mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-16 19:21:40 +00:00
* docs: document markdown marker renderer * docs: document rendered markdown chunking * docs: document markdown text chunking * docs: document shared text chunking * docs: document plugin text chunking exports * docs: document avatar policy constants * docs: document node match candidates * docs: document scoped expiring id cache * docs: document runtime import normalization * docs: document string sample summaries * docs: document session usage timeseries types * docs: document session usage response types * docs: document manifest frontmatter shapes * docs: document channel route input metadata * docs: document pair loop guard settings * docs: document migration config patch helpers * docs: document api provider registry * docs: document tool call repair payloads * docs: document plugin tool payload helpers * docs: document lazy promise loader * docs: document store writer queue state * docs: document thread binding lifecycle * docs: document concurrency helper contract * docs: document gateway client info contract * docs: document delivery context contracts * docs: document secret ref defaults contract * docs: document command gating contract * docs: document avatar policy contract * docs: document node match policy * docs: document message channel normalization * docs: document boolean parsing contract * docs: document zod parse helpers * docs: document direct dm guard policy * docs: document fixed window limiter contract * docs: document node presence event contract * docs: document secret normalization contract * docs: document progress draft line removal * docs: document usage formatting contracts * docs: document agent run status contract * docs: document runtime import helpers * docs: document provider utility ownership * docs: document invalid config helpers * docs: document json compat parser * docs: document channel config metadata ownership * docs: document channel logging helpers * docs: document sender identity validation ownership * docs: document string sampling helper * docs: document global singleton helpers * docs: document transcript tool helpers * docs: document exec safe-bin normalization * docs: document reaction level resolver * docs: document account snapshot redaction boundary * docs: document messaging target helpers * docs: document thread binding messages * docs: document conversation binding context * docs: document conversation resolution helper * docs: document owner display secret retention * docs: document provider request config types * docs: document skills config types * docs: document memory config types * docs: document imessage config types * docs: document crestodian config types * docs: document tools config policies * docs: document shared config base types * docs: document channel config contracts * docs: document openclaw config state types * docs: document model config contracts * docs: document shared agent config types * docs: document agent defaults config types * docs: document secret input contracts * docs: document auth config contracts * docs: document gateway config contracts * docs: document tool call stream repair contracts * docs: document memory host facades * docs: document llm core contracts * docs: document markdown core contracts * docs: document gateway connect error contracts * docs: document gateway protocol primitives * docs: document gateway frame schemas * docs: document gateway device schemas * docs: document gateway environment schemas * docs: document gateway push schemas * docs: document gateway plugin schemas * docs: document gateway artifact schemas * docs: document gateway command schemas * docs: document gateway task schemas * docs: document gateway exec approval schemas * docs: document gateway secret schemas * docs: document gateway config schemas * docs: document gateway snapshot schemas * docs: document gateway chat schemas * docs: document gateway wizard schemas * docs: document gateway node schemas * docs: document gateway plugin approval schemas * docs: document gateway talk schemas * docs: document gateway agent schemas * docs: document gateway session schemas * docs: document gateway cron schemas * docs: document gateway agent model skill schemas * docs: document gateway skill proposal tool schemas * docs: document gateway protocol registry * docs: document gateway channel status schemas * docs: document gateway schema regression tests * docs: document gateway schema barrel * docs: document gateway validator tests * docs: document gateway primitive push tests * docs: document gateway contract tests * docs: document native protocol guard * docs: document channel schema tests * docs: document gateway protocol smoke tests * docs: document gateway protocol entrypoint * docs: document gateway protocol type exports * docs: document gateway error codes * docs: document protocol schema registry * docs: document talk audio codec * docs: document talk activation names * docs: document talk consult questions * docs: document talk consult tool * docs: document talk run control contracts * docs: document talk run control adapter * docs: document talkback consult queue * docs: document talk consult transcript guard * docs: document talk fast context runtime * docs: document forced talk consult coordinator * docs: document talk output activity tracker * docs: