
























@@ -7,12 +7,43 @@ import {
77resolveGatewayProbeAuthWithSecretInputs,
88} from "./probe-auth.js";
9910-function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) {
11-const result = resolveGatewayProbeAuthSafe({
10+const EMPTY_PROBE_AUTH = {
11+token: undefined,
12+password: undefined,
13+};
14+15+function envSecretRef(id: string) {
16+return { source: "env", provider: "default", id } as const;
17+}
18+19+function tokenAuthConfig(id: string) {
20+return {
21+mode: "token",
22+token: envSecretRef(id),
23+} as const;
24+}
25+26+function configWithDefaultEnvProvider(gateway: NonNullable<OpenClawConfig["gateway"]>) {
27+return {
28+ gateway,
29+secrets: {
30+providers: {
31+default: { source: "env" },
32+},
33+},
34+} as OpenClawConfig;
35+}
36+37+function resolveSafeProbeAuth(cfg: OpenClawConfig, mode: "local" | "remote" = "local") {
38+return resolveGatewayProbeAuthSafe({
1239 cfg,
13-mode: "local",
40+ mode,
1441env: {} as NodeJS.ProcessEnv,
1542});
43+}
44+45+function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) {
46+const result = resolveSafeProbeAuth(cfg);
16471748expect(result.auth).toStrictEqual({});
1849expect(result.warning).toContain("gateway.auth.token");
@@ -21,17 +52,13 @@ function expectUnresolvedProbeTokenWarning(cfg: OpenClawConfig) {
21522253describe("resolveGatewayProbeAuthSafe", () => {
2354it("returns probe auth credentials when available", () => {
24-const result = resolveGatewayProbeAuthSafe({
25-cfg: {
26-gateway: {
27-auth: {
28-token: "token-value",
29-},
55+const result = resolveSafeProbeAuth({
56+gateway: {
57+auth: {
58+token: "token-value",
3059},
31-} as OpenClawConfig,
32-mode: "local",
33-env: {} as NodeJS.ProcessEnv,
34-});
60+},
61+} as OpenClawConfig);
35623663expect(result).toEqual({
3764auth: {
@@ -42,93 +69,56 @@ describe("resolveGatewayProbeAuthSafe", () => {
4269});
43704471it("returns warning and empty auth when token SecretRef is unresolved", () => {
45-expectUnresolvedProbeTokenWarning({
46-gateway: {
47-auth: {
48-mode: "token",
49-token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
50-},
51-},
52-secrets: {
53-providers: {
54-default: { source: "env" },
55-},
56-},
57-} as OpenClawConfig);
72+expectUnresolvedProbeTokenWarning(
73+configWithDefaultEnvProvider({
74+auth: tokenAuthConfig("MISSING_GATEWAY_TOKEN"),
75+}),
76+);
5877});
59786079it("does not fall through to remote token when local token SecretRef is unresolved", () => {
61-expectUnresolvedProbeTokenWarning({
62-gateway: {
80+expectUnresolvedProbeTokenWarning(
81+configWithDefaultEnvProvider({
6382mode: "local",
64-auth: {
65-mode: "token",
66-token: { source: "env", provider: "default", id: "MISSING_GATEWAY_TOKEN" },
67-},
83+auth: tokenAuthConfig("MISSING_GATEWAY_TOKEN"),
6884remote: {
6985token: "remote-token",
7086},
71-},
72-secrets: {
73-providers: {
74-default: { source: "env" },
75-},
76-},
77-} as OpenClawConfig);
87+}),
88+);
7889});
79908091it("does not fall through to remote credentials for local probes", () => {
81-const result = resolveGatewayProbeAuthSafe({
82-cfg: {
83-gateway: {
84-mode: "local",
85-remote: {
86-url: "wss://gateway.example",
87-token: "remote-token",
88-password: "remote-password", // pragma: allowlist secret
89-},
92+const result = resolveSafeProbeAuth({
93+gateway: {
94+mode: "local",
95+remote: {
96+url: "wss://gateway.example",
97+token: "remote-token",
98+password: "remote-password", // pragma: allowlist secret
9099},
91-} as OpenClawConfig,
92-mode: "local",
93-env: {} as NodeJS.ProcessEnv,
94-});
100+},
101+} as OpenClawConfig);
9510296103expect(result).toEqual({
97-auth: {
98-token: undefined,
99-password: undefined,
100-},
104+auth: EMPTY_PROBE_AUTH,
101105});
102106});
103107104108it("ignores unresolved local token SecretRef in remote mode when remote-only auth is requested", () => {
105-const result = resolveGatewayProbeAuthSafe({
106-cfg: {
107-gateway: {
108-mode: "remote",
