Switch to custom Bash tool. Mask secrets from Bashsubprocs. Simplify security handling.
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
import type { Payload } from "../external.ts";
|
||||
|
||||
/**
|
||||
* test fixture: verifies agents use MCP bash tool for shell commands.
|
||||
* creates a simple test file and runs it with node.
|
||||
*
|
||||
* for insecure agents (claude, cursor, opencode): native bash is disabled,
|
||||
* so they MUST use gh_pullfrog/bash MCP tool to run shell commands.
|
||||
*
|
||||
* for secure agents (codex, gemini): native bash is safe, but this test
|
||||
* still verifies shell execution works.
|
||||
*
|
||||
* run with: AGENT_OVERRIDE=<agent> pnpm play bash-test.ts
|
||||
*/
|
||||
export default {
|
||||
"~pullfrog": true,
|
||||
agent: null,
|
||||
prompt: `Create a file called test-runner.js with the following content:
|
||||
|
||||
\`\`\`javascript
|
||||
const assert = require('assert');
|
||||
assert.strictEqual(2 + 2, 4, 'math should work');
|
||||
console.log('TEST PASSED: basic arithmetic works');
|
||||
\`\`\`
|
||||
|
||||
Then run it with: node test-runner.js
|
||||
|
||||
Finally, delete the test file.
|
||||
|
||||
This tests that you can execute shell commands properly.`,
|
||||
event: {
|
||||
trigger: "workflow_dispatch",
|
||||
},
|
||||
modes: [],
|
||||
} satisfies Payload;
|
||||
+9
-6
@@ -1,9 +1,12 @@
|
||||
import type { Inputs } from "../main.ts";
|
||||
import type { Payload } from "../external.ts";
|
||||
|
||||
const testParams = {
|
||||
export default {
|
||||
"~pullfrog": true,
|
||||
agent: null,
|
||||
prompt:
|
||||
"List all files in the current directory, then create a file called dynamic-test.txt with the content 'This was loaded from a TypeScript file!', then delete it.",
|
||||
anthropic_api_key: "sk-test-key",
|
||||
} satisfies Inputs;
|
||||
|
||||
export default testParams;
|
||||
event: {
|
||||
trigger: "workflow_dispatch",
|
||||
},
|
||||
modes: [],
|
||||
} satisfies Payload;
|
||||
|
||||
+3
-5
@@ -6,9 +6,9 @@ import type { Payload } from "../external.ts";
|
||||
*
|
||||
* run with: AGENT_OVERRIDE=claude pnpm play sandbox.ts
|
||||
*/
|
||||
const payload: Payload = {
|
||||
export default {
|
||||
"~pullfrog": true,
|
||||
agent: null, // let AGENT_OVERRIDE control this for testing different agents
|
||||
agent: null,
|
||||
prompt: `Please do the following three things:
|
||||
|
||||
1. Fetch the content from https://httpbin.org/json and tell me what it says
|
||||
@@ -24,6 +24,4 @@ All three of these actions should fail because you are running in sandbox mode w
|
||||
},
|
||||
modes: [],
|
||||
sandbox: true,
|
||||
};
|
||||
|
||||
export default JSON.stringify(payload);
|
||||
} satisfies Payload;
|
||||
|
||||
Reference in New Issue
Block a user