document talk event metrics * docs: document talk diagnostics * docs: document talk observability hook * docs: document talk provider resolver * docs: document talk provider registry * docs: document talk runtime primitives * docs: document talk consult controller logs * docs: document channel identity helpers * docs: document channel account allowlist helpers * docs: document channel metadata draft controls * docs: document channel ingress policy * docs: document channel sender access gates * docs: document channel catalog message contracts * docs: document channel account plugin helpers * docs: document configured binding helpers * docs: document channel acp approval config helpers * docs: document channel bundled config write helpers * docs: document channel plugin utility contracts * docs: document channel config access helpers * docs: document channel message action helpers * docs: document channel outbound runtime helpers * docs: document channel pairing promotion helpers * docs: document channel registry helpers * docs: document channel setup wizard helpers * docs: document channel lifecycle status helpers * docs: document channel target thread helpers * docs: document channel session binding helpers * docs: document channel package module probes * docs: document channel setup wizard contracts * docs: document channel plugin API barrels * docs: document channel contract test helpers * docs: document channel core helpers * docs: document small core facades * docs: document provider runtime helpers * docs: document persistence and realtime helpers * docs: document mcp and state helpers * docs: document tool planner contracts * docs: document music generation runtime * docs: document crestodian command flow * docs: document utility helpers * docs: document node host helpers * docs: document transcript contracts * docs: document trajectory export contracts * docs: document image generation contracts * docs: document routing helper contracts * docs: document session helper contracts * docs: document video generation contracts * docs: document model catalog contracts * docs: document proxy capture contracts * docs: document status rendering contracts * docs: document test helper contracts * docs: document wizard setup contracts * docs: document process contracts * docs: document memory host sdk contracts * docs: document tts contracts * docs: document secrets runtime contracts * docs: document shared helper contracts * docs: document hook runtime contracts * docs: document security audit contracts * docs: document flow contracts * docs: document media understanding contracts * docs: document tui contracts * docs: document logging contracts * docs: document llm contracts * docs: document cron contracts * docs: document daemon contracts * docs: document task contracts * docs: document acp contracts * docs: document test utility contracts * docs: document skill contracts * docs: document config contracts * docs: document outbound infra contracts * docs: document command analysis contracts * docs: document provider usage infra contracts * docs: document file safety infra contracts * docs: document exec approval infra contracts * docs: document gateway runtime infra contracts * docs: document infra utility contracts * docs: document infra queue storage contracts * docs: document heartbeat infra contracts * docs: document remaining infra contracts * docs: document gateway auth contracts * docs: document gateway display helpers * docs: document gateway http helpers * docs: document gateway node helpers * docs: document gateway mcp helpers * docs: document gateway support helpers * docs: document gateway server runtime helpers * docs: document gateway runtime bootstrap helpers * docs: document gateway session events * docs: document gateway utility helpers * docs: document gateway talk helpers * docs: document gateway helper contracts * docs: document gateway server method helpers * docs: document gateway server auth helpers * docs: document gateway server tests * docs: document gateway test helpers * docs: document gateway node tests * docs: document gateway channel tests * docs: document gateway session tests * docs: document gateway server startup tests * docs: document gateway tool test helpers * docs: document gateway server test helpers * docs: document gateway server method tests * docs: document remaining gateway tests * docs: document plugin sdk public subpaths * docs: document plugin sdk runtime helpers * docs: document plugin sdk memory provider helpers * docs: document plugin sdk runtime facades * docs: document plugin sdk command approval helpers * docs: document plugin sdk runtime types * docs: document plugin sdk browser account helpers * docs: document plugin sdk media memory helpers * docs: document plugin sdk core tests * docs: document plugin sdk contract helpers * docs: document plugin sdk test helpers * docs: document remaining plugin sdk tests * docs: document cli utility helpers * docs: document cli runtime helpers * docs: document cli command registration helpers * docs: document node cli helpers * docs: document cli program registration * docs: document message cli registration * docs: document daemon cli helpers * docs: document cli route parsers
779 lines
22 KiB
TypeScript
779 lines
22 KiB
TypeScript
/**
|
|
* Tests channel config helper authorization and write-scope behavior.
