Files
openclaw/src/infra/node-pairing-authz.test.ts
Yuval Dinodia 68c18caca0 fix(node-pairing): require operator.admin to approve browser.proxy nodes (#104491)
Approving a node whose pairing surface advertises browser.proxy only required
operator.write, while invoking browser.proxy already requires operator.admin
(server-methods/nodes.ts). resolveNodePairApprovalScopes bumped the approval
scope to operator.admin only for NODE_SYSTEM_RUN_COMMANDS, so a write-scoped
operator could trust a browser.proxy-capable node that later routes bundled
browser-tool traffic. Add NODE_BROWSER_PROXY_COMMAND to the admin-approval set
so approval scope matches the invoke-time gate.
2026-07-11 09:58:00 -07:00

39 lines
1.2 KiB
TypeScript

// Covers scope requirements for node pairing approvals.
import { describe, expect, it } from "vitest";
import { resolveNodePairApprovalScopes } from "./node-pairing-authz.js";
describe("resolveNodePairApprovalScopes", () => {
it("requires operator.admin for system.run commands", () => {
expect(resolveNodePairApprovalScopes(["system.run"])).toEqual([
"operator.pairing",
"operator.admin",
]);
});
it("requires operator.admin for browser.proxy commands", () => {
expect(resolveNodePairApprovalScopes(["browser.proxy"])).toEqual([
"operator.pairing",
"operator.admin",
]);
});
it("requires operator.write for non-exec commands", () => {
expect(resolveNodePairApprovalScopes(["canvas.present"])).toEqual([
"operator.pairing",
"operator.write",
]);
});
it("treats computer.act pairing approval as non-exec surface approval", () => {
expect(resolveNodePairApprovalScopes(["computer.act"])).toEqual([
"operator.pairing",
"operator.write",
]);
});
it("requires only operator.pairing without commands", () => {
expect(resolveNodePairApprovalScopes(undefined)).toEqual(["operator.pairing"]);
expect(resolveNodePairApprovalScopes([])).toEqual(["operator.pairing"]);
});
});