From 5cf9432092da40a2653c3d156ca5a4746e853827 Mon Sep 17 00:00:00 2001 From: main Date: Mon, 23 Mar 2026 16:13:37 -0400 Subject: Inject consult prompt prefix --- crates/phone-opus/tests/mcp_hardening.rs | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'crates/phone-opus/tests') diff --git a/crates/phone-opus/tests/mcp_hardening.rs b/crates/phone-opus/tests/mcp_hardening.rs index 918c3c4..e9ee06b 100644 --- a/crates/phone-opus/tests/mcp_hardening.rs +++ b/crates/phone-opus/tests/mcp_hardening.rs @@ -13,6 +13,13 @@ use serde_json::{Value, json}; use thiserror as _; use uuid as _; +use phone_opus_test_support::PROMPT_PREFIX; + +mod phone_opus_test_support { + pub(super) const PROMPT_PREFIX: &str = + "You are being invoked in a read-only consultation mode by another model."; +} + type TestResult = Result>; fn must( @@ -304,6 +311,10 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki tool_content(&consult)["requested_session_id"].as_str(), Some(resumed_session) ); + assert_eq!( + tool_content(&consult)["prompt_prefix_injected"].as_bool(), + Some(true) + ); assert_eq!( tool_content(&consult)["cwd"].as_str(), Some(sandbox.display().to_string().as_str()) @@ -339,7 +350,11 @@ fn consult_can_resume_a_prior_session_with_read_only_toolset_and_requested_worki assert!(lines.contains(&resumed_session)); assert!(lines.contains(&"--max-turns")); assert!(lines.contains(&"7")); - assert_eq!(lines.last().copied(), Some("say oracle")); + assert!(args.contains(PROMPT_PREFIX)); + assert!(args.contains("The real prompt follows.")); + let prefix_index = must_some(args.find(PROMPT_PREFIX), "prefixed consult prompt")?; + let user_prompt_index = must_some(args.find("say oracle"), "user prompt inside args")?; + assert!(prefix_index < user_prompt_index); let telemetry = harness.call_tool(4, "telemetry_snapshot", json!({}))?; assert_tool_ok(&telemetry); -- cgit v1.2.3