LLM/opencode
1
0
Fork 0
mirror of https://github.com/anomalyco/opencode.git synced 2026-05-13 15:44:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

test(permission): migrate next tests to effect runner

Browse Source
This commit is contained in:
Kit Langton
2026-05-12 21:56:11 -04:00
parent 911b2ac088
commit db75770226
1 changed files with 473 additions and 468 deletions
Download Patch File Download Diff File Expand all files Collapse all files

281
packages/opencode/test/permission/next.test.ts
View File

@@ -1,31 +1,26 @@
import { afterEach, test, expect } from "bun:test"
import { test, expect } from "bun:test"
import os from "os"
import { Cause, Effect, Exit, Fiber, Layer } from "effect"
import { Cause, Deferred, Effect, Exit, Fiber, Layer } from "effect"
import { Bus } from "../../src/bus"
import { CrossSpawnSpawner } from "@opencode-ai/core/cross-spawn-spawner"
import { Permission } from "../../src/permission"
import { PermissionID } from "../../src/permission/schema"
import { Instance } from "../../src/project/instance"
import { WithInstance } from "../../src/project/with-instance"
import { InstanceRuntime } from "../../src/project/instance-runtime"
import {
disposeAllInstances,
provideInstance,
provideTmpdirInstance,
reloadTestInstance,
tmpdirScoped,
} from "../fixture/fixture"
import { InstanceBootstrap } from "../../src/project/bootstrap-service"
import { InstanceStore } from "../../src/project/instance-store"
import { TestInstance, tmpdirScoped } from "../fixture/fixture"
import { testEffect } from "../lib/effect"
import { MessageID, SessionID } from "../../src/session/schema"
const bus = Bus.layer
const env = Layer.mergeAll(Permission.layer.pipe(Layer.provide(bus)), bus, CrossSpawnSpawner.defaultLayer)
const noopBootstrap = Layer.succeed(InstanceBootstrap.Service, InstanceBootstrap.Service.of({ run: Effect.void }))
const env = Layer.mergeAll(
Permission.layer.pipe(Layer.provide(bus)),
bus,
CrossSpawnSpawner.defaultLayer,
InstanceStore.defaultLayer.pipe(Layer.provide(noopBootstrap)),
)
const it = testEffect(env)
afterEach(async () => {
await disposeAllInstances()
})
const rejectAll = (message?: string) =>
Effect.gen(function* () {
const permission = yield* Permission.Service
@@ -41,12 +36,39 @@ const rejectAll = (message?: string) =>
const waitForPending = (count: number) =>
Effect.gen(function* () {
const permission = yield* Permission.Service
for (let i = 0; i < 100; i++) {
const bus = yield* Bus.Service
const waitForChange = Effect.acquireRelease(
Effect.gen(function* () {
const changed = yield* Deferred.make<void>()
const asked = yield* bus.subscribeCallback(Permission.Event.Asked, () =>
Deferred.doneUnsafe(changed, Effect.void),
)
const replied = yield* bus.subscribeCallback(Permission.Event.Replied, () =>
Deferred.doneUnsafe(changed, Effect.void),
)
return {
changed,
unsubscribe: () => {
asked()
replied()
},
}
}),
({ unsubscribe }) => Effect.sync(unsubscribe),
).pipe(Effect.flatMap(({ changed }) => Deferred.await(changed)))
return yield* Effect.gen(function* () {
while (true) {
const list = yield* permission.list()
if (list.length === count) return list
yield* Effect.sleep("10 millis")
yield* waitForChange
}
return yield* Effect.fail(new Error(`timed out waiting for ${count} pending permission request(s)`))
}).pipe(
Effect.timeoutOrElse({
duration: "1 second",
orElse: () => Effect.fail(new Error(`timed out waiting for ${count} pending permission request(s)`)),
}),
)
})
const fail = <A, E, R>(self: Effect.Effect<A, E, R>) =>
@@ -74,14 +96,6 @@ const list = () =>
return yield* permission.list()
})
function withDir(options: { git?: boolean } | undefined, self: (dir: string) => Effect.Effect<any, any, any>) {
