mirror of
https://github.com/openclaw/openclaw.git
synced 2026-05-08 08:11:26 +00:00
test(sessions): add access and resolution helper coverage
This commit is contained in:
Peter Steinberger
104
src/agents/tools/sessions-access.test.ts
Normal file
104
src/agents/tools/sessions-access.test.ts
Normal file
@@ -0,0 +1,104 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
import type { OpenClawConfig } from "../../config/config.js";
|
||||
import {
|
||||
createAgentToAgentPolicy,
|
||||
createSessionVisibilityGuard,
|
||||
resolveEffectiveSessionToolsVisibility,
|
||||
resolveSessionToolsVisibility,
|
||||
} from "./sessions-access.js";
|
||||
|
||||
describe("resolveSessionToolsVisibility", () => {
|
||||
it("defaults to tree when unset or invalid", () => {
|
||||
expect(resolveSessionToolsVisibility({} as OpenClawConfig)).toBe("tree");
|
||||
expect(
|
||||
resolveSessionToolsVisibility({
|
||||
tools: { sessions: { visibility: "invalid" } },
|
||||
} as OpenClawConfig),
|
||||
).toBe("tree");
|
||||
});
|
||||
|
||||
it("accepts known visibility values case-insensitively", () => {
|
||||
expect(
|
||||
resolveSessionToolsVisibility({
|
||||
tools: { sessions: { visibility: "ALL" } },
|
||||
} as OpenClawConfig),
|
||||
).toBe("all");
|
||||
});
|
||||
});
|
||||
|
||||
describe("resolveEffectiveSessionToolsVisibility", () => {
|
||||
it("clamps to tree in sandbox when sandbox visibility is spawned", () => {
|
||||
const cfg = {
|
||||
tools: { sessions: { visibility: "all" } },
|
||||
agents: { defaults: { sandbox: { sessionToolsVisibility: "spawned" } } },
|
||||
} as OpenClawConfig;
|
||||
expect(resolveEffectiveSessionToolsVisibility({ cfg, sandboxed: true })).toBe("tree");
|
||||
});
|
||||
|
||||
it("preserves visibility when sandbox clamp is all", () => {
|
||||
const cfg = {
|
||||
tools: { sessions: { visibility: "all" } },
|
||||
agents: { defaults: { sandbox: { sessionToolsVisibility: "all" } } },
|
||||
} as OpenClawConfig;
|
||||
expect(resolveEffectiveSessionToolsVisibility({ cfg, sandboxed: true })).toBe("all");
|
||||
});
|
||||
});
|
||||
|
||||
describe("createAgentToAgentPolicy", () => {
|
||||
it("denies cross-agent access when disabled", () => {
|
||||
const policy = createAgentToAgentPolicy({} as OpenClawConfig);
|
||||
expect(policy.enabled).toBe(false);
|
||||
expect(policy.isAllowed("main", "main")).toBe(true);
|
||||
expect(policy.isAllowed("main", "ops")).toBe(false);
|
||||
});
|
||||
|
||||
it("honors allow patterns when enabled", () => {
|
||||
const policy = createAgentToAgentPolicy({
|
||||
tools: {
|
||||
agentToAgent: {
|
||||
enabled: true,
|
||||
allow: ["ops-*", "main"],
|
||||
},
|
||||
},
|
||||
} as OpenClawConfig);
|
||||
|
||||
expect(policy.isAllowed("ops-a", "ops-b")).toBe(true);
|
||||
expect(policy.isAllowed("main", "ops-a")).toBe(true);
|
||||
expect(policy.isAllowed("guest", "ops-a")).toBe(false);
|
||||
});
|
||||
});
|
||||
|
||||
describe("createSessionVisibilityGuard", () => {
|
||||
it("blocks cross-agent send when agent-to-agent is disabled", async () => {
|
||||
const guard = await createSessionVisibilityGuard({
|
||||
action: "send",
|
||||
requesterSessionKey: "agent:main:main",
|
||||
visibility: "all",
|
||||
a2aPolicy: createAgentToAgentPolicy({} as OpenClawConfig),
|
||||
});
|
||||
|
||||
expect(guard.check("agent:ops:main")).toEqual({
|
||||
allowed: false,
|
||||
status: "forbidden",
|
||||
error:
|
||||
"Agent-to-agent messaging is disabled. Set tools.agentToAgent.enabled=true to allow cross-agent sends.",
|
||||
});
|
||||
});
|
||||
|
||||
it("enforces self visibility for same-agent sessions", async () => {
|
||||
const guard = await createSessionVisibilityGuard({
