mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-03 04:33:43 +00:00
* docs: document markdown marker renderer * docs: document rendered markdown chunking * docs: document markdown text chunking * docs: document shared text chunking * docs: document plugin text chunking exports * docs: document avatar policy constants * docs: document node match candidates * docs: document scoped expiring id cache * docs: document runtime import normalization * docs: document string sample summaries * docs: document session usage timeseries types * docs: document session usage response types * docs: document manifest frontmatter shapes * docs: document channel route input metadata * docs: document pair loop guard settings * docs: document migration config patch helpers * docs: document api provider registry * docs: document tool call repair payloads * docs: document plugin tool payload helpers * docs: document lazy promise loader * docs: document store writer queue state * docs: document thread binding lifecycle * docs: document concurrency helper contract * docs: document gateway client info contract * docs: document delivery context contracts * docs: document secret ref defaults contract * docs: document command gating contract * docs: document avatar policy contract * docs: document node match policy * docs: document message channel normalization * docs: document boolean parsing contract * docs: document zod parse helpers * docs: document direct dm guard policy * docs: document fixed window limiter contract * docs: document node presence event contract * docs: document secret normalization contract * docs: document progress draft line removal * docs: document usage formatting contracts * docs: document agent run status contract * docs: document runtime import helpers * docs: document provider utility ownership * docs: document invalid config helpers * docs: document json compat parser * docs: document channel config metadata ownership * docs: document channel logging helpers * docs: document sender identity validation ownership * docs: document string sampling helper * docs: document global singleton helpers * docs: document transcript tool helpers * docs: document exec safe-bin normalization * docs: document reaction level resolver * docs: document account snapshot redaction boundary * docs: document messaging target helpers * docs: document thread binding messages * docs: document conversation binding context * docs: document conversation resolution helper * docs: document owner display secret retention * docs: document provider request config types * docs: document skills config types * docs: document memory config types * docs: document imessage config types * docs: document crestodian config types * docs: document tools config policies * docs: document shared config base types * docs: document channel config contracts * docs: document openclaw config state types * docs: document model config contracts * docs: document shared agent config types * docs: document agent defaults config types * docs: document secret input contracts * docs: document auth config contracts * docs: document gateway config contracts * docs: document tool call stream repair contracts * docs: document memory host facades * docs: document llm core contracts * docs: document markdown core contracts * docs: document gateway connect error contracts * docs: document gateway protocol primitives * docs: document gateway frame schemas * docs: document gateway device schemas * docs: document gateway environment schemas * docs: document gateway push schemas * docs: document gateway plugin schemas * docs: document gateway artifact schemas * docs: document gateway command schemas * docs: document gateway task schemas * docs: document gateway exec approval schemas * docs: document gateway secret schemas * docs: document gateway config schemas * docs: document gateway snapshot schemas * docs: document gateway chat schemas * docs: document gateway wizard schemas * docs: document gateway node schemas * docs: document gateway plugin approval schemas * docs: document gateway talk schemas * docs: document gateway agent schemas * docs: document gateway session schemas * docs: document gateway cron schemas * docs: document gateway agent model skill schemas * docs: document gateway skill proposal tool schemas * docs: document gateway protocol registry * docs: document gateway channel status schemas * docs: document gateway schema regression tests * docs: document gateway schema barrel * docs: document gateway validator tests * docs: document gateway primitive push tests * docs: document gateway contract tests * docs: document native protocol guard * docs: document channel schema tests * docs: document gateway protocol smoke tests * docs: document gateway protocol entrypoint * docs: document gateway protocol type exports * docs: document gateway error codes * docs: document protocol schema registry * docs: document talk audio codec * docs: document talk activation names * docs: document talk consult questions * docs: document talk consult tool * docs: document talk run control contracts * docs: document talk run control adapter * docs: document talkback consult queue * docs: document talk consult transcript guard * docs: document talk fast context runtime * docs: document forced talk consult coordinator * docs: document talk output activity tracker * docs: document talk event metrics * docs: document talk diagnostics * docs: document talk observability hook * docs: document talk provider resolver * docs: document talk provider registry * docs: document talk runtime primitives * docs: document talk consult controller logs * docs: document channel identity helpers * docs: document channel account allowlist helpers * docs: document channel metadata draft controls * docs: document channel ingress policy * docs: document channel sender access gates * docs: document channel catalog message contracts * docs: document channel account plugin helpers * docs: document configured binding helpers * docs: document channel acp approval config helpers * docs: document channel bundled config write helpers * docs: document channel plugin utility contracts * docs: document channel config access helpers * docs: document channel message action helpers * docs: document channel outbound runtime helpers * docs: document channel pairing promotion helpers * docs: document channel registry helpers * docs: document channel setup wizard helpers * docs: document channel lifecycle status helpers * docs: document channel target thread helpers * docs: document channel session binding helpers * docs: document channel package module probes * docs: document channel setup wizard contracts * docs: document channel plugin API barrels * docs: document channel contract test helpers * docs: document channel core helpers * docs: document small core facades * docs: document provider runtime helpers * docs: document persistence and realtime helpers * docs: document mcp and state helpers * docs: document tool planner contracts * docs: document music generation runtime * docs: document crestodian command flow * docs: document utility helpers * docs: document node host helpers * docs: document transcript contracts * docs: document trajectory export contracts * docs: document image generation contracts * docs: document routing helper contracts * docs: document session helper contracts * docs: document video generation contracts * docs: document model catalog contracts * docs: document proxy capture contracts * docs: document status rendering contracts * docs: document test helper contracts * docs: document wizard setup contracts * docs: document process contracts * docs: document memory host sdk contracts * docs: document tts contracts * docs: document secrets runtime contracts * docs: document shared helper contracts * docs: document hook runtime contracts * docs: document security audit contracts * docs: document flow contracts * docs: document media understanding contracts * docs: document tui contracts * docs: document logging contracts * docs: document llm contracts * docs: document cron contracts * docs: document daemon contracts * docs: document task contracts * docs: document acp contracts * docs: document test utility contracts * docs: document skill contracts * docs: document config contracts * docs: document outbound infra contracts * docs: document command analysis contracts * docs: document provider usage infra contracts * docs: document file safety infra contracts * docs: document exec approval infra contracts * docs: document gateway runtime infra contracts * docs: document infra utility contracts * docs: document infra queue storage contracts * docs: document heartbeat infra contracts * docs: document remaining infra contracts * docs: document gateway auth contracts * docs: document gateway display helpers * docs: document gateway http helpers * docs: document gateway node helpers * docs: document gateway mcp helpers * docs: document gateway support helpers * docs: document gateway server runtime helpers * docs: document gateway runtime bootstrap helpers * docs: document gateway session events * docs: document gateway utility helpers * docs: document gateway talk helpers * docs: document gateway helper contracts * docs: document gateway server method helpers * docs: document gateway server auth helpers * docs: document gateway server tests * docs: document gateway test helpers * docs: document gateway node tests * docs: document gateway channel tests * docs: document gateway session tests * docs: document gateway server startup tests * docs: document gateway tool test helpers * docs: document gateway server test helpers * docs: document gateway server method tests * docs: document remaining gateway tests * docs: document plugin sdk public subpaths * docs: document plugin sdk runtime helpers * docs: document plugin sdk memory provider helpers * docs: document plugin sdk runtime facades * docs: document plugin sdk command approval helpers * docs: document plugin sdk runtime types * docs: document plugin sdk browser account helpers * docs: document plugin sdk media memory helpers * docs: document plugin sdk core tests * docs: document plugin sdk contract helpers * docs: document plugin sdk test helpers * docs: document remaining plugin sdk tests * docs: document cli utility helpers * docs: document cli runtime helpers * docs: document cli command registration helpers * docs: document node cli helpers * docs: document cli program registration * docs: document message cli registration * docs: document daemon cli helpers * docs: document cli route parsers
660 lines
18 KiB
TypeScript
660 lines
18 KiB
TypeScript
/**
|
|
* Tests native approval routing helpers and target matching logic.
