test: move node pairing authz to pure coverage

2026-04-22 14:41:34 +00:00 · 2026-04-11 08:18:35 +01:00
parent 367043d1d1
commit e2477ff726
3 changed files with 24 additions and 48 deletions
--- a/src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.test.ts
+++ b/src/agents/skills.build-workspace-skills-prompt.prefers-workspace-skills-managed-skills.test.ts
@@ -3,7 +3,7 @@ import { afterAll, beforeAll, describe, expect, it } from "vitest";
 import { withEnv } from "../test-utils/env.js";
 import { createFixtureSuite } from "../test-utils/fixture-suite.js";
 import { writeSkill } from "./skills.e2e-test-helpers.js";
-import { buildWorkspaceSkillsPrompt } from "./skills.js";
+import { buildWorkspaceSkillsPrompt } from "./skills/workspace.js";

 const fixtureSuite = createFixtureSuite("openclaw-skills-prompt-suite-");

--- a/src/infra/node-pairing-authz.test.ts
+++ b/src/infra/node-pairing-authz.test.ts
@@ -0,0 +1,23 @@
+import { describe, expect, it } from "vitest";
+import { resolveNodePairApprovalScopes } from "./node-pairing-authz.js";
+
+describe("resolveNodePairApprovalScopes", () => {
+  it("requires operator.admin for system.run commands", () => {
+    expect(resolveNodePairApprovalScopes(["system.run"])).toEqual([
+      "operator.pairing",
+      "operator.admin",
+    ]);
+  });
+
+  it("requires operator.write for non-exec commands", () => {
+    expect(resolveNodePairApprovalScopes(["canvas.present"])).toEqual([
+      "operator.pairing",
+      "operator.write",
+    ]);
+  });
+
+  it("requires only operator.pairing without commands", () => {
+    expect(resolveNodePairApprovalScopes(undefined)).toEqual(["operator.pairing"]);
+    expect(resolveNodePairApprovalScopes([])).toEqual(["operator.pairing"]);
+  });
+});
--- a/src/infra/node-pairing.test.ts
+++ b/src/infra/node-pairing.test.ts
@@ -155,53 +155,6 @@ describe("node pairing tokens", () => {
    });
  });

-  test("requires operator.write to approve non-exec node commands", async () => {
-    await withNodePairingDir(async (baseDir) => {
-      const request = await requestNodePairing(
-        {
-          nodeId: "node-1",
-          platform: "darwin",
-          commands: ["canvas.present"],
-        },
-        baseDir,
-      );
-
-      await expect(
-        approveNodePairing(
-          request.request.requestId,
-          { callerScopes: ["operator.pairing"] },
-          baseDir,
-        ),
-      ).resolves.toEqual({
-        status: "forbidden",
-        missingScope: "operator.write",
-      });
-      await expect(
-        approveNodePairing(
-          request.request.requestId,
-          { callerScopes: ["operator.write"] },
-          baseDir,
-        ),
-      ).resolves.toEqual({
-        status: "forbidden",
-        missingScope: "operator.pairing",
-      });
-      await expect(
-        approveNodePairing(
-          request.request.requestId,
-          { callerScopes: ["operator.pairing", "operator.write"] },
-          baseDir,
-        ),
-      ).resolves.toEqual({
-        requestId: request.request.requestId,
-        node: expect.objectContaining({
-          nodeId: "node-1",
-          commands: ["canvas.present"],
-        }),
-      });
-    });
-  });
-
  test("requires operator.pairing to approve commandless node requests", async () => {
    await withNodePairingDir(async (baseDir) => {
      const request = await requestNodePairing(