vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-12 14:30:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: tighten sandbox browser assertions

Browse Source
This commit is contained in:
Peter Steinberger
2026-05-09 18:21:29 +01:00
parent cc6f6bfb02
commit 29a5d85e5d
1 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/agents/sandbox/browser.create.test.ts
View File

@@ -156,6 +156,18 @@ function requireValue<T>(value: T | null | undefined, label: string): T {
return value;
}
function latestBridgeResolved(): Record<string, unknown> {
const params = bridgeMocks.startBrowserBridgeServer.mock.calls.at(-1)?.[0];
if (!params || typeof params !== "object") {
throw new Error("expected browser bridge start params");
}
const resolved = params.resolved;
if (!resolved || typeof resolved !== "object") {
throw new Error("expected resolved browser bridge config");
}
return resolved;
}
describe("ensureSandboxBrowser create args", () => {
beforeAll(async () => {
await loadFreshBrowserModulesForTest();
@@ -287,13 +299,9 @@ describe("ensureSandboxBrowser create args", () => {
ssrfPolicy: { dangerouslyAllowPrivateNetwork: true },
});
expect(bridgeMocks.startBrowserBridgeServer).toHaveBeenCalledWith(
expect.objectContaining({
resolved: expect.objectContaining({
ssrfPolicy: { dangerouslyAllowPrivateNetwork: true },
}),
}),
);
expect(latestBridgeResolved().ssrfPolicy).toEqual({
dangerouslyAllowPrivateNetwork: true,
});
});
it("recreates a cached bridge when the SSRF policy changes", async () => {
@@ -353,13 +361,9 @@ describe("ensureSandboxBrowser create args", () => {
});
expect(bridgeMocks.stopBrowserBridgeServer).toHaveBeenCalledWith(existingBridge.server);
expect(bridgeMocks.startBrowserBridgeServer).toHaveBeenCalledWith(
expect.objectContaining({
resolved: expect.objectContaining({
ssrfPolicy: { allowedHostnames: ["example.com"] },
}),
}),
);
expect(latestBridgeResolved().ssrfPolicy).toEqual({
allowedHostnames: ["example.com"],
});
});
it("recreates a cached bridge when evaluate permission changes", async () => {
@@ -418,13 +422,7 @@ describe("ensureSandboxBrowser create args", () => {
});
expect(bridgeMocks.stopBrowserBridgeServer).toHaveBeenCalledWith(existingBridge.server);
expect(bridgeMocks.startBrowserBridgeServer).toHaveBeenCalledWith(
expect.objectContaining({
resolved: expect.objectContaining({
evaluateEnabled: false,
}),
}),
);
expect(latestBridgeResolved().evaluateEnabled).toBe(false);
});
it("mounts the main workspace read-only when workspaceAccess is none", async () => {