#!/usr/bin/env python3
"""
Adversarial test (CI-safe):

- The socket-deny Tool Request must validate (it is an approved request artifact).
- It must contain an explicit socket attempt in the Monty code section.

This test does NOT execute Monty (CI environments may not have Monty installed or hardened profile enabled).
"""

from __future__ import annotations

from pathlib import Path

from tools.validate_tool_request import validate


def main() -> int:
    tr = Path("tool-exec/examples/TR-monty-socket-deny.md")
    assert tr.exists(), f"Missing test Tool Request: {tr}"

    res = validate(str(tr))
    assert res.ok, f"Tool Request should validate; errors: {res.errors}"
    # Expect a warning about risky names (import/open/exec...) given our validator guardrail.
    # Not required, but helpful to catch regressions.
    # If you later convert this warning into an error, update this test accordingly.
    body = tr.read_text(encoding="utf-8")
    assert "import socket" in body, "Tool Request must attempt socket import."
    assert "socket.socket" in body, "Tool Request must attempt socket usage."
    return 0


if __name__ == "__main__":
    raise SystemExit(main())