test: speed up slow import-boundary tests

2026-05-06 18:00:54 +00:00 · 2026-04-16 21:14:06 +01:00
parent 8b7d76bfbb
commit 372c0051ba
17 changed files with 380 additions and 166 deletions
--- a/extensions/discord/security-audit-contract-api.ts
+++ b/extensions/discord/security-audit-contract-api.ts
@@ -0,0 +1 @@
+export { collectDiscordSecurityAuditFindings } from "./src/security-audit.js";
--- a/extensions/discord/src/security-audit.ts
+++ b/extensions/discord/src/security-audit.ts
@@ -1,15 +1,19 @@
 import { coerceNativeSetting, normalizeAllowFromList } from "openclaw/plugin-sdk/channel-policy";
+import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime";
+import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
 import {
-  isDangerousNameMatchingEnabled,
  resolveNativeCommandsEnabled,
  resolveNativeSkillsEnabled,
-} from "openclaw/plugin-sdk/config-runtime";
-import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime";
-import { normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
+} from "openclaw/plugin-sdk/native-command-config-runtime";
 import type { ResolvedDiscordAccount } from "./accounts.js";
 import type { OpenClawConfig } from "./runtime-api.js";
 import { isDiscordMutableAllowEntry } from "./security-doctor.js";

+function normalizeOptionalString(value: string | null | undefined): string | undefined {
+  const normalized = value?.trim();
+  return normalized ? normalized : undefined;
+}
+
 function addDiscordNameBasedEntries(params: {
  target: Set<string>;
  values: unknown;
--- a/extensions/feishu/src/security-audit.ts
+++ b/extensions/feishu/src/security-audit.ts
@@ -1,5 +1,5 @@
-import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
-import { hasConfiguredSecretInput } from "openclaw/plugin-sdk/setup";
+import { hasConfiguredSecretInput } from "openclaw/plugin-sdk/secret-input";
+import type { OpenClawConfig } from "../runtime-api.js";
 import { asRecord, hasNonEmptyString } from "./comment-shared.js";

 function isFeishuDocToolEnabled(cfg: OpenClawConfig): boolean {
--- a/extensions/ollama/src/embedding-provider.test.ts
+++ b/extensions/ollama/src/embedding-provider.test.ts
@@ -0,0 +1,146 @@
+import type { OpenClawConfig } from "openclaw/plugin-sdk/provider-auth";
+import { afterEach, beforeAll, beforeEach, describe, expect, it, vi } from "vitest";
+
+const { fetchWithSsrFGuardMock } = vi.hoisted(() => ({
+  fetchWithSsrFGuardMock: vi.fn(async ({ init, url }: { init?: RequestInit; url: string }) => ({
+    response: await fetch(url, init),
+    release: async () => {},
+  })),
+}));
+
+vi.mock("openclaw/plugin-sdk/ssrf-runtime", () => ({
+  fetchWithSsrFGuard: fetchWithSsrFGuardMock,
+  formatErrorMessage: (error: unknown) => (error instanceof Error ? error.message : String(error)),
+}));
+
+let createOllamaEmbeddingProvider: typeof import("./embedding-provider.js").createOllamaEmbeddingProvider;
+
+beforeAll(async () => {
+  ({ createOllamaEmbeddingProvider } = await import("./embedding-provider.js"));
+});
+
+beforeEach(() => {
+  fetchWithSsrFGuardMock.mockClear();
+});
+
+afterEach(() => {
+  vi.unstubAllGlobals();
+  vi.unstubAllEnvs();
+});
+
+function mockEmbeddingFetch(embedding: number[]) {
+  const fetchMock = vi.fn(
+    async () =>
+      new Response(JSON.stringify({ embedding }), {
+        status: 200,
+        headers: { "content-type": "application/json" },
+      }),
+  );
+  vi.stubGlobal("fetch", fetchMock);
+  return fetchMock;
+}
+
+describe("ollama embedding provider", () => {
+  it("calls /api/embeddings and returns normalized vectors", async () => {
+    const fetchMock = mockEmbeddingFetch([3, 4]);
+
+    const { provider } = await createOllamaEmbeddingProvider({
+      config: {} as OpenClawConfig,
+      provider: "ollama",
+      model: "nomic-embed-text",
+      fallback: "none",
+      remote: { baseUrl: "http://127.0.0.1:11434" },
+    });
+
+    const vector = await provider.embedQuery("hi");
+
+    expect(fetchMock).toHaveBeenCalledTimes(1);
+    expect(vector[0]).toBeCloseTo(0.6, 5);
+    expect(vector[1]).toBeCloseTo(0.8, 5);
+  });
+
+  it("resolves configured base URL, API key, and headers", async () => {
+    const fetchMock = mockEmbeddingFetch([1, 0]);
+
+    const { provider } = await createOllamaEmbeddingProvider({
+      config: {
+        models: {
+          providers: {
+            ollama: {
+              baseUrl: "http://127.0.0.1:11434/v1",
+              apiKey: "ollama-\nlocal\r\n", // pragma: allowlist secret
+              headers: {
+                "X-Provider-Header": "provider",
+              },
+            },
+          },
+        },
+      } as unknown as OpenClawConfig,
+      provider: "ollama",
+      model: "",
+      fallback: "none",
+    });
+
+    await provider.embedQuery("hello");
+
+    expect(fetchMock).toHaveBeenCalledWith(
+      "http://127.0.0.1:11434/api/embeddings",
+      expect.objectContaining({
+        method: "POST",
+        headers: expect.objectContaining({
+          "Content-Type": "application/json",
+          Authorization: "Bearer ollama-local",
+          "X-Provider-Header": "provider",
+        }),
+      }),
+    );
+  });
+
+  it("fails fast when memory-search remote apiKey is an unresolved SecretRef", async () => {
+    await expect(
+      createOllamaEmbeddingProvider({
+        config: {} as OpenClawConfig,
+        provider: "ollama",
+        model: "nomic-embed-text",
+        fallback: "none",
+        remote: {
+          baseUrl: "http://127.0.0.1:11434",
+          apiKey: { source: "env", provider: "default", id: "OLLAMA_API_KEY" },
+        },
+      }),
+    ).rejects.toThrow(/agents\.\*\.memorySearch\.remote\.apiKey: unresolved SecretRef/i);
+  });
+
+  it("falls back to env key when provider apiKey is an unresolved SecretRef", async () => {
+    const fetchMock = mockEmbeddingFetch([1, 0]);
+    vi.stubEnv("OLLAMA_API_KEY", "ollama-env");
+
+    const { provider } = await createOllamaEmbeddingProvider({
+      config: {
+        models: {
+          providers: {
+            ollama: {
+              baseUrl: "http://127.0.0.1:11434/v1",
+              apiKey: { source: "env", provider: "default", id: "OLLAMA_API_KEY" },
+              models: [],
+            },
+          },
+        },
+      } as unknown as OpenClawConfig,
+      provider: "ollama",
+      model: "nomic-embed-text",
+      fallback: "none",
+    });
+
+    await provider.embedQuery("hello");
+
+    expect(fetchMock).toHaveBeenCalledWith(
+      "http://127.0.0.1:11434/api/embeddings",
+      expect.objectContaining({
+        headers: expect.objectContaining({
+          Authorization: "Bearer ollama-env",
+        }),
+      }),
+    );
+  });
+});
--- a/extensions/slack/src/security-audit.ts
+++ b/extensions/slack/src/security-audit.ts
@@ -1,9 +1,9 @@
 import { coerceNativeSetting, normalizeAllowFromList } from "openclaw/plugin-sdk/channel-policy";
+import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime";
 import {
  resolveNativeCommandsEnabled,
  resolveNativeSkillsEnabled,
-} from "openclaw/plugin-sdk/config-runtime";
-import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime";
+} from "openclaw/plugin-sdk/native-command-config-runtime";
 import type { ResolvedSlackAccount } from "./accounts.js";
 import type { OpenClawConfig } from "./runtime-api.js";

