openclaw/src/agents/embedded-agent-subscribe.tools.test.ts

import { afterEach, describe, expect, it, vi } from "vitest";
import * as loggingConfigModule from "../logging/config.js";
import {
  buildToolLifecycleErrorResult,
  extractToolErrorCode,
  extractToolErrorMessage,
  sanitizeToolArgs,
  sanitizeToolResult,
} from "./embedded-agent-subscribe.tools.js";

afterEach(() => {
  vi.restoreAllMocks();
});

describe("extractToolErrorMessage", () => {
  it("ignores non-error status values", () => {
    expect(extractToolErrorMessage({ details: { status: "0" } })).toBeUndefined();
    expect(extractToolErrorMessage({ details: { status: "completed" } })).toBeUndefined();
    expect(extractToolErrorMessage({ details: { status: "ok" } })).toBeUndefined();
  });

  it("keeps error-like status values", () => {
    expect(extractToolErrorMessage({ details: { status: "failed" } })).toBe("failed");
    expect(extractToolErrorMessage({ details: { status: "timeout" } })).toBe("timeout");
  });

  it("prefers node-host aggregated denial text over generic failed status", () => {
    expect(
      extractToolErrorMessage({
        content: [{ type: "text", text: "SYSTEM_RUN_DENIED: approval required" }],
        details: {
          status: "failed",
          aggregated: "SYSTEM_RUN_DENIED: approval required",
        },
      }),
    ).toBe("SYSTEM_RUN_DENIED: approval required");
  });

  it("does not promote prose-only denial output ahead of generic failed status", () => {
    expect(
      extractToolErrorMessage({
        content: [{ type: "text", text: "SYSTEM_RUN_DENIED: approval required" }],
        details: { status: "failed" },
      }),
    ).toBe("failed");
  });

  it("extracts structured tool error codes", () => {
    expect(
      extractToolErrorCode({
        details: {
          status: "failed",
          error: {
            code: "SYSTEM_RUN_DENIED",
            message: "approval required",
          },
        },
      }),
    ).toBe("SYSTEM_RUN_DENIED");
    expect(
      extractToolErrorCode({
        details: {
          status: "failed",
          gatewayCode: "UNAVAILABLE",
          nodeError: {
            code: "UNAVAILABLE",
            message: "SYSTEM_RUN_DENIED: approval required",
          },
        },
      }),
    ).toBe("SYSTEM_RUN_DENIED");
    expect(
      extractToolErrorCode({
        details: {
          status: "failed",
          nodeError: {
            code: "INVALID_REQUEST",
            message: "approval expired",
          },
        },
      }),
    ).toBe("INVALID_REQUEST");
  });

  it("does not extract error codes from prose-only tool output", () => {
    expect(
      extractToolErrorCode({
        content: [{ type: "text", text: "SYSTEM_RUN_DENIED: approval required" }],
        details: { status: "failed" },
      }),
    ).toBeUndefined();
    expect(
      extractToolErrorCode({
        details: {
          status: "failed",
          error: "SYSTEM_RUN_DENIED: approval required",
        },
      }),
    ).toBeUndefined();
  });

  it("preserves structured codes from thrown gateway errors", () => {
    const error = new Error("UNAVAILABLE: SYSTEM_RUN_DENIED: approval required") as Error & {
      gatewayCode?: string;
      details?: unknown;
    };
    error.gatewayCode = "UNAVAILABLE";
    error.details = {
      nodeError: {
        code: "UNAVAILABLE",
        message: "SYSTEM_RUN_DENIED: approval required",
      },
    };

    const result = buildToolLifecycleErrorResult(error);

    expect(extractToolErrorCode(result)).toBe("SYSTEM_RUN_DENIED");
    expect(extractToolErrorMessage(result)).toBe(
      "UNAVAILABLE: SYSTEM_RUN_DENIED: approval required",
    );
  });
});

function getTextContent(result: unknown, index = 0): string {
  const record = result as { content: Array<{ text: string }> };
  return record.content[index].text;
}

describe("sanitizeToolResult", () => {
  it("redacts JSON-style apiKey fields in text content blocks", () => {
    const result = {
      content: [
        {
          type: "text",
          text: '{"apiKey":"sk-1234567890abcdef","model":"gpt-4"}',
        },
      ],
    };
    const text = getTextContent(sanitizeToolResult(result));
    expect(text).not.toContain("sk-1234567890abcdef");
    expect(text).toContain("model");
  });

