mirror of
https://github.com/openclaw/openclaw.git
synced 2026-07-17 04:41:35 +00:00
* feat(codex): add native session supervision * fix(codex): harden supervision integration * fix(codex): preserve locked harness ownership * fix(codex): fence native session archive * fix(codex): revalidate archive binding ownership * feat(codex): integrate supervision runtime * feat(sessions): preserve harness-owned execution * feat(sessions): persist harness ownership invariants * feat(gateway): enforce harness-owned sessions * feat(setup): enable detected Codex supervision * feat(mac): expose supervised Codex sessions * feat(ui): make Codex sessions actionable * docs(codex): document session supervision * test(codex): cover integration ownership * chore(i18n): refresh supervision inventories * fix(setup): finalize Codex activation atomically * test(codex): narrow binding store update * fix(sessions): preserve legacy model locks * test(macos): serialize Codex catalog fixtures * fix(sessions): preserve legacy lock admission * chore(i18n): reconcile supervision metadata * test(sessions): mark legacy lock fixture * fix(macos): drain final Codex catalog frame * docs: leave supervision note to release * style(macos): satisfy Codex catalog type length * chore: record session accessor seam owners * fix(macos): honor configured Codex supervision * fix(codex): preserve harness-owned model locks * fix(codex): satisfy supervision lint gates * chore(i18n): refresh native supervision inventory * fix(codex): align supervision validation contracts * fix(codex): close supervision boundary gaps * fix(codex): preserve supervision activation contracts * fix(codex): dispose standalone supervision runtime * fix(codex): pin supervised source connection * fix(plugins): bind delegated runs to exact session target * fix(codex): scope supervised sessions to configured agents * fix(codex): fingerprint effective supervision home * fix(codex): normalize supervision plugin policy * fix(codex): keep supervised bindings stable across upgrades * fix(codex): guard all supervised binding connections * fix(codex): preserve catalog filters and pending CAS identity * fix(codex): preserve supervision identity for diagnostics * fix(codex): bind uncertain commits to supervision connection * fix(codex): satisfy supervision type boundaries * fix(macos): reconcile current main validation * fix(codex): handle absent runtime config in supervision * fix(doctor): own local audio acceleration check * fix(codex): satisfy integration lint gates * fix(codex): satisfy lifecycle safety guards
144 lines
4.1 KiB
TypeScript
144 lines
4.1 KiB
TypeScript
// Codex tests cover plugin app cache key plugin behavior.
|
|
import { afterEach, describe, expect, it, vi } from "vitest";
|
|
import {
|
|
buildCodexAppServerConnectionFingerprint,
|
|
buildCodexAppServerRuntimeFingerprint,
|
|
buildCodexPluginAppCacheKey,
|
|
resolveCodexPluginAppCacheEndpoint,
|
|
} from "./plugin-app-cache-key.js";
|
|
|
|
afterEach(() => {
|
|
vi.unstubAllEnvs();
|
|
});
|
|
|
|
describe("resolveCodexPluginAppCacheEndpoint", () => {
|
|
it("keys plugin app inventory by websocket credentials without exposing them", () => {
|
|
const first = resolveCodexPluginAppCacheEndpoint({
|
|
start: {
|
|
transport: "websocket",
|
|
command: "codex",
|
|
args: [],
|
|
url: "ws://127.0.0.1:39175",
|
|
authToken: "token-first",
|
|
headers: { Authorization: "Bearer first" },
|
|
},
|
|
});
|
|
const second = resolveCodexPluginAppCacheEndpoint({
|
|
start: {
|
|
transport: "websocket",
|
|
command: "codex",
|
|
args: [],
|
|
url: "ws://127.0.0.1:39175",
|
|
authToken: "token-second",
|
|
headers: { Authorization: "Bearer second" },
|
|
},
|
|
});
|
|
|
|
expect(first).not.toEqual(second);
|
|
expect(first).not.toContain("token-first");
|
|
expect(first).not.toContain("Bearer first");
|
|
expect(second).not.toContain("token-second");
|
|
expect(second).not.toContain("Bearer second");
|
|
});
|
|
|
|
it("keys plugin app inventory by initialized remote runtime identity", () => {
|
|
const base = {
|
|
appServer: {
|
|
start: {
|
|
transport: "websocket" as const,
|
|
command: "codex",
|
|
args: [],
|
|
url: "wss://codex-app-server.example.internal/ws",
|
|
authToken: "secret-token",
|
|
headers: {},
|
|
},
|
|
},
|
|
authProfileId: "profile-1",
|
|
};
|
|
|
|
const first = buildCodexPluginAppCacheKey({
|
|
...base,
|
|
runtimeIdentity: {
|
|
serverVersion: "0.20.0",
|
|
codexHome: "/home/oai/.codex",
|
|
platformFamily: "unix",
|
|
platformOs: "linux",
|
|
},
|
|
});
|
|
const second = buildCodexPluginAppCacheKey({
|
|
...base,
|
|
runtimeIdentity: {
|
|
serverVersion: "0.20.0",
|
|
codexHome: "/Users/kevinlin/.codex",
|
|
platformFamily: "unix",
|
|
platformOs: "macos",
|
|
},
|
|
});
|
|
|
|
expect(first).not.toEqual(second);
|
|
expect(first).not.toContain("secret-token");
|
|
expect(second).not.toContain("secret-token");
|
|
});
|
|
|
|
it("fingerprints the remote app-server runtime used by thread bindings", () => {
|
|
const first = buildCodexAppServerRuntimeFingerprint({
|
|
appServer: {
|
|
start: {
|
|
transport: "websocket",
|
|
command: "codex",
|
|
args: [],
|
|
url: "wss://codex-app-server.example.internal/ws",
|
|
authToken: "secret-token",
|
|
headers: {},
|
|
},
|
|
connectionClass: "remote",
|
|
remoteWorkspaceRoot: "/home/oai/openclaw-workspaces",
|
|
},
|
|
runtimeIdentity: {
|
|
serverVersion: "0.20.0",
|
|
codexHome: "/home/oai/.codex",
|
|
},
|
|
});
|
|
const second = buildCodexAppServerRuntimeFingerprint({
|
|
appServer: {
|
|
start: {
|
|
transport: "websocket",
|
|
command: "codex",
|
|
args: [],
|
|
url: "wss://codex-app-server.example.internal/ws",
|
|
authToken: "secret-token",
|
|
headers: {},
|
|
},
|
|
connectionClass: "remote",
|
|
},
|
|
runtimeIdentity: {
|
|
serverVersion: "0.20.0",
|
|
codexHome: "/home/oai/.codex",
|
|
},
|
|
});
|
|
|
|
expect(first).not.toEqual(second);
|
|
expect(first).not.toContain("secret-token");
|
|
expect(second).not.toContain("secret-token");
|
|
});
|
|
|
|
it("fingerprints the effective user Codex home for supervised connections", () => {
|
|
const appServer = {
|
|
start: {
|
|
transport: "stdio" as const,
|
|
homeScope: "user" as const,
|
|
command: "codex",
|
|
args: ["app-server"],
|
|
headers: {},
|
|
},
|
|
connectionClass: "local-loopback" as const,
|
|
};
|
|
vi.stubEnv("CODEX_HOME", "/tmp/codex-home-one");
|
|
const first = buildCodexAppServerConnectionFingerprint(appServer);
|
|
vi.stubEnv("CODEX_HOME", "/tmp/codex-home-two");
|
|
const second = buildCodexAppServerConnectionFingerprint(appServer);
|
|
|
|
expect(first).not.toEqual(second);
|
|
});
|
|
});
|