fix(core)!: Force policy config to specify toolName (#23330)

2026-03-25 21:41:12 -07:00 · 2026-03-23 22:35:08 +00:00
parent 2a18e78611
commit b35c12d8d0
18 changed files with 224 additions and 64 deletions
--- a/packages/cli/src/config/policy-engine.integration.test.ts
+++ b/packages/cli/src/config/policy-engine.integration.test.ts
@@ -381,6 +381,7 @@ describe('Policy Engine Integration Tests', () => {
      // Add a manual rule with annotations to the config
      config.rules = config.rules || [];
      config.rules.push({
+        toolName: '*',
        toolAnnotations: { readOnlyHint: true },
        decision: PolicyDecision.ALLOW,
        priority: 10,
--- a/packages/cli/src/test-utils/AppRig.tsx
+++ b/packages/cli/src/test-utils/AppRig.tsx
@@ -166,7 +166,7 @@ export class AppRig {
  private sessionId: string;

  private pendingConfirmations = new Map<string, PendingConfirmation>();
-  private breakpointTools = new Set<string | undefined>();
+  private breakpointTools = new Set<string>();
  private lastAwaitedConfirmation: PendingConfirmation | undefined;

  /**
@@ -436,11 +436,7 @@ export class AppRig {
    MockShellExecutionService.setMockCommands(commands);
  }

-  setToolPolicy(
-    toolName: string | undefined,
-    decision: PolicyDecision,
-    priority = 10,
-  ) {
+  setToolPolicy(toolName: string, decision: PolicyDecision, priority = 10) {
    if (!this.config) throw new Error('AppRig not initialized');
    this.config.getPolicyEngine().addRule({
      toolName,
@@ -450,27 +446,20 @@ export class AppRig {
    });
  }

-  setBreakpoint(toolName: string | string[] | undefined) {
+  setBreakpoint(toolName: string | string[]) {
    if (Array.isArray(toolName)) {
      for (const name of toolName) {
        this.setBreakpoint(name);
      }
    } else {
-      // Use undefined toolName to create a global rule if '*' is provided
-      const actualToolName = toolName === '*' ? undefined : toolName;
-      this.setToolPolicy(actualToolName, PolicyDecision.ASK_USER, 100);
+      this.setToolPolicy(toolName, PolicyDecision.ASK_USER, 100);
      this.breakpointTools.add(toolName);
    }
  }

-  removeToolPolicy(toolName?: string, source = 'AppRig Override') {
+  removeToolPolicy(toolName: string, source = 'AppRig Override') {
    if (!this.config) throw new Error('AppRig not initialized');
-    // Map '*' back to undefined for policy removal
-    const actualToolName = toolName === '*' ? undefined : toolName;
-    this.config
-      .getPolicyEngine()
-
-      .removeRulesForTool(actualToolName as string, source);
+    this.config.getPolicyEngine().removeRulesForTool(toolName, source);
    this.breakpointTools.delete(toolName);
  }