g4borg
97001e1544
Move all 29 workspace members from packages/<name>/ to crates/<name>/. Updates: workspace Cargo.toml (members + path deps), justfile, root CLAUDE.md, scripts/build/CARGO_INSTALL.md, docs/architecture/crates.md (renamed from packages.md), structural references in docs/architecture and docs/configuration, per-crate CLAUDE.md self-references. Historical plans, reports, and building/ docs are left untouched. No behavior change; just check-all stays green and fermata tests pass.
65 lines
2.3 KiB
Rust
65 lines
2.3 KiB
Rust
use dirigent_fermata::core::{Decision, Op, Policy};
|
|
use std::fs;
|
|
use tempfile::TempDir;
|
|
|
|
fn make_project(botignore: &str, toml_text: &str) -> TempDir {
|
|
let tmp = TempDir::new().unwrap();
|
|
fs::write(tmp.path().join(".botignore"), botignore).unwrap();
|
|
if !toml_text.is_empty() {
|
|
fs::write(tmp.path().join("botignore.toml"), toml_text).unwrap();
|
|
}
|
|
tmp
|
|
}
|
|
|
|
#[test]
|
|
fn botignore_blocks_read() {
|
|
let tmp = make_project(".env\n", "");
|
|
let policy = Policy::load(tmp.path()).unwrap();
|
|
let target = tmp.path().join(".env");
|
|
fs::write(&target, "").unwrap();
|
|
let d = policy.check(Op::Read, &target).unwrap();
|
|
assert!(matches!(d, Decision::Deny(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn botignore_blocks_write_too() {
|
|
let tmp = make_project(".env\n", "");
|
|
let policy = Policy::load(tmp.path()).unwrap();
|
|
let target = tmp.path().join(".env");
|
|
let d = policy.check(Op::Write, &target).unwrap();
|
|
assert!(matches!(d, Decision::Deny(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn unmatched_path_allowed() {
|
|
let tmp = make_project(".env\n", "");
|
|
let policy = Policy::load(tmp.path()).unwrap();
|
|
let target = tmp.path().join("src/main.rs");
|
|
fs::create_dir_all(target.parent().unwrap()).unwrap();
|
|
fs::write(&target, "").unwrap();
|
|
let d = policy.check(Op::Read, &target).unwrap();
|
|
assert_eq!(d, Decision::Allow);
|
|
}
|
|
|
|
#[test]
|
|
fn toml_read_block_applies_only_to_read() {
|
|
let tmp = make_project("", "[read]\npatterns = [\"secrets/**\"]\n");
|
|
let policy = Policy::load(tmp.path()).unwrap();
|
|
let target = tmp.path().join("secrets/key.pem");
|
|
fs::create_dir_all(target.parent().unwrap()).unwrap();
|
|
fs::write(&target, "").unwrap();
|
|
assert!(matches!(policy.check(Op::Read, &target).unwrap(), Decision::Deny(_)));
|
|
assert_eq!(policy.check(Op::Write, &target).unwrap(), Decision::Allow);
|
|
}
|
|
|
|
#[test]
|
|
fn toml_write_block_applies_only_to_write() {
|
|
let tmp = make_project("", "[write]\npatterns = [\"vendor/**\"]\n");
|
|
let policy = Policy::load(tmp.path()).unwrap();
|
|
let target = tmp.path().join("vendor/lib.rs");
|
|
fs::create_dir_all(target.parent().unwrap()).unwrap();
|
|
fs::write(&target, "").unwrap();
|
|
assert_eq!(policy.check(Op::Read, &target).unwrap(), Decision::Allow);
|
|
assert!(matches!(policy.check(Op::Write, &target).unwrap(), Decision::Deny(_)));
|
|
}
|