core: extract external directory validation to shared utility to reduce code duplication across tools

2026-01-10 18:49:36 -05:00
parent 76386f5cfc
commit f94ee5ce90
10 changed files with 186 additions and 49 deletions
--- a/packages/opencode/test/tool/external-directory.test.ts
+++ b/packages/opencode/test/tool/external-directory.test.ts
@@ -0,0 +1,126 @@
+import { describe, expect, test } from "bun:test"
+import path from "path"
+import type { Tool } from "../../src/tool/tool"
+import { Instance } from "../../src/project/instance"
+import { assertExternalDirectory } from "../../src/tool/external-directory"
+import type { PermissionNext } from "../../src/permission/next"
+
+const baseCtx: Omit<Tool.Context, "ask"> = {
+  sessionID: "test",
+  messageID: "",
+  callID: "",
+  agent: "build",
+  abort: AbortSignal.any([]),
+  metadata: () => {},
+}
+
+describe("tool.assertExternalDirectory", () => {
+  test("no-ops for empty target", async () => {
+    const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
+    const ctx: Tool.Context = {
+      ...baseCtx,
+      ask: async (req) => {
+        requests.push(req)
+      },
+    }
+
+    await Instance.provide({
+      directory: "/tmp",
+      fn: async () => {
+        await assertExternalDirectory(ctx)
+      },
+    })
+
+    expect(requests.length).toBe(0)
+  })
+
+  test("no-ops for paths inside Instance.directory", async () => {
+    const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
+    const ctx: Tool.Context = {
+      ...baseCtx,
+      ask: async (req) => {
+        requests.push(req)
+      },
+    }
+
+    await Instance.provide({
+      directory: "/tmp/project",
+      fn: async () => {
+        await assertExternalDirectory(ctx, path.join("/tmp/project", "file.txt"))
+      },
+    })
+
+    expect(requests.length).toBe(0)
+  })
+
+  test("asks with a single canonical glob", async () => {
+    const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
+    const ctx: Tool.Context = {
+      ...baseCtx,
+      ask: async (req) => {
+        requests.push(req)
+      },
+    }
+
+    const directory = "/tmp/project"
+    const target = "/tmp/outside/file.txt"
+    const expected = path.join(path.dirname(target), "*")
+
+    await Instance.provide({
+      directory,
+      fn: async () => {
+        await assertExternalDirectory(ctx, target)
+      },
+    })
+
+    const req = requests.find((r) => r.permission === "external_directory")
+    expect(req).toBeDefined()
+    expect(req!.patterns).toEqual([expected])
+    expect(req!.always).toEqual([expected])
+  })
+
+  test("uses target directory when kind=directory", async () => {
+    const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
+    const ctx: Tool.Context = {
+      ...baseCtx,
+      ask: async (req) => {
+        requests.push(req)
+      },
+    }
+
+    const directory = "/tmp/project"
+    const target = "/tmp/outside"
+    const expected = path.join(target, "*")
+
+    await Instance.provide({
+      directory,
+      fn: async () => {
+        await assertExternalDirectory(ctx, target, { kind: "directory" })
+      },
+    })
+
+    const req = requests.find((r) => r.permission === "external_directory")
+    expect(req).toBeDefined()
+    expect(req!.patterns).toEqual([expected])
+    expect(req!.always).toEqual([expected])
+  })
+
+  test("skips prompting when bypass=true", async () => {
+    const requests: Array<Omit<PermissionNext.Request, "id" | "sessionID" | "tool">> = []
+    const ctx: Tool.Context = {
+      ...baseCtx,
+      ask: async (req) => {
+        requests.push(req)
+      },
+    }
+
+    await Instance.provide({
+      directory: "/tmp/project",
+      fn: async () => {
+        await assertExternalDirectory(ctx, "/tmp/outside/file.txt", { bypass: true })
+      },
+    })
+
+    expect(requests.length).toBe(0)
+  })
+})