|
|
*/
|
|
import { describe, expect, it } from "vitest";
|
|
import { formatPairingApproveHint } from "../channels/plugins/helpers.js";
|
|
import { DEFAULT_ACCOUNT_ID } from "../routing/session-key.js";
|
|
import {
|
|
adaptScopedAccountAccessor,
|
|
authorizeConfigWrite,
|
|
createScopedAccountConfigAccessors,
|
|
createScopedChannelConfigAdapter,
|
|
createScopedChannelConfigBase,
|
|
createScopedDmSecurityResolver,
|
|
createHybridChannelConfigAdapter,
|
|
createTopLevelChannelConfigAdapter,
|
|
createTopLevelChannelConfigBase,
|
|
createHybridChannelConfigBase,
|
|
ensureOpenDmPolicyAllowFromWildcard,
|
|
mapAllowFromEntries,
|
|
normalizeChannelDmPolicy,
|
|
normalizeLegacyDmAliases,
|
|
resolveChannelDmAccess,
|
|
resolveChannelDmAllowFrom,
|
|
resolveChannelDmPolicy,
|
|
resolveChannelConfigWrites,
|
|
resolveOptionalConfigString,
|
|
setCanonicalDmAllowFrom,
|
|
} from "./channel-config-helpers.js";
|
|
|
|
const resolveDefaultAccountId = () => DEFAULT_ACCOUNT_ID;
|
|
|
|
function createConfigWritesCfg() {
|
|
return {
|
|
channels: {
|
|
telegram: {
|
|
configWrites: true,
|
|
accounts: {
|
|
Work: { configWrites: false },
|
|
},
|
|
},
|
|
},
|
|
};
|
|
}
|
|
|
|
function expectAdapterAllowFromAndDefaultTo(adapter: unknown) {
|
|
const channelAdapter = adapter as {
|
|
resolveAllowFrom?: (params: { cfg: object; accountId: string }) => unknown;
|
|
resolveDefaultTo?: (params: { cfg: object; accountId: string }) => unknown;
|
|
setAccountEnabled?: (params: { cfg: object; accountId: string; enabled: boolean }) => {
|
|
channels?: {
|
|
demo?: unknown;
|
|
};
|
|
};
|
|
};
|
|
|
|
expect(channelAdapter.resolveAllowFrom?.({ cfg: {}, accountId: "alt" })).toEqual(["alt"]);
|
|
expect(channelAdapter.resolveDefaultTo?.({ cfg: {}, accountId: "alt" })).toBe("room:123");
|
|
expect(
|
|
channelAdapter.setAccountEnabled?.({
|
|
cfg: {},
|
|
accountId: "default",
|
|
enabled: true,
|
|
})?.channels?.demo,
|
|
).toEqual({ enabled: true });
|
|
}
|
|
|
|
type DemoDmAccount = {
|
|
accountId?: string | null;
|
|
dmPolicy?: string;
|
|
allowFrom?: string[];
|
|
};
|
|
|
|
type DemoDmPolicy = ReturnType<ReturnType<typeof createDemoDmSecurityResolver>>;
|
|
type ExpectedDemoDmPolicy = Omit<DemoDmPolicy, "normalizeEntry">;
|
|
|
|
function createDemoDmSecurityResolver(
|
|
params: {
|
|
inheritSharedDefaultsFromDefaultAccount?: boolean;
|
|
} = {},
|
|
) {
|
|
return createScopedDmSecurityResolver<DemoDmAccount>({
|
|
channelKey: "demo",
|
|
resolvePolicy: (account) => account.dmPolicy,
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
policyPathSuffix: "dmPolicy",
|
|
normalizeEntry: (raw) => raw.toLowerCase(),
|
|
...params,
|
|
});
|
|
}
|
|
|
|
function expectDemoDmPolicy(policy: DemoDmPolicy, expected: ExpectedDemoDmPolicy) {
|
|
const { normalizeEntry, ...rest } = policy;
|
|
|
|
expect(rest).toEqual(expected);
|
|
expect(normalizeEntry).toBeTypeOf("function");
|
|
if (typeof normalizeEntry !== "function") {
|
|
throw new Error("expected normalizeEntry to be a function");
|
|
}
|
|
expect(normalizeEntry("OWNER")).toBe("owner");
|
|
}
|
|
|
|
describe("mapAllowFromEntries", () => {
|
|
it.each([
|
|
{
|
|
name: "coerces allowFrom entries to strings",
|
|
input: ["user", 42],
|
|
expected: ["user", "42"],
|
|
},
|
|
{
|
|
name: "returns empty list for missing input",
|
|
input: undefined,
