yovinchen/claudia-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bcffce0a08388fe778cee8c3aca2e89b1cd28420
claudia-old/src-tauri/tests/sandbox
History
Mufeed VH bcffce0a08 style: apply cargo fmt across entire Rust codebase 
- Remove Rust formatting check from CI workflow since formatting is now applied
- Standardize import ordering and organization throughout codebase
- Fix indentation, spacing, and line breaks for consistency
- Clean up trailing whitespace and formatting inconsistencies
- Apply rustfmt to all Rust source files including checkpoint, sandbox, commands, and test modules

This establishes a consistent code style baseline for the project.
2025-06-25 03:45:59 +05:30
..
common
style: apply cargo fmt across entire Rust codebase
2025-06-25 03:45:59 +05:30
e2e
style: apply cargo fmt across entire Rust codebase
2025-06-25 03:45:59 +05:30
integration
style: apply cargo fmt across entire Rust codebase
2025-06-25 03:45:59 +05:30
unit
style: apply cargo fmt across entire Rust codebase
2025-06-25 03:45:59 +05:30
mod.rs
style: apply cargo fmt across entire Rust codebase
2025-06-25 03:45:59 +05:30
README.md
init: push source
2025-06-19 19:24:01 +05:30

README.md

Sandbox Test Suite

This directory contains a comprehensive test suite for the sandbox functionality in Claudia. The tests are designed to verify that the sandboxing operations work correctly across different platforms (Linux, macOS, FreeBSD).

Test Structure

sandbox/
├── common/           # Shared test utilities
│   ├── fixtures.rs   # Test data and environment setup
│   └── helpers.rs    # Helper functions and assertions
├── unit/            # Unit tests for individual components
│   ├── profile_builder.rs  # ProfileBuilder tests
│   ├── platform.rs        # Platform capability tests
│   └── executor.rs        # SandboxExecutor tests
├── integration/     # Integration tests for sandbox operations
│   ├── file_operations.rs    # File access control tests
│   ├── network_operations.rs # Network access control tests
│   ├── system_info.rs       # System info access tests
│   ├── process_isolation.rs # Process spawning tests
│   └── violations.rs        # Violation detection tests
└── e2e/            # End-to-end tests
    ├── agent_sandbox.rs    # Agent execution with sandbox
    └── claude_sandbox.rs   # Claude command with sandbox

Running Tests

Run all sandbox tests:

cargo test --test sandbox_tests

Run specific test categories:

# Unit tests only
cargo test --test sandbox_tests unit::

# Integration tests only
cargo test --test sandbox_tests integration::

# End-to-end tests only (requires Claude to be installed)
cargo test --test sandbox_tests e2e:: -- --ignored

Run tests with output:

cargo test --test sandbox_tests -- --nocapture

Run tests serially (required for some integration tests):

cargo test --test sandbox_tests -- --test-threads=1

Test Coverage

Unit Tests

  1. ProfileBuilder Tests (unit/profile_builder.rs)

    • Profile creation and validation
    • Rule parsing and platform filtering
    • Template variable expansion
    • Invalid operation handling

  2. Platform Tests (unit/platform.rs)

    • Platform capability detection
    • Operation support levels
    • Cross-platform compatibility

  3. Executor Tests (unit/executor.rs)

    • Sandbox executor creation
    • Command preparation
    • Environment variable handling

Integration Tests

  1. File Operations (integration/file_operations.rs)

    • Allowed file reads succeed
    • Forbidden file reads fail
    • File writes always fail
    • 📊 Metadata operations respect permissions
    • 🔄 Template variable expansion works

  2. Network Operations (integration/network_operations.rs)

    • Allowed network connections succeed
    • Forbidden network connections fail
    • 🎯 Port-specific rules (macOS only)
    • 🔌 Local socket connections

  3. System Information (integration/system_info.rs)

    • 🍎 macOS: Can be allowed/forbidden
    • 🐧 Linux: Never allowed
    • 👹 FreeBSD: Always allowed

  4. Process Isolation (integration/process_isolation.rs)

    • Process spawning forbidden
    • Fork/exec operations blocked
    • Thread creation allowed

  5. Violations (integration/violations.rs)

    • 🚨 Violation detection
    • 📝 Violation patterns
    • 🔢 Multiple violations handling

End-to-End Tests

  1. Agent Sandbox (e2e/agent_sandbox.rs)

    • Agent execution with profiles
    • Profile switching
    • Violation logging

  2. Claude Sandbox (e2e/claude_sandbox.rs)

    • Claude command sandboxing
    • Settings integration
    • Session management

Platform Support

Feature Linux macOS FreeBSD
File Read Control
Metadata Read 🟡¹
Network All
Network TCP Port
Network Local Socket
System Info Read ²

¹ Cannot be precisely controlled on Linux (allowed if file read is allowed) ² Always allowed on FreeBSD (cannot be restricted)

Important Notes

  1. Serial Execution: Many integration tests are marked with #[serial] and must run one at a time to avoid conflicts.

  2. Platform Dependencies: Some tests will be skipped on unsupported platforms. The test suite handles this gracefully.

  3. Privilege Requirements: Sandbox tests generally don't require elevated privileges, but some operations may fail in restricted environments (e.g., CI).

  4. Claude Dependency: E2E tests that actually execute Claude are marked with #[ignore] by default. Run with --ignored flag when Claude is installed.

Debugging Failed Tests

  1. Enable Logging: Set RUST_LOG=debug to see detailed sandbox operations
  2. Check Platform: Verify the test is supported on your platform
  3. Check Permissions: Ensure test binaries can be created and executed
  4. Inspect Output: Use --nocapture to see all test output

Adding New Tests

  1. Choose the appropriate category (unit/integration/e2e)
  2. Use the test helpers from common/
  3. Mark with #[serial] if the test modifies global state
  4. Use skip_if_unsupported!() macro for platform-specific tests
  5. Document any special requirements or limitations