nyrn
/
openclaw
mirror of https://github.com/openclaw/openclaw.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

test: load browser fixture for sandbox policy

This commit is contained in:
Peter Steinberger 2026-04-05 09:00:42 +01:00
parent 3728cfbe29
commit e28e83f4e4
No known key found for this signature in database
1 changed files with 49 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/agents/pi-tools.sandbox-policy.test.ts
View File

@ -1,10 +1,22 @@
import { describe, expect, it } from "vitest";
import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import { createBundledBrowserPluginFixture } from "../../test/helpers/browser-bundled-plugin-fixture.js";
import type { OpenClawConfig } from "../config/config.js";
import { clearPluginDiscoveryCache } from "../plugins/discovery.js";
import { clearPluginLoaderCache } from "../plugins/loader.js";
import { clearPluginManifestRegistryCache } from "../plugins/manifest-registry.js";
import { resetPluginRuntimeStateForTest } from "../plugins/runtime.js";
import { createOpenClawCodingTools } from "./pi-tools.js";
import { resolveSandboxConfigForAgent } from "./sandbox/config.js";
import { createHostSandboxFsBridge } from "./test-helpers/host-sandbox-fs-bridge.js";
import { createPiToolsSandboxContext } from "./test-helpers/pi-tools-sandbox-context.js";
function resetPluginState() {
clearPluginLoaderCache();
clearPluginDiscoveryCache();
clearPluginManifestRegistryCache();
resetPluginRuntimeStateForTest();
}
function listToolNames(params: {
cfg: OpenClawConfig;
agentId?: string;
@ -32,6 +44,21 @@ function listToolNames(params: {
}
describe("pi-tools sandbox policy", () => {
let bundledFixture: ReturnType<typeof createBundledBrowserPluginFixture> | null = null;
beforeEach(() => {
bundledFixture = createBundledBrowserPluginFixture();
vi.stubEnv("OPENCLAW_BUNDLED_PLUGINS_DIR", bundledFixture.rootDir);
resetPluginState();
});
afterEach(() => {
resetPluginState();
vi.unstubAllEnvs();
bundledFixture?.cleanup();
bundledFixture = null;
});
it("re-exposes omitted sandbox tools via sandbox alsoAllow", () => {
const names = listToolNames({
cfg: {
@ -71,14 +98,17 @@ describe("pi-tools sandbox policy", () => {
tools: {
sandbox: {
tools: {
allow: ["gateway"],
allow: ["browser"],
},
},
},
plugins: {
allow: ["browser"],
},
} as OpenClawConfig,
});
expect(names).toContain("gateway");
expect(names).toContain("browser");
});
it("prefers the resolved sandbox context policy for legacy main session aliases", () => {
@ -94,7 +124,7 @@ describe("pi-tools sandbox policy", () => {
tools: {
sandbox: {
tools: {
allow: ["gateway"],
allow: ["browser"],
alsoAllow: ["message"],
},
},
@ -102,6 +132,9 @@ describe("pi-tools sandbox policy", () => {
},
],
},
plugins: {
allow: ["browser"],
},
} as OpenClawConfig;
const names = listToolNames({
@ -110,7 +143,7 @@ describe("pi-tools sandbox policy", () => {
sandboxAgentId: "tavern",
});
expect(names).toContain("gateway");
expect(names).toContain("browser");
expect(names).toContain("message");
});
@ -127,14 +160,17 @@ describe("pi-tools sandbox policy", () => {
sandbox: {
tools: {
allow: [],
alsoAllow: ["gateway"],
alsoAllow: ["browser"],
},
},
},
plugins: {
allow: ["browser"],
},
} as OpenClawConfig,
});
expect(names).toContain("gateway");
expect(names).toContain("browser");
expect(names).toContain("read");
});
@ -150,15 +186,18 @@ describe("pi-tools sandbox policy", () => {
tools: {
sandbox: {
tools: {
allow: ["gateway", "message"],
deny: ["gateway"],
allow: ["browser", "message"],
deny: ["browser"],
},
},
},
plugins: {
allow: ["browser"],
},
} as OpenClawConfig,
});
expect(names).not.toContain("gateway");
expect(names).not.toContain("browser");
expect(names).toContain("message");
});
});