|
|
*/
|
|
import { describe, expect, it } from "vitest";
|
|
import {
|
|
createChannelApproverDmTargetResolver,
|
|
createChannelNativeOriginTargetResolver,
|
|
createNativeApprovalChannelRouteGates,
|
|
createNativeApprovalForwardingFallbackSuppressor,
|
|
type NativeApprovalTarget,
|
|
nativeApprovalTargetsMatch,
|
|
shouldSuppressLocalNativeExecApprovalPrompt,
|
|
} from "./approval-native-helpers.js";
|
|
import type { OpenClawConfig } from "./config-runtime.js";
|
|
|
|
const EMPTY_SESSION_CFG = {
|
|
session: {
|
|
store: ".artifacts/test/approval-native-helpers-empty-sessions.json",
|
|
},
|
|
} satisfies OpenClawConfig;
|
|
|
|
function createMatrixRouteGates(options?: {
|
|
enabledAccounts?: readonly string[];
|
|
accountIds?: readonly string[];
|
|
defaultAccountId?: string;
|
|
}) {
|
|
const enabledAccounts = new Set(options?.enabledAccounts ?? ["default"]);
|
|
return createNativeApprovalChannelRouteGates<NativeApprovalTarget>({
|
|
channel: "matrix",
|
|
defaultForwardingMode: "session",
|
|
isTransportEnabled: ({ accountId }) => enabledAccounts.has(accountId ?? "default"),
|
|
listAccountIds: () => options?.accountIds ?? ["default"],
|
|
resolveDefaultAccountId: () => options?.defaultAccountId ?? "default",
|
|
normalizeForwardTarget: (target) =>
|
|
target.channel === "matrix"
|
|
? {
|
|
to: target.to,
|
|
accountId: target.accountId ?? undefined,
|
|
threadId: target.threadId ?? undefined,
|
|
}
|
|
: null,
|
|
resolveTurnSourceTarget: (request) =>
|
|
request.request.turnSourceChannel === "matrix" && request.request.turnSourceTo
|
|
? {
|
|
to: request.request.turnSourceTo,
|
|
accountId: request.request.turnSourceAccountId ?? undefined,
|
|
threadId: request.request.turnSourceThreadId ?? undefined,
|
|
}
|
|
: null,
|
|
});
|
|
}
|
|
|
|
const matrixExecRequest = {
|
|
id: "req-1",
|
|
request: {
|
|
agentId: "agent-a",
|
|
command: "echo hi",
|
|
sessionKey: "agent:agent-a:matrix:room-1",
|
|
turnSourceAccountId: "default",
|
|
turnSourceChannel: "matrix",
|
|
turnSourceTo: "room-1",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
} as const;
|
|
|
|
const matrixPluginRequest = {
|
|
id: "plugin:req-1",
|
|
request: {
|
|
agentId: "agent-a",
|
|
description: "Allow access",
|
|
sessionKey: "agent:agent-a:matrix:room-1",
|
|
title: "Plugin approval",
|
|
turnSourceAccountId: "default",
|
|
turnSourceChannel: "matrix",
|
|
turnSourceTo: "room-1",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
} as const;
|
|
|
|
describe("createNativeApprovalChannelRouteGates", () => {
|
|
it("separates session-native and explicit target routing by approval family", () => {
|
|
const gates = createMatrixRouteGates();
|
|
const cfg = {
|
|
approvals: {
|
|
exec: {
|
|
enabled: true,
|
|
mode: "targets",
|
|
targets: [{ channel: "matrix", to: "room-1" }],
|
|
},
|
|
plugin: {
|
|
enabled: true,
|
|
mode: "session",
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig;
|
|
|
|
expect(
|
|
gates.canApprovalPotentiallyRouteToChannel({
|
|
cfg,
|
|
approvalKind: "exec",
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
gates.canApprovalPotentiallyRouteToChannel({
|
|
cfg,
|
|
approvalKind: "exec",
|
|
nativeSessionOnly: true,
|
|
}),
|
|
).toBe(false);
|
|
expect(
|
|
gates.canApprovalPotentiallyRouteToChannel({
|
|
cfg,
|
|
approvalKind: "plugin",
|
|
nativeSessionOnly: true,
|
|
}),
|
|
).toBe(true);
|
|
