"""Comprehensive tests for ``muse check-ignore``. Audit findings addressed here ------------------------------ Code quality - ``_check_path`` and ``_posix_match`` private helpers in check_ignore.py duplicated ``is_ignored`` and ``_matches`` from ``muse.core.ignore``. Both have been deleted; the CLI now delegates to ``check_path_with_pattern`` — the single authoritative matching function. - ``is_ignored`` in core now delegates to ``check_path_with_pattern``, guaranteeing the CLI and the snapshot engine always agree. Security - Format error now goes to stderr. - ANSI injection in path / matching_pattern stripped in text mode. - Null bytes in paths rejected with USER_ERROR. Agent UX - ``--stdin`` — read paths one-per-line from stdin. - ``--patterns-only`` — emit resolved patterns without testing any path. - ``formatter_class`` added for clean --help output. Coverage tiers -------------- - Unit: check_path_with_pattern (core), is_ignored delegation, _PathResult schema - Integration: JSON/text format, --quiet, --verbose, --stdin, --patterns-only, empty ignore file, global patterns, domain patterns, negation, directory patterns, anchored patterns - Security: null byte paths rejected, ANSI stripped, format error→stderr, no traceback on bad input - Stress: 1 000-path batch, 200 sequential runs, 50-pattern rule set """ from __future__ import annotations import json import pathlib import pytest from muse.core.errors import ExitCode from muse.core.paths import muse_dir from tests.cli_test_helper import CliRunner, InvokeResult runner = CliRunner() # --------------------------------------------------------------------------- # Helpers # --------------------------------------------------------------------------- def _make_repo(tmp_path: pathlib.Path, domain: str = "code") -> pathlib.Path: repo = tmp_path / "repo" dot_muse = muse_dir(repo) for sub in ("objects", "commits", "snapshots", "refs/heads"): (dot_muse / sub).mkdir(parents=True) (dot_muse / "HEAD").write_text("ref: refs/heads/main") (dot_muse / "repo.json").write_text(json.dumps({"repo_id": "r1", "domain": domain})) return repo def _write_museignore(repo: pathlib.Path, content: str) -> None: (repo / ".museignore").write_text(content) def _ci(repo: pathlib.Path, *args: str, stdin: str | None = None) -> InvokeResult: from muse.cli.app import main as cli return runner.invoke( cli, ["check-ignore", *args], env={"MUSE_REPO_ROOT": str(repo)}, input=stdin, ) # --------------------------------------------------------------------------- # Unit — check_path_with_pattern (core) # --------------------------------------------------------------------------- class TestCheckPathWithPattern: """The single authoritative ignore-matching function lives in core.""" def test_no_patterns_not_ignored(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern("tracks/drums.mid", []) assert not ignored assert pat is None def test_simple_glob_match(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern("build/out.bin", ["build/"]) assert ignored assert pat == "build/" def test_negation_un_ignores(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern( "build/keep.mid", ["build/", "!build/keep.mid"] ) assert not ignored assert pat is None # negated → no active pattern def test_extension_glob(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern("tracks/drums.tmp", ["*.tmp"]) assert ignored assert pat == "*.tmp" def test_last_match_wins(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern( "foo.log", ["*.log", "!foo.log", "foo.*"] ) assert ignored assert pat == "foo.*" def test_anchored_pattern(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern("dist/index.js", ["/dist/index.js"]) assert ignored assert pat == "/dist/index.js" def test_non_matching_returns_false(self) -> None: from muse.core.ignore import check_path_with_pattern ignored, pat = check_path_with_pattern("tracks/drums.mid", ["*.tmp"]) assert not ignored assert pat is None class TestIsIgnoredDelegates: """is_ignored must agree with check_path_with_pattern on every case.""" def test_delegation_matches(self) -> None: from muse.core.ignore import check_path_with_pattern, is_ignored patterns = ["build/", "*.log", "!tracks/*.mid"] paths = [ "build/out.bin", "app.log", "tracks/drums.mid", "other.py", ] for p in paths: ignored_via_delegate = is_ignored(p, patterns) ignored_via_direct, _ = check_path_with_pattern(p, patterns) assert ignored_via_delegate == ignored_via_direct, ( f"is_ignored and check_path_with_pattern disagree on {p!r}" ) class TestPathResultSchema: def test_fields(self) -> None: from muse.cli.commands.check_ignore import _PathResult fields = set(_PathResult.