Ë
    ­Æjê  ã            
      óV  — d Z ddlmZ ddlZddlmc mZ ddl	Z	ddl
Z
e
j                  j                  dd«       ddlZde	j                  d<   ddlmZ g d¢Zd	d
difddddœfddddœfddddddœfddddœfddddœfgZdi fddd ifdddifd!i fddd"ifd dd"ifd#d$d%d&ifgZ G d'„ d(«      Zy))u(  Tests for v3.6 Harness â€” regression: safe commands must remain ALLOW.

chair_authorization_id=CHAIR-AUTH-TASK-2703-V36-HARNESS-MVP-260528

DoD #7: existing safe commands must not be blocked (false-positive prevention).
Also covers edge cases: None input, empty dict, malformed tool_input, etc.
é    )ÚannotationsNz/home/jay/workspaceÚ1ÚANU_V36_HARNESS_TEST_MODE)Úevaluate)-zpython3 -m pytestzpython3 -m pytest tests/ -vz#python3 -m pytest tests/harness/ -vz.pytest tests/harness/test_v36_harness_rules.pyzpytest --tb=shortz
git statuszgit log --oneline -10zgit log --format='%H %s' -5zgit diff HEAD~1zgit diffzgit diff --statzgit show HEADz
git branchzgit branch -azgit fetch originzgit remote -vzgh pr view 158zgh pr view 158 --json statez
gh pr listzgh pr list --state openúgh run view 12345zgh run listzgh issue view 100zgh issue listz2cat /home/jay/workspace/memory/events/task-2703.mdz#cat /home/jay/.claude/settings.jsonzls -la /home/jay/workspacez+ls /home/jay/workspace/scripts/harness/v36/z7grep -r 'evaluate' /home/jay/workspace/scripts/harness/zDgrep 'matched_rule' /home/jay/workspace/scripts/harness/v36/guard.pyz9head -20 /home/jay/workspace/scripts/harness/v36/rules.pyz6wc -l /home/jay/workspace/scripts/harness/v36/rules.pyz1python3 -c "import json; print(json.loads('{}'))"zpython3 -c "print('hello')"zecho 'test output'z+find /home/jay/workspace/tests -name '*.py'zwhich python3zenv | grep ANUzgit log --all --onelinezgit stash listzgit tagzpip listzpython3 --versionzmkdir -p /tmp/test-harness-dirzcp /tmp/test.py /tmp/test2.pyÚReadÚ	file_pathú0/home/jay/workspace/scripts/harness/v36/guard.pyÚGlobz**/*.py)ÚpatternÚpathÚGrepr   ÚLSPÚhoverzguard.pyé   )Ú	operationÚfilePathÚlineÚ	characterÚTaskzcheck somethingÚbash)ÚdescriptionÚtypeÚWebFetchzhttps://example.comzwhat is this?)ÚurlÚpromptÚBashÚcommandÚ ÚWriteÚls)r   NÚUnknownToolÚ	arbitraryÚvalc                  ó  — e Zd Zej                  j                  de«      d„ «       Zej                  j                  de«      d„ «       Z	ej                  j                  de
«      d„ «       Zd„ Zd„ Zd„ Zd	„ Zd
„ Zd„ Zd„ Zd„ Zd„ Zy)ÚTestSafeCommandsAllowÚcmdc                ó¨  — t        dd|ii «      }|d   }d}||k(  }|s¯t        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }t        j                  d|›d	|d   ›d
|j                  d«      ›d|j                  d«      ›«      dz   d|iz  }t        t        j                  |«      «      ‚d x}x}}y )Nr   r   ÚdecisionÚALLOW©ú==©z%(py1)s == %(py4)s©Úpy1Úpy4z)REGRESSION: Safe command blocked!
