swarm repositories / source
aboutsummaryrefslogtreecommitdiff
path: root/crates/phone-opus/tests/mcp_hardening.rs
diff options
context:
space:
mode:
Diffstat (limited to 'crates/phone-opus/tests/mcp_hardening.rs')
-rw-r--r--crates/phone-opus/tests/mcp_hardening.rs35
1 files changed, 34 insertions, 1 deletions
diff --git a/crates/phone-opus/tests/mcp_hardening.rs b/crates/phone-opus/tests/mcp_hardening.rs
index 107a578..06861f8 100644
--- a/crates/phone-opus/tests/mcp_hardening.rs
+++ b/crates/phone-opus/tests/mcp_hardening.rs
@@ -209,6 +209,15 @@ if [ -n "${PHONE_OPUS_TEST_CWD_WRITE_PROBE_FILE:-}" ]; then
printf 'write_failed\n' >"$PHONE_OPUS_TEST_CWD_WRITE_PROBE_FILE"
fi
fi
+if [ -n "${PHONE_OPUS_TEST_CREDENTIAL_WRITE_PROBE_FILE:-}" ]; then
+ credentials_target="${HOME}/.claude/.credentials.json"
+ credentials_error="${PHONE_OPUS_TEST_CREDENTIAL_WRITE_ERROR_FILE:-/tmp/phone-opus-credentials.err}"
+ if : >>"$credentials_target" 2>"$credentials_error"; then
+ printf 'write_succeeded\n' >"$PHONE_OPUS_TEST_CREDENTIAL_WRITE_PROBE_FILE"
+ else
+ printf 'write_failed\n' >"$PHONE_OPUS_TEST_CREDENTIAL_WRITE_PROBE_FILE"
+ fi
+fi
if [ -n "${PHONE_OPUS_TEST_STDERR:-}" ]; then
printf '%s\n' "$PHONE_OPUS_TEST_STDERR" >&2
fi
@@ -331,6 +340,8 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki
let env_file = root.join("env.txt");
let cwd_probe_file = root.join("cwd-write-probe.txt");
let cwd_probe_error_file = root.join("cwd-write-probe.err");
+ let credential_probe_file = root.join("credential-write-probe.txt");
+ let credential_probe_error_file = root.join("credential-write-probe.err");
let resumed_session = "81f218eb-568b-409b-871b-f6e86d8f666f";
write_fake_claude_script(&fake_claude)?;
must(
@@ -372,6 +383,8 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki
let env_path = env_file.display().to_string();
let cwd_probe_path = cwd_probe_file.display().to_string();
let cwd_probe_error_path = cwd_probe_error_file.display().to_string();
+ let credential_probe_path = credential_probe_file.display().to_string();
+ let credential_probe_error_path = credential_probe_error_file.display().to_string();
let caller_home_path = caller_home.display().to_string();
let env = [
("HOME", caller_home_path.as_str()),
@@ -388,6 +401,14 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki
"PHONE_OPUS_TEST_CWD_WRITE_ERROR_FILE",
cwd_probe_error_path.as_str(),
),
+ (
+ "PHONE_OPUS_TEST_CREDENTIAL_WRITE_PROBE_FILE",
+ credential_probe_path.as_str(),
+ ),
+ (
+ "PHONE_OPUS_TEST_CREDENTIAL_WRITE_ERROR_FILE",
+ credential_probe_error_path.as_str(),
+ ),
];
let mut harness = McpHarness::spawn(&state_home, &env)?;
let _ = harness.initialize()?;
@@ -494,8 +515,15 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki
assert_eq!(
must(
+ fs::read_link(claude_home.join(".claude").join(".credentials.json")),
+ "read credentials symlink"
+ )?,
+ caller_home.join(".claude").join(".credentials.json")
+ );
+ assert_eq!(
+ must(
fs::read_to_string(claude_home.join(".claude").join(".credentials.json")),
- "read mirrored credentials"
+ "read linked credentials"
)?,
"{\n \"auth\": \"token\"\n}\n"
);
@@ -538,6 +566,11 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki
"read cwd write probe result",
)?;
assert_eq!(cwd_probe.trim(), "write_failed");
+ let credential_probe = must(
+ fs::read_to_string(&credential_probe_file),
+ "read credential write probe result",
+ )?;
+ assert_eq!(credential_probe.trim(), "write_succeeded");
let telemetry = harness.call_tool(4, "telemetry_snapshot", json!({}))?;
assert_tool_ok(&telemetry);
swarm source