Files
openclaw/extensions/codex/src/app-server/plugin-app-cache-key.test.ts
Peter Steinberger f94a7dc183 feat(codex): supervise native Codex sessions (#104045)
* feat(codex): add native session supervision

* fix(codex): harden supervision integration

* fix(codex): preserve locked harness ownership

* fix(codex): fence native session archive

* fix(codex): revalidate archive binding ownership

* feat(codex): integrate supervision runtime

* feat(sessions): preserve harness-owned execution

* feat(sessions): persist harness ownership invariants

* feat(gateway): enforce harness-owned sessions

* feat(setup): enable detected Codex supervision

* feat(mac): expose supervised Codex sessions

* feat(ui): make Codex sessions actionable

* docs(codex): document session supervision

* test(codex): cover integration ownership

* chore(i18n): refresh supervision inventories

* fix(setup): finalize Codex activation atomically

* test(codex): narrow binding store update

* fix(sessions): preserve legacy model locks

* test(macos): serialize Codex catalog fixtures

* fix(sessions): preserve legacy lock admission

* chore(i18n): reconcile supervision metadata

* test(sessions): mark legacy lock fixture

* fix(macos): drain final Codex catalog frame

* docs: leave supervision note to release

* style(macos): satisfy Codex catalog type length

* chore: record session accessor seam owners

* fix(macos): honor configured Codex supervision

* fix(codex): preserve harness-owned model locks

* fix(codex): satisfy supervision lint gates

* chore(i18n): refresh native supervision inventory

* fix(codex): align supervision validation contracts

* fix(codex): close supervision boundary gaps

* fix(codex): preserve supervision activation contracts

* fix(codex): dispose standalone supervision runtime

* fix(codex): pin supervised source connection

* fix(plugins): bind delegated runs to exact session target

* fix(codex): scope supervised sessions to configured agents

* fix(codex): fingerprint effective supervision home

* fix(codex): normalize supervision plugin policy

* fix(codex): keep supervised bindings stable across upgrades

* fix(codex): guard all supervised binding connections

* fix(codex): preserve catalog filters and pending CAS identity

* fix(codex): preserve supervision identity for diagnostics

* fix(codex): bind uncertain commits to supervision connection

* fix(codex): satisfy supervision type boundaries

* fix(macos): reconcile current main validation

* fix(codex): handle absent runtime config in supervision

* fix(doctor): own local audio acceleration check

* fix(codex): satisfy integration lint gates

* fix(codex): satisfy lifecycle safety guards
2026-07-11 00:12:08 -07:00

144 lines
4.1 KiB
TypeScript

// Codex tests cover plugin app cache key plugin behavior.
import { afterEach, describe, expect, it, vi } from "vitest";
import {
buildCodexAppServerConnectionFingerprint,
buildCodexAppServerRuntimeFingerprint,
buildCodexPluginAppCacheKey,
resolveCodexPluginAppCacheEndpoint,
} from "./plugin-app-cache-key.js";
afterEach(() => {
vi.unstubAllEnvs();
});
describe("resolveCodexPluginAppCacheEndpoint", () => {
it("keys plugin app inventory by websocket credentials without exposing them", () => {
const first = resolveCodexPluginAppCacheEndpoint({
start: {
transport: "websocket",
command: "codex",
args: [],
url: "ws://127.0.0.1:39175",
authToken: "token-first",
headers: { Authorization: "Bearer first" },
},
});
const second = resolveCodexPluginAppCacheEndpoint({
start: {
transport: "websocket",
command: "codex",
args: [],
url: "ws://127.0.0.1:39175",
authToken: "token-second",
headers: { Authorization: "Bearer second" },
},
});
expect(first).not.toEqual(second);
expect(first).not.toContain("token-first");
expect(first).not.toContain("Bearer first");
expect(second).not.toContain("token-second");
expect(second).not.toContain("Bearer second");
});
it("keys plugin app inventory by initialized remote runtime identity", () => {
const base = {
appServer: {
start: {
transport: "websocket" as const,
command: "codex",
args: [],
url: "wss://codex-app-server.example.internal/ws",
authToken: "secret-token",
headers: {},
},
},
authProfileId: "profile-1",
};
const first = buildCodexPluginAppCacheKey({
...base,
runtimeIdentity: {
serverVersion: "0.20.0",
codexHome: "/home/oai/.codex",
platformFamily: "unix",
platformOs: "linux",
},
});
const second = buildCodexPluginAppCacheKey({
...base,
runtimeIdentity: {
serverVersion: "0.20.0",
codexHome: "/Users/kevinlin/.codex",
platformFamily: "unix",
platformOs: "macos",
},
});
expect(first).not.toEqual(second);
expect(first).not.toContain("secret-token");
expect(second).not.toContain("secret-token");
});
it("fingerprints the remote app-server runtime used by thread bindings", () => {
const first = buildCodexAppServerRuntimeFingerprint({
appServer: {
start: {
transport: "websocket",
command: "codex",
args: [],
url: "wss://codex-app-server.example.internal/ws",
authToken: "secret-token",
headers: {},
},
connectionClass: "remote",
remoteWorkspaceRoot: "/home/oai/openclaw-workspaces",
},
runtimeIdentity: {
serverVersion: "0.20.0",
codexHome: "/home/oai/.codex",
},
});
const second = buildCodexAppServerRuntimeFingerprint({
appServer: {
start: {
transport: "websocket",
command: "codex",
args: [],
url: "wss://codex-app-server.example.internal/ws",
authToken: "secret-token",
headers: {},
},
connectionClass: "remote",
},
runtimeIdentity: {
serverVersion: "0.20.0",
codexHome: "/home/oai/.codex",
},
});
expect(first).not.toEqual(second);
expect(first).not.toContain("secret-token");
expect(second).not.toContain("secret-token");
});
it("fingerprints the effective user Codex home for supervised connections", () => {
const appServer = {
start: {
transport: "stdio" as const,
homeScope: "user" as const,
command: "codex",
args: ["app-server"],
headers: {},
},
connectionClass: "local-loopback" as const,
};
vi.stubEnv("CODEX_HOME", "/tmp/codex-home-one");
const first = buildCodexAppServerConnectionFingerprint(appServer);
vi.stubEnv("CODEX_HOME", "/tmp/codex-home-two");
const second = buildCodexAppServerConnectionFingerprint(appServer);
expect(first).not.toEqual(second);
});
});