tests: pin ink engine in _make_tui_argv npm-bootstrap tests (post-merge semantic fix)

Main's rewritten test_tui_npm_install.py tests call _make_tui_argv expecting
the Ink/npm flow unconditionally; with the dual-engine dispatch merged in,
_resolve_tui_engine() auto-selects opentui whenever ui-opentui/dist is built
in the repo, routing the call away from the path under test (first subprocess
became 'node --version' instead of 'npm run build'). Pin the engine to ink
via an autouse fixture, mirroring the existing pinning precedent in
test_tui_resume_flow.py.
This commit is contained in:
alt-glitch 2026-06-12 10:32:40 +05:30
parent ab37440ce6
commit e1067dbbe5
756 changed files with 79874 additions and 19585 deletions

View file

@ -285,3 +285,65 @@ class TestProgrammingErrorsPropagateFromWrapper:
os.environ["HERMES_INTERACTIVE"] = "1"
with pytest.raises(AttributeError, match="bug in wrapper"):
check_all_command_guards("echo hello", "local")
# ---------------------------------------------------------------------------
# Gateway (TUI / desktop) approval notify payload carries allow_permanent
# ---------------------------------------------------------------------------
class TestGatewayApprovalAllowPermanent:
"""The gateway emits the approval prompt to the renderer via the notify
payload (TUI/desktop both consume it). It must carry ``allow_permanent``
so the UI doesn't offer a permanent allow the backend would silently
downgrade to session scope for tirith content-security findings.
"""
def _capture_gateway_payload(self, command, session_key):
"""Run the gateway approval path, denying inline, and return the
single notify payload the renderer would have received."""
from tools.approval import (
register_gateway_notify,
resolve_gateway_approval,
unregister_gateway_notify,
)
captured = []
def notify(data):
captured.append(dict(data))
# The notify fires synchronously before _await_gateway_decision
# blocks, so resolving here releases the wait without a thread.
resolve_gateway_approval(session_key, "deny")
register_gateway_notify(session_key, notify)
token = set_current_session_key(session_key)
os.environ["HERMES_GATEWAY_SESSION"] = "1"
os.environ["HERMES_EXEC_ASK"] = "1"
os.environ["HERMES_SESSION_KEY"] = session_key
try:
check_all_command_guards(command, "local")
finally:
os.environ.pop("HERMES_GATEWAY_SESSION", None)
os.environ.pop("HERMES_EXEC_ASK", None)
os.environ.pop("HERMES_SESSION_KEY", None)
reset_current_session_key(token)
unregister_gateway_notify(session_key)
assert len(captured) == 1
return captured[0]
def test_dangerous_only_allows_permanent(self):
"""No tirith warning → permanent allow is offered."""
payload = self._capture_gateway_payload("rm -rf /important", "gw-allow-perm")
assert payload["command"] == "rm -rf /important"
assert payload["allow_permanent"] is True
@patch(_TIRITH_PATCH,
return_value=_tirith_result("warn",
[{"rule_id": "shortened_url"}],
"shortened URL detected"))
def test_tirith_warning_disallows_permanent(self, mock_tirith):
"""tirith content-security warning → permanent allow is withheld so the
renderer hides "Always allow"."""
payload = self._capture_gateway_payload("curl https://bit.ly/abc", "gw-no-perm")
assert payload["allow_permanent"] is False