return provideTmpdirInstance(self, options)
}
function withProvided(dir: string) {
return <A, E, R>(self: Effect.Effect<A, E, R>) => self.pipe(provideInstance(dir))
}
// fromConfig tests
test("fromConfig - string value becomes wildcard rule", () => {
@@ -563,8 +577,7 @@ test("disabled - specific allow overrides wildcard deny", () => {
// ask tests
it.live("ask - resolves immediately when action is allow", () =>
withDir({ git: true }, () =>
it.instance("ask - resolves immediately when action is allow", () =>
Effect.gen(function* () {
const result = yield* ask({
sessionID: SessionID.make("session_test"),
@@ -576,11 +589,10 @@ it.live("ask - resolves immediately when action is allow", () =>
})
expect(result).toBeUndefined()
}),
),
{ git: true },
)
it.live("ask - throws DeniedError when action is deny", () =>
withDir({ git: true }, () =>
it.instance("ask - throws DeniedError when action is deny", () =>
Effect.gen(function* () {
const err = yield* fail(
ask({
@@ -594,11 +606,10 @@ it.live("ask - throws DeniedError when action is deny", () =>
)
expect(err).toBeInstanceOf(Permission.DeniedError)
}),
),
{ git: true },
)
it.live("ask - stays pending when action is ask", () =>
withDir({ git: true }, () =>
it.instance("ask - stays pending when action is ask", () =>
Effect.gen(function* () {
const fiber = yield* ask({
sessionID: SessionID.make("session_test"),
@@ -613,11 +624,10 @@ it.live("ask - stays pending when action is ask", () =>
yield* rejectAll()
yield* Fiber.await(fiber)
}),
),
{ git: true },
)
it.live("ask - adds request to pending list", () =>
withDir({ git: true }, () =>
it.instance("ask - adds request to pending list", () =>
Effect.gen(function* () {
const fiber = yield* ask({
sessionID: SessionID.make("session_test"),
@@ -649,19 +659,18 @@ it.live("ask - adds request to pending list", () =>
yield* rejectAll()
yield* Fiber.await(fiber)
}),
),
{ git: true },
)
it.live("ask - publishes asked event", () =>
withDir({ git: true }, () =>
it.instance("ask - publishes asked event", () =>
Effect.gen(function* () {
const bus = yield* Bus.Service
let seen: Permission.Request | undefined
const seen = yield* Deferred.make<Permission.Request>()
const unsub = yield* bus.subscribeCallback(Permission.Event.Asked, (event) => {
seen = event.properties
Deferred.doneUnsafe(seen, Effect.succeed(event.properties))
})
yield* Effect.addFinalizer(() => Effect.sync(unsub))
try {
const fiber = yield* ask({
sessionID: SessionID.make("session_test"),
permission: "bash",
@@ -676,8 +685,14 @@ it.live("ask - publishes asked event", () =>
}).pipe(Effect.forkScoped)
expect(yield* waitForPending(1)).toHaveLength(1)
expect(seen).toBeDefined()
expect(seen).toMatchObject({
expect(
yield* Deferred.await(seen).pipe(
Effect.timeoutOrElse({
duration: "1 second",
orElse: () => Effect.fail(new Error("timed out waiting for permission asked event")),
}),
),
).toMatchObject({
sessionID: SessionID.make("session_test"),
permission: "bash",
patterns: ["ls"],
@@ -685,17 +700,13 @@ it.live("ask - publishes asked event", () =>
yield* rejectAll()
yield* Fiber.await(fiber)
} finally {
unsub()
}
}),
),
{ git: true },
)
// reply tests
it.live("reply - once resolves the pending ask", () =>
withDir({ git: true }, () =>
it.instance("reply - once resolves the pending ask", () =>
Effect.gen(function* () {
const fiber = yield* ask({
id: PermissionID.make("per_test1"),
@@ -711,11 +722,10 @@ it.live("reply - once resolves the pending ask", () =>
yield* reply({ requestID: PermissionID.make("per_test1"), reply: "once" })
yield* Fiber.join(fiber)
}),
),
{ git: true },
)
it.live("reply - reject throws RejectedError", () =>
withDir({ git: true }, () =>
it.instance("reply - reject throws RejectedError", () =>
