github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 13:31:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden agent gateway authorization scopes

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 14:37:56 +01:00
parent 165c18819e
commit a40c10d3e2
19 changed files with 319 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/agents/openclaw-gateway-tool.e2e.test.ts
View File

@@ -16,6 +16,25 @@ vi.mock("./tools/gateway.js", () => ({
}));
describe("gateway tool", () => {
it("rejects non-owner callers explicitly", async () => {
const { callGatewayTool } = await import("./tools/gateway.js");
const tool = createOpenClawTools({
senderIsOwner: false,
config: { commands: { restart: true } },
}).find((candidate) => candidate.name === "gateway");
expect(tool).toBeDefined();
if (!tool) {
throw new Error("missing gateway tool");
}
await expect(
tool.execute("call-owner-check", {
action: "config.get",
}),
).rejects.toThrow("Tool restricted to owner senders.");
expect(callGatewayTool).not.toHaveBeenCalled();
});
it("schedules SIGUSR1 restart", async () => {
vi.useFakeTimers();
const kill = vi.spyOn(process, "kill").mockImplementation(() => true);