P1 (part 1): move skilltools core -> tool/ (clean, verbatim)
executus CI / test (push) Successful in 36s
executus CI / test (push) Successful in 36s
The tool registry core (registry, permission model, Invocation, gated-tool wrapper, ssrf guard, hmac, encryption, argcoerce, helpers, rootrun, session_tools, webhook_rate_limit) had zero mort coupling — it imports only majordomo/llm + x/crypto/hkdf — so it moves verbatim with a package rename (skilltools -> tool). All same-package tests came along and pass; the SSRF, gated-wrapper, encryption and output-pattern invariants are re-anchored here. majordomo re-enters the module graph (now pinned to the latest, incl. the front-loaded-output fix). model/ + llmmeta + structured follow next. Docs: CLAUDE.md now requires README/examples to stay in sync with changes in the same commit; CI skips docs/example-only pushes via paths-ignore. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,56 @@
|
||||
package tool
|
||||
|
||||
import (
|
||||
"strings"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestCheckAuthoring_AllowsAnyone(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
_ = r.Register(&fakeTool{name: "calc", perm: Permission{AuthoringRequirement: RequirementAnyone}})
|
||||
if err := CheckAuthoring(r, []string{"calc"}, false); err != nil {
|
||||
t.Fatalf("expected anyone to pass, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckAuthoring_BlocksNonAdminFromAdminTool(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
_ = r.Register(&fakeTool{name: "db_select", perm: Permission{AuthoringRequirement: RequirementAdmin}})
|
||||
err := CheckAuthoring(r, []string{"db_select"}, false)
|
||||
if err == nil || !strings.Contains(err.Error(), "requires admin authoring") {
|
||||
t.Fatalf("expected admin-required error, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckAuthoring_AllowsAdminWithAdminTool(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
_ = r.Register(&fakeTool{name: "db_select", perm: Permission{AuthoringRequirement: RequirementAdmin}})
|
||||
if err := CheckAuthoring(r, []string{"db_select"}, true); err != nil {
|
||||
t.Fatalf("expected admin to pass, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckAuthoring_UnknownTool(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
err := CheckAuthoring(r, []string{"missing"}, true)
|
||||
if err == nil || !strings.Contains(err.Error(), "unknown tool") {
|
||||
t.Fatalf("expected unknown-tool error, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckShareSafety_Pass(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
_ = r.Register(&fakeTool{name: "search", perm: Permission{SafeForShare: true}})
|
||||
if err := CheckShareSafety(r, []string{"search"}); err != nil {
|
||||
t.Fatalf("expected safe tool to pass, got %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCheckShareSafety_BlocksUnsafe(t *testing.T) {
|
||||
r := NewRegistry()
|
||||
_ = r.Register(&fakeTool{name: "balance", perm: Permission{SafeForShare: false}})
|
||||
err := CheckShareSafety(r, []string{"balance"})
|
||||
if err == nil || !strings.Contains(err.Error(), "operates on the caller's own data") {
|
||||
t.Fatalf("expected share-safety error, got %v", err)
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user