follow-up: align ingress, atomic paths, and channel tests with credential semantics (#33733)

Merged via squash. Prepared head SHA: c290c2ab6a Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Co-authored-by: joshavant <830519+joshavant@users.noreply.github.com> Reviewed-by: @joshavant
2026-05-29 15:05:04 +00:00 · 2026-03-03 20:29:46 -06:00
parent 6842877b2e
commit 1c200ca7ae
36 changed files with 1130 additions and 219 deletions
--- a/src/gateway/server-methods/agent.test.ts
+++ b/src/gateway/server-methods/agent.test.ts
@@ -41,6 +41,7 @@ vi.mock("../../config/sessions.js", async () => {

 vi.mock("../../commands/agent.js", () => ({
  agentCommand: mocks.agentCommand,
+  agentCommandFromIngress: mocks.agentCommand,
 }));

 vi.mock("../../config/config.js", async () => {
--- a/src/gateway/server-methods/agents-mutate.test.ts
+++ b/src/gateway/server-methods/agents-mutate.test.ts
@@ -566,7 +566,7 @@ describe("agents.files.get/set symlink safety", () => {
    },
  );

-  it("allows in-workspace symlink targets for get/set", async () => {
+  it("allows in-workspace symlink reads but rejects writes through symlink aliases", async () => {
    const workspace = "/workspace/test-agent";
    const candidate = path.resolve(workspace, "AGENTS.md");
    const target = path.resolve(workspace, "policies", "AGENTS.md");
@@ -626,12 +626,11 @@ describe("agents.files.get/set symlink safety", () => {
    });
    await setCall.promise;
    expect(setCall.respond).toHaveBeenCalledWith(
-      true,
-      expect.objectContaining({
-        ok: true,
-        file: expect.objectContaining({ missing: false, content: "updated\n" }),
-      }),
+      false,
      undefined,
+      expect.objectContaining({
+        message: expect.stringContaining('unsafe workspace file "AGENTS.md"'),
+      }),
    );
  });