from __future__ import annotations

from v1.agent.tool_registry import validate_tool_spec


class TestAgentSecurityRules:
    def test_tool_name_must_be_allowlisted(self):
        validate_tool_spec({"name": "ui.navigate_to", "execution_target": "frontend"})
        validate_tool_spec({"name": "srv.search_docs", "execution_target": "backend"})

    def test_tool_name_rejected_if_not_in_namespace(self):
        try:
            validate_tool_spec(
                {"name": "malicious.tool", "execution_target": "frontend"}
            )
        except ValueError:
            pass
        else:
            raise AssertionError("Should have raised ValueError for unknown namespace")

    def test_frontend_result_fails_when_interrupt_mismatch(self):
        pass