fix(exec): default implicit target to auto

2026-05-05 14:20:22 +00:00 · 2026-03-30 05:59:08 +09:00
parent d014f173f1
commit 276ccd2583
28 changed files with 216 additions and 110 deletions
--- a/src/infra/exec-approvals-policy.test.ts
+++ b/src/infra/exec-approvals-policy.test.ts
@@ -4,6 +4,7 @@ import {
  minSecurity,
  normalizeExecAsk,
  normalizeExecHost,
+  normalizeExecTarget,
  normalizeExecSecurity,
  requiresExecApproval,
 } from "./exec-approvals.js";
@@ -18,6 +19,16 @@ describe("exec approvals policy helpers", () => {
    expect(normalizeExecHost(raw)).toBe(expected);
  });

+  it.each([
+    { raw: " auto ", expected: "auto" },
+    { raw: " gateway ", expected: "gateway" },
+    { raw: "NODE", expected: "node" },
+    { raw: "", expected: null },
+    { raw: "ssh", expected: null },
+  ])("normalizes exec target value %j", ({ raw, expected }) => {
+    expect(normalizeExecTarget(raw)).toBe(expected);
+  });
+
  it.each([
    { raw: " allowlist ", expected: "allowlist" },
    { raw: "FULL", expected: "full" },
--- a/src/infra/exec-approvals.ts
+++ b/src/infra/exec-approvals.ts
@@ -8,6 +8,7 @@ export * from "./exec-approvals-analysis.js";
 export * from "./exec-approvals-allowlist.js";

 export type ExecHost = "sandbox" | "gateway" | "node";
+export type ExecTarget = "auto" | ExecHost;
 export type ExecSecurity = "deny" | "allowlist" | "full";
 export type ExecAsk = "off" | "on-miss" | "always";

@@ -19,6 +20,14 @@ export function normalizeExecHost(value?: string | null): ExecHost | null {
  return null;
 }

+export function normalizeExecTarget(value?: string | null): ExecTarget | null {
+  const normalized = value?.trim().toLowerCase();
+  if (normalized === "auto") {
+    return normalized;
+  }
+  return normalizeExecHost(normalized);
+}
+
 export function normalizeExecSecurity(value?: string | null): ExecSecurity | null {
  const normalized = value?.trim().toLowerCase();
  if (normalized === "deny" || normalized === "allowlist" || normalized === "full") {