refactor(exec-approvals): unify system.run binding and generate host env policy

2026-03-12 07:20:45 +00:00 · 2026-02-26 16:57:29 +01:00
parent baf1c8ea13
commit 4894d907fa
18 changed files with 858 additions and 342 deletions
--- a/test/fixtures/system-run-approval-binding-contract.json
+++ b/test/fixtures/system-run-approval-binding-contract.json
@@ -0,0 +1,116 @@
+{
+  "cases": [
+    {
+      "name": "v1 matches when env key order changes",
+      "request": {
+        "host": "node",
+        "command": "git diff",
+        "bindingV1": {
+          "argv": ["git", "diff"],
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "SAFE_A": "1", "SAFE_B": "2" }
+        }
+      },
+      "invoke": {
+        "cmdText": "git diff",
+        "argv": ["git", "diff"],
+        "binding": {
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "SAFE_B": "2", "SAFE_A": "1" }
+        }
+      },
+      "expected": { "ok": true }
+    },
+    {
+      "name": "v1 rejects env mismatch",
+      "request": {
+        "host": "node",
+        "command": "git diff",
+        "bindingV1": {
+          "argv": ["git", "diff"],
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "SAFE": "1" }
+        }
+      },
+      "invoke": {
+        "cmdText": "git diff",
+        "argv": ["git", "diff"],
+        "binding": {
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "SAFE": "2" }
+        }
+      },
+      "expected": { "ok": false, "code": "APPROVAL_ENV_MISMATCH" }
+    },
+    {
+      "name": "v1 rejects unbound env overrides",
+      "request": {
+        "host": "node",
+        "command": "git diff",
+        "bindingV1": {
+          "argv": ["git", "diff"],
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null
+        }
+      },
+      "invoke": {
+        "cmdText": "git diff",
+        "argv": ["git", "diff"],
+        "binding": {
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "GIT_EXTERNAL_DIFF": "/tmp/pwn.sh" }
+        }
+      },
+      "expected": { "ok": false, "code": "APPROVAL_ENV_BINDING_MISSING" }
+    },
+    {
+      "name": "legacy rejects argv mismatch",
+      "request": {
+        "host": "node",
+        "command": "echo SAFE",
+        "commandArgv": ["echo SAFE"]
+      },
+      "invoke": {
+        "cmdText": "echo SAFE",
+        "argv": ["echo", "SAFE"],
+        "binding": {
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null
+        }
+      },
+      "expected": { "ok": false, "code": "APPROVAL_REQUEST_MISMATCH" }
+    },
+    {
+      "name": "legacy accepts matching env hash",
+      "request": {
+        "host": "node",
+        "command": "git diff",
+        "commandArgv": ["git", "diff"],
+        "envHashFrom": { "SAFE_A": "1", "SAFE_B": "2" }
+      },
+      "invoke": {
+        "cmdText": "git diff",
+        "argv": ["git", "diff"],
+        "binding": {
+          "cwd": null,
+          "agentId": null,
+          "sessionKey": null,
+          "env": { "SAFE_B": "2", "SAFE_A": "1" }
+        }
+      },
+      "expected": { "ok": true }
+    }
+  ]
+}