  cmd: ú
  decision: ú	
  rule: Úmatched_rulez
  reason: Úreasonú
>assert %(py6)sÚpy6©r   Ú
@pytest_arÚ_call_reprcompareÚ	_safereprÚ_format_assertmsgÚgetÚAssertionErrorÚ_format_explanation)Úselfr'   ÚdÚ@py_assert0Ú@py_assert3Ú@py_assert2Ú@py_format5Ú@py_format7s           ú@/home/jay/workspace/tests/harness/test_v36_harness_regression.pyÚtest_safe_bash_command_allowsz3TestSafeCommandsAllow.test_safe_bash_command_allowsd   sâ   € äV˜i¨Ð-¨rÓ2ˆØ‰}ð 	
 ð 	
ˆ} Ñ'÷ 	
ïé ó	
ˆ} ÷ 	
ñ 	
÷ 
	ð ÷ 	
ð 	
÷ 
	ð !(÷ 	
õ 	
ïé ðØWð Ø˜Z™=Ð+ð ,Ø—u‘u˜^Ó,Ð/ð 0ØŸ™˜x›Ð+ð	-÷	
÷ 	
ö 	
ïé ÷	
÷ 	
ð 	
ó    ztool_name,tool_inputc                ó†  — t        ||i «      }|d   }d}||k(  }|s t        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }t        j                  d|›d|›d|d   ›d	|j                  d
«      ›«      dz   d|iz  }t        t        j                  |«      «      ‚d x}x}}y )Nr)   r*   r+   r-   r.   z'REGRESSION: Safe tool blocked!
  tool: z

  input: r1   r2   r3   r5   r6   r7   )	r?   Ú	tool_nameÚ
tool_inputr@   rA   rB   rC   rD   rE   s	            rF   Útest_safe_non_bash_tool_allowsz4TestSafeCommandsAllow.test_safe_non_bash_tool_allowso   sÔ   € äY 
¨BÓ/ˆØ‰}ð 	
 ð 	
ˆ} Ñ'÷ 	
ïé ó	
ˆ} ÷ 	
ñ 	
÷ 
	ð ÷ 	
ð 	
÷ 
	ð !(÷ 	
õ 	
ïé ðØ mð $Ø"~ð &Ø˜Z™=Ð+ð ,Ø—u‘u˜^Ó,Ð/ð	1÷	
÷ 	
ö 	
ïé ÷	
÷ 	
ð 	
rH   c                óð  — 	 t        ||i «      }|d   }d}||k(  }|s t        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }t        j                  d|›d|›d|d   ›d	|j                  d
«      ›«      dz   d|iz  }t        t        j                  |«      «      ‚dx}x}}y# t        $ r(}	t        j                  d|›d|›d|	› «       Y d}	~	yd}	~	ww xY w)u3   Edge cases must never raise â€” fail-safe to ALLOW.r)   r*   r+   r-   r.   z%Edge case unexpectedly blocked: tool=z, input=z, decision=z, rule=r3   r5   r6   Nz"evaluate raised on edge case tool=z: )r   r8   r9   r:   r;   r<   r=   r>   Ú	ExceptionÚpytestÚfail)
r?   rJ   rK   r@   rA   rB   rC   rD   rE   Úes
             rF   Ú(test_edge_case_allows_and_does_not_raisez>TestSafeCommandsAllow.test_edge_case_allows_and_does_not_raisez   s  € ð	gÜ˜ J°Ó3ˆAØZ‘=ð  Gð = GÑ+÷ ïé ó= G÷ ñ ÷ Ið !÷ ð ÷ Ið %,÷ õ ïé ð 8¸	°}ÀHÈZÈNð [Ø˜j™MÐ,¨G°A·E±E¸.Ó4IÐ3LðN÷÷ ö ïé ÷÷ ð øô ò 	gÜK‰KÐ<¸Y¸MÈÐR\ÐQ_Ð_aÐbcÐadÐe×fÑfûð	gús   ‚CC Ã	C5ÃC0Ã0C5c                ó€  — 	 t        dddid«      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      d	œz  }d
d|iz  }t	        t        j
                  |«      «      ‚dx}x}}y# t        $ r"}t        j                  d|› «       Y d}~yd}~ww xY w)zNone context must not raise.r   r   r!   Nr)   r*   r+   r-   r.   úassert %(py6)sr6   z#evaluate raised with None context: ©	r   r8   r9   r:   r=   r>   rN   rO   rP   ©r?   r@   rA   rB   rC   rD   rE   rQ   s           rF   Ú test_none_context_does_not_raisez6TestSafeCommandsAllow.test_none_context_does_not_raise†   s’   € ð	CÜ˜ )¨TÐ!2°DÓ9ˆAØZ‘=Ð+ GÐ+= GÑ+×+×+Õ+= G×+×+Ó+=×+×+Ò+ G×+×+×+×+×+×+Ô+øÜò 	CÜK‰KÐ=¸a¸SÐA×BÑBûð	Cúó   ‚BB Â	B=ÂB8Â8B=c                ó€  — 	 t        dddid«      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      d	œz  }d
