fix: stabilize shared auth and sessions send tests

2026-04-21 06:02:13 +00:00 · 2026-04-05 12:02:40 +09:00
parent cad1b89b26
commit 54a360a33e
3 changed files with 55 additions and 15 deletions
--- a/src/agents/tools/sessions-send-tool.ts
+++ b/src/agents/tools/sessions-send-tool.ts
@@ -246,6 +246,19 @@ export function createSessionsSendTool(opts?: {
        });
      }

+      // Capture the pre-run assistant snapshot before starting the nested run.
+      // Fast in-process test doubles and short-circuit agent paths can finish
+      // before we reach the post-run read, which would otherwise make the new
+      // reply look like the baseline and hide it from the caller.
+      const baselineReply =
+        timeoutSeconds === 0
+          ? undefined
+          : await readLatestAssistantReplySnapshot({
+              sessionKey: resolvedKey,
+              limit: SESSIONS_SEND_REPLY_HISTORY_LIMIT,
+              callGateway: gatewayCall,
+            });
+
      const agentMessageContext = buildAgentToAgentMessageContext({
        requesterSessionKey: opts?.agentSessionKey,
        requesterChannel: opts?.agentChannel,
@@ -314,12 +327,6 @@ export function createSessionsSendTool(opts?: {
        return start.result;
      }
      runId = start.runId;
-
-      const baselineReply = await readLatestAssistantReplySnapshot({
-        sessionKey: resolvedKey,
-        limit: SESSIONS_SEND_REPLY_HISTORY_LIMIT,
-        callGateway: gatewayCall,
-      });
      const result = await waitForAgentRunAndReadUpdatedAssistantReply({
        runId,
        sessionKey: resolvedKey,
--- a/src/gateway/server.sessions-send.test.ts
+++ b/src/gateway/server.sessions-send.test.ts
@@ -1,6 +1,6 @@
 import fs from "node:fs/promises";
 import path from "node:path";
-import { afterAll, beforeAll, describe, expect, it, type Mock } from "vitest";
+import { afterAll, beforeAll, beforeEach, describe, expect, it, type Mock } from "vitest";
 import { resolveSessionTranscriptPath } from "../config/sessions.js";
 import { emitAgentEvent } from "../infra/agent-events.js";
 import { captureEnv } from "../test-utils/env.js";
@@ -78,9 +78,6 @@ async function emitLifecycleAssistantReply(params: {
 beforeAll(async () => {
  envSnapshot = captureEnv(["OPENCLAW_GATEWAY_PORT", "OPENCLAW_GATEWAY_TOKEN"]);
  gatewayPort = await getFreePort();
-  testState.gatewayAuth = { mode: "token", token: gatewayToken };
-  process.env.OPENCLAW_GATEWAY_PORT = String(gatewayPort);
-  process.env.OPENCLAW_GATEWAY_TOKEN = gatewayToken;
  const { approveDevicePairing, requestDevicePairing } = await import("../infra/device-pairing.js");
  const { loadOrCreateDeviceIdentity, publicKeyRawBase64UrlFromPem } =
    await import("../infra/device-identity.js");
@@ -97,9 +94,18 @@ beforeAll(async () => {
  await approveDevicePairing(pending.request.requestId, {
    callerScopes: pending.request.scopes ?? ["operator.admin"],
  });
+  testState.gatewayAuth = { mode: "token", token: gatewayToken };
+  process.env.OPENCLAW_GATEWAY_PORT = String(gatewayPort);
+  process.env.OPENCLAW_GATEWAY_TOKEN = gatewayToken;
  server = await startGatewayServer(gatewayPort);
 });

+beforeEach(() => {
+  testState.gatewayAuth = { mode: "token", token: gatewayToken };
+  process.env.OPENCLAW_GATEWAY_PORT = String(gatewayPort);
+  process.env.OPENCLAW_GATEWAY_TOKEN = gatewayToken;
+});
+
 afterAll(async () => {
  await server.close();
  envSnapshot.restore();
--- a/src/gateway/server.shared-auth-rotation.test.ts
+++ b/src/gateway/server.shared-auth-rotation.test.ts
@@ -1,6 +1,7 @@
+import fs from "node:fs/promises";
 import os from "node:os";
 import path from "node:path";
-import { afterAll, beforeAll, describe, expect, it } from "vitest";
+import { afterAll, beforeAll, beforeEach, describe, expect, it } from "vitest";
 import { WebSocket } from "ws";
 import {
  connectOk,
@@ -122,11 +123,16 @@ async function sendSharedTokenRotationPatch(ws: WebSocket): Promise<{ ok: boolea
 async function applyCurrentConfig(ws: WebSocket) {
  const current = await loadCurrentConfig(ws);
  return await rpcReq(ws, "config.apply", {
+    baseHash: current.hash,
    raw: JSON.stringify(current.config, null, 2),
  });
 }

 describe("gateway shared auth rotation", () => {
+  beforeEach(() => {
+    testState.gatewayAuth = { mode: "token", token: OLD_TOKEN };
+  });
+
  it("disconnects existing shared-token websocket sessions after config.patch rotates auth", async () => {
    const ws = await openAuthenticatedWs(OLD_TOKEN);
    try {
@@ -163,15 +169,36 @@ describe("gateway shared auth rotation with unchanged SecretRefs", () => {
  let secretRefPort = 0;

  beforeAll(async () => {
+    const configPath = process.env.OPENCLAW_CONFIG_PATH;
+    if (!configPath) {
+      throw new Error("OPENCLAW_CONFIG_PATH missing in gateway test environment");
+    }
    secretRefPort = await getFreePort();
    process.env[SECRET_REF_TOKEN_ID] = OLD_TOKEN;
-    testState.gatewayAuth = {
-      mode: "token",
-      token: { source: "env", provider: "default", id: SECRET_REF_TOKEN_ID },
-    };
+    await fs.mkdir(path.dirname(configPath), { recursive: true });
+    await fs.writeFile(
+      configPath,
+      `${JSON.stringify(
+        {
+          gateway: {
+            auth: {
+              mode: "token",
+              token: { source: "env", provider: "default", id: SECRET_REF_TOKEN_ID },
+            },
+          },
+        },
+        null,
+        2,
+      )}\n`,
+      "utf-8",
+    );
    secretRefServer = await startGatewayServer(secretRefPort, { controlUiEnabled: true });
  });

+  beforeEach(() => {
+    process.env[SECRET_REF_TOKEN_ID] = OLD_TOKEN;
+  });
+
  afterAll(async () => {
    delete process.env[SECRET_REF_TOKEN_ID];
    testState.gatewayAuth = ORIGINAL_GATEWAY_AUTH;