test: agent — .env read protection and analyst write denial

[anandgupta42]

Summary

Proactive test coverage for two security-relevant agent permission gaps discovered during exhaustive test-discovery analysis.

1. Builder agent .env read protection — src/agent/agent.ts (lines 72-77) (7 new assertions)

The agent defaults configure read: { "*": "allow", "*.env": "ask", "*.env.*": "ask", "*.env.example": "allow" } to prevent accidental secret exposure when reading .env files. While other permission defaults (edit, bash, doom_loop, external_directory, sql_execute_write) had dedicated tests, the .env read protection was never verified. A regression removing the *.env ask rule would go undetected.

New coverage includes:

• .env, .env.local, .env.production, and nested config/.env.staging all require "ask"
• Regular files (src/index.ts, package.json) remain "allow"
• .env.example is explicitly "allow" (safe to share)

2. Analyst agent file modification denial — src/agent/agent.ts (lines 161-207) (7 new assertions)

The analyst agent is documented as "Read-only data exploration and analysis. Cannot modify files." Existing tests verified sql_execute_write denial and specific bash command restrictions, but never checked that core file-modification tools (edit, write, todowrite, todoread) are denied. A regression adding these tools to the analyst's allow list would go undetected.

New coverage includes:

• edit, write, todowrite, todoread all evaluate to "deny"
• read, grep, glob remain "allow" (analyst's explicit overrides after the catch-all deny)

Type of change

• New feature (non-breaking change which adds functionality)

Issue for this PR

N/A — proactive test coverage from test-discovery analysis

How did you verify your code works?

bun test test/agent/agent.test.ts       # 45 pass (43 existing + 2 new)

Checklist

• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

https://claude.ai/code/session_01Wp9YaEvw6jAAL73VVdXFxA

Summary by CodeRabbit

• Tests
  • Expanded test coverage for agent permission and access control validation, including verification of file read/write permissions and environment-specific file handling across different agent types.

[claude]

Claude Code Review

This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.

_{Tip: disable this comment in your organization's Code Review settings.}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 8576daa1-4eb6-4464-a679-129b3df15e30

📥 Commits

Reviewing files that changed from the base of the PR and between 9ba2114 and 4a458fe.

📒 Files selected for processing (1)

• packages/opencode/test/agent/agent.test.ts

---

📝 Walkthrough

Walkthrough

New permission-focused test cases were added to validate agent access control for the builder and analyst agents. These tests assert expected behaviors for various file operations and tool interactions, covering .env secret-read prompting and write-modification denial scenarios.

Changes

Cohort / File(s)	Summary
Agent Permission Tests packages/opencode/test/agent/agent.test.ts	Added test cases for builder agent (validating .env* paths return ask action while regular files return allow) and analyst agent (validating modification and todo-writing tools return deny while read-oriented tools return allow).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Suggested labels

contributor

Poem

🐰 A rabbit hops through tests so fine,
Agent permissions now align,
Builders ask, analysts deny,
.env secrets stay on high,
Tests all pass—what a blessed sign!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the two main changes: .env read protection testing for the builder agent and write denial testing for the analyst agent.
Description check	✅ Passed	The description comprehensively addresses all template sections: Summary explains the security-relevant gaps, Test Plan details verification steps, and Checklist confirms tests added and passing.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch test/hourly-20260328-1318

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[anandgupta42]

Consolidated into #545