d|iz  }t	        t        j
                  |«      «      ‚dx}x}}y# t        $ r"}t        j                  d|› «       Y d}~yd}~ww xY w)z*Malformed context (string) must not raise.r   r   r!   zbad contextr)   r*   r+   r-   r.   rT   r6   Nz%evaluate raised with string context: rU   rV   s           rF   Ú%test_malformed_context_does_not_raisez;TestSafeCommandsAllow.test_malformed_context_does_not_raiseŽ   s’   € ð	EÜ˜ )¨TÐ!2°MÓBˆAØZ‘=Ð+ GÐ+= GÑ+×+×+Õ+= G×+×+Ó+=×+×+Ò+ G×+×+×+×+×+×+Ô+øÜò 	EÜK‰KÐ?À¸sÐC×DÑDûð	EúrX   c                ó$  — t        ddddœi «      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      d	œz  }d
d|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z Writing .py files must be ALLOW.r    z3/home/jay/workspace/scripts/harness/v36/new_rule.pyz# code©r	   Úcontentr)   r*   r+   r-   r.   rT   r6   N©r   r8   r9   r:   r=   r>   ©r?   r@   rA   rB   rC   rD   rE   s          rF   Útest_write_to_py_file_allowsz2TestSafeCommandsAllow.test_write_to_py_file_allows–   sk   € äØØOÐ\dÑeØó
ˆð
 ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   c                ó$  — t        ddddœi «      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      d	œz  }d
d|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z:Writing .json files must be ALLOW (non-.done, non-report).r    z/home/jay/workspace/config.jsonz{}r\   r)   r*   r+   r-   r.   rT   r6   Nr^   r_   s          rF   Útest_write_to_json_file_allowsz4TestSafeCommandsAllow.test_write_to_json_file_allowsŸ   sj   € äØØ;ÈÑMØó
ˆð
 ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   c                ó&  — t        dddddœi «      }|d   }d}||k(  }|slt        j                  d|fd	||f«      t        j                  |«      t        j                  |«      d
œz  }dd|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z Editing .py files must be ALLOW.ÚEditr
   z	# commentz# updated comment)r	   Ú
old_stringÚ
new_stringr)   r*   r+   r-   r.   rT   r6   Nr^   r_   s          rF   Útest_edit_to_py_file_allowsz1TestSafeCommandsAllow.test_edit_to_py_file_allows¨   sr   € äØàOØ)Ø1ñð
 ó
ˆð ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   c                ó"  — t        dddii «      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }d	d
|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z'gh run view without --watch must ALLOW.r   r   r   r)   r*   r+   r-   r.   rT   r6   Nr^   r_   s          rF   Ú%test_gh_run_view_without_watch_allowsz;TestSafeCommandsAllow.test_gh_run_view_without_watch_allowsµ   sd   € äV˜iÐ)<Ð=¸rÓBˆØ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   c                ó"  — t        dddii «      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }d	d
|iz  }t	        t        j
                  |«      «      ‚dx}x}}|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }d	d
|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z?git push to any branch is DENY per spec (all git push blocked).r   r   z#git push origin feature/test-branchr)   ÚDENYr+   r-   r.   rT   r6   Nr3   zpattern.forbidden_tool_or_shellr^   r_   s          rF   Ú&test_git_push_to_feature_branch_deniedz<TestSafeCommandsAllow.test_git_push_to_feature_branch_deniedº   s»   € äV˜iÐ)NÐOÐQSÓTˆà‰}Ð& Ð&ˆ} Ñ&×&×&Õ&ˆ} ×&×&Ó&ˆ}×&×&Ò& ×&×&×&×&×&×&Ó&ØÑ ÐEÐ$EÐEÐ Ð$EÑE×E×EÕEÐ Ð$E×E×EÓEÐ ×E×EÒEÐ$E×E×E×E×E×E×EÔErH   c                ó,  — dddœ}t        dddi|«      }|d   }d}||k(  }|slt        j                  d	|fd
||f«      t        j                  |«      t        j                  |«      dœz  }dd|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)z5finish-task.sh with sufficient code files must ALLOW.é   é   )Únew_code_filesÚnew_md_filesr   r   z9bash /home/jay/workspace/scripts/finish-task.sh task-2703r)   r*   r+   r-   r.   rT   r6   Nr^   )r?   Úctxr@   rA   rB   rC   rD   rE   s           rF   Ú'test_finish_task_with_code_files_allowsz=TestSafeCommandsAllow.test_finish_task_with_code_files_allowsÁ   so   € à!"°AÑ6ˆÜV˜iÐ)dÐeÐgjÓkˆØ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   c                ó"  — t        dddii «      }|d   }d}||k(  }|slt        j                  d|fd||f«      t        j                  |«      t        j                  |«      dœz  }d	d
|iz  }t	        t        j
                  |«      «      ‚dx}x}}y)ztail without -f must ALLOW.r   r   ztail -20 /var/log/syslogr)   r*   r+   r-   r.   rT   r6   Nr^   r_   s          rF   Útest_tail_without_f_flag_allowsz5TestSafeCommandsAllow.test_tail_without_f_flag_allowsÇ   sd   € äV˜iÐ)CÐDÀbÓIˆØ‰}Ð' Ð'ˆ} Ñ'×'×'Õ'ˆ} ×'×'Ó'ˆ}×'×'Ò' ×'×'×'×'×'×'Ô'rH   N)Ú__name__Ú
__module__Ú__qualname__rO   ÚmarkÚparametrizeÚSAFE_BASH_COMMANDSrG   ÚSAFE_NON_BASH_TOOLSrL   Ú
EDGE_CASESrR   rW   rZ   r`   rb   rg   ri   rl   rs   ru   © rH   rF   r&   r&   c   s§   „ Ø‡[[×Ñ˜UÐ$6Ó7ñ
ó 8ð
ð ‡[[×ÑÐ3Ð5HÓIñ
ó Jð
ð ‡[[×ÑÐ3°ZÓ@ñ	gó Að	gòCòEò(ò(ò(ò(ò
Fò(ó(rH   r&   )Ú__doc__Ú
__future__r   ÚbuiltinsÚ@py_builtinsÚ_pytest.assertion.rewriteÚ	assertionÚrewriter8   ÚosÚsysr   ÚinsertrO   ÚenvironÚscripts.harness.v36.guardr   r{   r|   r}   r&   r~   rH   rF   ú<module>r‹      s  ðñõ #ç  „ ƒ	Û 
à ‡‡Ð(Ô )ã ð +.€‡

Ð&Ñ 'å .ò1Ð ðh ˆkÐMÐNÐOØ˜Ð,AÑBÐCØ˜Ð-BÑCÐDØ
˜'¨zÀ1ÐSTÑUÐVØÐ.¸Ñ?Ð@ØÐ.¸/ÑJÐKðÐ ð ˆR€LØˆi˜ˆ_ÐØˆi˜ÐÐØˆb€MØ	ˆItÐÐØˆ)TÐ	ÐØØ[ %Ð(Ð)ð	€
÷g(ò g(rH   