github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 18:34:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: collapse sandbox agent config duplicate cases

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-23 22:01:32 +00:00
parent 287586206c
commit c248c515a3
1 changed files with 109 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

210
src/agents/sandbox-agent-config.agent-specific-sandbox-config.test.ts
View File

@@ -250,25 +250,28 @@ describe("Agent-specific sandbox config", () => {
expect(context?.enabled).toBe(true); expect(context?.enabled).toBe(true);
}); });
it("should allow agent-specific docker setupCommand overrides", async () => { it("should resolve setupCommand overrides based on sandbox scope", async () => {
const cfg = createWorkSetupCommandConfig("agent"); for (const scenario of [
{
scope: "agent" as const,
expectedSetup: "echo work",
expectedContainerFragment: "agent-work",
},
{
scope: "shared" as const,
expectedSetup: "echo global",
expectedContainerFragment: "shared",
},
]) {
const cfg = createWorkSetupCommandConfig(scenario.scope);
const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work");
const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work"); expect(context).toBeDefined();
expect(context?.docker.setupCommand).toBe(scenario.expectedSetup);
expect(context).toBeDefined(); expect(context?.containerName).toContain(scenario.expectedContainerFragment);
expect(context?.docker.setupCommand).toBe("echo work"); expectDockerSetupCommand(scenario.expectedSetup);
expectDockerSetupCommand("echo work"); spawnCalls.length = 0;
}); }
it("should ignore agent-specific docker overrides when scope is shared", async () => {
const cfg = createWorkSetupCommandConfig("shared");
const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work");
expect(context).toBeDefined();
expect(context?.docker.setupCommand).toBe("echo global");
expect(context?.containerName).toContain("shared");
expectDockerSetupCommand("echo global");
}); });
it("should allow agent-specific docker settings beyond setupCommand", async () => { it("should allow agent-specific docker settings beyond setupCommand", async () => {
@@ -308,61 +311,69 @@ describe("Agent-specific sandbox config", () => {
expect(context?.docker.network).toBe("bridge"); expect(context?.docker.network).toBe("bridge");
}); });
it("should override with agent-specific sandbox mode 'off'", async () => { it("should honor agent-specific sandbox mode overrides", async () => {
const cfg: OpenClawConfig = { for (const scenario of [
agents: { {
defaults: { cfg: {
sandbox: { agents: {
mode: "all", defaults: {
scope: "agent", sandbox: {
}, mode: "all",
}, scope: "agent",
list: [ },
{
id: "main",
workspace: "~/openclaw",
sandbox: {
mode: "off",
}, },
list: [
{
id: "main",
workspace: "~/openclaw",
sandbox: {
mode: "off",
},
},
],
}, },
], } satisfies OpenClawConfig,
}, sessionKey: "agent:main:main",
}; workspaceDir: "/tmp/test",
assert: (context: Awaited<ReturnType<typeof resolveContext>>) => {
const context = await resolveContext(cfg, "agent:main:main", "/tmp/test"); expect(context).toBeNull();
expect(context).toBeNull();
});
it("should use agent-specific sandbox mode 'all'", async () => {
const cfg: OpenClawConfig = {
agents: {
defaults: {
sandbox: {
mode: "off",
},
}, },
list: [
{
id: "family",
workspace: "~/openclaw-family",
sandbox: {
mode: "all",
scope: "agent",
},
},
],
}, },
}; {
cfg: {
const context = await resolveContext( agents: {
cfg, defaults: {
"agent:family:whatsapp:group:123", sandbox: {
"/tmp/test-family", mode: "off",
); },
},
expect(context).toBeDefined(); list: [
expect(context?.enabled).toBe(true); {
id: "family",
workspace: "~/openclaw-family",
sandbox: {
mode: "all",
scope: "agent",
},
},
],
},
} satisfies OpenClawConfig,
sessionKey: "agent:family:whatsapp:group:123",
workspaceDir: "/tmp/test-family",
assert: (context: Awaited<ReturnType<typeof resolveContext>>) => {
expect(context).toBeDefined();
expect(context?.enabled).toBe(true);
},
},
]) {
const context = await resolveContext(
scenario.cfg,
scenario.sessionKey,
scenario.workspaceDir,
);
scenario.assert(context);
}
}); });
it("should use agent-specific scope", async () => { it("should use agent-specific scope", async () => {
@@ -393,41 +404,38 @@ describe("Agent-specific sandbox config", () => {
expect(context?.containerName).toContain("agent-work"); expect(context?.containerName).toContain("agent-work");
}); });
it("includes session_status in default sandbox allowlist", async () => { it("enforces required allowlist tools in default and explicit sandbox configs", async () => {
const cfg = createDefaultsSandboxConfig(); for (const scenario of [
{
const sandbox = resolveSandboxConfigForAgent(cfg, "main"); cfg: createDefaultsSandboxConfig(),
expect(sandbox.tools.allow).toContain("session_status"); expected: ["session_status", "image"],
}); },
{
it("includes image in default sandbox allowlist", async () => { cfg: {
const cfg = createDefaultsSandboxConfig();
const sandbox = resolveSandboxConfigForAgent(cfg, "main");
expect(sandbox.tools.allow).toContain("image");
});
it("injects image into explicit sandbox allowlists", async () => {
const cfg: OpenClawConfig = {
tools: {
sandbox: {
tools: { tools: {
allow: ["bash", "read"], sandbox: {
deny: [], tools: {
allow: ["bash", "read"],
deny: [],
},
},
}, },
}, agents: {
}, defaults: {
agents: { sandbox: {
defaults: { mode: "all",
sandbox: { scope: "agent",
mode: "all", },
scope: "agent", },
}, },
}, } satisfies OpenClawConfig,
expected: ["image"],
}, },
}; ]) {
const sandbox = resolveSandboxConfigForAgent(scenario.cfg, "main");
const sandbox = resolveSandboxConfigForAgent(cfg, "main"); for (const tool of scenario.expected) {
expect(sandbox.tools.allow).toContain("image"); expect(sandbox.tools.allow).toContain(tool);
}
}
}); });
}); });