vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-06-04 00:54:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
3ef2935ac9f28b5136bfd2edfbdefc9b41997adf
openclaw/src/agents/exec-defaults.test.ts
joshavant 80227005a0 feat(exec): add normalized auto mode 
Co-authored-by: Vincent Koc <25068+vincentkoc@users.noreply.github.com>
Co-authored-by: jesse-merhi <79823012+jesse-merhi@users.noreply.github.com>
2026-05-30 00:04:06 +10:00

305 lines
6.8 KiB
TypeScript
Raw Blame History

import { beforeEach, describe, expect, it, vi } from "vitest";
import type { SessionEntry } from "../config/sessions.js";
import * as execApprovals from "../infra/exec-approvals.js";
import { canExecRequestNode, resolveExecDefaults } from "./exec-defaults.js";
describe("resolveExecDefaults", () => {
beforeEach(() => {
vi.restoreAllMocks();
vi.spyOn(execApprovals, "loadExecApprovals").mockReturnValue({
version: 1,
agents: {},
});
});
it("does not advertise node routing when exec host is pinned to gateway", () => {
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "gateway",
},
},
},
sandboxAvailable: false,
}).canRequestNode,
).toBe(false);
});
it("does not advertise node routing when exec host is auto and sandbox is available", () => {
const defaults = resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: true,
});
expect(defaults.host).toBe("auto");
expect(defaults.effectiveHost).toBe("sandbox");
expect(defaults.canRequestNode).toBe(false);
});
it("keeps node routing available when exec host is auto without sandbox", () => {
const defaults = resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: false,
});
expect(defaults.host).toBe("auto");
expect(defaults.effectiveHost).toBe("gateway");
expect(defaults.canRequestNode).toBe(true);
});
it("honors session-level exec host overrides", () => {
const sessionEntry = {
execHost: "node",
} as SessionEntry;
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "gateway",
},
},
},
sessionEntry,
sandboxAvailable: false,
}).canRequestNode,
).toBe(true);
});
it("uses host approval defaults for gateway when exec policy is unset", () => {
const defaults = resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: false,
});
expect(defaults.host).toBe("auto");
expect(defaults.effectiveHost).toBe("gateway");
expect(defaults.mode).toBe("full");
expect(defaults.security).toBe("full");
expect(defaults.ask).toBe("off");
});
it("keeps sandbox deny by default when auto resolves to sandbox", () => {
const defaults = resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: true,
});
expect(defaults.host).toBe("auto");
expect(defaults.effectiveHost).toBe("sandbox");
expect(defaults.mode).toBe("deny");
expect(defaults.security).toBe("deny");
expect(defaults.ask).toBe("off");
});
it("ignores host approval defaults when auto resolves to sandbox", () => {
vi.mocked(execApprovals.loadExecApprovals).mockReturnValue({
version: 1,
defaults: {
security: "full",
ask: "always",
},
agents: {},
});
const defaults = resolveExecDefaults({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: true,
});
expect(defaults.effectiveHost).toBe("sandbox");
expect(defaults.security).toBe("deny");
expect(defaults.ask).toBe("off");
expect(execApprovals.loadExecApprovals).not.toHaveBeenCalled();
});
it("maps normalized auto mode to allowlist plus on-miss approvals", () => {
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
mode: "auto",
},
},
},
sandboxAvailable: false,
}),
).toMatchObject({
mode: "auto",
security: "allowlist",
ask: "on-miss",
});
});
it("reports host approval floors after normalized exec modes", () => {
vi.mocked(execApprovals.loadExecApprovals).mockReturnValue({
version: 1,
defaults: {
security: "deny",
ask: "off",
},
agents: {},
});
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
mode: "auto",
},
},
},
sandboxAvailable: false,
}),
).toMatchObject({
mode: "deny",
security: "deny",
ask: "on-miss",
});
});
it("reports agent-scoped host approval floors", () => {
vi.mocked(execApprovals.loadExecApprovals).mockReturnValue({
version: 1,
agents: {
"agent-a": {
security: "full",
ask: "always",
},
},
});
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
mode: "full",
},
},
},
agentId: "agent-a",
sandboxAvailable: false,
}),
).toMatchObject({
mode: "ask",
security: "full",
ask: "always",
});
});
it("keeps legacy security overrides ahead of higher-scope normalized mode", () => {
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
mode: "auto",
},
},
agents: {
list: [
{
id: "agent-a",
tools: {
exec: {
security: "full",
ask: "off",
},
},
},
],
},
},
agentId: "agent-a",
sandboxAvailable: false,
}),
).toMatchObject({
mode: "full",
security: "full",
ask: "off",
});
});
it("preserves mode-derived security for partial legacy agent overrides", () => {
expect(
resolveExecDefaults({
cfg: {
tools: {
exec: {
mode: "auto",
},
},
agents: {
list: [
{
id: "agent-a",
tools: {
exec: {
ask: "off",
},
},
},
],
},
},
agentId: "agent-a",
sandboxAvailable: false,
}),
).toMatchObject({
mode: "allowlist",
security: "allowlist",
ask: "off",
});
});
it("blocks node advertising in helper calls when sandbox is available", () => {
expect(
canExecRequestNode({
cfg: {
tools: {
exec: {
host: "auto",
},
},
},
sandboxAvailable: true,
}),
).toBe(false);
});
});
Reference in New Issue View Git Blame Copy Permalink