github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-09 02:48:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): centralize owner-only tool gating and scope maps

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:27:45 +01:00
parent 9130fd2b06
commit 3d7ad1cfca
16 changed files with 372 additions and 251 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/agents/tool-policy.e2e.test.ts
View File

@@ -22,11 +22,13 @@ function createOwnerPolicyTools() {
},
{
name: "cron",
ownerOnly: true,
// oxlint-disable-next-line typescript/no-explicit-any
execute: async () => ({ content: [], details: {} }) as any,
},
{
name: "gateway",
ownerOnly: true,
// oxlint-disable-next-line typescript/no-explicit-any
execute: async () => ({ content: [], details: {} }) as any,
},
@@ -89,6 +91,19 @@ describe("tool-policy", () => {
const filtered = applyOwnerOnlyToolPolicy(tools, true);
expect(filtered.map((t) => t.name)).toEqual(["read", "cron", "gateway", "whatsapp_login"]);
});
it("honors ownerOnly metadata for custom tool names", async () => {
const tools = [
{
name: "custom_admin_tool",
ownerOnly: true,
// oxlint-disable-next-line typescript/no-explicit-any
execute: async () => ({ content: [], details: {} }) as any,
},
] as unknown as AnyAgentTool[];
expect(applyOwnerOnlyToolPolicy(tools, false)).toEqual([]);
expect(applyOwnerOnlyToolPolicy(tools, true)).toHaveLength(1);
});
});
describe("TOOL_POLICY_CONFORMANCE", () => {