mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-17 09:01:46 +00:00
Summary:
- Require macOS system trust before saving and accepting first-use direct `wss://` gateway TLS pins.
- Honor `gateway.remote.tlsFingerprint` in macOS direct node-mode TLS params.
- Add focused Swift coverage and update remote gateway docs/changelog.
Verification:
- Local: swiftformat --lint on touched Swift files.
- Local: git diff --check HEAD~1..HEAD.
- Local: swift test --package-path apps/shared/OpenClawKit --filter GatewayTLSPinningTests.
- Local: swift test --package-path apps/macos --filter 'MacNodeModeCoordinatorTests|GatewayEndpointStoreTests'.
- Local: PATH=/Users/buns/.nvm/versions/node/v24.13.0/bin:$PATH pnpm docs:list.
- CI: macos-node, macos-swift, check-docs, security-fast, security-scm-fast, security-dependency-audit, Opengrep OSS, and changed-path checks passed on PR head cf383fc047.
Fixes #50642.
Supersedes #50643.
10 lines
310 B
Swift
10 lines
310 B
Swift
import Testing
|
|
@testable import OpenClawKit
|
|
|
|
struct GatewayTLSPinningTests {
|
|
@Test func `first use pinning requires system trust`() {
|
|
#expect(GatewayTLSFirstUsePolicy.allowsFirstUsePin(systemTrustOk: true))
|
|
#expect(!GatewayTLSFirstUsePolicy.allowsFirstUsePin(systemTrustOk: false))
|
|
}
|
|
}
|