vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-18 22:54:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci(mantis): allow fork telegram proof

Browse Source
This commit is contained in:
Ayaan Zaidi
2026-05-11 17:27:32 +05:30
parent e6b0b37e3f
commit d4c7519989
4 changed files with 104 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
test/scripts/mantis-telegram-desktop-proof-workflow.test.ts
View File

@@ -107,12 +107,31 @@ describe("Mantis Telegram Desktop proof workflow", () => {
expect(prepare.run).toContain(
"OPENCLAW_TELEGRAM_USER_CRABBOX_BIN OPENCLAW_TELEGRAM_USER_CRABBOX_PROVIDER OPENCLAW_TELEGRAM_USER_DRIVER_SCRIPT OPENCLAW_TELEGRAM_USER_PROOF_CMD",
);
expect(prepare.run).toContain("MANTIS_CANDIDATE_TRUST");
const prompt = readFileSync(PROMPT, "utf8");
expect(prompt).toContain("$OPENCLAW_TELEGRAM_USER_PROOF_CMD");
expect(prompt).toContain("do not run\n `pnpm qa:telegram-user:crabbox` directly");
});
it("requires explicit maintainer fork approval before accepting fork PR heads", () => {
const workflowText = readFileSync(WORKFLOW, "utf8");
expect(workflowText).toContain("@openclaw-mantis");
expect(workflowText).toContain("fork[-_]ok");
expect(workflowText).toContain("ALLOW_FORK_CANDIDATE");
expect(workflowText).toContain("maintainer-approved-fork-pr-head");
expect(workflowText).toContain(".head.repo.full_name !=");
const agent = workflowStep("Run Codex Mantis Telegram agent");
expect(agent.env?.MANTIS_CANDIDATE_TRUST).toBe(
"${{ needs.validate_refs.outputs.candidate_trust }}",
);
const prompt = readFileSync(PROMPT, "utf8");
expect(prompt).toContain("MANTIS_CANDIDATE_TRUST");
expect(prompt).toContain("untrusted fork code");
});
it("checks the Telegram user driver before leasing credentials", () => {
const proofScript = readFileSync(PROOF_SCRIPT, "utf8");
const startSession = proofScript.slice(
@@ -132,4 +151,12 @@ describe("Mantis Telegram Desktop proof workflow", () => {
defaultProof.indexOf("leaseCredential({ localRoot, opts, root })"),
);
});
it("does not pass the full workflow environment into the local Telegram SUT", () => {
const proofScript = readFileSync(PROOF_SCRIPT, "utf8");
expect(proofScript).toContain("function childProcessBaseEnv()");
expect(proofScript).toContain("...childProcessBaseEnv()");
expect(proofScript).not.toContain("...process.env,\n OPENAI_API_KEY");
expect(proofScript).not.toContain("...process.env,\n MOCK_PORT");
});
});