Spaces:
Paused
Paused
OpenClawBot / src /auto-reply /reply.directive.directive-behavior.requires-per-agent-allowlist-addition-global.e2e.test.ts
| import path from "node:path"; | |
| import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; | |
| import { withTempHome as withTempHomeBase } from "../../test/helpers/temp-home.js"; | |
| import { loadModelCatalog } from "../agents/model-catalog.js"; | |
| import { runEmbeddedPiAgent } from "../agents/pi-embedded.js"; | |
| import { loadSessionStore } from "../config/sessions.js"; | |
| import { getReplyFromConfig } from "./reply.js"; | |
| const MAIN_SESSION_KEY = "agent:main:main"; | |
| vi.mock("../agents/pi-embedded.js", () => ({ | |
| abortEmbeddedPiRun: vi.fn().mockReturnValue(false), | |
| runEmbeddedPiAgent: vi.fn(), | |
| queueEmbeddedPiMessage: vi.fn().mockReturnValue(false), | |
| resolveEmbeddedSessionLane: (key: string) => `session:${key.trim() || "main"}`, | |
| isEmbeddedPiRunActive: vi.fn().mockReturnValue(false), | |
| isEmbeddedPiRunStreaming: vi.fn().mockReturnValue(false), | |
| })); | |
| vi.mock("../agents/model-catalog.js", () => ({ | |
| loadModelCatalog: vi.fn(), | |
| })); | |
| async function withTempHome<T>(fn: (home: string) => Promise<T>): Promise<T> { | |
| return withTempHomeBase( | |
| async (home) => { | |
| return await fn(home); | |
| }, | |
| { | |
| env: { | |
| OPENCLAW_AGENT_DIR: (home) => path.join(home, ".openclaw", "agent"), | |
| PI_CODING_AGENT_DIR: (home) => path.join(home, ".openclaw", "agent"), | |
| }, | |
| prefix: "openclaw-reply-", | |
| }, | |
| ); | |
| } | |
| function _assertModelSelection( | |
| storePath: string, | |
| selection: { model?: string; provider?: string } = {}, | |
| ) { | |
| const store = loadSessionStore(storePath); | |
| const entry = store[MAIN_SESSION_KEY]; | |
| expect(entry).toBeDefined(); | |
| expect(entry?.modelOverride).toBe(selection.model); | |
| expect(entry?.providerOverride).toBe(selection.provider); | |
| } | |
| describe("directive behavior", () => { | |
| beforeEach(() => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| vi.mocked(loadModelCatalog).mockResolvedValue([ | |
| { id: "claude-opus-4-5", name: "Opus 4.5", provider: "anthropic" }, | |
| { id: "claude-sonnet-4-1", name: "Sonnet 4.1", provider: "anthropic" }, | |
| { id: "gpt-4.1-mini", name: "GPT-4.1 Mini", provider: "openai" }, | |
| ]); | |
| }); | |
| afterEach(() => { | |
| vi.restoreAllMocks(); | |
| }); | |
| it("requires per-agent allowlist in addition to global", async () => { | |
| await withTempHome(async (home) => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| const res = await getReplyFromConfig( | |
| { | |
| Body: "/elevated on", | |
| From: "+1222", | |
| To: "+1222", | |
| Provider: "whatsapp", | |
| SenderE164: "+1222", | |
| SessionKey: "agent:work:main", | |
| CommandAuthorized: true, | |
| }, | |
| {}, | |
| { | |
| agents: { | |
| defaults: { | |
| model: "anthropic/claude-opus-4-5", | |
| workspace: path.join(home, "openclaw"), | |
| }, | |
| list: [ | |
| { | |
| id: "work", | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1333"] }, | |
| }, | |
| }, | |
| }, | |
| ], | |
| }, | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1222", "+1333"] }, | |
| }, | |
| }, | |
| channels: { whatsapp: { allowFrom: ["+1222", "+1333"] } }, | |
| session: { store: path.join(home, "sessions.json") }, | |
| }, | |
| ); | |
| const text = Array.isArray(res) ? res[0]?.text : res?.text; | |
| expect(text).toContain("agents.list[].tools.elevated.allowFrom.whatsapp"); | |
| expect(runEmbeddedPiAgent).not.toHaveBeenCalled(); | |
| }); | |
| }); | |
| it("allows elevated when both global and per-agent allowlists match", async () => { | |
| await withTempHome(async (home) => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| const res = await getReplyFromConfig( | |
| { | |
| Body: "/elevated on", | |
| From: "+1333", | |
| To: "+1333", | |
