github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 09:51:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(gateway): bind approval ids to device identity

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-14 13:16:03 +01:00
parent 318379cdba
commit a7af646fdf
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/gateway/server.node-invoke-approval-bypass.e2e.test.ts
View File

@@ -136,6 +136,7 @@ describe("node.invoke approval bypass", () => {
});
const ws = await connectOperator(["operator.write", "operator.approvals"]);
const ws2 = await connectOperator(["operator.write"]);
const nodes = await rpcReq<{ nodes?: Array<{ nodeId: string; connected?: boolean }> }>(
ws,
@@ -159,7 +160,9 @@ describe("node.invoke approval bypass", () => {
const requested = await requestP;
expect(requested.ok).toBe(true);
const invoke = await rpcReq(ws, "node.invoke", {
// Use a second WebSocket connection to simulate per-call clients (callGatewayTool/callGatewayCli).
// Approval binding should be based on device identity, not the ephemeral connId.
const invoke = await rpcReq(ws2, "node.invoke", {
nodeId,
command: "system.run",
params: {
@@ -179,6 +182,7 @@ describe("node.invoke approval bypass", () => {
expect(lastInvokeParams?.approvalDecision).toBe("allow-once");
ws.close();
ws2.close();
node.stop();
});
});