vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-04 04:30:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): require admin for agent session reset

Browse Source
This commit is contained in:
Vincent Koc
2026-03-23 09:24:24 -07:00
parent 041c47419f
commit 50f6a2f136
3 changed files with 54 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/gateway/server-methods/agent.test.ts
View File

@@ -803,7 +803,10 @@ describe("gateway agent handler", () => {
sessionKey: "agent:main:main",
idempotencyKey: "test-idem-new",
},
{ reqId: "4" },
{
reqId: "4",
client: { connect: { scopes: ["operator.admin"] } } as AgentHandlerArgs["client"],
},
);
await waitForAssertion(() => expect(mocks.agentCommand).toHaveBeenCalled());
@@ -831,7 +834,10 @@ describe("gateway agent handler", () => {
sessionKey: "agent:main:main",
idempotencyKey: "test-idem-reset-suffix",
},
{ reqId: "4b" },
{
reqId: "4b",
client: { connect: { scopes: ["operator.admin"] } } as AgentHandlerArgs["client"],
},
);
const call = await expectResetCall("[Wed 2026-01-28 20:30 EST] check status");
@@ -861,6 +867,34 @@ describe("gateway agent handler", () => {
);
});
it("rejects /reset for write-scoped gateway callers", async () => {
mockMainSessionEntry({ sessionId: "existing-session-id" });
mocks.performGatewaySessionReset.mockClear();
mocks.agentCommand.mockClear();
const respond = await invokeAgent(
{
message: "/reset",
sessionKey: "agent:main:main",
idempotencyKey: "test-reset-write-scope",
},
{
reqId: "4c",
client: { connect: { scopes: ["operator.write"] } } as AgentHandlerArgs["client"],
},
);
expect(mocks.performGatewaySessionReset).not.toHaveBeenCalled();
expect(mocks.agentCommand).not.toHaveBeenCalled();
expect(respond).toHaveBeenCalledWith(
false,
undefined,
expect.objectContaining({
message: "missing scope: operator.admin",
}),
);
});
it("rejects malformed session keys in agent.identity.get", async () => {
const respond = await invokeAgentIdentityGet(
{