gnoma/internal/safety/cwd_test.go

package safety

import (
	"os"
	"path/filepath"
	"testing"

	"somegit.dev/Owlibou/gnoma/internal/config"
)

func defaultCfg() config.ResolvedSafetySection {
	return config.ResolvedSafetySection{
		RefuseInSystemDirs:   true,
		WarnInHome:           true,
		RequireProjectMarker: false,
	}
}

func TestClassifyCWD_SystemRoots(t *testing.T) {
	cfg := defaultCfg()
	cases := []string{"/etc", "/etc/foo", "/sys", "/proc/1", "/var/log", "/usr/local"}
	for _, p := range cases {
		t.Run(p, func(t *testing.T) {
			c := ClassifyCWD(p, cfg)
			// When running inside a container, system roots are
			// downgraded to warn. The CI/container case is acceptable.
			if c.Tier == TierRefuse {
				return
			}
			if c.Tier == TierWarn && isInContainer() {
				return
			}
			t.Errorf("%s tier = %v, want refuse (or warn under container)", p, c.Tier)
		})
	}
}

func TestClassifyCWD_HomeIsWarn(t *testing.T) {
	home, err := os.UserHomeDir()
	if err != nil || home == "" {
		t.Skip("UserHomeDir unavailable")
	}
	cfg := defaultCfg()
	c := ClassifyCWD(home, cfg)
	if c.Tier != TierWarn {
		t.Errorf("$HOME tier = %v, want warn", c.Tier)
	}
}

func TestClassifyCWD_TmpIsWarn(t *testing.T) {
	cfg := defaultCfg()
	c := ClassifyCWD("/tmp", cfg)
	if c.Tier != TierWarn {
		t.Errorf("/tmp tier = %v, want warn", c.Tier)
	}
}

func TestClassifyCWD_ProjectMarkerForcesOK(t *testing.T) {
	dir := t.TempDir()
	// Drop a project marker.
	if err := os.WriteFile(filepath.Join(dir, "go.mod"), []byte("module test"), 0o600); err != nil {
		t.Fatal(err)
	}
	cfg := defaultCfg()
	c := ClassifyCWD(dir, cfg)
	if c.Tier != TierOK {
		t.Errorf("dir with go.mod tier = %v, want ok", c.Tier)
	}
}

func TestClassifyCWD_GitRepoIsOK(t *testing.T) {
	dir := t.TempDir()
	// Drop a .git directory (file would also be accepted — git worktrees).
	if err := os.MkdirAll(filepath.Join(dir, ".git"), 0o700); err != nil {
		t.Fatal(err)
	}
	cfg := defaultCfg()
	c := ClassifyCWD(dir, cfg)
	if c.Tier != TierOK {
		t.Errorf("dir with .git tier = %v, want ok", c.Tier)
	}
}

func TestClassifyCWD_RequireProjectMarker_GitRepoWithoutMarker(t *testing.T) {
	dir := t.TempDir()
	if err := os.MkdirAll(filepath.Join(dir, ".git"), 0o700); err != nil {
		t.Fatal(err)
	}
	cfg := defaultCfg()
	cfg.RequireProjectMarker = true
	c := ClassifyCWD(dir, cfg)
	if c.Tier != TierWarn {
		t.Errorf("git repo without marker under RequireProjectMarker tier = %v, want warn", c.Tier)
	}
}

func TestClassifyCWD_ProjectInsideHomeIsOK(t *testing.T) {
	home, err := os.UserHomeDir()
	if err != nil || home == "" {
		t.Skip("UserHomeDir unavailable")
	}
	// Project markers anywhere — including inside $HOME — must
	// override the personal-dumping-ground warn.
	dir := filepath.Join(home, ".gnoma-safety-test-tmp")
	if err := os.MkdirAll(dir, 0o700); err != nil {
		t.Skipf("could not create test dir: %v", err)
	}
	defer func() { _ = os.RemoveAll(dir) }()
	if err := os.WriteFile(filepath.Join(dir, "go.mod"), []byte("module test"), 0o600); err != nil {
		t.Fatal(err)
	}
	cfg := defaultCfg()
	c := ClassifyCWD(dir, cfg)
	if c.Tier != TierOK {
		t.Errorf("project dir inside $HOME tier = %v, want ok", c.Tier)
	}
}

func TestClassifyCWD_RefuseDisabled(t *testing.T) {
	cfg := defaultCfg()
	cfg.RefuseInSystemDirs = false
	c := ClassifyCWD("/etc", cfg)
	if c.Tier == TierRefuse {
		t.Errorf("with refuse_in_system_dirs=false, /etc tier = %v, want warn or ok", c.Tier)
	}
}

func TestClassifyCWD_WarnInHomeDisabled(t *testing.T) {
	home, err := os.UserHomeDir()
	if err != nil || home == "" {
		t.Skip("UserHomeDir unavailable")
	}
	cfg := defaultCfg()
	cfg.WarnInHome = false
	c := ClassifyCWD(home, cfg)
	if c.Tier != TierOK {
		t.Errorf("with warn_in_home=false, $HOME tier = %v, want ok", c.Tier)
	}
}

func TestTier_String(t *testing.T) {
	cases := map[Tier]string{
		TierOK:     "ok",
		TierWarn:   "warn",
		TierRefuse: "refuse",
	}
	for tier, want := range cases {
		if got := tier.String(); got != want {
			t.Errorf("%d.String() = %q, want %q", tier, got, want)
		}
	}
}