|
|
expected: [],
|
|
},
|
|
])("$name", ({ input, expected }) => {
|
|
expect(mapAllowFromEntries(input)).toEqual(expected);
|
|
});
|
|
});
|
|
|
|
describe("resolveOptionalConfigString", () => {
|
|
it.each([
|
|
{
|
|
name: "trims and returns string values",
|
|
input: " room:123 ",
|
|
expected: "room:123",
|
|
},
|
|
{
|
|
name: "coerces numeric values",
|
|
input: 123,
|
|
expected: "123",
|
|
},
|
|
{
|
|
name: "returns undefined for empty string values",
|
|
input: " ",
|
|
expected: undefined,
|
|
},
|
|
{
|
|
name: "returns undefined for missing values",
|
|
input: undefined,
|
|
expected: undefined,
|
|
},
|
|
])("$name", ({ input, expected }) => {
|
|
expect(resolveOptionalConfigString(input)).toBe(expected);
|
|
});
|
|
});
|
|
|
|
describe("channel DM access helpers", () => {
|
|
it("re-exports centralized DM access helpers from the SDK entrypoint", () => {
|
|
const entry = { dm: { policy: "allowlist", allowFrom: ["U1"] } };
|
|
const changes: string[] = [];
|
|
|
|
expect(normalizeChannelDmPolicy("allowlist")).toBe("allowlist");
|
|
expect(
|
|
resolveChannelDmPolicy({
|
|
account: entry,
|
|
}),
|
|
).toBe("allowlist");
|
|
expect(
|
|
resolveChannelDmAllowFrom({
|
|
account: entry,
|
|
}),
|
|
).toEqual(["U1"]);
|
|
|
|
setCanonicalDmAllowFrom({
|
|
entry,
|
|
mode: "topOnly",
|
|
allowFrom: ["U2"],
|
|
pathPrefix: "channels.demo",
|
|
changes,
|
|
reason: "normalized by SDK helper",
|
|
});
|
|
|
|
expect(entry).toEqual({ dm: { policy: "allowlist" }, allowFrom: ["U2"] });
|
|
expect(changes).toEqual([
|
|
"- channels.demo.dm.allowFrom: removed after moving allowlist to channels.demo.allowFrom",
|
|
"- channels.demo.allowFrom: normalized by SDK helper",
|
|
]);
|
|
});
|
|
|
|
it("resolves account legacy allowFrom before inherited root allowFrom", () => {
|
|
expect(
|
|
resolveChannelDmAccess({
|
|
account: { dm: { allowFrom: ["account-legacy"] } },
|
|
parent: { allowFrom: ["root"] },
|
|
}),
|
|
).toEqual({ allowFrom: ["account-legacy"], dmPolicy: undefined });
|
|
});
|
|
|
|
it("keeps nested-only channels on dm.allowFrom", () => {
|
|
const entry = { dmPolicy: "open", allowFrom: ["matrix:@owner"] };
|
|
const changes: string[] = [];
|
|
|
|
ensureOpenDmPolicyAllowFromWildcard({
|
|
entry,
|
|
mode: "nestedOnly",
|
|
pathPrefix: "channels.matrix",
|
|
changes,
|
|
});
|
|
|
|
expect(entry).toEqual({ dm: { policy: "open", allowFrom: ["matrix:@owner", "*"] } });
|
|
expect(changes).toEqual([
|
|
'- channels.matrix.dm.policy: set to "open" (migrated from channels.matrix.dmPolicy)',
|
|
"- channels.matrix.allowFrom: removed after moving allowlist to channels.matrix.dm.allowFrom",
|
|
'- channels.matrix.dm.allowFrom: added "*" (required by dmPolicy="open")',
|
|
]);
|
|
});
|
|
|
|
it("migrates top-canonical legacy dm aliases", () => {
|
|
const changes: string[] = [];
|
|
const result = normalizeLegacyDmAliases({
|
|
entry: { dm: { policy: "allowlist", allowFrom: ["U1"] } },
|
|
pathPrefix: "channels.slack",
|
|
changes,
|
|
});
|
|
|
|
expect(result.entry).toEqual({ dmPolicy: "allowlist", allowFrom: ["U1"] });
|
|
expect(changes).toEqual([
|
|
"Moved channels.slack.dm.policy → channels.slack.dmPolicy.",
|
|
"Moved channels.slack.dm.allowFrom → channels.slack.allowFrom.",
|
|
"Removed empty channels.slack.dm after migration.",
|
|
]);
|
|
});
|
|
});
|
|
|
|