__annotations__) assert fields == {"path", "ignored", "matching_pattern"} # --------------------------------------------------------------------------- # Integration — JSON output # --------------------------------------------------------------------------- class TestJsonOutput: def test_no_ignore_file_returns_not_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--json", "tracks/drums.mid") assert result.exit_code == 0 data = json.loads(result.output) assert data["patterns_loaded"] == 0 assert data["results"][0]["ignored"] is False assert data["results"][0]["matching_pattern"] is None def test_ignored_path(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["build/"]\n') data = json.loads(_ci(repo, "--json", "build/out.bin").output) assert data["results"][0]["ignored"] is True assert data["results"][0]["matching_pattern"] == "build/" def test_multiple_paths(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.tmp"]\n') data = json.loads(_ci(repo, "--json", "a.tmp", "b.mid").output) assert len(data["results"]) == 2 assert data["results"][0]["ignored"] is True assert data["results"][1]["ignored"] is False def test_domain_in_output(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path, domain="code") data = json.loads(_ci(repo, "--json", "foo.py").output) assert data["domain"] == "code" def test_domain_specific_patterns(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path, domain="midi") _write_museignore(repo, '[domain.midi]\npatterns = ["*.log"]\n') data = json.loads(_ci(repo, "--json", "debug.log").output) assert data["results"][0]["ignored"] is True def test_domain_patterns_not_applied_to_other_domain(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path, domain="code") _write_museignore(repo, '[domain.midi]\npatterns = ["*.log"]\n') data = json.loads(_ci(repo, "--json", "debug.log").output) assert data["results"][0]["ignored"] is False def test_negation_pattern(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore( repo, '[global]\npatterns = ["build/", "!build/keep.mid"]\n' ) data = json.loads(_ci(repo, "--json", "build/keep.mid").output) assert data["results"][0]["ignored"] is False assert data["results"][0]["matching_pattern"] is None def test_json_shorthand(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--json", "foo.py") assert result.exit_code == 0 assert "results" in json.loads(result.output) # --------------------------------------------------------------------------- # Integration — text output # --------------------------------------------------------------------------- class TestTextOutput: def test_ignored_shows_ignored_label(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "out.bin") assert result.exit_code == 0 assert "ignored" in result.output def test_not_ignored_shows_ok(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "main.py") assert "ok" in result.output def test_verbose_shows_pattern(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--verbose", "out.bin") assert "[*.bin]" in result.output def test_verbose_no_pattern_when_not_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--verbose", "main.py") assert "[" not in result.output # --------------------------------------------------------------------------- # Integration — --quiet mode # --------------------------------------------------------------------------- class TestQuietMode: def test_all_ignored_exits_0(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--quiet", "a.bin", "b.bin") assert result.exit_code == 0 assert result.output.strip() == "" def test_some_not_ignored_exits_1(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--quiet", "a.bin", "main.py") assert result.exit_code == ExitCode.USER_ERROR def test_none_ignored_exits_1(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--quiet", "main.py") assert result.exit_code == ExitCode.USER_ERROR # --------------------------------------------------------------------------- # Integration — --stdin (new agent UX) # --------------------------------------------------------------------------- class TestStdinMode: def test_reads_paths_from_stdin(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--json", "--stdin", stdin="a.bin\nb.py\n") assert result.exit_code == 0 data = json.loads(result.output) assert len(data["results"]) == 2 assert data["results"][0]["ignored"] is True assert data["results"][1]["ignored"] is False def test_blank_lines_and_comments_skipped(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--json", "--stdin", stdin="\n# comment\nfoo.py\n\n") data = json.loads(result.output) assert len(data["results"]) == 1 assert data["results"][0]["path"] == "foo.py" def test_stdin_combines_with_positional(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--json", "--stdin", "positional.py", stdin="from_stdin.py\n") data = json.loads(result.output) paths = [r["path"] for r in data["results"]] assert "positional.py" in paths assert "from_stdin.py" in paths def test_no_paths_and_no_stdin_content_errors(self, tmp_path: pathlib.Path) -> None: """--stdin with empty stdin and no positional args should error.""" repo = _make_repo(tmp_path) result = _ci(repo, "--stdin", stdin="") assert result.exit_code == ExitCode.USER_ERROR # --------------------------------------------------------------------------- # Integration — --patterns-only (new agent UX) # --------------------------------------------------------------------------- class TestPatternsOnly: def test_json_patterns_list(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["build/", "*.tmp"]\n') data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert "patterns" in data assert "build/" in data["patterns"] assert "*.tmp" in data["patterns"] assert