mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-13 23:47:24 +02:00
23 lines
913 B
Go
23 lines
913 B
Go
package multiagent
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"cyberstrike-ai/internal/authctx"
|
|
)
|
|
|
|
func TestLocalToolPermissionIsSeparateFromAgentExecution(t *testing.T) {
|
|
agentOnly := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("robot:u1", "robot", "own", map[string]bool{"agent:execute": true}))
|
|
if !localToolPermissionDenied(agentOnly, "execute") || !localToolPermissionDenied(agentOnly, "read_file") {
|
|
t.Fatal("agent:execute alone authorized local privileged tools")
|
|
}
|
|
local := authctx.WithPrincipal(context.Background(), authctx.NewPrincipal("u1", "user", "assigned", map[string]bool{"agent:local-execute": true}))
|
|
if localToolPermissionDenied(local, "execute") || localToolPermissionDenied(local, "write_file") {
|
|
t.Fatal("agent:local-execute was not honored")
|
|
}
|
|
if localToolPermissionDenied(agentOnly, "record_vulnerability") {
|
|
t.Fatal("non-local tool was incorrectly denied")
|
|
}
|
|
}
|