expect(gates.isNativeApprovalHandlerConfigured({ cfg })).toBe(true);
|
|
|
|
expect(
|
|
gates.shouldHandleApprovalRequest({
|
|
cfg,
|
|
request: matrixExecRequest,
|
|
}),
|
|
).toBe(false);
|
|
expect(
|
|
gates.shouldHandleApprovalRequest({
|
|
cfg,
|
|
request: matrixPluginRequest,
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
gates.isExplicitTargetEligible({
|
|
cfg,
|
|
approvalKind: "exec",
|
|
request: matrixExecRequest,
|
|
target: { channel: "matrix", to: "room-1", source: "target" },
|
|
}),
|
|
).toBe(true);
|
|
});
|
|
|
|
it("applies forwarding filters before accepting a session route", () => {
|
|
const gates = createMatrixRouteGates();
|
|
const cfg = {
|
|
approvals: {
|
|
exec: {
|
|
enabled: true,
|
|
agentFilter: ["agent-a"],
|
|
sessionFilter: ["matrix:room"],
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig;
|
|
|
|
expect(
|
|
gates.isSessionApprovalEligible({
|
|
cfg,
|
|
approvalKind: "exec",
|
|
request: matrixExecRequest,
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
gates.isSessionApprovalEligible({
|
|
cfg,
|
|
approvalKind: "exec",
|
|
request: {
|
|
...matrixExecRequest,
|
|
request: {
|
|
...matrixExecRequest.request,
|
|
agentId: "agent-b",
|
|
sessionKey: "agent:agent-b:matrix:room-1",
|
|
},
|
|
},
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
|
|
it("uses default and single-enabled account fallback for unscoped targets", () => {
|
|
const cfg = {
|
|
approvals: {
|
|
exec: {
|
|
enabled: true,
|
|
mode: "targets",
|
|
targets: [{ channel: "matrix", to: "room-1" }],
|
|
},
|
|
},
|
|
} satisfies OpenClawConfig;
|
|
const target = { channel: "matrix", to: "room-1", source: "target" } as const;
|
|
|
|
expect(
|
|
createMatrixRouteGates({
|
|
accountIds: ["default", "work"],
|
|
enabledAccounts: ["default", "work"],
|
|
}).isExplicitTargetEligible({
|
|
cfg,
|
|
accountId: "default",
|
|
approvalKind: "exec",
|
|
request: matrixExecRequest,
|
|
target,
|
|
}),
|
|
).toBe(true);
|
|
|
|
expect(
|
|
createMatrixRouteGates({
|
|
accountIds: ["default", "work"],
|
|
enabledAccounts: ["work"],
|
|
}).isExplicitTargetEligible({
|
|
cfg,
|
|
accountId: "work",
|
|
approvalKind: "exec",
|
|
request: matrixExecRequest,
|
|
target,
|
|
}),
|
|
).toBe(true);
|
|
|
|
expect(
|
|
createMatrixRouteGates({
|
|
accountIds: ["default", "work"],
|
|
enabledAccounts: ["default", "work"],
|
|
}).isExplicitTargetEligible({
|
|
cfg,
|
|
accountId: "work",
|
|
approvalKind: "exec",
|
|
request: matrixExecRequest,
|
|
target,
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
});
|
|
|
|
describe("createChannelNativeOriginTargetResolver", () => {
|
|
it("reuses shared turn-source routing and respects shouldHandle gating", () => {
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<NativeApprovalTarget>({
|
|
channel: "matrix",
|
|
shouldHandleRequest: ({ accountId }) => accountId === "ops",
|
|
resolveTurnSourceTarget: (request) => ({
|
|
to: String(request.request.turnSourceTo),
|
|
threadId: request.request.turnSourceThreadId ?? undefined,
|
|
}),
|
|
resolveSessionTarget: (sessionTarget) => ({
|
|
to: sessionTarget.to,
|
|
threadId: sessionTarget.threadId,
|
|
}),
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
accountId: "ops",
|
|
request: {
|
|
id: "plugin:req-1",
|
|
request: {
|
|
title: "Plugin approval",
|
|
description: "Allow access",
|
|
turnSourceChannel: "matrix",
|
|
turnSourceTo: "room:!room:example.org",
|
|