data["domain"] == "code" def test_text_patterns_one_per_line(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["build/", "*.tmp"]\n') result = _ci(repo, "--patterns-only") assert result.exit_code == 0 lines = [l for l in result.output.splitlines() if l.strip()] assert "build/" in lines assert "*.tmp" in lines def test_empty_museignore_empty_list(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert data["patterns"] == [] def test_no_path_required(self, tmp_path: pathlib.Path) -> None: """--patterns-only should not require any path arguments.""" repo = _make_repo(tmp_path) result = _ci(repo, "--patterns-only") assert result.exit_code == 0 # --------------------------------------------------------------------------- # Security # --------------------------------------------------------------------------- class TestSecurity: def test_null_byte_in_path_rejected(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "tracks/\x00malicious.mid") assert result.exit_code == ExitCode.USER_ERROR assert "null byte" in result.stderr.lower() def test_ansi_in_path_stripped_text(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "\x1b[31mmalicious\x1b[0m.py") assert "\x1b" not in result.output def test_ansi_in_pattern_stripped_text(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["\\u001b[31m*.bin\\u001b[0m"]\n') result = _ci(repo, "--verbose", "malicious.bin") assert "\x1b" not in result.output def test_no_traceback_on_bad_toml(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) (repo / ".museignore").write_text("[broken toml !!!") result = _ci(repo, "foo.py") assert "Traceback" not in result.output def test_no_paths_errors_to_stderr(self, tmp_path: pathlib.Path) -> None: """Calling with no paths should report error on stderr.""" repo = _make_repo(tmp_path) result = _ci(repo) assert result.exit_code == ExitCode.USER_ERROR assert "error" in result.stderr.lower() def test_invalid_toml_errors(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) (repo / ".museignore").write_text("[broken toml !!!") result = _ci(repo, "foo.py") assert result.exit_code == ExitCode.INTERNAL_ERROR assert "Traceback" not in result.output def test_path_traversal_is_safe(self, tmp_path: pathlib.Path) -> None: """Path-traversal inputs are rejected with USER_ERROR — no crash, no file access.""" repo = _make_repo(tmp_path) result = _ci(repo, "--json", "../../../etc/passwd") assert result.exit_code == 1 # USER_ERROR — traversal blocked # Error goes to stderr, not stdout data = json.loads(result.stderr) assert "error" in data assert ".." in data["error"] def test_very_long_path_no_crash(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) long_path = "a/" * 200 + "file.py" result = _ci(repo, long_path) assert result.exit_code == 0 # --------------------------------------------------------------------------- # duration_ms # --------------------------------------------------------------------------- class TestElapsed: def test_elapsed_in_default_json(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "foo.py").output) assert "duration_ms" in data assert isinstance(data["duration_ms"], float) assert data["duration_ms"] >= 0.0 def test_elapsed_in_patterns_only_json(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert "duration_ms" in data assert isinstance(data["duration_ms"], float) def test_elapsed_absent_from_text_output(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "foo.py") assert "duration_ms" not in result.output # --------------------------------------------------------------------------- # exit_code # --------------------------------------------------------------------------- class TestExitCode: def test_exit_code_0_in_default_json(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "foo.py").output) assert "exit_code" in data assert data["exit_code"] == 0 def test_exit_code_in_patterns_only_json(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert "exit_code" in data assert data["exit_code"] == 0 # --------------------------------------------------------------------------- # summary block # --------------------------------------------------------------------------- class TestSummary: def test_summary_present_in_default_json(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "a.bin", "b.bin", "main.py").output) assert "summary" in data s = data["summary"] assert s["total"] == 3 assert s["ignored"] == 2 assert s["not_ignored"] == 1 def test_summary_all_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "a.bin", "b.bin").output) s = data["summary"] assert s["total"] == 2 assert s["ignored"] == 2 assert s["not_ignored"] == 0 def test_summary_none_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "foo.py", "bar.py").output) s = data["summary"] assert s["total"] == 2 assert s["ignored"] == 0 assert s["not_ignored"] == 2 def test_summary_absent_from_patterns_only(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert "summary" not in data # --------------------------------------------------------------------------- # --patterns-only: patterns_loaded count # --------------------------------------------------------------------------- class TestPatternsOnlyCount: def test_patterns_loaded_present(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["build/", "*.tmp", "*.log"]\n') data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert "patterns_loaded" in data assert data["patterns_loaded"] == 3 def test_patterns_loaded_zero_when_empty(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert data["patterns_loaded"] == 0 def test_patterns_loaded_matches_list_length(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["a/", "b/", "c/"]\n') data = json.loads(_ci(repo, "--json", "--patterns-only").output) assert data["patterns_loaded"] == len(data["patterns"]) # --------------------------------------------------------------------------- # --ignored-only # --------------------------------------------------------------------------- class TestIgnoredOnly: def test_filters_to_ignored_paths(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "--ignored-only", "a.bin", "main.py").output) assert len(data["results"]) == 1 assert data["results"][0]["path"] == "a.bin" assert data["results"][0]["ignored"] is True def test_empty_when_none_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) data = json.loads(_ci(repo, "--json", "--ignored-only", "foo.py", "bar.py").output) assert data["results"] == [] def test_all_when_all_ignored(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "--ignored-only", "a.bin", "b.bin").output) assert len(data["results"]) == 2 def test_summary_reflects_filtered_count(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') data = json.loads(_ci(repo, "--json", "--ignored-only", "a.bin", "main.py").output) assert data["summary"]["total"] == 1 assert data["summary"]["ignored"] == 1 assert data["summary"]["not_ignored"] == 0 def test_text_format(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--ignored-only", "a.bin", "main.py") assert result.exit_code == 0 assert "a.bin" in result.output assert "main.py" not in result.output def test_incompatible_with_patterns_only(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--json", "--ignored-only", "--patterns-only") assert result.exit_code == ExitCode.USER_ERROR def test_stdin_compatible(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') result = _ci(repo, "--json", "--ignored-only", "--stdin", stdin="a.bin\nmain.py\n") data = json.loads(result.output) assert len(data["results"]) == 1 assert data["results"][0]["path"] == "a.bin" def test_incompatible_with_quiet(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) result = _ci(repo, "--ignored-only", "--quiet", "a.bin") assert result.exit_code == ExitCode.USER_ERROR # --------------------------------------------------------------------------- # Stress # --------------------------------------------------------------------------- class TestStress: def test_1000_paths(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') paths = [f"file_{i:04d}.bin" for i in range(500)] paths += [f"file_{i:04d}.py" for i in range(500)] result = _ci(repo, "--json", *paths) assert result.exit_code == 0 data = json.loads(result.output) assert len(data["results"]) == 1000 ignored_count = sum(1 for r in data["results"] if r["ignored"]) assert ignored_count == 500 def test_50_pattern_rule_set(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) patterns = [f"dir_{i}/" for i in range(25)] + [f"*.ext{i}" for i in range(25)] patterns_toml = json.dumps(patterns) _write_museignore(repo, f"[global]\npatterns = {patterns_toml}\n") data = json.loads(_ci(repo, "--json", "dir_0/file.txt", "file.ext0", "clean.py").output) assert data["patterns_loaded"] == 50 assert data["results"][0]["ignored"] is True assert data["results"][1]["ignored"] is True assert data["results"][2]["ignored"] is False def test_200_sequential_runs(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') for i in range(200): result = _ci(repo, "--json", "out.bin") assert result.exit_code == 0, f"failed at iteration {i}" assert json.loads(result.output)["results"][0]["ignored"] is True def test_stdin_1000_paths(self, tmp_path: pathlib.Path) -> None: repo = _make_repo(tmp_path) _write_museignore(repo, '[global]\npatterns = ["*.bin"]\n') stdin_input = "\n".join(f"file_{i}.bin" for i in range(1000)) + "\n" result = _ci(repo, "--json", "--stdin", stdin=stdin_input) assert result.exit_code == 0 data = json.loads(result.output) assert len(data["results"]) == 1000 assert all(r["ignored"] for r in data["results"]) # --------------------------------------------------------------------------- # Flag tests # --------------------------------------------------------------------------- import argparse as _argparse class TestRegisterFlags: def _parse(self, *args: str) -> _argparse.Namespace: from muse.cli.commands.check_ignore import register p = _argparse.ArgumentParser() sub = p.add_subparsers() register(sub) return p.parse_args(["check-ignore", *args]) def test_default_json_out_is_false(self) -> None: ns = self._parse("foo.py") assert ns.json_out is False def test_json_flag_sets_json_out(self) -> None: ns = self._parse("--json", "foo.py") assert ns.json_out is True def test_j_shorthand_sets_json_out(self) -> None: ns = self._parse("-j", "foo.py") assert ns.json_out is True