mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-14 07:57:26 +02:00
Add files via upload
This commit is contained in:
@@ -0,0 +1,22 @@
|
||||
package multiagent
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"cyberstrike-ai/internal/authctx"
|
||||
)
|
||||
|
||||
func TestLocalToolPermissionIsSeparateFromAgentExecution(t *testing.T) {
|
||||
agentOnly := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("robot:u1", "robot", "own", map[string]bool{"agent:execute": true}))
|
||||
if !localToolPermissionDenied(agentOnly, "execute") || !localToolPermissionDenied(agentOnly, "read_file") {
|
||||
t.Fatal("agent:execute alone authorized local privileged tools")
|
||||
}
|
||||
local := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", "assigned", map[string]bool{"agent:local-execute": true}))
|
||||
if localToolPermissionDenied(local, "execute") || localToolPermissionDenied(local, "write_file") {
|
||||
t.Fatal("agent:local-execute was not honored")
|
||||
}
|
||||
if localToolPermissionDenied(agentOnly, "record_vulnerability") {
|
||||
t.Fatal("non-local tool was incorrectly denied")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user