From 52acc57a619d528227eaac59fabd6893fd4639ca Mon Sep 17 00:00:00 2001 From: CodeForgeNet Date: Mon, 23 Mar 2026 06:00:25 +0530 Subject: [PATCH] fix(status): resolve only selected probe-auth branch and fix plain status path Address two Codex P1/P2 issues: 1. (P1) Plain 'openclaw status' and 'openclaw status --json' still went through the sync resolveGatewayProbeAuthSafe path in status.gateway-probe.ts, which cannot expand SecretRef objects. Switched to async resolveGatewayProbeAuthSafeWithSecretInputs. 2. (P2) status-all.ts was eagerly resolving both local and remote probe auth before deciding which to use. A stale SecretRef in the unused branch could abort the command. Collapsed to a single resolution call using the correct mode upfront. Updated status.scan.test.ts to use mockResolvedValue since resolveGatewayProbeAuthResolution is now async. --- src/commands/status-all.ts | 15 ++++----------- src/commands/status.gateway-probe.ts | 16 +++++++++------- src/commands/status.scan.test.ts | 16 ++++++++-------- 3 files changed, 21 insertions(+), 26 deletions(-) diff --git a/src/commands/status-all.ts b/src/commands/status-all.ts index fed39420cbd..5c18c4f87e5 100644 --- a/src/commands/status-all.ts +++ b/src/commands/status-all.ts @@ -124,18 +124,11 @@ export async function statusAllCommand( const remoteUrlMissing = isRemoteMode && !remoteUrlRaw; const gatewayMode = isRemoteMode ? "remote" : "local"; - const localProbeAuthResolution = await resolveGatewayProbeAuthSafeWithSecretInputs({ + const probeAuthResolution = await resolveGatewayProbeAuthSafeWithSecretInputs({ cfg, - mode: "local", + mode: isRemoteMode && !remoteUrlMissing ? "remote" : "local", env: process.env, }); - const remoteProbeAuthResolution = await resolveGatewayProbeAuthSafeWithSecretInputs({ - cfg, - mode: "remote", - env: process.env, - }); - const probeAuthResolution = - isRemoteMode && !remoteUrlMissing ? remoteProbeAuthResolution : localProbeAuthResolution; const probeAuth = probeAuthResolution.auth; const gatewayProbe = await probeGateway({ @@ -196,8 +189,8 @@ export async function statusAllCommand( const callOverrides = remoteUrlMissing ? { url: connection.url, - token: localProbeAuthResolution.auth.token, - password: localProbeAuthResolution.auth.password, + token: probeAuthResolution.auth.token, + password: probeAuthResolution.auth.password, } : {}; diff --git a/src/commands/status.gateway-probe.ts b/src/commands/status.gateway-probe.ts index 552119c3702..e401d8c28ba 100644 --- a/src/commands/status.gateway-probe.ts +++ b/src/commands/status.gateway-probe.ts @@ -1,24 +1,26 @@ import type { loadConfig } from "../config/config.js"; -import { resolveGatewayProbeAuthSafe } from "../gateway/probe-auth.js"; +import { resolveGatewayProbeAuthSafeWithSecretInputs } from "../gateway/probe-auth.js"; export { pickGatewaySelfPresence } from "./gateway-presence.js"; -export function resolveGatewayProbeAuthResolution(cfg: ReturnType): { +export async function resolveGatewayProbeAuthResolution( + cfg: ReturnType, +): Promise<{ auth: { token?: string; password?: string; }; warning?: string; -} { - return resolveGatewayProbeAuthSafe({ +}> { + return resolveGatewayProbeAuthSafeWithSecretInputs({ cfg, mode: cfg.gateway?.mode === "remote" ? "remote" : "local", env: process.env, }); } -export function resolveGatewayProbeAuth(cfg: ReturnType): { +export async function resolveGatewayProbeAuth(cfg: ReturnType): Promise<{ token?: string; password?: string; -} { - return resolveGatewayProbeAuthResolution(cfg).auth; +}> { + return (await resolveGatewayProbeAuthResolution(cfg)).auth; } diff --git a/src/commands/status.scan.test.ts b/src/commands/status.scan.test.ts index 08b74a75494..ab54911dad6 100644 --- a/src/commands/status.scan.test.ts +++ b/src/commands/status.scan.test.ts @@ -141,7 +141,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -202,7 +202,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -254,7 +254,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -301,7 +301,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -342,7 +342,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -410,7 +410,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -482,7 +482,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, }); @@ -545,7 +545,7 @@ describe("scanStatus", () => { url: "ws://127.0.0.1:18789", urlSource: "default", }); - mocks.resolveGatewayProbeAuthResolution.mockReturnValue({ + mocks.resolveGatewayProbeAuthResolution.mockResolvedValue({ auth: {}, warning: undefined, });