package cli import ( "bytes" "encoding/json" "strings" "testing" ) func TestRunUnknownCommand(t *testing.T) { var out, errOut bytes.Buffer code := Run([]string{"frobnicate"}, &out, &errOut) if code == 0 { t.Fatal("unknown command should be non-zero exit") } if !strings.Contains(errOut.String(), "unknown") { t.Fatalf("stderr should mention unknown command: %q", errOut.String()) } } func TestAccountListMissingKeyFailsClosedAsJSON(t *testing.T) { // `account list` is an agent command: with no DB key it fails closed before // any DB work, emitting a JSON config-error envelope that names EMCLI_KEY. var out, errOut bytes.Buffer t.Setenv("EMCLI_KEY", "") t.Setenv("EMCLI_ADMIN_KEY", "") code := Run([]string{"account", "list"}, &out, &errOut) if code == 0 { t.Fatal("missing EMCLI_KEY must fail") } var env map[string]any if err := json.Unmarshal(out.Bytes(), &env); err != nil { t.Fatalf("agent account list error must be JSON, got out=%q err=%q", out.String(), errOut.String()) } if env["error"] != true { t.Fatalf("want error envelope: %v", env) } if !strings.Contains(out.String(), "EMCLI_KEY") { t.Fatalf("should name the missing EMCLI_KEY, got %q", out.String()) } } func TestListUsageErrorIsJSON(t *testing.T) { // Agent command with a missing required flag emits a JSON error envelope. var out, errOut bytes.Buffer t.Setenv("EMCLI_KEY", b64Key()) t.Setenv("EMCLI_DB", "") // default path is fine; command fails before connecting code := Run([]string{"list"}, &out, &errOut) // missing --account if code == 0 { t.Fatal("missing --account should be non-zero") } var env map[string]any if err := json.Unmarshal(out.Bytes(), &env); err != nil { t.Fatalf("agent usage error must be JSON, got %q", out.String()) } if env["error"] != true { t.Fatalf("want error envelope: %v", env) } } func TestDoctorPositionalAccount(t *testing.T) { adminEnv(t) // No such account: doctor should reach account lookup and fail there (exit 1), // proving the positional was accepted (not rejected as an unexpected arg). code, _, errOut := run(t, "doctor", "ghost") if code == 2 { t.Fatalf("positional account must be accepted, got usage error: %q", errOut) } // Giving both positional and --account with different values is a usage error. if code, _, _ := run(t, "doctor", "ghost", "--account", "other"); code != 2 { t.Fatal("conflicting positional + --account must be a usage error") } } func b64Key() string { // 32 zero bytes, base64. return "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } func b64AgentKey() string { // 32 bytes of 0x01, base64 — distinct from b64Key so slot mix-ups surface. return "AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQE=" } func TestTopLevelLsAlias(t *testing.T) { adminEnv(t) // `ls` with no --account must hit the same usage path as `list` (CodeUsage // envelope on stdout, exit 2) — proving it routed to the agent list command. code, out, _ := run(t, "ls") if code != 2 || !strings.Contains(out, "account") { t.Fatalf("ls should alias list (usage about --account): code=%d out=%q", code, out) } } // TestAccountLsAliasAgentRole verifies that `account ls` is treated as an agent // command (not admin) so a caller with only EMCLI_KEY can use it and gets the // same reduced-JSON envelope as `account list`. func TestAccountLsAliasAgentRole(t *testing.T) { adminEnv(t) // sets up both keys + initialized temp DB run(t, "account", "add", "work", "--mode", "RW", "--imap-host", "imap.example.com", "--smtp-host", "smtp.example.com", "--username", "login@example.com", "--from", "me@example.com") // Drop the admin key — caller is agent-only. t.Setenv("EMCLI_ADMIN_KEY", "") // `account ls` must succeed with the reduced JSON view, same as `account list`. code, out, errOut := run(t, "account", "ls") if code != 0 { t.Fatalf("agent account ls should succeed: code=%d out=%q err=%q", code, out, errOut) } var env map[string]any if err := json.Unmarshal([]byte(out), &env); err != nil { t.Fatalf("account ls output is not JSON: %v\n%s", err, out) } if env["error"] == true { t.Fatalf("account ls returned error envelope: %s", out) } // The agent view must not leak IMAP host or login username. if strings.Contains(out, "imap.example.com") || strings.Contains(out, "login@example.com") { t.Fatalf("account ls leaked host/username:\n%s", out) } }