  it("redacts Link-like payment credential fields in tool result payloads", () => {
    const result = {
      content: [
        {
          type: "text",
          text: '{"shared_payment_token":"spt_abcdefghijklmnopqrstuvwxyz","paymentCredential":"paycred_abcdefghijklmnopqrstuvwxyz","card_number":"4242424242424242","cvc":"123","amount":"4200"}',
        },
      ],
      details: {
        structuredContent: {
          sharedPaymentToken: "spt_zyxwvutsrqponmlkjihgfedcba",
          cardNumber: "4000056655665556",
          amount: "4200",
        },
      },
    };
    const sanitized = sanitizeToolResult(result) as {
      content: Array<{ text: string }>;
      details: {
        structuredContent: { sharedPaymentToken: string; cardNumber: string; amount: string };
      };
    };
    const serialized = JSON.stringify(sanitized);
    expect(serialized).not.toContain("spt_abcdefghijklmnopqrstuvwxyz");
    expect(serialized).not.toContain("paycred_abcdefghijklmnopqrstuvwxyz");
    expect(serialized).not.toContain("4242424242424242");
    expect(serialized).not.toContain("123");
    expect(serialized).not.toContain("spt_zyxwvutsrqponmlkjihgfedcba");
    expect(serialized).not.toContain("4000056655665556");
    expect(sanitized.content[0]?.text).toContain('"amount":"4200"');
    expect(sanitized.details.structuredContent.amount).toBe("4200");
  });

  it("redacts ENV-style credential assignments", () => {
    const result = {
      content: [
        {
          type: "text",
          text: "OPENROUTER_API_KEY=sk-or-v1-abcdef0123456789\nMODEL=gpt-4",
        },
      ],
    };
    const text = getTextContent(sanitizeToolResult(result));
    expect(text).not.toContain("sk-or-v1-abcdef0123456789");
    expect(text).toContain("MODEL=gpt-4");
  });

  it("preserves env placeholders in tool output text", () => {
    const result = {
      content: [
        {
          type: "text",
          text: 'DISCORD_BOT_TOKEN="${DISCORD_BOT_TOKEN:-}"\nTELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}"',
        },
      ],
    };

    const text = getTextContent(sanitizeToolResult(result));

    expect(text).toBe(
      'DISCORD_BOT_TOKEN="${DISCORD_BOT_TOKEN:-}"\nTELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}"',
    );
  });

  it("redacts Bearer authorization tokens", () => {
    const result = {
      content: [{ type: "text", text: "Authorization: Bearer abcdef0123456789QWERTY=" }],
    };
    const text = getTextContent(sanitizeToolResult(result));
    expect(text).not.toContain("abcdef0123456789QWERTY=");
  });

  it("preserves image content stripping behavior", () => {
    const result = {
      content: [{ type: "image", data: "base64imagedata", mimeType: "image/png" }],
    };
    const sanitized = sanitizeToolResult(result) as {
      content: Array<{ data?: string; bytes?: number; omitted?: boolean }>;
    };
    expect(sanitized.content[0].data).toBeUndefined();
    expect(sanitized.content[0].omitted).toBe(true);
    expect(sanitized.content[0].bytes).toBe("base64imagedata".length);
  });

  it("redacts secrets inside result.details (e.g. exec aggregated stdout)", () => {
    const result = {
      content: [{ type: "text", text: "ok" }],
      details: {
        status: "completed",
        aggregated:
          'OPENROUTER_API_KEY=sk-or-v1-abcdef0123456789\napiKey: "ghp_abcdefghij1234567890"',
        exitCode: 0,
        cwd: "/tmp/work",
      },
    };
    const sanitized = sanitizeToolResult(result) as {
      details: { status: string; aggregated: string; exitCode: number; cwd: string };
    };
    expect(sanitized.details.aggregated).not.toContain("sk-or-v1-abcdef0123456789");
    expect(sanitized.details.aggregated).not.toContain("ghp_abcdefghij1234567890");
    expect(sanitized.details.status).toBe("completed");
    expect(sanitized.details.exitCode).toBe(0);
    expect(sanitized.details.cwd).toBe("/tmp/work");
  });

  it("redacts secrets at the top level outside content/details", () => {
    const result = {
      output: "OPENROUTER_API_KEY=sk-or-v1-abcdef0123456789",
      metadata: {
        token: "ghp_abcdefghij1234567890ABCDEF",
        nested: { auth: "Bearer abcdef0123456789QWERTY=" },
      },
      summary: "ok",
    };
    const sanitized = sanitizeToolResult(result) as {
      output: string;
      metadata: { token: string; nested: { auth: string } };
      summary: string;
    };
    expect(sanitized.output).not.toContain("sk-or-v1-abcdef0123456789");
    expect(sanitized.metadata.token).not.toContain("ghp_abcdefghij1234567890ABCDEF");
    expect(sanitized.metadata.nested.auth).not.toContain("abcdef0123456789QWERTY=");
    expect(sanitized.summary).toBe("ok");
  });