turnSourceThreadId: "t1",
|
|
turnSourceAccountId: "ops",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({
|
|
to: "room:!room:example.org",
|
|
threadId: "t1",
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
accountId: "other",
|
|
request: {
|
|
id: "plugin:req-1",
|
|
request: {
|
|
title: "Plugin approval",
|
|
description: "Allow access",
|
|
turnSourceChannel: "matrix",
|
|
turnSourceTo: "room:!room:example.org",
|
|
turnSourceThreadId: "t1",
|
|
turnSourceAccountId: "ops",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toBeNull();
|
|
});
|
|
|
|
it("uses shared route semantics for the default target matcher", () => {
|
|
expect(
|
|
nativeApprovalTargetsMatch({
|
|
channel: "telegram",
|
|
left: { to: "-100123", threadId: 42.9 },
|
|
right: { to: "-100123", threadId: "42" },
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
nativeApprovalTargetsMatch({
|
|
channel: "telegram",
|
|
left: { to: "-100123", accountId: "work" },
|
|
right: { to: "-100123" },
|
|
}),
|
|
).toBe(false);
|
|
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<NativeApprovalTarget>({
|
|
channel: "telegram",
|
|
resolveTurnSourceTarget: () => ({ to: "-100123", threadId: 42.9 }),
|
|
resolveSessionTarget: () => ({ to: "-100123", threadId: "42" }),
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
request: {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
turnSourceChannel: "telegram",
|
|
turnSourceTo: "-100123",
|
|
turnSourceThreadId: 42.9,
|
|
turnSourceAccountId: "default",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({ to: "-100123", threadId: 42.9 });
|
|
});
|
|
|
|
it("normalizes resolved targets before matching origin candidates", () => {
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<NativeApprovalTarget>({
|
|
channel: "slack",
|
|
resolveTurnSourceTarget: () => ({ to: "CHANNEL:C1", threadId: "171234.567890" }),
|
|
resolveSessionTarget: () => ({ to: "channel:c1", threadId: "171234.567890" }),
|
|
normalizeTarget: (target) => ({
|
|
...target,
|
|
to: target.to.toLowerCase(),
|
|
}),
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
request: {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
turnSourceChannel: "slack",
|
|
turnSourceTo: "CHANNEL:C1",
|
|
turnSourceThreadId: "171234.567890",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({ to: "channel:c1", threadId: "171234.567890" });
|
|
});
|
|
|
|
it("normalizes custom target shapes before invoking a custom matcher", () => {
|
|
type ProviderTarget = { id: string; shard?: string };
|
|
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<ProviderTarget>({
|
|
channel: "custom",
|
|
resolveTurnSourceTarget: () => ({ id: "ROOM-1", shard: "a" }),
|
|
resolveSessionTarget: () => ({ id: "room-1", shard: "b" }),
|
|
normalizeTarget: (target) => ({ ...target, id: target.id.toLowerCase() }),
|
|
targetsMatch: (left, right) => left.id === right.id,
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
request: {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
sessionKey: "agent:main:custom:room-1",
|
|
turnSourceChannel: "custom",
|
|
turnSourceTo: "ROOM-1",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({ id: "room-1", shard: "a" });
|
|
});
|
|
|
|
it("normalizes only match inputs when delivery targets must stay provider-native", () => {
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<NativeApprovalTarget>({
|
|
channel: "slack",
|
|
