assay-core 3.9.1

High-performance evaluation framework for LLM agents (Core)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158

use assay_core::mcp::jsonrpc::JsonRpcRequest;
use assay_core::mcp::policy::{McpPolicy, PolicyDecision, PolicyState};
use serde_json::json;

fn mock_request(tool: &str, args: serde_json::Value) -> JsonRpcRequest {
    JsonRpcRequest {
        jsonrpc: "2.0".to_string(),
        method: "tools/call".to_string(),
        params: json!({
            "name": tool,
            "arguments": args
        }),
        id: Some(json!(1)),
    }
}

#[test]
fn test_dual_shape_constraints() {
    // Canonical List
    let yaml_list = r#"
constraints:
  - tool: read_file
    params:
      path: { matches: "^/app/.*" }
"#;
    let p_list: McpPolicy = serde_yaml::from_str(yaml_list).unwrap();
    assert_eq!(p_list.constraints.len(), 1);
    assert_eq!(p_list.constraints[0].tool, "read_file");

    // Legacy Map
    let yaml_map = r#"
constraints:
  read_file:
    path: "^/app/.*"
"#;
    let p_map: McpPolicy = serde_yaml::from_str(yaml_map).unwrap();
    assert_eq!(p_map.constraints.len(), 1);
    assert_eq!(p_map.constraints[0].tool, "read_file");

    // Check normalization
    let rule = &p_map.constraints[0];
    let param = rule.params.get("path").expect("param missing");
    assert_eq!(param.matches.as_deref(), Some("^/app/.*"));
}

#[test]
fn test_mixed_tools_config() {
    // Root allow: ["*"], Nested deny: ["exec"]
    let yaml = r#"
allow: ["*"]
tools:
  deny: ["exec"]
"#;
    let mut p: McpPolicy = serde_yaml::from_str(yaml).expect("Refused mixed config");
    p.normalize_legacy_shapes();

    let mut state = PolicyState::default();

    let req_read = mock_request("read_file", json!({}));
    // Should be AllowWithWarning because read_file has no schema
    match p.check(&req_read, &mut state) {
        PolicyDecision::Allow | PolicyDecision::AllowWithWarning { .. } => {}
        d => panic!("Expected Allow/Warning, got {:?}", d),
    }

    let req_exec = mock_request("exec", json!({}));
    if let PolicyDecision::Deny { reason, .. } = p.check(&req_exec, &mut state) {
        assert!(reason.to_lowercase().contains("denylisted"));
    } else {
        panic!("Checking exec should result in Deny");
    }
}

#[test]
fn test_wildcard_semantics() {
    let yaml = r#"
deny:
  - "exec*"
  - "*sh"
  - "*kill*"
"#;
    let mut p: McpPolicy = serde_yaml::from_str(yaml).unwrap();
    p.normalize_legacy_shapes();

    let mut state = PolicyState::default();

    // exec*
    let req = mock_request("execute_command", json!({}));
    assert!(matches!(
        p.check(&req, &mut state),
        PolicyDecision::Deny { .. }
    ));

    // *sh
    let req = mock_request("zsh", json!({}));
    assert!(matches!(
        p.check(&req, &mut state),
        PolicyDecision::Deny { .. }
    ));

    // *kill* (contains)
    let req = mock_request("skill_check", json!({}));
    assert!(matches!(
        p.check(&req, &mut state),
        PolicyDecision::Deny { .. }
    ));

    // No match
    let req = mock_request("read_file", json!({}));
    match p.check(&req, &mut state) {
        PolicyDecision::Allow | PolicyDecision::AllowWithWarning { .. } => {}
        d => panic!("Expected Allow/Warning, got {:?}", d),
    }
}

#[test]
fn test_constraint_enforcement() {
    let yaml = r#"
constraints:
  - tool: read_file
    params:
      path: { matches: "^/app/.*" }
"#;
    let mut p: McpPolicy = serde_yaml::from_str(yaml).unwrap();
    p.migrate_constraints_to_schemas();

    let mut state = PolicyState::default();

    // Pass
    let req = mock_request("read_file", json!({ "path": "/app/config.json" }));
    match p.check(&req, &mut state) {
        PolicyDecision::Allow => {} // Exact allow because schema exists and validates!
        d => panic!("Expected Allow, got {:?}", d),
    }

    // Fail mismatch
    let req = mock_request("read_file", json!({ "path": "/etc/passwd" }));
    if let PolicyDecision::Deny {
        reason, contract, ..
    } = p.check(&req, &mut state)
    {
        assert!(reason.contains("JSON Schema validation failed"));
        assert_eq!(contract["error_code"], "E_ARG_SCHEMA");
    } else {
        panic!("Should deny mismatch");
    }

    // Fail missing arg (Fail-Closed)
    // V2 auto-migrates constraints to "required" properties in generic migration logic
    let req = mock_request("read_file", json!({}));
    match p.check(&req, &mut state) {
        PolicyDecision::Deny { contract, .. } => {
            // New V2 Error Code
            assert_eq!(contract["error_code"], "E_ARG_SCHEMA");
        }
        _ => panic!("expected deny on missing constrained arg"),
    }
}