test: add more tests to make sure that cwd is locked for read tool

rekram1-node · rekram1-node · commit 664e6bf2d06f · 2025-12-26T14:30:05.000-06:00
diff --git a/packages/opencode/test/tool/read.test.ts b/packages/opencode/test/tool/read.test.ts
@@ -13,6 +13,137 @@ const ctx = {
   metadata: () => {},
 }
 
+describe("tool.read external_directory permission", () => {
+  test("allows reading absolute path inside project directory", async () => {
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(path.join(dir, "test.txt"), "hello world")
+        await Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            permission: {
+              external_directory: "deny",
+            },
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const read = await ReadTool.init()
+        const result = await read.execute({ filePath: path.join(tmp.path, "test.txt") }, ctx)
+        expect(result.output).toContain("hello world")
+      },
+    })
+  })
+
+  test("allows reading file in subdirectory inside project directory", async () => {
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(path.join(dir, "subdir", "test.txt"), "nested content")
+        await Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            permission: {
+              external_directory: "deny",
+            },
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const read = await ReadTool.init()
+        const result = await read.execute({ filePath: path.join(tmp.path, "subdir", "test.txt") }, ctx)
+        expect(result.output).toContain("nested content")
+      },
+    })
+  })
+
+  test("denies reading absolute path outside project directory", async () => {
+    await using outerTmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(path.join(dir, "secret.txt"), "secret data")
+      },
+    })
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            permission: {
+              external_directory: "deny",
+            },
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const read = await ReadTool.init()
+        await expect(read.execute({ filePath: path.join(outerTmp.path, "secret.txt") }, ctx)).rejects.toThrow(
+          "not in the current working directory",
+        )
+      },
+    })
+  })
+
+  test("denies reading relative path that traverses outside project directory", async () => {
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            permission: {
+              external_directory: "deny",
+            },
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const read = await ReadTool.init()
+        await expect(read.execute({ filePath: "../../../etc/passwd" }, ctx)).rejects.toThrow(
+          "not in the current working directory",
+        )
+      },
+    })
+  })
+
+  test("allows reading outside project directory when external_directory is allow", async () => {
+    await using outerTmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(path.join(dir, "external.txt"), "external content")
+      },
+    })
+    await using tmp = await tmpdir({
+      init: async (dir) => {
+        await Bun.write(
+          path.join(dir, "opencode.json"),
+          JSON.stringify({
+            permission: {
+              external_directory: "allow",
+            },
+          }),
+        )
+      },
+    })
+    await Instance.provide({
+      directory: tmp.path,
+      fn: async () => {
+        const read = await ReadTool.init()
+        const result = await read.execute({ filePath: path.join(outerTmp.path, "external.txt") }, ctx)
+        expect(result.output).toContain("external content")
+      },
+    })
+  })
+})
+
 describe("tool.read env file blocking", () => {
   test.each([
     [".env", true],
