boss/tests/computer-control-permission-policy.test.ts

import assert from "node:assert/strict";
import test from "node:test";
import { evaluatePermissionPolicyForTesting } from "@/lib/execution/permission-policy";

test("browser control medium risk requires confirmation but stays allowed", () => {
  const result = evaluatePermissionPolicyForTesting({
    project: {
      id: "thread-browser",
      isGroup: false,
      collaborationMode: "development",
      approvalState: "not_required",
    },
    requestedTool: "browser_control",
    requestedRiskLevel: "medium",
  });

  assert.equal(result.allowed, true);
  assert.equal(result.requiresApproval, true);
  assert.deepEqual(result.toolPolicy.allowedTools.includes("browser_control"), true);
});

test("desktop control high risk is blocked until explicit confirmation", () => {
  const result = evaluatePermissionPolicyForTesting({
    project: {
      id: "thread-desktop",
      isGroup: false,
      collaborationMode: "development",
      approvalState: "not_required",
    },
    requestedTool: "desktop_control",
    requestedRiskLevel: "high",
  });

  assert.equal(result.allowed, false);
  assert.equal(result.requiresApproval, true);
  assert.match(result.reason ?? "", /确认|高风险/);
  assert.deepEqual(result.toolPolicy.deniedTools.includes("desktop_control"), true);
});