Effect.gen(function* () {
const fiber = yield* ask({
id: PermissionID.make("per_test2"),
@@ -734,11 +744,10 @@ it.live("reply - reject throws RejectedError", () =>
expect(Exit.isFailure(exit)).toBe(true)
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
}),
),
{ git: true },
)
it.live("reply - reject with message throws CorrectedError", () =>
withDir({ git: true }, () =>
it.instance("reply - reject with message throws CorrectedError", () =>
Effect.gen(function* () {
const fiber = yield* ask({
id: PermissionID.make("per_test2b"),
@@ -765,13 +774,11 @@ it.live("reply - reject with message throws CorrectedError", () =>
expect(String(err)).toContain("Use a safer command")
}
}),
),
{ git: true },
)
it.live("reply - always persists approval and resolves", () =>
it.instance("reply - always persists approval and resolves", () =>
Effect.gen(function* () {
const dir = yield* tmpdirScoped({ git: true })
const run = withProvided(dir)
const fiber = yield* ask({
id: PermissionID.make("per_test3"),
sessionID: SessionID.make("session_test"),
@@ -780,10 +787,10 @@ it.live("reply - always persists approval and resolves", () =>
metadata: {},
always: ["ls"],
ruleset: [],
}).pipe(run, Effect.forkScoped)
}).pipe(Effect.forkScoped)
yield* waitForPending(1).pipe(run)
yield* reply({ requestID: PermissionID.make("per_test3"), reply: "always" }).pipe(run)
yield* waitForPending(1)
yield* reply({ requestID: PermissionID.make("per_test3"), reply: "always" })
yield* Fiber.join(fiber)
const result = yield* ask({
@@ -793,13 +800,13 @@ it.live("reply - always persists approval and resolves", () =>
metadata: {},
always: [],
ruleset: [],
}).pipe(run)
})
expect(result).toBeUndefined()
}),
{ git: true },
)
it.live("reply - reject cancels all pending for same session", () =>
withDir({ git: true }, () =>
it.instance("reply - reject cancels all pending for same session", () =>
Effect.gen(function* () {
const a = yield* ask({
id: PermissionID.make("per_test4a"),
@@ -830,11 +837,10 @@ it.live("reply - reject cancels all pending for same session", () =>
if (Exit.isFailure(ea)) expect(Cause.squash(ea.cause)).toBeInstanceOf(Permission.RejectedError)
if (Exit.isFailure(eb)) expect(Cause.squash(eb.cause)).toBeInstanceOf(Permission.RejectedError)
}),
),
{ git: true },
)
it.live("reply - always resolves matching pending requests in same session", () =>
withDir({ git: true }, () =>
it.instance("reply - always resolves matching pending requests in same session", () =>
Effect.gen(function* () {
const a = yield* ask({
id: PermissionID.make("per_test5a"),
@@ -863,11 +869,10 @@ it.live("reply - always resolves matching pending requests in same session", ()
yield* Fiber.join(b)
expect(yield* list()).toHaveLength(0)
}),
),
{ git: true },
)
it.live("reply - always keeps other session pending", () =>
withDir({ git: true }, () =>
it.instance("reply - always keeps other session pending", () =>
Effect.gen(function* () {
const a = yield* ask({
id: PermissionID.make("per_test6a"),
@@ -898,24 +903,13 @@ it.live("reply - always keeps other session pending", () =>
yield* rejectAll()
yield* Fiber.await(b)
}),
),
{ git: true },
)
it.live("reply - publishes replied event", () =>
withDir({ git: true }, () =>
it.instance("reply - publishes replied event", () =>
Effect.gen(function* () {
const bus = yield* Bus.Service
let resolve!: (value: { sessionID: SessionID; requestID: PermissionID; reply: Permission.Reply }) => void
const seen = Effect.promise<{
sessionID: SessionID
requestID: PermissionID
reply: Permission.Reply
}>(
() =>
new Promise((res) => {
resolve = res
}),
)
const seen = yield* Deferred.make<{ sessionID: SessionID; requestID: PermissionID; reply: Permission.Reply }>()
const fiber = yield* ask({