describe("config write helpers", () => {
|
|
it("matches account ids case-insensitively", () => {
|
|
expect(
|
|
resolveChannelConfigWrites({
|
|
cfg: createConfigWritesCfg(),
|
|
channelId: "telegram",
|
|
accountId: "work",
|
|
}),
|
|
).toBe(false);
|
|
});
|
|
|
|
it("blocks account-scoped writes when the configured account key differs only by case", () => {
|
|
expect(
|
|
authorizeConfigWrite({
|
|
cfg: createConfigWritesCfg(),
|
|
target: {
|
|
kind: "account",
|
|
scope: { channelId: "telegram", accountId: "work" },
|
|
},
|
|
}),
|
|
).toEqual({
|
|
allowed: false,
|
|
reason: "target-disabled",
|
|
blockedScope: {
|
|
kind: "target",
|
|
scope: { channelId: "telegram", accountId: "work" },
|
|
},
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("adaptScopedAccountAccessor", () => {
|
|
it("binds positional callback args into the shared account context object", () => {
|
|
const accessor = adaptScopedAccountAccessor(({ cfg, accountId }) => ({
|
|
channel: cfg.channels?.demo,
|
|
accountId: accountId ?? "default",
|
|
}));
|
|
|
|
expect(
|
|
accessor(
|
|
{
|
|
channels: {
|
|
demo: {
|
|
enabled: true,
|
|
},
|
|
},
|
|
},
|
|
"alt",
|
|
),
|
|
).toEqual({
|
|
channel: {
|
|
enabled: true,
|
|
},
|
|
accountId: "alt",
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createScopedAccountConfigAccessors", () => {
|
|
it("maps allowFrom and defaultTo from the resolved account", () => {
|
|
const accessors = createScopedAccountConfigAccessors({
|
|
resolveAccount: ({ accountId }) => ({
|
|
allowFrom: accountId ? [accountId, 42] : ["fallback"],
|
|
defaultTo: " room:123 ",
|
|
}),
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry).toUpperCase()),
|
|
resolveDefaultTo: (account) => account.defaultTo,
|
|
});
|
|
|
|
expect(
|
|
accessors.resolveAllowFrom?.({
|
|
cfg: {},
|
|
accountId: "owner",
|
|
}),
|
|
).toEqual(["owner", "42"]);
|
|
expect(
|
|
accessors.formatAllowFrom?.({
|
|
cfg: {},
|
|
allowFrom: ["owner"],
|
|
}),
|
|
).toEqual(["OWNER"]);
|
|
expect(
|
|
accessors.resolveDefaultTo?.({
|
|
cfg: {},
|
|
accountId: "owner",
|
|
}),
|
|
).toBe("room:123");
|
|
});
|
|
|
|
it("omits resolveDefaultTo when no selector is provided", () => {
|
|
const accessors = createScopedAccountConfigAccessors({
|
|
resolveAccount: () => ({ allowFrom: ["owner"] }),
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry)),
|
|
});
|
|
|
|
expect(accessors.resolveDefaultTo).toBeUndefined();
|
|
});
|
|
});
|
|
|
|
describe("createScopedChannelConfigBase", () => {
|
|
it("wires shared account config CRUD through the section helper", () => {
|
|
const base = createScopedChannelConfigBase({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({ accountId: accountId ?? "default" }),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token"],
|
|
});
|
|
|
|
expect(base.listAccountIds({})).toEqual(["default", "alt"]);
|
|
expect(base.resolveAccount({}, "alt")).toEqual({ accountId: "alt" });
|
|
expect(base.defaultAccountId!({})).toBe("default");
|
|
expect(
|
|
base.setAccountEnabled!({
|
|
cfg: {},
|
|
accountId: "default",
|
|
enabled: true,
|
|
}).channels?.demo,
|
|
).toEqual({ enabled: true });
|
|
expect(
|
|
base.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels,
|
|
).toBeUndefined();
|
|
});
|
|
|
|
it("can force default account config into accounts.default", () => {
|
|
