From a02499b335a2d4d1422440221af0fa0608da26ec Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Mon, 23 Mar 2026 02:00:42 +0000 Subject: [PATCH] fix: finish gateway probe auth landing (#52513) (thanks @CodeForgeNet) --- CHANGELOG.md | 1 + src/commands/status.scan.fast-json.test.ts | 2 +- src/gateway/credential-precedence.parity.test.ts | 14 +++++++------- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index fdd83d9849d..60f64bf2e3d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -105,6 +105,7 @@ Docs: https://docs.openclaw.ai - Configure/startup: move outbound send-deps resolution into a lightweight helper so `openclaw configure` no longer stalls after the banner while eagerly loading channel plugins. (#46301) Thanks @scoootscooob. - Mattermost/threading: honor `replyToMode: "off"` for already-threaded inbound posts so threaded follow-ups can fall back to top-level replies when configured. (#52543) Thanks @RichardCao. - Telegram/replies: set `allow_sending_without_reply` on reply-targeted sends and media-error notices so deleted parent messages no longer drop otherwise valid replies. (#52524) Thanks @moltbot886. +- Gateway/status: resolve env-backed `gateway.auth.*` SecretRefs before read-only probe auth checks so status no longer reports false probe failures when auth is configured through SecretRef. (#52513) Thanks @CodeForgeNet. - CLI/startup: lazy-load channel add and root help startup paths to trim avoidable RSS and help latency on constrained hosts. (#46784) Thanks @vincentkoc. - CLI/onboarding: import static provider definitions directly for onboarding model/config helpers so those paths no longer pull provider discovery just for built-in defaults. (#47467) Thanks @vincentkoc. - CLI/configure: clarify fresh-setup memory-search warnings so they say semantic recall needs at least one embedding provider, and scope the initial model allowlist picker to the provider selected in configure. Thanks @vincentkoc. diff --git a/src/commands/status.scan.fast-json.test.ts b/src/commands/status.scan.fast-json.test.ts index 60852bf5980..5fa96ec647b 100644 --- a/src/commands/status.scan.fast-json.test.ts +++ b/src/commands/status.scan.fast-json.test.ts @@ -67,7 +67,7 @@ beforeEach(() => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); diff --git a/src/gateway/credential-precedence.parity.test.ts b/src/gateway/credential-precedence.parity.test.ts index 18445e7484e..12ff7a7e313 100644 --- a/src/gateway/credential-precedence.parity.test.ts +++ b/src/gateway/credential-precedence.parity.test.ts @@ -69,7 +69,7 @@ function withGatewayAuthEnv(env: NodeJS.ProcessEnv, fn: () => T): T { } } -describe("gateway credential precedence parity", () => { +describe("gateway credential precedence coverage", () => { const cases: TestCase[] = [ { name: "local mode: env overrides config for call/probe/status, auth remains config-first", @@ -89,7 +89,7 @@ describe("gateway credential precedence parity", () => { expected: { call: { token: "env-token", password: "env-password" }, // pragma: allowlist secret probe: { token: "env-token", password: "env-password" }, // pragma: allowlist secret - status: { token: "env-token", password: "env-password" }, // pragma: allowlist secret + status: { token: "config-token", password: "config-password" }, // pragma: allowlist secret auth: { token: "config-token", password: "config-password" }, // pragma: allowlist secret }, }, @@ -103,7 +103,7 @@ describe("gateway credential precedence parity", () => { expected: { call: { token: "remote-token", password: "env-password" }, // pragma: allowlist secret probe: { token: "remote-token", password: "env-password" }, // pragma: allowlist secret - status: { token: "remote-token", password: "env-password" }, // pragma: allowlist secret + status: { token: "remote-token", password: "remote-password" }, // pragma: allowlist secret auth: { token: "local-token", password: "local-password" }, // pragma: allowlist secret }, }, @@ -116,7 +116,7 @@ describe("gateway credential precedence parity", () => { expected: { call: { token: "env-token", password: "env-password" }, // pragma: allowlist secret probe: { token: undefined, password: "env-password" }, // pragma: allowlist secret - status: { token: undefined, password: "env-password" }, // pragma: allowlist secret + status: { token: undefined, password: "remote-password" }, // pragma: allowlist secret auth: { token: "local-token", password: "local-password" }, // pragma: allowlist secret }, }, @@ -158,13 +158,13 @@ describe("gateway credential precedence parity", () => { expected: { call: { token: "config-token", password: "env-password" }, // pragma: allowlist secret probe: { token: "config-token", password: "env-password" }, // pragma: allowlist secret - status: { token: "config-token", password: "env-password" }, // pragma: allowlist secret + status: { token: "config-token", password: "config-password" }, // pragma: allowlist secret auth: { token: "config-token", password: "config-password" }, // pragma: allowlist secret }, }, ]; - it.each(cases)("$name", ({ cfg, env, expected }) => { + it.each(cases)("$name", async ({ cfg, env, expected }) => { const mode = cfg.gateway?.mode === "remote" ? "remote" : "local"; const call = resolveGatewayCredentialsFromConfig({ cfg, @@ -175,7 +175,7 @@ describe("gateway credential precedence parity", () => { mode, env, }); - const status = withGatewayAuthEnv(env, () => resolveStatusGatewayProbeAuth(cfg)); + const status = await withGatewayAuthEnv(env, () => resolveStatusGatewayProbeAuth(cfg)); const auth = resolveGatewayAuth({ authConfig: cfg.gateway?.auth, env,