fix: preserve legacy approval keys after pattern key migration

2026-04-26 01:01:40 +00:00 · 2026-03-14 22:10:39 -07:00 · 2026-03-14 22:10:39 -07:00 · d5b64ebdb3
commit d5b64ebdb3
parent 4a93cfd889
2 changed files with 48 additions and 3 deletions
--- a/tests/tools/test_approval.py
+++ b/tests/tools/test_approval.py
@ -2,12 +2,14 @@

 from unittest.mock import patch as mock_patch

+import tools.approval as approval_module
 from tools.approval import (
    approve_session,
    clear_session,
    detect_dangerous_command,
    has_pending,
    is_approved,
+    load_permanent,
    pop_pending,
    prompt_dangerous_approval,
    submit_pending,
@ -368,6 +370,20 @@ class TestPatternKeyUniqueness:
        )
        clear_session(session)

+    def test_legacy_find_key_still_approves_find_exec(self):
+        """Old allowlist entry 'find' should keep approving the matching command."""
+        _, key_exec, _ = detect_dangerous_command("find . -exec rm {} \\;")
+        with mock_patch.object(approval_module, "_permanent_approved", set()):
+            load_permanent({"find"})
+            assert is_approved("legacy-find", key_exec) is True
+
+    def test_legacy_find_key_still_approves_find_delete(self):
+        """Old colliding allowlist entry 'find' should remain backwards compatible."""
+        _, key_delete, _ = detect_dangerous_command("find . -name '*.tmp' -delete")
+        with mock_patch.object(approval_module, "_permanent_approved", set()):
+            load_permanent({"find"})
+            assert is_approved("legacy-find", key_delete) is True
+

 class TestViewFullCommand:
    """Tests for the 'view full command' option in prompt_dangerous_approval."""