const base = createScopedChannelConfigBase({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({ accountId: accountId ?? "default" }),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: [],
|
|
allowTopLevel: false,
|
|
});
|
|
|
|
expect(
|
|
base.setAccountEnabled!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
enabled: true,
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
token: "secret",
|
|
accounts: {
|
|
default: { enabled: true },
|
|
},
|
|
});
|
|
expect(
|
|
base.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
accounts: {
|
|
default: { enabled: true },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
token: "secret",
|
|
accounts: undefined,
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createScopedChannelConfigAdapter", () => {
|
|
it("combines scoped CRUD and allowFrom accessors", () => {
|
|
const adapter = createScopedChannelConfigAdapter({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({
|
|
accountId: accountId ?? "default",
|
|
allowFrom: accountId ? [accountId] : ["fallback"],
|
|
defaultTo: " room:123 ",
|
|
}),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token"],
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry).toUpperCase()),
|
|
resolveDefaultTo: (account) => account.defaultTo,
|
|
});
|
|
|
|
expect(adapter.listAccountIds({})).toEqual(["default", "alt"]);
|
|
expect(adapter.resolveAccount({}, "alt")).toEqual({
|
|
accountId: "alt",
|
|
allowFrom: ["alt"],
|
|
defaultTo: " room:123 ",
|
|
});
|
|
expectAdapterAllowFromAndDefaultTo(adapter);
|
|
});
|
|
|
|
it("keeps read-only accessors on the accessor resolver", () => {
|
|
const adapter = createScopedChannelConfigAdapter<
|
|
{ accountId: string; token: string },
|
|
{ allowFrom: string[]; defaultTo: string }
|
|
>({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default"],
|
|
resolveAccount: () => {
|
|
throw new Error("runtime account resolver should not run for read-only accessors");
|
|
},
|
|
resolveAccessorAccount: ({ accountId }) => ({
|
|
allowFrom: [accountId ?? "default"],
|
|
defaultTo: " room:123 ",
|
|
}),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token"],
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry)),
|
|
resolveDefaultTo: (account) => account.defaultTo,
|
|
});
|
|
|
|
expect(adapter.resolveAllowFrom?.({ cfg: {}, accountId: "default" })).toEqual(["default"]);
|
|
expect(adapter.resolveDefaultTo?.({ cfg: {}, accountId: "default" })).toBe("room:123");
|
|
});
|
|
});
|
|
|
|
describe("createScopedDmSecurityResolver", () => {
|
|
it("builds account-aware DM policy payloads", () => {
|
|
const resolveDmPolicy = createDemoDmSecurityResolver();
|
|
|
|
expectDemoDmPolicy(
|
|
resolveDmPolicy({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
accounts: {
|
|
alt: {},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "alt",
|
|
account: {
|
|
accountId: "alt",
|
|
dmPolicy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
},
|
|
}),
|
|
{
|
|
policy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
policyPath: "channels.demo.accounts.alt.dmPolicy",
|
|
allowFromPath: "channels.demo.accounts.alt.",
|
|
approveHint: formatPairingApproveHint("demo"),
|
|
},
|
|
);
|
|
});
|
|
|
|
it("uses accounts.default paths when named accounts inherit shared defaults", () => {
|
|
const resolveDmPolicy = createDemoDmSecurityResolver({