| Provider: "whatsapp", | |
| SenderE164: "+1333", | |
| SessionKey: "agent:work:main", | |
| CommandAuthorized: true, | |
| }, | |
| {}, | |
| { | |
| agents: { | |
| defaults: { | |
| model: "anthropic/claude-opus-4-5", | |
| workspace: path.join(home, "openclaw"), | |
| }, | |
| list: [ | |
| { | |
| id: "work", | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1333"] }, | |
| }, | |
| }, | |
| }, | |
| ], | |
| }, | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1222", "+1333"] }, | |
| }, | |
| }, | |
| channels: { whatsapp: { allowFrom: ["+1222", "+1333"] } }, | |
| session: { store: path.join(home, "sessions.json") }, | |
| }, | |
| ); | |
| const text = Array.isArray(res) ? res[0]?.text : res?.text; | |
| expect(text).toContain("Elevated mode set to ask"); | |
| expect(runEmbeddedPiAgent).not.toHaveBeenCalled(); | |
| }); | |
| }); | |
| it("warns when elevated is used in direct runtime", async () => { | |
| await withTempHome(async (home) => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| const res = await getReplyFromConfig( | |
| { | |
| Body: "/elevated off", | |
| From: "+1222", | |
| To: "+1222", | |
| Provider: "whatsapp", | |
| SenderE164: "+1222", | |
| CommandAuthorized: true, | |
| }, | |
| {}, | |
| { | |
| agents: { | |
| defaults: { | |
| model: "anthropic/claude-opus-4-5", | |
| workspace: path.join(home, "openclaw"), | |
| sandbox: { mode: "off" }, | |
| }, | |
| }, | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1222"] }, | |
| }, | |
| }, | |
| channels: { whatsapp: { allowFrom: ["+1222"] } }, | |
| session: { store: path.join(home, "sessions.json") }, | |
| }, | |
| ); | |
| const text = Array.isArray(res) ? res[0]?.text : res?.text; | |
| expect(text).toContain("Elevated mode disabled."); | |
| expect(text).toContain("Runtime is direct; sandboxing does not apply."); | |
| expect(runEmbeddedPiAgent).not.toHaveBeenCalled(); | |
| }); | |
| }); | |
| it("rejects invalid elevated level", async () => { | |
| await withTempHome(async (home) => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| const res = await getReplyFromConfig( | |
| { | |
| Body: "/elevated maybe", | |
| From: "+1222", | |
| To: "+1222", | |
| Provider: "whatsapp", | |
| SenderE164: "+1222", | |
| CommandAuthorized: true, | |
| }, | |
| {}, | |
| { | |
| agents: { | |
| defaults: { | |
| model: "anthropic/claude-opus-4-5", | |
| workspace: path.join(home, "openclaw"), | |
| }, | |
| }, | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1222"] }, | |
| }, | |
| }, | |
| channels: { whatsapp: { allowFrom: ["+1222"] } }, | |
| session: { store: path.join(home, "sessions.json") }, | |
| }, | |
| ); | |
| const text = Array.isArray(res) ? res[0]?.text : res?.text; | |
| expect(text).toContain("Unrecognized elevated level"); | |
| expect(runEmbeddedPiAgent).not.toHaveBeenCalled(); | |
| }); | |
| }); | |
| it("handles multiple directives in a single message", async () => { | |
| await withTempHome(async (home) => { | |
| vi.mocked(runEmbeddedPiAgent).mockReset(); | |
| const res = await getReplyFromConfig( | |
| { | |
| Body: "/elevated off\n/verbose on", | |
| From: "+1222", | |
| To: "+1222", | |
| Provider: "whatsapp", | |
| SenderE164: "+1222", | |
| CommandAuthorized: true, | |
| }, | |
| {}, | |
| { | |
| agents: { | |
| defaults: { | |
| model: "anthropic/claude-opus-4-5", | |
| workspace: path.join(home, "openclaw"), | |
| }, | |
| }, | |
| tools: { | |
| elevated: { | |
| allowFrom: { whatsapp: ["+1222"] }, | |
| }, | |
| }, | |
| channels: { whatsapp: { allowFrom: ["+1222"] } }, | |
| session: { store: path.join(home, "sessions.json") }, | |
| }, | |
| ); | |
| const text = Array.isArray(res) ? res[0]?.text : res?.text; | |
| expect(text).toContain("Elevated mode disabled."); | |
| expect(text).toContain("Verbose logging enabled."); | |
| expect(runEmbeddedPiAgent).not.toHaveBeenCalled(); | |
| }); | |
| }); | |
| }); | |