--- a/extensions/telegram/security-audit-contract-api.ts
+++ b/extensions/telegram/security-audit-contract-api.ts
@@ -0,0 +1 @@
+export { collectTelegramSecurityAuditFindings } from "./src/security-audit.js";
--- a/extensions/telegram/src/security-audit.ts
+++ b/extensions/telegram/src/security-audit.ts
@@ -1,10 +1,14 @@
-import { resolveNativeSkillsEnabled } from "openclaw/plugin-sdk/config-runtime";
-import type { OpenClawConfig } from "openclaw/plugin-sdk/config-runtime";
 import { readChannelAllowFromStore } from "openclaw/plugin-sdk/conversation-runtime";
-import { normalizeOptionalString } from "openclaw/plugin-sdk/text-runtime";
+import { resolveNativeSkillsEnabled } from "openclaw/plugin-sdk/native-command-config-runtime";
+import type { OpenClawConfig } from "../runtime-api.js";
 import type { ResolvedTelegramAccount } from "./accounts.js";
 import { isNumericTelegramSenderUserId, normalizeTelegramAllowFromEntry } from "./allow-from.js";

+function normalizeOptionalString(value: string | null | undefined): string | undefined {
+  const normalized = value?.trim();
+  return normalized ? normalized : undefined;
+}
+
 function collectInvalidTelegramAllowFromEntries(params: { entries: unknown; target: Set<string> }) {
  if (!Array.isArray(params.entries)) {
    return;
--- a/extensions/zalouser/src/security-audit.ts
+++ b/extensions/zalouser/src/security-audit.ts
@@ -1,4 +1,4 @@
-import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/config-runtime";
+import { isDangerousNameMatchingEnabled } from "openclaw/plugin-sdk/dangerous-name-runtime";
 import type { ResolvedZalouserAccount } from "./accounts.js";

 export function isZalouserMutableGroupEntry(raw: string): boolean {
				`@@ -0,0 +1 @@`
				`export { collectDiscordSecurityAuditFindings } from "./src/security-audit.js";`
				`@@ -0,0 +1 @@`
				`export { collectTelegramSecurityAuditFindings } from "./src/security-audit.js";`