ktg-plugin-marketplace/plugins/llm-security/tests/lib/policy-loader.test.mjs

// policy-loader.test.mjs — Tests for policy-as-code loader

import { describe, it, beforeEach, afterEach } from 'node:test';
import assert from 'node:assert/strict';
import { writeFileSync, mkdirSync, rmSync, existsSync } from 'node:fs';
import { join } from 'node:path';
import { tmpdir } from 'node:os';
import { loadPolicy, getPolicyValue, getPolicyValueWithEnvWarn, getDefaultPolicy, _resetCacheForTest } from '../../scanners/lib/policy-loader.mjs';

const TEST_ROOT = join(tmpdir(), `llm-security-policy-test-${Date.now()}`);
const POLICY_DIR = join(TEST_ROOT, '.llm-security');
const POLICY_FILE = join(POLICY_DIR, 'policy.json');

describe('policy-loader', () => {
  beforeEach(() => {
    _resetCacheForTest();
    mkdirSync(POLICY_DIR, { recursive: true });
  });

  afterEach(() => {
    _resetCacheForTest();
    try { rmSync(TEST_ROOT, { recursive: true }); } catch {}
  });

  it('returns defaults when no policy file exists', () => {
    rmSync(POLICY_FILE, { force: true });
    const policy = loadPolicy(TEST_ROOT);
    assert.equal(policy.version, '1.0');
    assert.equal(policy.injection.mode, 'block');
    assert.equal(policy.trifecta.mode, 'warn');
    assert.equal(policy.trifecta.window_size, 20);
  });

  it('reads and merges valid policy file', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      version: '1.0',
      trifecta: { mode: 'off' },
    }));
    const policy = loadPolicy(TEST_ROOT);
    assert.equal(policy.trifecta.mode, 'off');
    // Other defaults preserved
    assert.equal(policy.trifecta.window_size, 20);
    assert.equal(policy.injection.mode, 'block');
  });

  it('handles partial policy (deep merge preserves defaults)', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      secrets: { additional_patterns: ['CUSTOM_SECRET=\\w+'] },
    }));
    const policy = loadPolicy(TEST_ROOT);
    assert.deepEqual(policy.secrets.additional_patterns, ['CUSTOM_SECRET=\\w+']);
    assert.deepEqual(policy.secrets.allowed_paths, []); // default preserved
  });

  it('caches policy per root', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'block' } }));
    const p1 = loadPolicy(TEST_ROOT);
    // Modify file — should still return cached
    writeFileSync(POLICY_FILE, JSON.stringify({ trifecta: { mode: 'off' } }));
    const p2 = loadPolicy(TEST_ROOT);
    assert.equal(p1, p2); // same reference (cached)
    assert.equal(p2.trifecta.mode, 'block'); // original value
  });

  it('getPolicyValue returns correct values', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      mcp: { volume_threshold_bytes: 500_000 },
    }));
    const val = getPolicyValue('mcp', 'volume_threshold_bytes', 100_000, TEST_ROOT);
    assert.equal(val, 500_000);
  });

  it('getPolicyValue returns default when key not in policy', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({ version: '1.0' }));
    const val = getPolicyValue('mcp', 'nonexistent_key', 42, TEST_ROOT);
    assert.equal(val, 42);
  });

  it('handles invalid JSON gracefully', () => {
    writeFileSync(POLICY_FILE, 'not valid json!!!');
    const policy = loadPolicy(TEST_ROOT);
    // Should return defaults without crashing
    assert.equal(policy.version, '1.0');
    assert.equal(policy.injection.mode, 'block');
  });

  it('getDefaultPolicy returns a copy', () => {
    const d1 = getDefaultPolicy();
    const d2 = getDefaultPolicy();
    assert.deepEqual(d1, d2);
    assert.notEqual(d1, d2); // different references
  });

  it('default policy matches existing hardcoded values', () => {
    const defaults = getDefaultPolicy();
    // These must match the hardcoded values in hooks
    assert.equal(defaults.injection.mode, 'block');
    assert.equal(defaults.trifecta.mode, 'warn');
    assert.equal(defaults.trifecta.window_size, 20);
    assert.equal(defaults.trifecta.long_horizon_window, 100);
    assert.equal(defaults.mcp.volume_threshold_bytes, 100_000);
  });