resolveTurnSourceTarget: () => ({ to: "channel:C1", threadId: "171234.567890" }),
|
|
resolveSessionTarget: () => ({ to: "channel:c1", threadId: "171234.567890" }),
|
|
normalizeTargetForMatch: (target) => ({
|
|
...target,
|
|
to: target.to.toLowerCase(),
|
|
}),
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
request: {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
turnSourceChannel: "slack",
|
|
turnSourceTo: "channel:C1",
|
|
turnSourceThreadId: "171234.567890",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({ to: "channel:C1", threadId: "171234.567890" });
|
|
});
|
|
|
|
it("keeps custom target matchers generic", () => {
|
|
type ProviderTarget = { id: string; shard?: string };
|
|
|
|
const resolveOriginTarget = createChannelNativeOriginTargetResolver<ProviderTarget>({
|
|
channel: "custom",
|
|
resolveTurnSourceTarget: () => ({ id: "room-1", shard: "a" }),
|
|
resolveSessionTarget: () => ({ id: "room-1", shard: "b" }),
|
|
targetsMatch: (left, right) => left.id === right.id,
|
|
});
|
|
|
|
expect(
|
|
resolveOriginTarget({
|
|
cfg: EMPTY_SESSION_CFG,
|
|
request: {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
sessionKey: "agent:main:custom:room-1",
|
|
turnSourceChannel: "custom",
|
|
turnSourceTo: "room-1",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual({ id: "room-1", shard: "a" });
|
|
});
|
|
});
|
|
|
|
describe("createChannelApproverDmTargetResolver", () => {
|
|
it("filters null targets and skips delivery when shouldHandle rejects the request", () => {
|
|
const resolveApproverDmTargets = createChannelApproverDmTargetResolver({
|
|
shouldHandleRequest: ({ approvalKind }) => approvalKind === "exec",
|
|
resolveApprovers: () => ["owner-1", "owner-2", "skip-me"],
|
|
mapApprover: (approver) =>
|
|
approver === "skip-me"
|
|
? null
|
|
: {
|
|
to: `user:${approver}`,
|
|
},
|
|
});
|
|
|
|
expect(
|
|
resolveApproverDmTargets({
|
|
cfg: {},
|
|
accountId: "default",
|
|
approvalKind: "exec",
|
|
request: {
|
|
id: "req-1",
|
|
request: { command: "echo hi" },
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toEqual([{ to: "user:owner-1" }, { to: "user:owner-2" }]);
|
|
|
|
expect(
|
|
resolveApproverDmTargets({
|
|
cfg: {},
|
|
accountId: "default",
|
|
approvalKind: "plugin",
|
|
request: {
|
|
id: "plugin:req-1",
|
|
request: { title: "Plugin approval", description: "Allow access" },
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
},
|
|
}),
|
|
).toStrictEqual([]);
|
|
});
|
|
});
|
|
|
|
describe("createNativeApprovalForwardingFallbackSuppressor", () => {
|
|
const execRequest = {
|
|
id: "req-1",
|
|
request: {
|
|
command: "echo hi",
|
|
turnSourceChannel: "matrix",
|
|
turnSourceTo: "room-1",
|
|
turnSourceAccountId: "default",
|
|
},
|
|
createdAtMs: 0,
|
|
expiresAtMs: 1000,
|
|
};
|
|
|
|
function createSuppressor(
|
|
overrides: Partial<Parameters<typeof createNativeApprovalForwardingFallbackSuppressor>[0]> = {},
|
|
) {
|
|
return createNativeApprovalForwardingFallbackSuppressor({
|
|
channel: "matrix",
|
|
normalizeForwardTarget: (target) =>
|
|
target.channel === "matrix"
|
|
? { to: target.to, accountId: target.accountId ?? undefined }
|
|
: null,
|
|
resolveForwardingTargetForMatch: ({ forwardingTarget, accountId }) => ({
|
|
...forwardingTarget,
|
|
accountId,
|
|
}),
|
|
isSessionRouteEligible: ({ approvalKind }) => approvalKind === "exec",
|
|
resolveOriginTarget: () => ({ to: "room-1", accountId: "default" }),
