mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-19 16:41:33 +00:00
Approving a node whose pairing surface advertises browser.proxy only required operator.write, while invoking browser.proxy already requires operator.admin (server-methods/nodes.ts). resolveNodePairApprovalScopes bumped the approval scope to operator.admin only for NODE_SYSTEM_RUN_COMMANDS, so a write-scoped operator could trust a browser.proxy-capable node that later routes bundled browser-tool traffic. Add NODE_BROWSER_PROXY_COMMAND to the admin-approval set so approval scope matches the invoke-time gate.
39 lines
1.2 KiB
TypeScript
39 lines
1.2 KiB
TypeScript
// Covers scope requirements for node pairing approvals.
|
|
import { describe, expect, it } from "vitest";
|
|
import { resolveNodePairApprovalScopes } from "./node-pairing-authz.js";
|
|
|
|
describe("resolveNodePairApprovalScopes", () => {
|
|
it("requires operator.admin for system.run commands", () => {
|
|
expect(resolveNodePairApprovalScopes(["system.run"])).toEqual([
|
|
"operator.pairing",
|
|
"operator.admin",
|
|
]);
|
|
});
|
|
|
|
it("requires operator.admin for browser.proxy commands", () => {
|
|
expect(resolveNodePairApprovalScopes(["browser.proxy"])).toEqual([
|
|
"operator.pairing",
|
|
"operator.admin",
|
|
]);
|
|
});
|
|
|
|
it("requires operator.write for non-exec commands", () => {
|
|
expect(resolveNodePairApprovalScopes(["canvas.present"])).toEqual([
|
|
"operator.pairing",
|
|
"operator.write",
|
|
]);
|
|
});
|
|
|
|
it("treats computer.act pairing approval as non-exec surface approval", () => {
|
|
expect(resolveNodePairApprovalScopes(["computer.act"])).toEqual([
|
|
"operator.pairing",
|
|
"operator.write",
|
|
]);
|
|
});
|
|
|
|
it("requires only operator.pairing without commands", () => {
|
|
expect(resolveNodePairApprovalScopes(undefined)).toEqual(["operator.pairing"]);
|
|
expect(resolveNodePairApprovalScopes([])).toEqual(["operator.pairing"]);
|
|
});
|
|
});
|