|
||||
action: "history",
|
||||
requesterSessionKey: "agent:main:main",
|
||||
visibility: "self",
|
||||
a2aPolicy: createAgentToAgentPolicy({} as OpenClawConfig),
|
||||
});
|
||||
|
||||
expect(guard.check("agent:main:main")).toEqual({ allowed: true });
|
||||
expect(guard.check("agent:main:telegram:group:1")).toEqual({
|
||||
allowed: false,
|
||||
status: "forbidden",
|
||||
error:
|
||||
"Session history visibility is restricted to the current session (tools.sessions.visibility=self).",
|
||||
});
|
||||
});
|
||||
});
|
||||
77
src/agents/tools/sessions-resolution.test.ts
Normal file
77
src/agents/tools/sessions-resolution.test.ts
Normal file
@@ -0,0 +1,77 @@
|
||||
import { describe, expect, it } from "vitest";
|
||||
import type { OpenClawConfig } from "../../config/config.js";
|
||||
import {
|
||||
looksLikeSessionId,
|
||||
looksLikeSessionKey,
|
||||
resolveDisplaySessionKey,
|
||||
resolveInternalSessionKey,
|
||||
resolveMainSessionAlias,
|
||||
shouldResolveSessionIdInput,
|
||||
} from "./sessions-resolution.js";
|
||||
|
||||
describe("resolveMainSessionAlias", () => {
|
||||
it("uses normalized main key and global alias for global scope", () => {
|
||||
const cfg = {
|
||||
session: { mainKey: " Primary ", scope: "global" },
|
||||
} as OpenClawConfig;
|
||||
|
||||
expect(resolveMainSessionAlias(cfg)).toEqual({
|
||||
mainKey: "primary",
|
||||
alias: "global",
|
||||
scope: "global",
|
||||
});
|
||||
});
|
||||
|
||||
it("falls back to per-sender defaults", () => {
|
||||
expect(resolveMainSessionAlias({} as OpenClawConfig)).toEqual({
|
||||
mainKey: "main",
|
||||
alias: "main",
|
||||
scope: "per-sender",
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
describe("session key display/internal mapping", () => {
|
||||
it("maps alias and main key to display main", () => {
|
||||
expect(resolveDisplaySessionKey({ key: "global", alias: "global", mainKey: "main" })).toBe(
|
||||
"main",
|
||||
);
|
||||
expect(resolveDisplaySessionKey({ key: "main", alias: "global", mainKey: "main" })).toBe(
|
||||
"main",
|
||||
);
|
||||
expect(
|
||||
resolveDisplaySessionKey({ key: "agent:ops:main", alias: "global", mainKey: "main" }),
|
||||
).toBe("agent:ops:main");
|
||||
});
|
||||
|
||||
it("maps input main to alias for internal routing", () => {
|
||||
expect(resolveInternalSessionKey({ key: "main", alias: "global", mainKey: "main" })).toBe(
|
||||
"global",
|
||||
);
|
||||
expect(
|
||||
resolveInternalSessionKey({ key: "agent:ops:main", alias: "global", mainKey: "main" }),
|
||||
).toBe("agent:ops:main");
|
||||
});
|
||||
});
|
||||
|
||||
describe("session reference shape detection", () => {
|
||||
it("detects session ids", () => {
|
||||
expect(looksLikeSessionId("d4f5a5a1-9f75-42cf-83a6-8d170e6a1538")).toBe(true);
|
||||
expect(looksLikeSessionId("not-a-uuid")).toBe(false);
|
||||
});
|
||||
|
||||
it("detects canonical session key families", () => {
|
||||
expect(looksLikeSessionKey("main")).toBe(true);
|
||||
expect(looksLikeSessionKey("agent:main:main")).toBe(true);
|
||||
expect(looksLikeSessionKey("cron:daily-report")).toBe(true);
|
||||
expect(looksLikeSessionKey("node:macbook")).toBe(true);
|
||||
expect(looksLikeSessionKey("telegram:group:123")).toBe(true);
|
||||
expect(looksLikeSessionKey("random-slug")).toBe(false);
|
||||
});
|
||||
|
||||
it("treats non-keys as session-id candidates", () => {
|
||||
expect(shouldResolveSessionIdInput("agent:main:main")).toBe(false);
|
||||
expect(shouldResolveSessionIdInput("d4f5a5a1-9f75-42cf-83a6-8d170e6a1538")).toBe(true);
|
||||
expect(shouldResolveSessionIdInput("random-slug")).toBe(true);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user