hardening: isolate third-party paths and clean external-build metadata (#311)

* hardening: isolate third-party paths and clean external-build metadata * fix: restore external feedback flow and make privacy check portable
2026-04-04 11:52:33 +05:30
parent cdbe016e6f
commit 27e6505bfd
18 changed files with 367 additions and 59 deletions
--- a/src/utils/user.test.ts
+++ b/src/utils/user.test.ts
@@ -0,0 +1,90 @@
+import { afterEach, describe, expect, mock, test } from 'bun:test'
+
+const originalEnv = { ...process.env }
+
+async function importFreshUserModule() {
+  return import(`./user.ts?ts=${Date.now()}-${Math.random()}`)
+}
+
+function installCommonMocks(options?: {
+  oauthEmail?: string
+  gitEmail?: string
+}) {
+  mock.module('../bootstrap/state.js', () => ({
+    getSessionId: () => 'session-test',
+  }))
+
+  mock.module('./auth.js', () => ({
+    getOauthAccountInfo: () =>
+      options?.oauthEmail
+        ? {
+            emailAddress: options.oauthEmail,
+            organizationUuid: 'org-test',
+            accountUuid: 'acct-test',
+          }
+        : undefined,
+    getRateLimitTier: () => null,
+    getSubscriptionType: () => null,
+  }))
+
+  mock.module('./config.js', () => ({
+    getGlobalConfig: () => ({}),
+    getOrCreateUserID: () => 'device-test',
+  }))
+
+  mock.module('./cwd.js', () => ({
+    getCwd: () => 'C:\\repo',
+  }))
+
+  mock.module('./env.js', () => ({
+    env: { platform: 'windows' },
+    getHostPlatformForAnalytics: () => 'windows',
+  }))
+
+  mock.module('./envUtils.js', () => ({
+    isEnvTruthy: (value: string | undefined) =>
+      !!value && value !== '0' && value.toLowerCase() !== 'false',
+  }))
+
+  mock.module('execa', () => ({
+    execa: async () => ({
+      exitCode: options?.gitEmail ? 0 : 1,
+      stdout: options?.gitEmail ?? '',
+    }),
+  }))
+}
+
+afterEach(() => {
+  mock.restore()
+  process.env = { ...originalEnv }
+  delete (globalThis as Record<string, unknown>).MACRO
+})
+
+describe('user email fallbacks', () => {
+  test('getCoreUserData does not synthesize Anthropic email from COO_CREATOR', async () => {
+    process.env.USER_TYPE = 'ant'
+    process.env.COO_CREATOR = 'alice'
+    ;(globalThis as Record<string, unknown>).MACRO = { VERSION: '0.0.0' }
+
+    installCommonMocks()
+
+    const { getCoreUserData } = await importFreshUserModule()
+    const result = getCoreUserData()
+
+    expect(result.email).toBeUndefined()
+  })
+
+  test('initUser falls back to git email when oauth email is missing', async () => {
+    process.env.USER_TYPE = 'ant'
+    process.env.COO_CREATOR = 'alice'
+    ;(globalThis as Record<string, unknown>).MACRO = { VERSION: '0.0.0' }
+
+    installCommonMocks({ gitEmail: 'git@example.com' })
+
+    const { initUser, getCoreUserData } = await importFreshUserModule()
+    await initUser()
+
+    const result = getCoreUserData()
+    expect(result.email).toBe('git@example.com')
+  })
+})