// policy-loader.test.mjs — Tests for policy-as-code loader import { describe, it, beforeEach, afterEach } from 'node:test'; import assert from 'node:assert/strict'; import { writeFileSync, mkdirSync, rmSync, existsSync } from 'node:fs'; import { join } from 'node:path'; import { tmpdir } from 'node:os'; import { loadPolicy, getPolicyValue, getPolicyValueWithEnvWarn, getDefaultPolicy, _resetCacheForTest } from '../../scanners/lib/policy-loader.mjs'; const TEST_ROOT = join(tmpdir(), `llm-security-policy-test-${Date.now()}`); const POLICY_DIR = join(TEST_ROOT, '.llm-security'); const POLICY_FILE = join(POLICY_DIR, 'policy.json'); describe('policy-loader', () => { beforeEach(() => { _resetCacheForTest(); mkdirSync(POLICY_DIR, { recursive: true }); }); afterEach(() => { _resetCacheForTest(); try { rmSync(TEST_ROOT, { recursive: true }); } catch {} }); it('returns defaults when no policy file exists', () => { rmSync(POLICY_FILE, { force: true }); const policy = loadPolicy(TEST_ROOT); assert.equal(policy.version, '1.0'); assert.equal(policy.injection.mode, 'block'); assert.equal(policy.trifecta.mode, 'warn'); assert.equal(policy.trifecta.window_size, 20); }); it('reads and merges valid policy file', () => { writeFileSync(POLICY_FILE, JSON.stringify({ version: '1.0', trifecta: { mode: 'off' }, })); const policy = loadPolicy(TEST_ROOT); assert.equal(policy.trifecta.mode, 'off'); // Other defaults preserved assert.equal(policy.trifecta.window_size, 20); assert.equal(policy.injection.mode, 'block'); }); it('handles partial policy (deep merge preserves defaults)', () => { writeFileSync(POLICY_FILE, JSON.stringify({ secrets: { additional_patterns: ['CUSTOM_SECRET=\\w+'] }, })); const policy = loadPolicy(TEST_ROOT); assert.deepEqual(policy.secrets.additional_patterns, ['CUSTOM_SECRET=\\w+']); assert.deepEqual(policy.secrets.allowed_paths, []); // default preserved }); it('caches policy per root', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' } })); const p1 = loadPolicy(TEST_ROOT); // Modify file — should still return cached writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'off' } })); const p2 = loadPolicy(TEST_ROOT); assert.equal(p1, p2); // same reference (cached) assert.equal(p2.trifecta.mode, 'block'); // original value }); it('getPolicyValue returns correct values', () => { writeFileSync(POLICY_FILE, JSON.stringify({ mcp: { volume_threshold_bytes: 500_000 }, })); const val = getPolicyValue('mcp', 'volume_threshold_bytes', 100_000, TEST_ROOT); assert.equal(val, 500_000); }); it('getPolicyValue returns default when key not in policy', () => { writeFileSync(POLICY_FILE, JSON.stringify({ version: '1.0' })); const val = getPolicyValue('mcp', 'nonexistent_key', 42, TEST_ROOT); assert.equal(val, 42); }); it('handles invalid JSON gracefully', () => { writeFileSync(POLICY_FILE, 'not valid json!!!'); const policy = loadPolicy(TEST_ROOT); // Should return defaults without crashing assert.equal(policy.version, '1.0'); assert.equal(policy.injection.mode, 'block'); }); it('getDefaultPolicy returns a copy', () => { const d1 = getDefaultPolicy(); const d2 = getDefaultPolicy(); assert.deepEqual(d1, d2); assert.notEqual(d1, d2); // different references }); it('default policy matches existing hardcoded values', () => { const defaults = getDefaultPolicy(); // These must match the hardcoded values in hooks assert.equal(defaults.injection.mode, 'block'); assert.equal(defaults.trifecta.mode, 'warn'); assert.equal(defaults.trifecta.window_size, 20); assert.equal(defaults.trifecta.long_horizon_window, 100); assert.equal(defaults.mcp.volume_threshold_bytes, 100_000); }); it('default policy includes ci section with null/false defaults', () => { const defaults = getDefaultPolicy(); assert.equal(defaults.ci.failOn, null); assert.equal(defaults.ci.compact, false); }); it('ci section merges correctly from policy