  it("redacts a details-only result with no content array", () => {
    const result = {
      details: {
        config: { apiKey: "sk-1234567890abcdefXYZ", model: "gpt-4" },
      },
    };
    const sanitized = sanitizeToolResult(result) as {
      details: { config: { apiKey: string; model: string } };
    };
    expect(sanitized.details.config.apiKey).not.toContain("sk-1234567890abcdefXYZ");
    expect(sanitized.details.config.model).toBe("gpt-4");
  });

  it("redacts primitive string results", () => {
    const sanitized = sanitizeToolResult("OPENROUTER_API_KEY=sk-or-v1-abcdef0123456789") as string;

    expect(sanitized).not.toContain("sk-or-v1-abcdef0123456789");
    expect(sanitized).toContain("OPENROUTER_API_KEY=");
  });

  it("preserves top-level arrays while redacting nested strings", () => {
    const sanitized = sanitizeToolResult([
      { output: "Authorization: Bearer abcdef0123456789QWERTY=" },
      "apiKey=sk-1234567890abcdefXYZ",
    ]) as Array<{ output: string } | string>;

    expect(Array.isArray(sanitized)).toBe(true);
    expect(JSON.stringify(sanitized)).not.toContain("abcdef0123456789QWERTY=");
    expect(JSON.stringify(sanitized)).not.toContain("sk-1234567890abcdefXYZ");
    expect((sanitized[0] as { output: string }).output).toContain("Authorization: Bearer");
  });

  it("applies configured redact patterns to Control UI tool payloads", () => {
    vi.spyOn(loggingConfigModule, "readLoggingConfig").mockReturnValue({
      redactSensitive: "off",
      redactPatterns: [String.raw`\bcustom-secret-[A-Za-z0-9]+\b`],
    });

    const result = {
      content: [{ type: "text", text: "value custom-secret-abc123" }],
    };
    const text = getTextContent(sanitizeToolResult(result));

    expect(text).not.toContain("custom-secret-abc123");
    expect(text).toContain("custom…c123");
  });
});

describe("sanitizeToolArgs", () => {
  it("redacts string-valued credentials nested anywhere in args", () => {
    const args = {
      apiKey: "sk-1234567890abcdefXYZ",
      headers: { Authorization: "Bearer abcdef0123456789QWERTY=" },
      command: "OPENROUTER_API_KEY=sk-or-v1-abcdef0123456789 ./run.sh",
      flags: ["--api-key", "sk-1234567890abcdefXYZ"],
    };
    const sanitized = sanitizeToolArgs(args) as {
      apiKey: string;
      headers: { Authorization: string };
      command: string;
      flags: string[];
    };
    expect(sanitized.apiKey).not.toContain("sk-1234567890abcdefXYZ");
    expect(sanitized.headers.Authorization).not.toContain("abcdef0123456789QWERTY=");
    expect(sanitized.command).not.toContain("sk-or-v1-abcdef0123456789");
    expect(sanitized.flags.join(" ")).not.toContain("sk-1234567890abcdefXYZ");
    expect(sanitized.flags[0]).toBe("--api-key");
  });

  it("preserves structured env placeholders in args", () => {
    const args = {
      DISCORD_BOT_TOKEN: "${DISCORD_BOT_TOKEN:-}",
      nested: {
        apiKey: "${OPENAI_API_KEY:-}",
        GITHUB_TOKEN: "${GITHUB_TOKEN:-literalgithub1234567890}",
      },
    };
    const sanitized = sanitizeToolArgs(args) as {
      DISCORD_BOT_TOKEN: string;
      nested: {
        apiKey: string;
        GITHUB_TOKEN: string;
      };
    };
    expect(sanitized.DISCORD_BOT_TOKEN).toBe("${DISCORD_BOT_TOKEN:-}");
    expect(sanitized.nested.apiKey).toBe("${OPEN…Y:-}");
    expect(sanitized.nested.GITHUB_TOKEN).toBe("${GITHUB_TOKEN:-liter…890}");
  });

  it("passes through null/undefined and non-string primitives unchanged", () => {
    expect(sanitizeToolArgs(undefined)).toBeUndefined();
    expect(sanitizeToolArgs(null)).toBeNull();
    expect(sanitizeToolArgs(42)).toBe(42);
    expect(sanitizeToolArgs({ count: 3, file_path: "/tmp/x.txt" })).toEqual({
      count: 3,
      file_path: "/tmp/x.txt",
    });
  });
});