109-remote: {
110-url: "wss://gateway.example",
111-},
112-auth: {
113-mode: "token",
114-token: { source: "env", provider: "default", id: "MISSING_LOCAL_TOKEN" },
115-},
116-},
117-secrets: {
118-providers: {
119-default: { source: "env" },
120-},
109+const result = resolveSafeProbeAuth(
110+configWithDefaultEnvProvider({
111+mode: "remote",
112+remote: {
113+url: "wss://gateway.example",
121114},
122-} as OpenClawConfig,
123-mode: "remote",
124-env: {} as NodeJS.ProcessEnv,
125-});
115+ auth: tokenAuthConfig("MISSING_LOCAL_TOKEN"),
116+}),
117+"remote",
118+);
126119127120expect(result).toEqual({
128-auth: {
129-token: undefined,
130-password: undefined,
131-},
121+auth: EMPTY_PROBE_AUTH,
132122});
133123});
134124});
@@ -169,19 +159,9 @@ describe("resolveGatewayProbeTarget", () => {
169159describe("resolveGatewayProbeAuthSafeWithSecretInputs", () => {
170160it("resolves env SecretRef token via async secret-inputs path", async () => {
171161const result = await resolveGatewayProbeAuthSafeWithSecretInputs({
172-cfg: {
173-gateway: {
174-auth: {
175-mode: "token",
176-token: { source: "env", provider: "default", id: "OPENCLAW_GATEWAY_TOKEN" },
177-},
178-},
179-secrets: {
180-providers: {
181-default: { source: "env" },
182-},
183-},
184-} as OpenClawConfig,
162+cfg: configWithDefaultEnvProvider({
163+auth: tokenAuthConfig("OPENCLAW_GATEWAY_TOKEN"),
164+}),
185165mode: "local",
186166env: {
187167OPENCLAW_GATEWAY_TOKEN: "test-token-from-env",
@@ -197,20 +177,13 @@ describe("resolveGatewayProbeAuthSafeWithSecretInputs", () => {
197177198178it("returns empty auth without warning for gateway.remote SecretRefs in local probes", async () => {
199179const result = await resolveGatewayProbeAuthSafeWithSecretInputs({
200-cfg: {
201-gateway: {
202-mode: "local",
203-remote: {
204-url: "wss://gateway.example",
205-token: { source: "env", provider: "default", id: "REMOTE_GATEWAY_TOKEN" },
206-},
207-},
208-secrets: {
209-providers: {
210-default: { source: "env" },
211-},
180+cfg: configWithDefaultEnvProvider({
181+mode: "local",
182+remote: {
183+url: "wss://gateway.example",
184+token: envSecretRef("REMOTE_GATEWAY_TOKEN"),
212185},
213-} as OpenClawConfig,
186+}),
214187mode: "local",
215188env: {
216189REMOTE_GATEWAY_TOKEN: "remote-token",
@@ -219,26 +192,15 @@ describe("resolveGatewayProbeAuthSafeWithSecretInputs", () => {
219192220193expect(result.warning).toBeUndefined();
221194expect(result.auth).toEqual({
222-token: undefined,
223-password: undefined,
195+ ...EMPTY_PROBE_AUTH,
224196});
225197});
226198227199it("returns warning and empty auth when SecretRef cannot be resolved via async path", async () => {
228200const result = await resolveGatewayProbeAuthSafeWithSecretInputs({
229-cfg: {
230-gateway: {
231-auth: {
232-mode: "token",
233-token: { source: "env", provider: "default", id: "MISSING_TOKEN_XYZ" },
234-},
235-},
236-secrets: {
237-providers: {
238-default: { source: "env" },
239-},
240-},
241-} as OpenClawConfig,
201+cfg: configWithDefaultEnvProvider({
202+auth: tokenAuthConfig("MISSING_TOKEN_XYZ"),
203+}),
242204mode: "local",
243205env: {} as NodeJS.ProcessEnv,
244206});
@@ -252,19 +214,9 @@ describe("resolveGatewayProbeAuthSafeWithSecretInputs", () => {
252214describe("resolveGatewayProbeAuthWithSecretInputs", () => {
253215it("resolves local probe SecretRef values before shared credential selection", async () => {
254216const auth = await resolveGatewayProbeAuthWithSecretInputs({
255-cfg: {
256-gateway: {
257-auth: {
258-mode: "token",
259-token: { source: "env", provider: "default", id: "DAEMON_GATEWAY_TOKEN" },
260-},
261-},
262-secrets: {
263-providers: {
264-default: { source: "env" },
265-},
266-},
267-} as OpenClawConfig,
217+cfg: configWithDefaultEnvProvider({
218+auth: tokenAuthConfig("DAEMON_GATEWAY_TOKEN"),
219+}),
268220mode: "local",
269221env: {
270222DAEMON_GATEWAY_TOKEN: "resolved-daemon-token",
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。