file', () => { writeFileSync(POLICY_FILE, JSON.stringify({ ci: { failOn: 'high' }, })); const policy = loadPolicy(TEST_ROOT); assert.equal(policy.ci.failOn, 'high'); assert.equal(policy.ci.compact, false); // default preserved }); it('ci section allows compact override', () => { writeFileSync(POLICY_FILE, JSON.stringify({ ci: { failOn: 'critical', compact: true }, })); const policy = loadPolicy(TEST_ROOT); assert.equal(policy.ci.failOn, 'critical'); assert.equal(policy.ci.compact, true); }); it('default policy includes trifecta.escalation_window=5 (D3)', () => { const defaults = getDefaultPolicy(); assert.equal(defaults.trifecta.escalation_window, 5); }); }); // --------------------------------------------------------------------------- // D3: getPolicyValueWithEnvWarn — env-var deprecation warnings // --------------------------------------------------------------------------- describe('getPolicyValueWithEnvWarn (D3)', () => { const ENV_VAR = 'LLM_SECURITY_TEST_DEPRECATED'; const QUIET_VAR = 'LLM_SECURITY_DEPRECATION_QUIET'; let originalWrite; let stderrCapture; beforeEach(() => { _resetCacheForTest(); mkdirSync(POLICY_DIR, { recursive: true }); delete process.env[ENV_VAR]; delete process.env[QUIET_VAR]; stderrCapture = []; originalWrite = process.stderr.write.bind(process.stderr); process.stderr.write = (chunk, ...rest) => { stderrCapture.push(typeof chunk === 'string' ? chunk : chunk.toString()); return true; }; }); afterEach(() => { process.stderr.write = originalWrite; delete process.env[ENV_VAR]; delete process.env[QUIET_VAR]; _resetCacheForTest(); try { rmSync(TEST_ROOT, { recursive: true }); } catch {} }); it('env wins over policy.json (existing behaviour unchanged)', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' }, })); process.env[ENV_VAR] = 'off'; const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'off'); }); it('returns policy value when env-var is unset', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' }, })); const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'block'); assert.equal(stderrCapture.join(''), ''); // no warning when only policy is set }); it('returns default when neither env nor policy is set', () => { rmSync(POLICY_FILE, { force: true }); const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'warn'); assert.equal(stderrCapture.join(''), ''); }); it('emits one stderr deprecation warning when env+policy both set', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' }, })); process.env[ENV_VAR] = 'off'; const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'off'); const stderr = stderrCapture.join(''); assert.match(stderr, /\[llm-security\] Deprecation: env-var LLM_SECURITY_TEST_DEPRECATED/); assert.match(stderr, /will be removed in v8\.0\.0/); assert.match(stderr, /policy\.json key trifecta\.mode also set/); assert.match(stderr, /Suppress with LLM_SECURITY_DEPRECATION_QUIET=1/); }); it('warns only once per env-var within the same process', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' }, })); process.env[ENV_VAR] = 'off'; getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); const stderr = stderrCapture.join(''); const matches = stderr.match(/\[llm-security\] Deprecation:/g) || []; assert.equal(matches.length, 1); }); it('LLM_SECURITY_DEPRECATION_QUIET=1 suppresses warning entirely', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' }, })); process.env[ENV_VAR] = 'off'; process.env[QUIET_VAR] = '1'; const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'off'); assert.equal(stderrCapture.join(''), ''); }); it('does not warn when policy value equals defaultValue (user did not override)', () => { writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'warn' }, // matches defaultValue })); process.env[ENV_VAR] = 'off'; const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT); assert.equal(val, 'off'); assert.equal(stderrCapture.join(''), ''); }); });