fix: harden ACP secret handling and exec preflight boundaries

2026-05-09 09:37:41 +00:00 · 2026-02-19 15:33:25 +01:00
parent 3d7ad1cfca
commit b40821b068
14 changed files with 412 additions and 36 deletions
--- a/src/cli/acp-cli.option-collisions.test.ts
+++ b/src/cli/acp-cli.option-collisions.test.ts
@@ -1,4 +1,7 @@
 import { Command } from "commander";
+import fs from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
 import { beforeEach, describe, expect, it, vi } from "vitest";

 const runAcpClientInteractive = vi.fn(async (_opts: unknown) => {});
@@ -42,4 +45,64 @@ describe("acp cli option collisions", () => {
      }),
    );
  });
+
+  it("loads gateway token/password from files", async () => {
+    const { registerAcpCli } = await import("./acp-cli.js");
+    const program = new Command();
+    registerAcpCli(program);
+
+    const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-acp-cli-"));
+    const tokenFile = path.join(dir, "token.txt");
+    const passwordFile = path.join(dir, "password.txt");
+    await fs.writeFile(tokenFile, "tok_file\n", "utf8");
+    await fs.writeFile(passwordFile, "pw_file\n", "utf8");
+
+    await program.parseAsync(["acp", "--token-file", tokenFile, "--password-file", passwordFile], {
+      from: "user",
+    });
+
+    expect(serveAcpGateway).toHaveBeenCalledWith(
+      expect.objectContaining({
+        gatewayToken: "tok_file",
+        gatewayPassword: "pw_file",
+      }),
+    );
+  });
+
+  it("rejects mixed secret flags and file flags", async () => {
+    const { registerAcpCli } = await import("./acp-cli.js");
+    const program = new Command();
+    registerAcpCli(program);
+
+    const dir = await fs.mkdtemp(path.join(os.tmpdir(), "openclaw-acp-cli-"));
+    const tokenFile = path.join(dir, "token.txt");
+    await fs.writeFile(tokenFile, "tok_file\n", "utf8");
+
+    await program.parseAsync(["acp", "--token", "tok_inline", "--token-file", tokenFile], {
+      from: "user",
+    });
+
+    expect(serveAcpGateway).not.toHaveBeenCalled();
+    expect(defaultRuntime.error).toHaveBeenCalledWith(
+      expect.stringMatching(/Use either --token or --token-file/),
+    );
+    expect(defaultRuntime.exit).toHaveBeenCalledWith(1);
+  });
+
+  it("warns when inline secret flags are used", async () => {
+    const { registerAcpCli } = await import("./acp-cli.js");
+    const program = new Command();
+    registerAcpCli(program);
+
+    await program.parseAsync(["acp", "--token", "tok_inline", "--password", "pw_inline"], {
+      from: "user",
+    });
+
+    expect(defaultRuntime.error).toHaveBeenCalledWith(
+      expect.stringMatching(/--token can be exposed via process listings/),
+    );
+    expect(defaultRuntime.error).toHaveBeenCalledWith(
+      expect.stringMatching(/--password can be exposed via process listings/),
+    );
+  });
 });