@@ -26,7 +26,7 @@ import {
2626} from "../infra/exec-approvals.js";
2727import type { ExecHostResponse } from "../infra/exec-host.js";
2828import { buildSystemRunApprovalPlan } from "./invoke-system-run-plan.js";
29-import { handleSystemRunInvoke, formatSystemRunAllowlistMissMessage } from "./invoke-system-run.js";
29+import { handleSystemRunInvoke } from "./invoke-system-run.js";
3030import type { HandleSystemRunInvokeOptions } from "./invoke-system-run.js";
31313232vi.mock("../logger.js", () => ({
@@ -39,17 +39,6 @@ type MockedSendInvokeResult = Mock<HandleSystemRunInvokeOptions["sendInvokeResul
3939type MockedSendExecFinishedEvent = Mock<HandleSystemRunInvokeOptions["sendExecFinishedEvent"]>;
4040type MockedSendNodeEvent = Mock<HandleSystemRunInvokeOptions["sendNodeEvent"]>;
414142-describe("formatSystemRunAllowlistMissMessage", () => {
43-it("returns the default message and cmd.exe guidance variant", () => {
44-expect(formatSystemRunAllowlistMissMessage()).toBe("SYSTEM_RUN_DENIED: allowlist miss");
45-expect(
46-formatSystemRunAllowlistMissMessage({
47-windowsShellWrapperBlocked: true,
48-}),
49-).toContain("Windows shell wrappers like cmd.exe /c require approval");
50-});
51-});
52-5342describe("handleSystemRunInvoke mac app exec host routing", () => {
5443let sharedFixtureRoot = "";
5544let sharedOpenClawHome = "";
@@ -707,66 +696,24 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
707696it.runIf(process.platform !== "win32")(
708697"pins PATH-token executable to canonical path",
709698async () => {
710-for (const testCase of [
711-{
712-name: "approval-based run",
713-tmpPrefix: "openclaw-approval-path-pin-",
714-run: async (ctx: { expected: string }) => {
715-const { runCommand, sendInvokeResult } = await runSystemInvoke({
716-preferMacAppExecHost: false,
717-command: ["poccmd", "-n", "SAFE"],
718-approved: true,
719-security: "full",
720-ask: "off",
721-});
722-expectCommandPinnedToCanonicalPath({
723- runCommand,
724-expected: ctx.expected,
725-commandTail: ["-n", "SAFE"],
726-});
727-expectInvokeOk(sendInvokeResult);
728-},
729-},
730-{
731-name: "prepared plan",
732-tmpPrefix: "openclaw-prepare-run-path-pin-",
733-run: async (ctx: { expected: string }) => {
734-const prepared = buildSystemRunApprovalPlan({
735-command: ["poccmd", "hello"],
736-});
737-expect(prepared.ok).toBe(true);
738-if (!prepared.ok) {
739-throw new Error("unreachable");
740-}
741-742-const { runCommand, sendInvokeResult } = await runSystemInvoke({
743-preferMacAppExecHost: false,
744-command: prepared.plan.argv,
745-rawCommand: prepared.plan.commandText,
746-approved: true,
747-security: "full",
748-ask: "off",
749-});
750-expectCommandPinnedToCanonicalPath({
751- runCommand,
752-expected: ctx.expected,
753-commandTail: ["hello"],
754-});
755-expectInvokeOk(sendInvokeResult);
756-},
699+await withPathTokenCommand({
700+tmpPrefix: "openclaw-approval-path-pin-",
701+run: async ({ expected }) => {
702+const { runCommand, sendInvokeResult } = await runSystemInvoke({
703+preferMacAppExecHost: false,
704+command: ["poccmd", "-n", "SAFE"],
705+approved: true,
706+security: "full",
707+ask: "off",
708+});
709+expectCommandPinnedToCanonicalPath({
710+ runCommand,
711+ expected,
712+commandTail: ["-n", "SAFE"],
713+});
714+expectInvokeOk(sendInvokeResult);
757715},
758-] as const) {
759-await withPathTokenCommand({
760-tmpPrefix: testCase.tmpPrefix,
761-run: async ({ expected }) => {
762-try {
763-await testCase.run({ expected });
764-} catch (error) {
765-throw new Error(`case failed: ${testCase.name}`, { cause: error });
766-}
767-},
768-});
769-}
716+});
770717},
771718);
772719@@ -1284,10 +1231,6 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
12841231command: ["python3", "-c", "print('hi')"],
12851232expected: "python3 -c requires explicit approval in strictInlineEval mode",
12861233},
1287-{
1288-command: ["awk", 'BEGIN{system("id")}', "/dev/null"],
1289-expected: "awk inline program requires explicit approval in strictInlineEval mode",
1290-},
12911234] as const;
12921235setRuntimeConfigSnapshot({
12931236tools: {
@@ -1352,11 +1295,7 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
1352129513531296it("does not persist allow-always approvals for strict inline-eval carriers", async () => {
13541297// Persistence behavior is covered generically in exec-approvals tests; keep
1355-// one flag carrier and one inline-program carrier wired through the handler.
