openclaw/src/agents/pi-tools.sandbox-policy.test.ts

import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { createOpenClawCodingTools } from "./pi-tools.js";
import { resolveSandboxConfigForAgent } from "./sandbox/config.js";
import { createHostSandboxFsBridge } from "./test-helpers/host-sandbox-fs-bridge.js";
import { createPiToolsSandboxContext } from "./test-helpers/pi-tools-sandbox-context.js";

function listToolNames(params: {
  cfg: OpenClawConfig;
  agentId?: string;
  sessionKey?: string;
  sandboxAgentId?: string;
}): string[] {
  const workspaceDir = "/tmp/openclaw-sandbox-policy";
  const sessionKey = params.sessionKey ?? "agent:tavern:main";
  const sandboxAgentId = params.sandboxAgentId ?? params.agentId ?? "tavern";
  const sandbox = createPiToolsSandboxContext({
    workspaceDir,
    fsBridge: createHostSandboxFsBridge(workspaceDir),
    sessionKey,
    tools: resolveSandboxConfigForAgent(params.cfg, sandboxAgentId).tools,
  });
  return createOpenClawCodingTools({
    config: params.cfg,
    agentId: params.agentId,
    sessionKey,
    sandbox,
    workspaceDir,
  })
    .map((tool) => tool.name)
    .toSorted();
}

describe("pi-tools sandbox policy", () => {
  it("re-exposes omitted sandbox tools via sandbox alsoAllow", () => {
    const names = listToolNames({
      cfg: {
        agents: {
          defaults: {
            sandbox: { mode: "all", scope: "agent" },
          },
          list: [
            {
              id: "tavern",
              tools: {
                sandbox: {
                  tools: {
                    alsoAllow: ["message", "tts"],
                  },
                },
              },
            },
          ],
        },
      } as OpenClawConfig,
    });

    expect(names).toContain("message");
    expect(names).toContain("tts");
  });

  it("re-enables default-denied sandbox tools when explicitly allowed", () => {
    const names = listToolNames({
      cfg: {
        agents: {
          defaults: {
            sandbox: { mode: "all", scope: "agent" },
          },
          list: [{ id: "tavern" }],
        },
        tools: {
          sandbox: {
            tools: {
              allow: ["browser"],
            },
          },
        },
      } as OpenClawConfig,
    });

    expect(names).toContain("browser");
  });

  it("prefers the resolved sandbox context policy for legacy main session aliases", () => {
    const cfg = {
      agents: {
        defaults: {
          sandbox: { mode: "all", scope: "agent" },
        },
        list: [
          {
            id: "tavern",
            default: true,
            tools: {
              sandbox: {
                tools: {
                  allow: ["browser"],
                  alsoAllow: ["message"],
                },
              },
            },
          },
        ],
      },
    } as OpenClawConfig;

    const names = listToolNames({
      cfg,
      sessionKey: "main",
      sandboxAgentId: "tavern",
    });

    expect(names).toContain("browser");
    expect(names).toContain("message");
  });

  it("preserves allow-all semantics for allow: [] plus alsoAllow", () => {
    const names = listToolNames({
      cfg: {
        agents: {
          defaults: {
            sandbox: { mode: "all", scope: "agent" },
          },
          list: [{ id: "tavern" }],
        },
        tools: {
          sandbox: {
            tools: {
              allow: [],
              alsoAllow: ["browser"],
            },
          },
        },
      } as OpenClawConfig,
    });

    expect(names).toContain("browser");
    expect(names).toContain("read");
  });

  it("keeps explicit sandbox deny precedence over explicit allow", () => {
    const names = listToolNames({
      cfg: {
        agents: {
          defaults: {
            sandbox: { mode: "all", scope: "agent" },
          },
          list: [{ id: "tavern" }],
        },
        tools: {
          sandbox: {
            tools: {
              allow: ["browser", "message"],
              deny: ["browser"],
            },
          },
        },
      } as OpenClawConfig,
    });

    expect(names).not.toContain("browser");
    expect(names).toContain("message");
  });
});