|
|
inheritSharedDefaultsFromDefaultAccount: true,
|
|
});
|
|
|
|
expectDemoDmPolicy(
|
|
resolveDmPolicy({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
accounts: {
|
|
default: {
|
|
dmPolicy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
},
|
|
alt: {},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "alt",
|
|
account: {
|
|
accountId: "alt",
|
|
dmPolicy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
},
|
|
}),
|
|
{
|
|
policy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
policyPath: "channels.demo.accounts.default.dmPolicy",
|
|
allowFromPath: "channels.demo.accounts.default.",
|
|
approveHint: formatPairingApproveHint("demo"),
|
|
},
|
|
);
|
|
});
|
|
|
|
it("ignores accounts.default paths unless the channel opts into shared default-account inheritance", () => {
|
|
const resolveDmPolicy = createDemoDmSecurityResolver();
|
|
|
|
expectDemoDmPolicy(
|
|
resolveDmPolicy({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
dmPolicy: "pairing",
|
|
allowFrom: ["*"],
|
|
accounts: {
|
|
default: {
|
|
dmPolicy: "allowlist",
|
|
allowFrom: ["Owner"],
|
|
},
|
|
alt: {},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "alt",
|
|
account: {
|
|
accountId: "alt",
|
|
dmPolicy: "pairing",
|
|
allowFrom: ["*"],
|
|
},
|
|
}),
|
|
{
|
|
policy: "pairing",
|
|
allowFrom: ["*"],
|
|
policyPath: "channels.demo.dmPolicy",
|
|
allowFromPath: "channels.demo.",
|
|
approveHint: formatPairingApproveHint("demo"),
|
|
},
|
|
);
|
|
});
|
|
});
|
|
|
|
describe("createTopLevelChannelConfigBase", () => {
|
|
it("wires top-level enable/delete semantics", () => {
|
|
const base = createTopLevelChannelConfigBase({
|
|
sectionKey: "demo",
|
|
resolveAccount: () => ({ accountId: "default" }),
|
|
});
|
|
|
|
expect(base.listAccountIds({})).toEqual(["default"]);
|
|
expect(base.defaultAccountId!({})).toBe("default");
|
|
expect(
|
|
base.setAccountEnabled!({
|
|
cfg: {},
|
|
accountId: "default",
|
|
enabled: true,
|
|
}).channels?.demo,
|
|
).toEqual({ enabled: true });
|
|
expect(
|
|
base.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
enabled: true,
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels,
|
|
).toBeUndefined();
|
|
});
|
|
|
|
it("can clear only account-scoped fields while preserving channel settings", () => {
|
|
const base = createTopLevelChannelConfigBase({
|
|
sectionKey: "demo",
|
|
resolveAccount: () => ({ accountId: "default" }),
|
|
deleteMode: "clear-fields",
|
|
clearBaseFields: ["token", "allowFrom"],
|
|
});
|
|
|
|
expect(
|
|
base.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
allowFrom: ["owner"],
|
|
markdown: { tables: false },
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
markdown: { tables: false },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createTopLevelChannelConfigAdapter", () => {
|
|
it("combines top-level CRUD with separate accessor account resolution", () => {
|
|
const adapter = createTopLevelChannelConfigAdapter<
|
|
{ accountId: string; enabled: boolean },
|
|
{ allowFrom: string[]; defaultTo: string }
|
|
>({
|
|
sectionKey: "demo",
|
|
resolveAccount: () => ({ accountId: "default", enabled: true }),
|
|
resolveAccessorAccount: () => ({ allowFrom: ["owner"], defaultTo: " chat:123 " }),
|
|
deleteMode: "clear-fields",
|
|
clearBaseFields: ["token"],
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry)),