1356-const cases = [
1357-{ executable: "python3", args: ["-c", "print('hi')"] },
1358-{ executable: "awk", args: ['BEGIN{system("id")}', "/dev/null"] },
1359-] as const;
1298+// one handler-level smoke for strictInlineEval allow-always suppression.
13601299setRuntimeConfigSnapshot({
13611300tools: {
13621301exec: {
@@ -1369,25 +1308,23 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
13691308approvals: createAllowlistOnMissApprovals(),
13701309run: async () => {
13711310const tempDir = createFixtureDir("openclaw-inline-eval-bin-");
1372-for (const testCase of cases) {
1373-const executablePath = createTempExecutable({
1374-dir: tempDir,
1375-name: testCase.executable,
1376-});
1377-const { runCommand, sendInvokeResult } = await runSystemInvoke({
1378-preferMacAppExecHost: false,
1379-command: [executablePath, ...testCase.args],
1380-security: "allowlist",
1381-ask: "on-miss",
1382-approvalDecision: "allow-always",
1383-approved: true,
1384-runCommand: vi.fn(async () => createLocalRunResult("inline-eval-ok")),
1385-});
1311+const executablePath = createTempExecutable({
1312+dir: tempDir,
1313+name: "python3",
1314+});
1315+const { runCommand, sendInvokeResult } = await runSystemInvoke({
1316+preferMacAppExecHost: false,
1317+command: [executablePath, "-c", "print('hi')"],
1318+security: "allowlist",
1319+ask: "on-miss",
1320+approvalDecision: "allow-always",
1321+approved: true,
1322+runCommand: vi.fn(async () => createLocalRunResult("inline-eval-ok")),
1323+});
138613241387-expect(runCommand).toHaveBeenCalledTimes(1);
1388-expectInvokeOk(sendInvokeResult, { payloadContains: "inline-eval-ok" });
1389-expect(loadExecApprovals().agents?.main?.allowlist ?? []).toEqual([]);
1390-}
1325+expect(runCommand).toHaveBeenCalledTimes(1);
1326+expectInvokeOk(sendInvokeResult, { payloadContains: "inline-eval-ok" });
1327+expect(loadExecApprovals().agents?.main?.allowlist ?? []).toEqual([]);
13911328},
13921329});
13931330} finally {
@@ -1541,14 +1478,6 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
15411478const platformSpy = vi.spyOn(process, "platform", "get").mockReturnValue("win32");
15421479try {
15431480for (const testCase of [
1544-{
1545-name: "direct cmd.exe",
1546-commandPrefix: ["cmd.exe", "/d", "/s", "/c"],
1547-},
1548-{
1549-name: "env cmd.exe",
1550-commandPrefix: ["env", "cmd.exe", "/d", "/s", "/c"],
1551-},
15521481{
15531482name: "env-assignment cmd.exe",
15541483commandPrefix: ["env", "FOO=bar", "cmd.exe", "/d", "/s", "/c"],
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。