vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 09:41:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

perf(secrets): move plugin-owned coverage out of core matrix

Browse Source
This commit is contained in:
Vincent Koc
2026-04-07 08:35:01 +01:00
parent 49fbecbf16
commit c19f322ff9
3 changed files with 97 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
extensions/googlechat/src/secret-contract.test.ts Normal file
View File

@@ -0,0 +1,60 @@
import { describe, expect, it } from "vitest";
import { resolveSecretRefValues } from "../../../src/secrets/resolve.js";
import {
applyResolvedAssignments,
createResolverContext,
} from "../../../src/secrets/runtime-shared.js";
import { collectRuntimeConfigAssignments } from "./secret-contract.js";
describe("googlechat secret contract", () => {
it("resolves account serviceAccount SecretRefs for enabled accounts", async () => {
const sourceConfig = {
channels: {
googlechat: {
enabled: true,
accounts: {
work: {
enabled: true,
serviceAccountRef: {
source: "env",
provider: "default",
id: "GOOGLECHAT_SERVICE_ACCOUNT",
},
},
},
},
},
};
const resolvedConfig = structuredClone(sourceConfig);
const context = createResolverContext({
sourceConfig,
env: {
GOOGLECHAT_SERVICE_ACCOUNT: '{"client_email":"bot@example.com"}',
},
});
collectRuntimeConfigAssignments({
config: resolvedConfig,
defaults: undefined,
context,
});
const resolved = await resolveSecretRefValues(
context.assignments.map((assignment) => assignment.ref),
{
config: sourceConfig,
env: context.env,
cache: context.cache,
},
);
applyResolvedAssignments({
assignments: context.assignments,
resolved,
});
expect(resolvedConfig.channels.googlechat.accounts.work.serviceAccount).toBe(
'{"client_email":"bot@example.com"}',
);
expect(context.warnings).toEqual([]);
});
});

30
src/secrets/runtime-web-tools.test.ts
View File

@@ -1015,6 +1015,36 @@ describe("runtime web tools resolution", () => {
).toBe("firecrawl-runtime-key");
});
it("resolves legacy Firecrawl web fetch SecretRefs through the plugin-owned path", async () => {
const { metadata, resolvedConfig } = await runRuntimeWebTools({
config: asConfig({
tools: {
web: {
fetch: {
firecrawl: {
apiKey: { source: "env", provider: "default", id: "FIRECRAWL_API_KEY" },
},
},
},
},
}),
env: {
FIRECRAWL_API_KEY: "firecrawl-legacy-key",
},
});
expect(metadata.fetch.providerSource).toBe("auto-detect");
expect(metadata.fetch.selectedProvider).toBe("firecrawl");
expect(metadata.fetch.selectedProviderKeySource).toBe("env");
expect(
(
resolvedConfig.plugins?.entries?.firecrawl?.config as
| { webFetch?: { apiKey?: unknown } }
| undefined
)?.webFetch?.apiKey,
).toBe("firecrawl-legacy-key");
});
it("fails fast when active web fetch provider SecretRef is unresolved with no fallback", async () => {
const sourceConfig = asConfig({
plugins: {

8
src/secrets/runtime.coverage.test.ts
View File

@@ -53,6 +53,10 @@ const COVERAGE_REGISTRY_ENTRIES = loadCoverageRegistryEntries();
const DEBUG_COVERAGE_BATCHES = process.env.OPENCLAW_DEBUG_RUNTIME_COVERAGE === "1";
const COVERAGE_LOADABLE_PLUGIN_ORIGINS =
buildCoverageLoadablePluginOrigins(COVERAGE_REGISTRY_ENTRIES);
const PLUGIN_OWNED_OPENCLAW_COVERAGE_EXCLUSIONS = new Set([
"channels.googlechat.accounts.*.serviceAccount",
"tools.web.fetch.firecrawl.apiKey",
]);
let applyResolvedAssignments: typeof import("./runtime-shared.js").applyResolvedAssignments;
let collectAuthStoreAssignments: typeof import("./runtime-auth-collectors.js").collectAuthStoreAssignments;
@@ -513,7 +517,9 @@ describe("secrets runtime target coverage", () => {
it("handles every openclaw.json registry target when configured as active", async () => {
const entries = COVERAGE_REGISTRY_ENTRIES.filter(
(entry) => entry.configFile === "openclaw.json",
(entry) =>
entry.configFile === "openclaw.json" &&
!PLUGIN_OWNED_OPENCLAW_COVERAGE_EXCLUSIONS.has(entry.id),
);
for (const batch of buildCoverageBatches(entries)) {
logCoverageBatch("openclaw.json", batch);