Rename TOOL_ALLOW to TOOL_EGRESS_ALLOW
The constant and its MCP tool name ("allow" → "egress-allow") were the
only supervise tools without an egress-scoped identifier, despite the
tool being egress-only (routes.yaml payload, COMPONENT_FOR_TOOL maps
it to "egress", always grouped with TOOL_EGRESS_BLOCK). The rename
brings it in line with TOOL_EGRESS_BLOCK and TOOL_EGRESS_TOKEN_ALLOW,
and adds TOOL_EGRESS_ALLOW and TOOL_EGRESS_BLOCK to __all__ (both were
previously absent).
This commit is contained in:
@@ -318,7 +318,7 @@ class TestToolConstants(unittest.TestCase):
|
||||
def test_tools_tuple_matches_individual_constants(self):
|
||||
self.assertEqual(
|
||||
(
|
||||
supervise.TOOL_ALLOW,
|
||||
supervise.TOOL_EGRESS_ALLOW,
|
||||
TOOL_CAPABILITY_BLOCK,
|
||||
supervise.TOOL_EGRESS_BLOCK,
|
||||
TOOL_GITLEAKS_ALLOW,
|
||||
@@ -341,7 +341,7 @@ class TestToolConstants(unittest.TestCase):
|
||||
def test_component_map_has_egress_entries(self):
|
||||
self.assertEqual(
|
||||
{
|
||||
supervise.TOOL_ALLOW: "egress",
|
||||
supervise.TOOL_EGRESS_ALLOW: "egress",
|
||||
supervise.TOOL_EGRESS_BLOCK: "egress",
|
||||
},
|
||||
supervise.COMPONENT_FOR_TOOL,
|
||||
|
||||
@@ -33,7 +33,7 @@ FIXED = datetime(2026, 5, 25, 12, 0, 0, tzinfo=timezone.utc)
|
||||
def _proposal(slug: str = "dev", tool: str = TOOL_CAPABILITY_BLOCK) -> Proposal:
|
||||
payloads = {
|
||||
TOOL_CAPABILITY_BLOCK: "FROM python:3.13\n",
|
||||
supervise.TOOL_ALLOW: "routes:\n - host: example.com\n",
|
||||
supervise.TOOL_EGRESS_ALLOW: "routes:\n - host: example.com\n",
|
||||
supervise.TOOL_EGRESS_BLOCK: "routes:\n - host: example.com\n",
|
||||
TOOL_GITLEAKS_ALLOW: "file: tests/test_fixture.py\nline: 3\n",
|
||||
TOOL_EGRESS_TOKEN_ALLOW: "host: api.example.com\ndetector: token\n",
|
||||
|
||||
@@ -59,7 +59,7 @@ class TestValidation(unittest.TestCase):
|
||||
|
||||
def test_egress_routes_yaml_is_validated(self):
|
||||
validate_proposed_file(
|
||||
_sv.TOOL_ALLOW,
|
||||
_sv.TOOL_EGRESS_ALLOW,
|
||||
"routes:\n - host: example.com\n",
|
||||
)
|
||||
|
||||
@@ -147,7 +147,7 @@ class TestHandleToolsList(unittest.TestCase):
|
||||
names = [t["name"] for t in result["tools"]] # type: ignore[index]
|
||||
self.assertEqual(
|
||||
sorted([
|
||||
_sv.TOOL_ALLOW,
|
||||
_sv.TOOL_EGRESS_ALLOW,
|
||||
_sv.TOOL_CAPABILITY_BLOCK,
|
||||
_sv.TOOL_EGRESS_BLOCK,
|
||||
_sv.TOOL_LIST_EGRESS_ROUTES,
|
||||
@@ -181,7 +181,7 @@ class TestHandleToolsList(unittest.TestCase):
|
||||
self.assertNotIn("required", schema) # type: ignore[operator]
|
||||
|
||||
def test_egress_tools_take_routes_yaml_and_justification(self):
|
||||
for tool_name in (_sv.TOOL_ALLOW, _sv.TOOL_EGRESS_BLOCK):
|
||||
for tool_name in (_sv.TOOL_EGRESS_ALLOW, _sv.TOOL_EGRESS_BLOCK):
|
||||
with self.subTest(tool_name=tool_name):
|
||||
tool = next(t for t in TOOL_DEFINITIONS if t["name"] == tool_name)
|
||||
schema = tool["inputSchema"]
|
||||
@@ -244,7 +244,7 @@ class TestHandleToolsCall(unittest.TestCase):
|
||||
try:
|
||||
result = handle_tools_call(
|
||||
{
|
||||
"name": _sv.TOOL_ALLOW,
|
||||
"name": _sv.TOOL_EGRESS_ALLOW,
|
||||
"arguments": {
|
||||
"routes_yaml": "routes:\n - host: example.com\n",
|
||||
"justification": "need example.com",
|
||||
@@ -451,7 +451,7 @@ class TestHttpEndToEnd(unittest.TestCase):
|
||||
self.assertEqual(1, result["id"])
|
||||
names = [t["name"] for t in result["result"]["tools"]] # type: ignore[index]
|
||||
self.assertIn(_sv.TOOL_CAPABILITY_BLOCK, names)
|
||||
self.assertIn(_sv.TOOL_ALLOW, names)
|
||||
self.assertIn(_sv.TOOL_EGRESS_ALLOW, names)
|
||||
self.assertIn(_sv.TOOL_EGRESS_BLOCK, names)
|
||||
|
||||
def test_unknown_method_returns_jsonrpc_error(self):
|
||||
|
||||
Reference in New Issue
Block a user