mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

test: cover absolute paths in project env/config approval regex

Browse source 
The original regex only matched relative paths (./foo/.env or bare
.env), so the exact command from the bug report —
`cp /opt/data/.env.local /opt/data/.env` — did not trigger approval.
Broaden the leading-path prefix to accept an absolute leading slash
alongside ./ and ../, and add regressions for the bug-report command
and its redirection variant.
This commit is contained in:
Teknium 2026-04-23 14:05:15 -07:00 committed by Teknium
parent 1dfcda4e3c
commit b848ce2c79
2 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
tests/tools/test_approval.py
View file

@ -460,6 +460,24 @@ class TestProjectSensitiveCopyPattern:
assert key is not None
assert "project env/config" in desc.lower()
def test_cp_absolute_path_to_dotenv_requires_approval(self):
# Regression: the real-world bug report was `cp /opt/data/.env.local /opt/data/.env`.
# The regex must cover absolute paths, not just `./` / bare relative paths.
dangerous, key, desc = detect_dangerous_command(
"cp /opt/data/.env.local /opt/data/.env"
)
assert dangerous is True
assert key is not None
assert "project env/config" in desc.lower()
def test_redirect_absolute_path_to_dotenv_requires_approval(self):
dangerous, key, desc = detect_dangerous_command(
"cat /opt/data/.env.local > /opt/data/.env"
)
assert dangerous is True
assert key is not None
assert "project env/config" in desc.lower()
def test_mv_to_nested_config_yaml_requires_approval(self):
dangerous, key, desc = detect_dangerous_command("mv tmp/generated.yaml config/config.yaml")
assert dangerous is True