(toolAllowRule).toBeDefined();
|
||||
expect(toolAllowRule?.priority).toBeCloseTo(3.3, 5); // Command line allow
|
||||
expect(toolAllowRule?.priority).toBeCloseTo(4.3, 5); // Command line allow
|
||||
|
||||
// Server deny (3.9) has higher priority than tool allow (3.3),
|
||||
// Server deny (4.9) has higher priority than tool allow (4.3),
|
||||
// so server deny wins (this is expected behavior - server-level blocks are security critical)
|
||||
});
|
||||
|
||||
@@ -424,7 +424,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
|
||||
expect(serverAllowRule).toBeDefined();
|
||||
expect(toolDenyRule).toBeDefined();
|
||||
// Command line exclude (3.4) has higher priority than MCP server trust (3.2)
|
||||
// Command line exclude (4.4) has higher priority than MCP server trust (4.2)
|
||||
// This is the correct behavior - specific exclusions should beat general server trust
|
||||
expect(toolDenyRule!.priority).toBeGreaterThan(serverAllowRule!.priority!);
|
||||
});
|
||||
@@ -432,16 +432,16 @@ describe('createPolicyEngineConfig', () => {
|
||||
it('should handle complex priority scenarios correctly', async () => {
|
||||
const settings: PolicySettings = {
|
||||
tools: {
|
||||
allowed: ['my-server__tool1', 'other-tool'], // Priority 3.3
|
||||
exclude: ['my-server__tool2', 'glob'], // Priority 3.4
|
||||
allowed: ['my-server__tool1', 'other-tool'], // Priority 4.3
|
||||
exclude: ['my-server__tool2', 'glob'], // Priority 4.4
|
||||
},
|
||||
mcp: {
|
||||
allowed: ['allowed-server'], // Priority 3.1
|
||||
excluded: ['excluded-server'], // Priority 3.9
|
||||
allowed: ['allowed-server'], // Priority 4.1
|
||||
excluded: ['excluded-server'], // Priority 4.9
|
||||
},
|
||||
mcpServers: {
|
||||
'trusted-server': {
|
||||
trust: true, // Priority 90 -> 3.2
|
||||
trust: true, // Priority 90 -> 4.2
|
||||
},
|
||||
},
|
||||
};
|
||||
@@ -517,7 +517,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
expect(globDenyRule).toBeDefined();
|
||||
expect(globAllowRule).toBeDefined();
|
||||
// Deny from settings (user tier)
|
||||
expect(globDenyRule!.priority).toBeCloseTo(3.4, 5); // Command line exclude
|
||||
expect(globDenyRule!.priority).toBeCloseTo(4.4, 5); // Command line exclude
|
||||
// Allow from default TOML: 1 + 50/1000 = 1.05
|
||||
expect(globAllowRule!.priority).toBeCloseTo(1.05, 5);
|
||||
|
||||
@@ -530,11 +530,11 @@ describe('createPolicyEngineConfig', () => {
|
||||
}))
|
||||
.sort((a, b) => (b.priority ?? 0) - (a.priority ?? 0));
|
||||
|
||||
// Check that the highest priority items are the excludes (user tier: 3.4 and 3.9)
|
||||
// Check that the highest priority items are the excludes (user tier: 4.4 and 4.9)
|
||||
const highestPriorityExcludes = priorities?.filter(
|
||||
(p) =>
|
||||
Math.abs(p.priority! - 3.4) < 0.01 ||
|
||||
Math.abs(p.priority! - 3.9) < 0.01,
|
||||
Math.abs(p.priority! - 4.4) < 0.01 ||
|
||||
Math.abs(p.priority! - 4.9) < 0.01,
|
||||
);
|
||||
expect(
|
||||
highestPriorityExcludes?.every((p) => p.decision === PolicyDecision.DENY),