  it('default policy includes ci section with null/false defaults', () => {
    const defaults = getDefaultPolicy();
    assert.equal(defaults.ci.failOn, null);
    assert.equal(defaults.ci.compact, false);
  });

  it('ci section merges correctly from policy file', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      ci: { failOn: 'high' },
    }));
    const policy = loadPolicy(TEST_ROOT);
    assert.equal(policy.ci.failOn, 'high');
    assert.equal(policy.ci.compact, false); // default preserved
  });

  it('ci section allows compact override', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      ci: { failOn: 'critical', compact: true },
    }));
    const policy = loadPolicy(TEST_ROOT);
    assert.equal(policy.ci.failOn, 'critical');
    assert.equal(policy.ci.compact, true);
  });

  it('default policy includes trifecta.escalation_window=5 (D3)', () => {
    const defaults = getDefaultPolicy();
    assert.equal(defaults.trifecta.escalation_window, 5);
  });
});

// ---------------------------------------------------------------------------
// D3: getPolicyValueWithEnvWarn — env-var deprecation warnings
// ---------------------------------------------------------------------------

describe('getPolicyValueWithEnvWarn (D3)', () => {
  const ENV_VAR = 'LLM_SECURITY_TEST_DEPRECATED';
  const QUIET_VAR = 'LLM_SECURITY_DEPRECATION_QUIET';
  let originalWrite;
  let stderrCapture;

  beforeEach(() => {
    _resetCacheForTest();
    mkdirSync(POLICY_DIR, { recursive: true });
    delete process.env[ENV_VAR];
    delete process.env[QUIET_VAR];
    stderrCapture = [];
    originalWrite = process.stderr.write.bind(process.stderr);
    process.stderr.write = (chunk, ...rest) => {
      stderrCapture.push(typeof chunk === 'string' ? chunk : chunk.toString());
      return true;
    };
  });

  afterEach(() => {
    process.stderr.write = originalWrite;
    delete process.env[ENV_VAR];
    delete process.env[QUIET_VAR];
    _resetCacheForTest();
    try { rmSync(TEST_ROOT, { recursive: true }); } catch {}
  });

  it('env wins over policy.json (existing behaviour unchanged)', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'block' },
    }));
    process.env[ENV_VAR] = 'off';
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'off');
  });

  it('returns policy value when env-var is unset', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'block' },
    }));
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'block');
    assert.equal(stderrCapture.join(''), ''); // no warning when only policy is set
  });

  it('returns default when neither env nor policy is set', () => {
    rmSync(POLICY_FILE, { force: true });
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'warn');
    assert.equal(stderrCapture.join(''), '');
  });

  it('emits one stderr deprecation warning when env+policy both set', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'block' },
    }));
    process.env[ENV_VAR] = 'off';
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'off');
    const stderr = stderrCapture.join('');
    assert.match(stderr, /\[llm-security\] Deprecation: env-var LLM_SECURITY_TEST_DEPRECATED/);
    assert.match(stderr, /will be removed in v8\.0\.0/);
    assert.match(stderr, /policy\.json key trifecta\.mode also set/);
    assert.match(stderr, /Suppress with LLM_SECURITY_DEPRECATION_QUIET=1/);
  });

  it('warns only once per env-var within the same process', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'block' },
    }));
    process.env[ENV_VAR] = 'off';
    getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    const stderr = stderrCapture.join('');
    const matches = stderr.match(/\[llm-security\] Deprecation:/g) || [];
    assert.equal(matches.length, 1);
  });

  it('LLM_SECURITY_DEPRECATION_QUIET=1 suppresses warning entirely', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'block' },
    }));
    process.env[ENV_VAR] = 'off';
    process.env[QUIET_VAR] = '1';
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'off');
    assert.equal(stderrCapture.join(''), '');
  });

  it('does not warn when policy value equals defaultValue (user did not override)', () => {
    writeFileSync(POLICY_FILE, JSON.stringify({
      trifecta: { mode: 'warn' }, // matches defaultValue
    }));
    process.env[ENV_VAR] = 'off';
    const val = getPolicyValueWithEnvWarn('trifecta', 'mode', ENV_VAR, 'warn', TEST_ROOT);
    assert.equal(val, 'off');
    assert.equal(stderrCapture.join(''), '');
  });
});