|
|
resolveApproverDmTargets: () => [{ to: "user-1", accountId: "default" }],
|
|
...overrides,
|
|
});
|
|
}
|
|
|
|
it("suppresses session forwarding only when a native origin or approver DM matches", () => {
|
|
const shouldSuppress = createSuppressor();
|
|
|
|
expect(
|
|
shouldSuppress({
|
|
cfg: {},
|
|
approvalKind: "exec",
|
|
target: { channel: "matrix", to: "room-1", source: "session" },
|
|
request: execRequest,
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
shouldSuppress({
|
|
cfg: {},
|
|
approvalKind: "exec",
|
|
target: { channel: "matrix", to: "user-1", source: "session" },
|
|
request: execRequest,
|
|
}),
|
|
).toBe(true);
|
|
expect(
|
|
shouldSuppress({
|
|
cfg: {},
|
|
approvalKind: "exec",
|
|
target: { channel: "matrix", to: "other-room", source: "session" },
|
|
request: execRequest,
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
|
|
it("requires explicit-target eligibility before suppressing target forwarding", () => {
|
|
expect(
|
|
createSuppressor()({
|
|
cfg: {},
|
|
approvalKind: "exec",
|
|
target: { channel: "matrix", to: "room-1", source: "target" },
|
|
request: execRequest,
|
|
}),
|
|
).toBe(false);
|
|
|
|
expect(
|
|
createSuppressor({
|
|
isExplicitTargetEligible: () => true,
|
|
})({
|
|
cfg: {},
|
|
approvalKind: "exec",
|
|
target: { channel: "matrix", to: "room-1", source: "target" },
|
|
request: execRequest,
|
|
}),
|
|
).toBe(true);
|
|
});
|
|
});
|
|
|
|
describe("shouldSuppressLocalNativeExecApprovalPrompt", () => {
|
|
const payload = {
|
|
text: "Approval required.",
|
|
channelData: {
|
|
execApproval: {
|
|
approvalId: "12345678-1234-1234-1234-123456789012",
|
|
approvalSlug: "12345678",
|
|
approvalKind: "exec",
|
|
agentId: "main",
|
|
sessionKey: "agent:main:discord:direct:123",
|
|
},
|
|
},
|
|
};
|
|
const activeExecHint = {
|
|
kind: "approval-pending",
|
|
approvalKind: "exec",
|
|
nativeRouteActive: true,
|
|
} as const;
|
|
|
|
it("supports strict top-level native exec suppression", () => {
|
|
expect(
|
|
shouldSuppressLocalNativeExecApprovalPrompt({
|
|
cfg: {
|
|
approvals: {
|
|
exec: {
|
|
enabled: true,
|
|
agentFilter: ["main"],
|
|
},
|
|
},
|
|
},
|
|
payload,
|
|
hint: activeExecHint,
|
|
isTransportEnabled: () => true,
|
|
}),
|
|
).toBe(true);
|
|
|
|
expect(
|
|
shouldSuppressLocalNativeExecApprovalPrompt({
|
|
cfg: {
|
|
approvals: {
|
|
exec: {
|
|
enabled: true,
|
|
agentFilter: ["other"],
|
|
},
|
|
},
|
|
},
|
|
payload,
|
|
hint: activeExecHint,
|
|
isTransportEnabled: () => true,
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
|
|
it("supports channel-specific native exec client gates", () => {
|
|
expect(
|
|
shouldSuppressLocalNativeExecApprovalPrompt({
|
|
cfg: {},
|
|
payload,
|
|
hint: activeExecHint,
|
|
isNativeDeliveryEnabled: () => true,
|
|
resolveApprovalConfig: () => ({
|
|
enabled: true,
|
|
sessionFilter: ["discord:direct"],
|
|
}),
|
|
enforceForwardingMode: false,
|
|
fallbackAgentIdFromSessionKey: false,
|
|
}),
|
|
).toBe(true);
|
|
|
|
expect(
|
|
shouldSuppressLocalNativeExecApprovalPrompt({
|
|
cfg: {},
|
|
payload,
|
|
hint: activeExecHint,
|
|
isNativeDeliveryEnabled: () => false,
|
|
resolveApprovalConfig: () => ({
|
|
enabled: true,
|
|
sessionFilter: ["discord:direct"],
|
|
}),
|
|
enforceForwardingMode: false,
|
|
fallbackAgentIdFromSessionKey: false,
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
});
|