refactor: dedupe cli config cron and install flows

2026-05-30 00:35:04 +00:00 · 2026-03-02 19:48:38 +00:00
parent 9d30159fcd
commit b1c30f0ba9
80 changed files with 1379 additions and 2027 deletions
--- a/src/infra/exec-approvals.test.ts
+++ b/src/infra/exec-approvals.test.ts
@@ -625,6 +625,36 @@ describe("exec approvals shell allowlist (chained commands)", () => {
 });

 describe("exec approvals allowlist evaluation", () => {
+  function evaluateAutoAllowSkills(params: {
+    analysis: {
+      ok: boolean;
+      segments: Array<{
+        raw: string;
+        argv: string[];
+        resolution: {
+          rawExecutable: string;
+          executableName: string;
+          resolvedPath?: string;
+        };
+      }>;
+    };
+    resolvedPath: string;
+  }) {
+    return evaluateExecAllowlist({
+      analysis: params.analysis,
+      allowlist: [],
+      safeBins: new Set(),
+      skillBins: [{ name: "skill-bin", resolvedPath: params.resolvedPath }],
+      autoAllowSkills: true,
+      cwd: "/tmp",
+    });
+  }
+
+  function expectAutoAllowSkillsMiss(result: ReturnType<typeof evaluateExecAllowlist>): void {
+    expect(result.allowlistSatisfied).toBe(false);
+    expect(result.segmentSatisfiedBy).toEqual([null]);
+  }
+
  it("satisfies allowlist on exact match", () => {
    const analysis = {
      ok: true,
@@ -696,13 +726,9 @@ describe("exec approvals allowlist evaluation", () => {
        },
      ],
    };
-    const result = evaluateExecAllowlist({
+    const result = evaluateAutoAllowSkills({
      analysis,
-      allowlist: [],
-      safeBins: new Set(),
-      skillBins: [{ name: "skill-bin", resolvedPath: "/opt/skills/skill-bin" }],
-      autoAllowSkills: true,
-      cwd: "/tmp",
+      resolvedPath: "/opt/skills/skill-bin",
    });
    expect(result.allowlistSatisfied).toBe(true);
  });
@@ -722,16 +748,11 @@ describe("exec approvals allowlist evaluation", () => {
        },
      ],
    };
-    const result = evaluateExecAllowlist({
+    const result = evaluateAutoAllowSkills({
      analysis,
-      allowlist: [],
-      safeBins: new Set(),
-      skillBins: [{ name: "skill-bin", resolvedPath: "/tmp/skill-bin" }],
-      autoAllowSkills: true,
-      cwd: "/tmp",
+      resolvedPath: "/tmp/skill-bin",
    });
-    expect(result.allowlistSatisfied).toBe(false);
-    expect(result.segmentSatisfiedBy).toEqual([null]);
+    expectAutoAllowSkillsMiss(result);
  });

  it("does not satisfy auto-allow skills when command resolution is missing", () => {
@@ -748,16 +769,11 @@ describe("exec approvals allowlist evaluation", () => {
        },
      ],
    };
-    const result = evaluateExecAllowlist({
+    const result = evaluateAutoAllowSkills({
      analysis,
-      allowlist: [],
-      safeBins: new Set(),
-      skillBins: [{ name: "skill-bin", resolvedPath: "/opt/skills/skill-bin" }],
-      autoAllowSkills: true,
-      cwd: "/tmp",
+      resolvedPath: "/opt/skills/skill-bin",
    });
-    expect(result.allowlistSatisfied).toBe(false);
-    expect(result.segmentSatisfiedBy).toEqual([null]);
+    expectAutoAllowSkillsMiss(result);
  });

  it("returns empty segment details for chain misses", () => {