id: PermissionID.make("per_test7"),
@@ -930,32 +924,38 @@ it.live("reply - publishes replied event", () =>
yield* waitForPending(1)
const unsub = yield* bus.subscribeCallback(Permission.Event.Replied, (event) => {
resolve(event.properties)
Deferred.doneUnsafe(seen, Effect.succeed(event.properties))
})
yield* Effect.addFinalizer(() => Effect.sync(unsub))
try {
yield* reply({ requestID: PermissionID.make("per_test7"), reply: "once" })
yield* Fiber.join(fiber)
expect(yield* seen).toEqual({
expect(
yield* Deferred.await(seen).pipe(
Effect.timeoutOrElse({
duration: "1 second",
orElse: () => Effect.fail(new Error("timed out waiting for permission replied event")),
}),
),
).toEqual({
sessionID: SessionID.make("session_test"),
requestID: PermissionID.make("per_test7"),
reply: "once",
})
} finally {
unsub()
}
}),
),
{ git: true },
)
it.live("permission requests stay isolated by directory", () =>
Effect.gen(function* () {
const one = yield* tmpdirScoped({ git: true })
const two = yield* tmpdirScoped({ git: true })
const runOne = withProvided(one)
const runTwo = withProvided(two)
const store = yield* InstanceStore.Service
const a = yield* ask({
const a = yield* store
.provide(
{ directory: one },
ask({
id: PermissionID.make("per_dir_a"),
sessionID: SessionID.make("session_dir_a"),
permission: "bash",
@@ -963,9 +963,14 @@ it.live("permission requests stay isolated by directory", () =>
metadata: {},
always: [],
ruleset: [],
}).pipe(runOne, Effect.forkScoped)
}),
)
.pipe(Effect.forkScoped)
const b = yield* ask({
const b = yield* store
.provide(
{ directory: two },
ask({
id: PermissionID.make("per_dir_b"),
sessionID: SessionID.make("session_dir_b"),
permission: "bash",
@@ -973,28 +978,30 @@ it.live("permission requests stay isolated by directory", () =>
metadata: {},
always: [],
ruleset: [],
}).pipe(runTwo, Effect.forkScoped)
}),
)
.pipe(Effect.forkScoped)
const onePending = yield* waitForPending(1).pipe(runOne)
const twoPending = yield* waitForPending(1).pipe(runTwo)
const onePending = yield* store.provide({ directory: one }, waitForPending(1))
const twoPending = yield* store.provide({ directory: two }, waitForPending(1))
expect(onePending).toHaveLength(1)
expect(twoPending).toHaveLength(1)
expect(onePending[0].id).toBe(PermissionID.make("per_dir_a"))
expect(twoPending[0].id).toBe(PermissionID.make("per_dir_b"))
yield* reply({ requestID: onePending[0].id, reply: "reject" }).pipe(runOne)
yield* reply({ requestID: twoPending[0].id, reply: "reject" }).pipe(runTwo)
yield* store.provide({ directory: one }, reply({ requestID: onePending[0].id, reply: "reject" }))
yield* store.provide({ directory: two }, reply({ requestID: twoPending[0].id, reply: "reject" }))
yield* Fiber.await(a)
yield* Fiber.await(b)
}),
)
it.live("pending permission rejects on instance dispose", () =>
it.instance("pending permission rejects on instance dispose", () =>
Effect.gen(function* () {
const dir = yield* tmpdirScoped({ git: true })
const run = withProvided(dir)
const test = yield* TestInstance
const store = yield* InstanceStore.Service
const fiber = yield* ask({
id: PermissionID.make("per_dispose"),
sessionID: SessionID.make("session_dispose"),
@@ -1003,23 +1010,23 @@ it.live("pending permission rejects on instance dispose", () =>
metadata: {},
always: [],
ruleset: [],
}).pipe(run, Effect.forkScoped)
}).pipe(Effect.forkScoped)
expect(yield* waitForPending(1).pipe(run)).toHaveLength(1)
yield* Effect.promise(() =>
WithInstance.provide({ directory: dir, fn: () => void InstanceRuntime.disposeInstance(Instance.current) }),
)
expect(yield* waitForPending(1)).toHaveLength(1)
const ctx = yield* store.load({ directory: test.directory })
yield* store.dispose(ctx)
const exit = yield* Fiber.await(fiber)
