let5see/clawdbot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add exec approvals allowlists

Browse Source
This commit is contained in:
Peter Steinberger
2026-01-18 01:33:52 +00:00
parent 3a0fd6be3c
commit 0674f1fa3c
21 changed files with 1019 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
apps/macos/Tests/ClawdbotIPCTests/SystemRunAllowlistTests.swift Normal file
View File

@@ -0,0 +1,43 @@
import Foundation
import Testing
@testable import Clawdbot
struct SystemRunAllowlistTests {
@Test func matchUsesResolvedPath() {
let entry = SystemRunAllowlistEntry(pattern: "/opt/homebrew/bin/rg", enabled: true, matchKind: .glob)
let resolution = SystemRunCommandResolution(
rawExecutable: "rg",
resolvedPath: "/opt/homebrew/bin/rg",
executableName: "rg",
cwd: nil)
let match = SystemRunAllowlistStore.match(
command: ["rg"],
resolution: resolution,
entries: [entry])
#expect(match?.id == entry.id)
}
@Test func matchUsesBasenameForSimplePattern() {
let entry = SystemRunAllowlistEntry(pattern: "rg", enabled: true, matchKind: .glob)
let resolution = SystemRunCommandResolution(
rawExecutable: "rg",
resolvedPath: "/opt/homebrew/bin/rg",
executableName: "rg",
cwd: nil)
let match = SystemRunAllowlistStore.match(
command: ["rg"],
resolution: resolution,
entries: [entry])
#expect(match?.id == entry.id)
}
@Test func matchUsesLegacyArgvKey() {
let key = SystemRunAllowlist.legacyKey(for: ["echo", "hi"])
let entry = SystemRunAllowlistEntry(pattern: key, enabled: true, matchKind: .argv)
let match = SystemRunAllowlistStore.match(
command: ["echo", "hi"],
resolution: nil,
entries: [entry])
#expect(match?.id == entry.id)
}
}