|
|
resolveDefaultTo: (account) => account.defaultTo,
|
|
});
|
|
|
|
expect(adapter.resolveAccount({})).toEqual({ accountId: "default", enabled: true });
|
|
expect(adapter.resolveAllowFrom?.({ cfg: {} })).toEqual(["owner"]);
|
|
expect(adapter.resolveDefaultTo?.({ cfg: {} })).toBe("chat:123");
|
|
expect(
|
|
adapter.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
markdown: { tables: false },
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
markdown: { tables: false },
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createHybridChannelConfigBase", () => {
|
|
it("writes default account enable at the channel root and named accounts under accounts", () => {
|
|
const base = createHybridChannelConfigBase({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({ accountId: accountId ?? "default" }),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token"],
|
|
});
|
|
|
|
expect(
|
|
base.setAccountEnabled!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
accounts: {
|
|
alt: { enabled: false },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
enabled: true,
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
accounts: {
|
|
alt: { enabled: false },
|
|
},
|
|
enabled: true,
|
|
});
|
|
expect(
|
|
base.setAccountEnabled!({
|
|
cfg: {},
|
|
accountId: "alt",
|
|
enabled: true,
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
accounts: {
|
|
alt: { enabled: true },
|
|
},
|
|
});
|
|
});
|
|
|
|
it("can preserve the section when deleting the default account", () => {
|
|
const base = createHybridChannelConfigBase({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({ accountId: accountId ?? "default" }),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token", "name"],
|
|
preserveSectionOnDefaultDelete: true,
|
|
});
|
|
|
|
expect(
|
|
base.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
name: "bot",
|
|
accounts: {
|
|
alt: { enabled: true },
|
|
},
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
accounts: {
|
|
alt: { enabled: true },
|
|
},
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("createHybridChannelConfigAdapter", () => {
|
|
it("combines hybrid CRUD with allowFrom/defaultTo accessors", () => {
|
|
const adapter = createHybridChannelConfigAdapter<
|
|
{ accountId: string; enabled: boolean },
|
|
{ allowFrom: string[]; defaultTo: string }
|
|
>({
|
|
sectionKey: "demo",
|
|
listAccountIds: () => ["default", "alt"],
|
|
resolveAccount: (_cfg, accountId) => ({
|
|
accountId: accountId ?? "default",
|
|
enabled: true,
|
|
}),
|
|
resolveAccessorAccount: ({ accountId }) => ({
|
|
allowFrom: [accountId ?? "default"],
|
|
defaultTo: " room:123 ",
|
|
}),
|
|
defaultAccountId: resolveDefaultAccountId,
|
|
clearBaseFields: ["token"],
|
|
preserveSectionOnDefaultDelete: true,
|
|
resolveAllowFrom: (account) => account.allowFrom,
|
|
formatAllowFrom: (allowFrom) => allowFrom.map((entry) => String(entry).toUpperCase()),
|
|
resolveDefaultTo: (account) => account.defaultTo,
|
|
});
|
|
|
|
expectAdapterAllowFromAndDefaultTo(adapter);
|
|
expect(
|
|
adapter.deleteAccount!({
|
|
cfg: {
|
|
channels: {
|
|
demo: {
|
|
token: "secret",
|
|
markdown: { tables: false },
|
|
},
|
|
},
|
|
},
|
|
accountId: "default",
|
|
}).channels?.demo,
|
|
).toEqual({
|
|
markdown: { tables: false },
|
|
});
|
|
});
|
|
});
|