vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-03-12 07:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
00fd57b8f56d6a67094034c36dbc1e829e3a6eef
openclaw/src/agents/pi-tools.policy.test.ts
Peter Steinberger 00fd57b8f5 fix: honor wildcard tool allowlists
2026-01-24 01:30:44 +00:00

37 lines
1.3 KiB
TypeScript
Raw Blame History

import type { AgentTool, AgentToolResult } from "@mariozechner/pi-agent-core";
import { describe, expect, it } from "vitest";
import { filterToolsByPolicy, isToolAllowedByPolicyName } from "./pi-tools.policy.js";
function createStubTool(name: string): AgentTool<unknown, unknown> {
return {
name,
label: name,
description: "",
parameters: {},
execute: async () => ({}) as AgentToolResult<unknown>,
};
}
describe("pi-tools.policy", () => {
it("treats * in allow as allow-all", () => {
const tools = [createStubTool("read"), createStubTool("exec")];
const filtered = filterToolsByPolicy(tools, { allow: ["*"] });
expect(filtered.map((tool) => tool.name)).toEqual(["read", "exec"]);
});
it("treats * in deny as deny-all", () => {
const tools = [createStubTool("read"), createStubTool("exec")];
const filtered = filterToolsByPolicy(tools, { deny: ["*"] });
expect(filtered).toEqual([]);
});
it("supports wildcard allow/deny patterns", () => {
expect(isToolAllowedByPolicyName("web_fetch", { allow: ["web_*"] })).toBe(true);
expect(isToolAllowedByPolicyName("web_search", { deny: ["web_*"] })).toBe(false);
});
it("keeps apply_patch when exec is allowlisted", () => {
expect(isToolAllowedByPolicyName("apply_patch", { allow: ["exec"] })).toBe(true);
});
});
Reference in New Issue View Git Blame Copy Permalink