test(matrix): cover native Windows file semantics

extensions/matrix/src/legacy-crypto-inspector-availability.test.ts

@@ -1,3 +1,4 @@
+import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";
 
 const availabilityState = vi.hoisted(() => ({
@@ -37,10 +38,11 @@ describe("isMatrixLegacyCryptoInspectorAvailable", () => {
   });
 
   it("detects the source inspector module directly", () => {
-    availabilityState.currentFilePath =
-      "/virtual/extensions/matrix/src/legacy-crypto-inspector-availability.js";
+    availabilityState.currentFilePath = path.resolve(
+      "/virtual/extensions/matrix/src/legacy-crypto-inspector-availability.js",
+    );
     availabilityState.existingPaths.add(
-      "/virtual/extensions/matrix/src/matrix/legacy-crypto-inspector.ts",
+      path.resolve("/virtual/extensions/matrix/src/matrix/legacy-crypto-inspector.ts"),
     );
 
     expect(isMatrixLegacyCryptoInspectorAvailable()).toBe(true);

extensions/matrix/src/matrix/credentials.test.ts

@@ -21,6 +21,8 @@ const DEFAULT_LEGACY_CREDENTIALS = {
   createdAt: "2026-03-01T10:00:00.000Z",
 };
 
+const EXPECTS_POSIX_PRIVATE_FILE_MODE = process.platform !== "win32";
+
 describe("matrix credentials storage", () => {
   const tempDirs: string[] = [];
 
@@ -74,7 +76,9 @@ describe("matrix credentials storage", () => {
     expect(fs.existsSync(credPath)).toBe(true);
     expect(credPath).toBe(path.join(stateDir, "credentials", "matrix", "credentials-ops.json"));
     const mode = fs.statSync(credPath).mode & 0o777;
-    expect(mode).toBe(0o600);
+    if (EXPECTS_POSIX_PRIVATE_FILE_MODE) {
+      expect(mode).toBe(0o600);
+    }
   });
 
   it("touch updates lastUsedAt while preserving createdAt", async () => {

extensions/matrix/src/matrix/sdk/idb-persistence.test.ts

@@ -19,6 +19,7 @@ const DATABASE_PREFIX = "openclaw-matrix-persistence-test";
 const OTHER_DATABASE_PREFIX = "openclaw-matrix-persistence-other-test";
 const cryptoDatabaseName = `${DATABASE_PREFIX}::matrix-sdk-crypto`;
 const otherCryptoDatabaseName = `${OTHER_DATABASE_PREFIX}::matrix-sdk-crypto`;
+const EXPECTS_POSIX_PRIVATE_FILE_MODE = process.platform !== "win32";
 
 async function clearTestIndexedDbState(): Promise<void> {
   await clearAllIndexedDbState({ databasePrefix: DATABASE_PREFIX });
@@ -62,7 +63,9 @@ describe("Matrix IndexedDB persistence", () => {
     expect(fs.existsSync(snapshotPath)).toBe(true);
 
     const mode = fs.statSync(snapshotPath).mode & 0o777;
-    expect(mode).toBe(0o600);
+    if (EXPECTS_POSIX_PRIVATE_FILE_MODE) {
+      expect(mode).toBe(0o600);
+    }
 
     await clearTestIndexedDbState();
 

extensions/matrix/src/matrix/sdk/recovery-key-store.test.ts

@@ -11,6 +11,8 @@ function createTempRecoveryKeyPath(): string {
   return path.join(dir, "recovery-key.json");
 }
 
+const EXPECTS_POSIX_PRIVATE_FILE_MODE = process.platform !== "win32";
+
 function createGeneratedRecoveryKey(params: {
   keyId: string;
   name: string;
@@ -133,7 +135,9 @@ describe("MatrixRecoveryKeyStore", () => {
     expect(saved.privateKeyBase64).toBe(Buffer.from([9, 8, 7]).toString("base64"));
 
     const mode = fs.statSync(recoveryKeyPath).mode & 0o777;
-    expect(mode).toBe(0o600);
+    if (EXPECTS_POSIX_PRIVATE_FILE_MODE) {
+      expect(mode).toBe(0o600);
+    }
   });
 
   it("creates and persists a recovery key when secret storage is missing", async () => {