expect(Exit.isFailure(exit)).toBe(true)
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
}),
{ git: true },
)
it.live("pending permission rejects on instance reload", () =>
it.instance("pending permission rejects on instance reload", () =>
Effect.gen(function* () {
const dir = yield* tmpdirScoped({ git: true })
const run = withProvided(dir)
const test = yield* TestInstance
const store = yield* InstanceStore.Service
const fiber = yield* ask({
id: PermissionID.make("per_reload"),
sessionID: SessionID.make("session_reload"),
@@ -1028,28 +1035,27 @@ it.live("pending permission rejects on instance reload", () =>
metadata: {},
always: [],
ruleset: [],
}).pipe(run, Effect.forkScoped)
}).pipe(Effect.forkScoped)
expect(yield* waitForPending(1).pipe(run)).toHaveLength(1)
yield* Effect.promise(() => reloadTestInstance({ directory: dir }))
expect(yield* waitForPending(1)).toHaveLength(1)
yield* store.reload({ directory: test.directory })
const exit = yield* Fiber.await(fiber)
expect(Exit.isFailure(exit)).toBe(true)
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
}),
{ git: true },
)
it.live("reply - does nothing for unknown requestID", () =>
withDir({ git: true }, () =>
it.instance("reply - does nothing for unknown requestID", () =>
Effect.gen(function* () {
yield* reply({ requestID: PermissionID.make("per_unknown"), reply: "once" })
expect(yield* list()).toHaveLength(0)
}),
),
{ git: true },
)
it.live("ask - checks all patterns and stops on first deny", () =>
withDir({ git: true }, () =>
it.instance("ask - checks all patterns and stops on first deny", () =>
Effect.gen(function* () {
const err = yield* fail(
ask({
@@ -1066,11 +1072,10 @@ it.live("ask - checks all patterns and stops on first deny", () =>
)
expect(err).toBeInstanceOf(Permission.DeniedError)
}),
),
{ git: true },
)
it.live("ask - allows all patterns when all match allow rules", () =>
withDir({ git: true }, () =>
it.instance("ask - allows all patterns when all match allow rules", () =>
Effect.gen(function* () {
const result = yield* ask({
sessionID: SessionID.make("session_test"),
@@ -1082,11 +1087,10 @@ it.live("ask - allows all patterns when all match allow rules", () =>
})
expect(result).toBeUndefined()
}),
),
{ git: true },
)
it.live("ask - should deny even when an earlier pattern is ask", () =>
withDir({ git: true }, () =>
it.instance("ask - should deny even when an earlier pattern is ask", () =>
Effect.gen(function* () {
const err = yield* fail(
ask({
@@ -1105,13 +1109,13 @@ it.live("ask - should deny even when an earlier pattern is ask", () =>
expect(err).toBeInstanceOf(Permission.DeniedError)
expect(yield* list()).toHaveLength(0)
}),
),
{ git: true },
)
it.live("ask - abort should clear pending request", () =>
it.instance("ask - abort should clear pending request", () =>
Effect.gen(function* () {
const dir = yield* tmpdirScoped({ git: true })
const run = withProvided(dir)
const test = yield* TestInstance
const store = yield* InstanceStore.Service
const fiber = yield* ask({
id: PermissionID.make("per_reload"),
@@ -1121,14 +1125,15 @@ it.live("ask - abort should clear pending request", () =>
metadata: {},
always: [],
ruleset: [{ permission: "bash", pattern: "*", action: "ask" }],
}).pipe(run, Effect.forkScoped)
}).pipe(Effect.forkScoped)
const pending = yield* waitForPending(1).pipe(run)
const pending = yield* waitForPending(1)
expect(pending).toHaveLength(1)
yield* Effect.promise(() => reloadTestInstance({ directory: dir }))
yield* store.reload({ directory: test.directory })
const exit = yield* Fiber.await(fiber)
expect(Exit.isFailure(exit)).toBe(true)
if (Exit.isFailure(exit)) expect(Cause.squash(exit.cause)).toBeInstanceOf(Permission.RejectedError)
}),
{ git: true },
)