gnoma/internal/safety/banner_test.go

package safety

import (
	"strings"
	"testing"
)

func TestRenderContextBanner_BasicFields(t *testing.T) {
	c := Classification{Tier: TierOK, Path: "/home/cn/git/foo", Reason: "inside a git repo"}
	info := SessionInfo{
		Version:     "0.2.1",
		GitBranch:   "dev",
		GitDirty:    false,
		ProjectType: "Go module",
		Provider:    "ollama",
		Model:       "qwen3-coder:30b",
		Permission:  "auto",
		Incognito:   false,
		Prefer:      "auto",
	}
	out := RenderContextBanner(c, info, nil)

	want := []string{
		"gnoma 0.2.1 — ready",
		"cwd",
		"/home/cn/git/foo",
		"git",
		"dev (clean)",
		"project",
		"Go module",
		"provider",
		"ollama / qwen3-coder:30b",
		"mode",
		"permission=auto",
		"sensitive",
		"0 matches in cwd",
		"---",
	}
	for _, w := range want {
		if !strings.Contains(out, w) {
			t.Errorf("banner missing %q\nfull output:\n%s", w, out)
		}
	}
}

func TestRenderContextBanner_DirtyGit(t *testing.T) {
	c := Classification{Tier: TierOK, Path: "/somewhere", Reason: "ok"}
	info := SessionInfo{Version: "x", GitBranch: "main", GitDirty: true}
	out := RenderContextBanner(c, info, nil)
	if !strings.Contains(out, "main (dirty)") {
		t.Errorf("dirty git not surfaced:\n%s", out)
	}
}

func TestRenderContextBanner_SensitiveMatches(t *testing.T) {
	c := Classification{Tier: TierWarn, Path: "/home/cn", Reason: "home"}
	info := SessionInfo{Version: "x"}
	matches := []Match{
		{Path: "/home/cn/.env", Reason: "env file"},
		{Path: "/home/cn/id_rsa", Reason: "private key"},
		{Path: "/home/cn/.ssh", Reason: "credentials directory"},
		{Path: "/home/cn/aws_credentials", Reason: "credentials file"},
	}
	out := RenderContextBanner(c, info, matches)
	// 4 matches, banner truncates to 3 + "+N more"
	if !strings.Contains(out, "4 matches") {
		t.Errorf("expected '4 matches' summary, got:\n%s", out)
	}
	if !strings.Contains(out, "+1 more") {
		t.Errorf("expected +1 more truncation, got:\n%s", out)
	}
}

func TestRenderContextBanner_OmitsEmptyFields(t *testing.T) {
	c := Classification{Tier: TierOK, Path: "/x", Reason: ""}
	info := SessionInfo{} // everything empty
	out := RenderContextBanner(c, info, nil)
	if strings.Contains(out, "provider :") {
		t.Errorf("empty provider/model should be omitted:\n%s", out)
	}
	if strings.Contains(out, "git :") {
		t.Errorf("empty git branch should be omitted:\n%s", out)
	}
}

func TestRenderWarnPrefix(t *testing.T) {
	c := Classification{Tier: TierWarn, Path: "/home/cn", Reason: "personal directory"}
	out := RenderWarnPrefix(c)
	if !strings.Contains(out, "WARNING") {
		t.Errorf("warn prefix missing WARNING:\n%s", out)
	}
	if !strings.Contains(out, "/home/cn") {
		t.Errorf("warn prefix missing path:\n%s", out)
	}
	if !strings.Contains(out, "[y/N]") {
		t.Errorf("warn prefix missing keypress prompt:\n%s", out)
	}
}

func TestRenderWarnPrefix_EmptyOnNonWarnTier(t *testing.T) {
	if got := RenderWarnPrefix(Classification{Tier: TierOK}); got != "" {
		t.Errorf("non-warn tier should produce empty warn prefix, got %q", got)
	}
	if got := RenderWarnPrefix(Classification{Tier: TierRefuse}); got != "" {
		t.Errorf("refuse tier should produce empty warn prefix, got %q", got)
	}
}

func TestRenderRefuse(t *testing.T) {
	c := Classification{Tier: TierRefuse, Path: "/etc", Reason: "system directory"}
	out := RenderRefuse(c)
	if !strings.Contains(out, "ERROR") {
		t.Errorf("refuse banner missing ERROR:\n%s", out)
	}
	if !strings.Contains(out, "/etc") {
		t.Errorf("refuse banner missing path:\n%s", out)
	}
	if !strings.Contains(out, "--dangerously-allow-anywhere") {
		t.Errorf("refuse banner missing override hint:\n%s", out)
	}
}

func TestRenderRefuse_EmptyOnNonRefuseTier(t *testing.T) {
	if got := RenderRefuse(Classification{Tier: TierOK}); got != "" {
		t.Errorf("non-refuse tier should produce empty refuse text, got %q", got)
	}
}