github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-13 06:30:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(cli): scope daemon status TLS fingerprint to local probes

Browse Source
This commit is contained in:
Shakker
2026-02-26 17:47:02 +00:00
committed by Shakker
parent b788616d9c
commit bed69339c1
2 changed files with 38 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/cli/daemon-cli/status.gather.test.ts
View File

@@ -147,4 +147,34 @@ describe("gatherDaemonStatus", () => {
expect(status.rpc?.url).toBe("wss://127.0.0.1:19001"); expect(status.rpc?.url).toBe("wss://127.0.0.1:19001");
expect(status.rpc?.ok).toBe(true); expect(status.rpc?.ok).toBe(true);
}); });
it("does not force local TLS fingerprint when probe URL is explicitly overridden", async () => {
const status = await gatherDaemonStatus({
rpc: { url: "wss://override.example:18790" },
probe: true,
deep: false,
});
expect(loadGatewayTlsRuntime).not.toHaveBeenCalled();
expect(callGatewayStatusProbe).toHaveBeenCalledWith(
expect.objectContaining({
url: "wss://override.example:18790",
tlsFingerprint: undefined,
}),
);
expect(status.gateway?.probeUrl).toBe("wss://override.example:18790");
expect(status.rpc?.url).toBe("wss://override.example:18790");
});
it("skips TLS runtime loading when probe is disabled", async () => {
const status = await gatherDaemonStatus({
rpc: {},
probe: false,
deep: false,
});
expect(loadGatewayTlsRuntime).not.toHaveBeenCalled();
expect(callGatewayStatusProbe).not.toHaveBeenCalled();
expect(status.rpc).toBeUndefined();
});
}); });

11
src/cli/daemon-cli/status.gather.ts
View File

@@ -222,9 +222,11 @@ export async function gatherDaemonStatus(
const timeoutMsRaw = Number.parseInt(String(opts.rpc.timeout ?? "10000"), 10); const timeoutMsRaw = Number.parseInt(String(opts.rpc.timeout ?? "10000"), 10);
const timeoutMs = Number.isFinite(timeoutMsRaw) && timeoutMsRaw > 0 ? timeoutMsRaw : 10_000; const timeoutMs = Number.isFinite(timeoutMsRaw) && timeoutMsRaw > 0 ? timeoutMsRaw : 10_000;
// Load TLS config for secure WebSocket connections
const tlsEnabled = daemonCfg.gateway?.tls?.enabled === true; const tlsEnabled = daemonCfg.gateway?.tls?.enabled === true;
const tlsRuntime = tlsEnabled ? await loadGatewayTlsRuntime(daemonCfg.gateway?.tls) : undefined; const shouldUseLocalTlsRuntime = opts.probe && !probeUrlOverride && tlsEnabled;
const tlsRuntime = shouldUseLocalTlsRuntime
? await loadGatewayTlsRuntime(daemonCfg.gateway?.tls)
: undefined;
const rpc = opts.probe const rpc = opts.probe
? await probeGatewayStatus({ ? await probeGatewayStatus({
@@ -237,7 +239,10 @@ export async function gatherDaemonStatus(
opts.rpc.password || opts.rpc.password ||
mergedDaemonEnv.OPENCLAW_GATEWAY_PASSWORD || mergedDaemonEnv.OPENCLAW_GATEWAY_PASSWORD ||
daemonCfg.gateway?.auth?.password, daemonCfg.gateway?.auth?.password,
tlsFingerprint: tlsRuntime?.enabled ? tlsRuntime.fingerprintSha256 : undefined, tlsFingerprint:
shouldUseLocalTlsRuntime && tlsRuntime?.enabled
? tlsRuntime.fingerprintSha256
: undefined,
timeoutMs, timeoutMs,
json: opts.rpc.json, json: opts.rpc.json,
configPath: daemonConfigSummary.path, configPath: daemonConfigSummary.path,