|
||||
@@ -626,7 +626,7 @@ describe('createPolicyEngineConfig', () => {
|
||||
r.toolName === 'dangerous-tool' && r.decision === PolicyDecision.DENY,
|
||||
);
|
||||
expect(excludeRule).toBeDefined();
|
||||
expect(excludeRule?.priority).toBeCloseTo(3.4, 5); // Command line exclude
|
||||
expect(excludeRule?.priority).toBeCloseTo(4.4, 5); // Command line exclude
|
||||
});
|
||||
|
||||
it('should support argsPattern in policy rules', async () => {
|
||||
@@ -733,8 +733,8 @@ priority = 150
|
||||
r.decision === PolicyDecision.ALLOW,
|
||||
);
|
||||
expect(rule).toBeDefined();
|
||||
// Priority 150 in user tier → 3.150
|
||||
expect(rule?.priority).toBeCloseTo(3.15, 5);
|
||||
// Priority 150 in user tier → 4.150
|
||||
expect(rule?.priority).toBeCloseTo(4.15, 5);
|
||||
expect(rule?.argsPattern).toBeInstanceOf(RegExp);
|
||||
expect(rule?.argsPattern?.test('{"command":"git status"}')).toBe(true);
|
||||
expect(rule?.argsPattern?.test('{"command":"git diff"}')).toBe(true);
|
||||
|
||||
@@ -98,21 +98,21 @@ priority = 10
|
||||
toolName = "test_tool"
|
||||
decision = "deny"
|
||||
priority = 10
|
||||
`; // Tier 3 -> 3.010
|
||||
`; // Tier 4 -> 4.010
|
||||
}
|
||||
if (path.includes('workspace.toml')) {
|
||||
return `[[rule]]
|
||||
toolName = "test_tool"
|
||||
decision = "allow"
|
||||
priority = 10
|
||||
`; // Tier 2 -> 2.010
|
||||
`; // Tier 3 -> 3.010
|
||||
}
|
||||
if (path.includes('admin.toml')) {
|
||||
return `[[rule]]
|
||||
toolName = "test_tool"
|
||||
decision = "deny"
|
||||
priority = 10
|
||||
`; // Tier 4 -> 4.010
|
||||
`; // Tier 5 -> 5.010
|
||||
}
|
||||
return '';
|
||||
});
|
||||
@@ -144,9 +144,9 @@ priority = 10
|
||||
|
||||
// Check for all 4 rules
|
||||
const defaultRule = rules?.find((r) => r.priority === 1.01);
|
||||
const workspaceRule = rules?.find((r) => r.priority === 2.01);
|
||||
const userRule = rules?.find((r) => r.priority === 3.01);
|
||||
const adminRule = rules?.find((r) => r.priority === 4.01);
|
||||
const workspaceRule = rules?.find((r) => r.priority === 3.01);
|
||||
const userRule = rules?.find((r) => r.priority === 4.01);
|
||||
const adminRule = rules?.find((r) => r.priority === 5.01);
|
||||
|
||||
expect(defaultRule).toBeDefined();
|
||||
expect(userRule).toBeDefined();
|
||||
@@ -224,7 +224,7 @@ priority=10`,
|
||||
expect(rules![0].priority).toBe(1.01);
|
||||
});
|
||||
|
||||
it('should load workspace policies and correctly transform to Tier 2', async () => {
|
||||
it('should load workspace policies and correctly transform to Tier 3', async () => {
|
||||
const workspacePoliciesDir = '/mock/workspace/policies';
|
||||
|
||||
// Mock FS
|
||||
@@ -284,7 +284,7 @@ priority=500`,
|
||||
|
||||
const rule = config.rules?.find((r) => r.toolName === 'p_tool');
|
||||
expect(rule).toBeDefined();
|
||||
// Workspace Tier (2) + 500/1000 = 2.5
|
||||
expect(rule?.priority).toBe(2.5);
|
||||
// Workspace Tier (3) + 500/1000 = 3.5
|
||||
expect(rule?.priority).toBe(3.5);
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user