mirror of https://github.com/openclaw/openclaw.git
115 lines
3.9 KiB
TypeScript
115 lines
3.9 KiB
TypeScript
import { describe, expect, it } from "vitest";
|
|
import {
|
|
getAgentRuntimeCommandSecretTargetIds,
|
|
getMemoryCommandSecretTargetIds,
|
|
getScopedChannelsCommandSecretTargets,
|
|
getSecurityAuditCommandSecretTargetIds,
|
|
} from "./command-secret-targets.js";
|
|
|
|
describe("command secret target ids", () => {
|
|
it("includes memorySearch remote targets for agent runtime commands", () => {
|
|
const ids = getAgentRuntimeCommandSecretTargetIds();
|
|
expect(ids.has("agents.defaults.memorySearch.remote.apiKey")).toBe(true);
|
|
expect(ids.has("agents.list[].memorySearch.remote.apiKey")).toBe(true);
|
|
expect(ids.has("tools.web.fetch.firecrawl.apiKey")).toBe(true);
|
|
});
|
|
|
|
it("keeps memory command target set focused on memorySearch remote credentials", () => {
|
|
const ids = getMemoryCommandSecretTargetIds();
|
|
expect(ids).toEqual(
|
|
new Set([
|
|
"agents.defaults.memorySearch.remote.apiKey",
|
|
"agents.list[].memorySearch.remote.apiKey",
|
|
]),
|
|
);
|
|
});
|
|
|
|
it("includes gateway auth and channel targets for security audit", () => {
|
|
const ids = getSecurityAuditCommandSecretTargetIds();
|
|
expect(ids.has("channels.discord.token")).toBe(true);
|
|
expect(ids.has("gateway.auth.token")).toBe(true);
|
|
expect(ids.has("gateway.auth.password")).toBe(true);
|
|
expect(ids.has("gateway.remote.token")).toBe(true);
|
|
expect(ids.has("gateway.remote.password")).toBe(true);
|
|
});
|
|
|
|
it("scopes channel targets to the requested channel", () => {
|
|
const scoped = getScopedChannelsCommandSecretTargets({
|
|
config: {} as never,
|
|
channel: "discord",
|
|
});
|
|
|
|
expect(scoped.targetIds.size).toBeGreaterThan(0);
|
|
expect([...scoped.targetIds].every((id) => id.startsWith("channels.discord."))).toBe(true);
|
|
expect([...scoped.targetIds].some((id) => id.startsWith("channels.telegram."))).toBe(false);
|
|
});
|
|
|
|
it("does not coerce missing accountId to default when channel is scoped", () => {
|
|
const scoped = getScopedChannelsCommandSecretTargets({
|
|
config: {
|
|
channels: {
|
|
discord: {
|
|
defaultAccount: "ops",
|
|
accounts: {
|
|
ops: {
|
|
token: { source: "env", provider: "default", id: "DISCORD_OPS" },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
} as never,
|
|
channel: "discord",
|
|
});
|
|
|
|
expect(scoped.allowedPaths).toBeUndefined();
|
|
expect(scoped.targetIds.size).toBeGreaterThan(0);
|
|
expect([...scoped.targetIds].every((id) => id.startsWith("channels.discord."))).toBe(true);
|
|
});
|
|
|
|
it("scopes allowed paths to channel globals + selected account", () => {
|
|
const scoped = getScopedChannelsCommandSecretTargets({
|
|
config: {
|
|
channels: {
|
|
discord: {
|
|
token: { source: "env", provider: "default", id: "DISCORD_DEFAULT" },
|
|
accounts: {
|
|
ops: {
|
|
token: { source: "env", provider: "default", id: "DISCORD_OPS" },
|
|
},
|
|
chat: {
|
|
token: { source: "env", provider: "default", id: "DISCORD_CHAT" },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
} as never,
|
|
channel: "discord",
|
|
accountId: "ops",
|
|
});
|
|
|
|
expect(scoped.allowedPaths).toBeDefined();
|
|
expect(scoped.allowedPaths?.has("channels.discord.token")).toBe(true);
|
|
expect(scoped.allowedPaths?.has("channels.discord.accounts.ops.token")).toBe(true);
|
|
expect(scoped.allowedPaths?.has("channels.discord.accounts.chat.token")).toBe(false);
|
|
});
|
|
|
|
it("keeps account-scoped allowedPaths as an empty set when scoped target paths are absent", () => {
|
|
const scoped = getScopedChannelsCommandSecretTargets({
|
|
config: {
|
|
channels: {
|
|
discord: {
|
|
accounts: {
|
|
ops: { enabled: true },
|
|
},
|
|
},
|
|
},
|
|
} as never,
|
|
channel: "custom-plugin-channel-without-secret-targets",
|
|
accountId: "ops",
|
|
});
|
|
|
|
expect(scoped.allowedPaths).toBeDefined();
|
|
expect(scoped.allowedPaths?.size).toBe(0);
|
|
});
|
|
});
|