fix(agents): classify tool block security events · openclaw/openclaw@41a0b8d
vincentkoc
·
2026-06-17
·
via Recent Commits to openclaw:main
| Original file line number | Diff line number | Diff line change |
|---|
@@ -305,8 +305,35 @@ describe("before_tool_call loop detection behavior", () => {
|
305 | 305 | await expectUnblockedToolExecution(tool, `poll-${i}`, params); |
306 | 306 | } |
307 | 307 | |
308 | | -const result = await tool.execute(`poll-${CRITICAL_THRESHOLD}`, params, undefined, undefined); |
309 | | -expectToolLoopBlockedResult(result, "CRITICAL"); |
| 308 | +await withDiagnosticEvents(async (emitted, flush) => { |
| 309 | +const result = await tool.execute(`poll-${CRITICAL_THRESHOLD}`, params, undefined, undefined); |
| 310 | +await flush(); |
| 311 | +expectToolLoopBlockedResult(result, "CRITICAL"); |
| 312 | +const securityEvent = emitted.find( |
| 313 | +(event): event is Extract<DiagnosticEventPayload, { type: "security.event" }> => |
| 314 | +event.type === "security.event", |
| 315 | +); |
| 316 | +expect(securityEvent).toMatchObject({ |
| 317 | +type: "security.event", |
| 318 | +category: "tool", |
| 319 | +action: "tool.execution.blocked", |
| 320 | +outcome: "denied", |
| 321 | +reason: "tool-loop", |
| 322 | +policy: { |
| 323 | +id: "tool-loop-detection", |
| 324 | +decision: "deny", |
| 325 | +reason: "tool-loop", |
| 326 | +}, |
| 327 | +control: { |
| 328 | +id: "tool-loop-detection", |
| 329 | +family: "authorization", |
| 330 | +}, |
| 331 | +attributes: { |
| 332 | +params_kind: "object", |
| 333 | +tool_source: "core", |
| 334 | +}, |
| 335 | +}); |
| 336 | +}); |
310 | 337 | }); |
311 | 338 | |
312 | 339 | it("does nothing when loopDetection.enabled is false", async () => { |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。