Skip to content

test: harness-mode + unattended-tier coverage #119

Description

@arthurpanhku

Why

src/harness/run.ts (executeHarnessRun) is the headless entrypoint (docs/HARNESS-MODE.md) and is currently only exercised indirectly via tests/mcp/server.test.ts and tests/commands/run.test.ts. There's no tests/harness/ and, critically, no dedicated test pinning unattended-tier behavior — the most governance-sensitive path, since it runs without a human in the loop.

Sketch

  • tests/harness/run.test.ts driving executeHarnessRun directly: happy path, policy-denied tool, and approval-required tool under each UnattendedPermissionMode.
  • A bypass-proof assertion: under the unattended tier, an action that policy forbids is refused and audited — it must not silently auto-approve.
  • Assert the run still produces a verifiable audit chain (run_start … tamper-evident) in headless mode.

Acceptance

  • Changing unattended/approval semantics can't regress without a red test.
  • npm run check covers the harness path directly, not just transitively.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions