diff --git a/src/plugins/bundled-web-search.test.ts b/src/plugins/bundled-web-search.test.ts index a15a772b069..2e42a8efa13 100644 --- a/src/plugins/bundled-web-search.test.ts +++ b/src/plugins/bundled-web-search.test.ts @@ -1,5 +1,7 @@ import { describe, expect, it } from "vitest"; +import type { OpenClawConfig } from "../config/config.js"; import { BUNDLED_WEB_SEARCH_PLUGIN_IDS } from "./bundled-web-search-ids.js"; +import { hasBundledWebSearchCredential } from "./bundled-web-search-registry.js"; import { listBundledWebSearchProviders, resolveBundledWebSearchPluginIds, @@ -50,3 +52,53 @@ describe("bundled web search metadata", () => { expectBundledWebSearchAlignment({ actual, expected }); }); }); + +describe("hasBundledWebSearchCredential", () => { + const baseCfg = { + agents: { defaults: { model: { primary: "ollama/mistral-8b" } } }, + browser: { enabled: false }, + tools: { web: { fetch: { enabled: false } } }, + } satisfies OpenClawConfig; + + it.each([ + { + name: "detects google plugin web search credentials", + config: { + ...baseCfg, + plugins: { + entries: { + google: { enabled: true, config: { webSearch: { apiKey: "AIza-test" } } }, + }, + }, + } satisfies OpenClawConfig, + env: {}, + }, + { + name: "detects gemini env credentials", + config: baseCfg, + env: { GEMINI_API_KEY: "AIza-test" }, + }, + { + name: "detects xai env credentials", + config: baseCfg, + env: { XAI_API_KEY: "xai-test" }, + }, + { + name: "detects kimi env credentials", + config: baseCfg, + env: { KIMI_API_KEY: "sk-kimi-test" }, + }, + { + name: "detects moonshot env credentials", + config: baseCfg, + env: { MOONSHOT_API_KEY: "sk-moonshot-test" }, + }, + { + name: "detects openrouter env credentials through bundled web search providers", + config: baseCfg, + env: { OPENROUTER_API_KEY: "sk-or-v1-test" }, + }, + ] as const)("$name", ({ config, env }) => { + expect(hasBundledWebSearchCredential({ config, env })).toBe(true); + }); +}); diff --git a/src/security/audit-extra.sync.test.ts b/src/security/audit-extra.sync.test.ts index 91ffa707488..93f4db9fa78 100644 --- a/src/security/audit-extra.sync.test.ts +++ b/src/security/audit-extra.sync.test.ts @@ -58,42 +58,10 @@ describe("collectSmallModelRiskFindings", () => { it.each([ { - name: "gemini plugin config", - cfg: { - ...baseCfg, - plugins: { - entries: { - google: { enabled: true, config: { webSearch: { apiKey: "AIza-test" } } }, - }, - }, - } satisfies OpenClawConfig, + name: "small model without sandbox all stays critical even when browser/web tools are off", + cfg: baseCfg, env: {}, }, - { - name: "gemini env key", - cfg: baseCfg, - env: { GEMINI_API_KEY: "AIza-test" }, - }, - { - name: "grok env key", - cfg: baseCfg, - env: { XAI_API_KEY: "xai-test" }, - }, - { - name: "kimi env key", - cfg: baseCfg, - env: { KIMI_API_KEY: "sk-kimi-test" }, - }, - { - name: "moonshot env key", - cfg: baseCfg, - env: { MOONSHOT_API_KEY: "sk-moonshot-test" }, - }, - { - name: "openrouter env fallback", - cfg: baseCfg, - env: { OPENROUTER_API_KEY: "sk-or-v1-test" }, - }, ])("$name", ({ cfg, env }) => { const [finding] = collectSmallModelRiskFindings({ cfg, @@ -102,6 +70,8 @@ describe("collectSmallModelRiskFindings", () => { expect(finding?.checkId).toBe("models.small_params"); expect(finding?.severity).toBe("critical"); - expect(finding?.detail).toContain("web_search"); + expect(finding?.detail).toContain("ollama/mistral-8b"); + expect(finding?.detail).toContain("web=[off]"); + expect(finding?.detail).toContain("No web/browser tools detected"); }); });