@goplus/agentguard 1.1.14 → 1.1.20

package/dist/tests/feed-cron.test.js

@@ -12,6 +12,7 @@ const node_net_1 = __importDefault(require("node:net"));
 const node_os_1 = require("node:os");
 const node_path_1 = require("node:path");
 const cron_js_1 = require("../feed/cron.js");
+const ED25519_SPKI_PREFIX = Buffer.from('302a300506032b6570032100', 'hex');
 async function closeServer(server) {
     await new Promise((resolve, reject) => {
         server.close((err) => {
@@ -84,6 +85,41 @@ function fakeGateway(jobs = []) {
         },
     };
 }
+function base64UrlEncode(value) {
+    return value.toString('base64').replaceAll('+', '-').replaceAll('/', '_').replace(/=+$/g, '');
+}
+function base64UrlDecode(value) {
+    const normalized = value.replaceAll('-', '+').replaceAll('_', '/');
+    const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4);
+    return Buffer.from(padded, 'base64');
+}
+function publicKeyRawBase64UrlFromPem(publicKeyPem) {
+    const publicKey = (0, node_crypto_1.createPublicKey)(publicKeyPem);
+    const spki = publicKey.export({ type: 'spki', format: 'der' });
+    const raw = spki.length === ED25519_SPKI_PREFIX.length + 32 &&
+        spki.subarray(0, ED25519_SPKI_PREFIX.length).equals(ED25519_SPKI_PREFIX)
+        ? spki.subarray(ED25519_SPKI_PREFIX.length)
+        : spki;
+    return base64UrlEncode(raw);
+}
+function writeOpenClawIdentity(stateDir) {
+    const { publicKey, privateKey } = (0, node_crypto_1.generateKeyPairSync)('ed25519');
+    const publicKeyPem = publicKey.export({ type: 'spki', format: 'pem' }).toString();
+    const privateKeyPem = privateKey.export({ type: 'pkcs8', format: 'pem' }).toString();
+    const deviceId = (0, node_crypto_1.createHash)('sha256')
+        .update(base64UrlDecode(publicKeyRawBase64UrlFromPem(publicKeyPem)))
+        .digest('hex');
+    const identityDir = (0, node_path_1.join)(stateDir, 'identity');
+    (0, node_fs_1.mkdirSync)(identityDir, { recursive: true });
+    (0, node_fs_1.writeFileSync)((0, node_path_1.join)(identityDir, 'device.json'), JSON.stringify({
+        version: 1,
+        deviceId,
+        publicKeyPem,
+        privateKeyPem,
+        createdAtMs: Date.now(),
+    }));
+    return { deviceId, publicKeyPem, privateKeyPem };
+}
 (0, node_test_1.describe)('feed/cron', () => {
     (0, node_test_1.it)('validateCronExpression rejects non-five-field values', () => {
         strict_1.default.equal((0, cron_js_1.validateCronExpression)('0 * * * *'), '0 * * * *');
@@ -91,7 +127,7 @@ function fakeGateway(jobs = []) {
         strict_1.default.throws(() => (0, cron_js_1.validateCronExpression)('0 * * *'), /Invalid --cron/);
         strict_1.default.throws(() => (0, cron_js_1.validateCronExpression)('0 * * * * *'), /Invalid --cron/);
     });
-    (0, node_test_1.it)('adds an OpenClaw cron job with announce-last delivery and cron schedule', async () => {
+    (0, node_test_1.it)('adds an OpenClaw cron job with no-delivery fallback and cron schedule', async () => {
         const gateway = fakeGateway();
         const result = await (0, cron_js_1.installOpenClawThreatFeedCron)({ name: 'agentguard-threat-feed', cronExpression: '0 * * * *', quiet: false, force: false, timezone: 'Asia/Shanghai' }, { request: gateway.request });
         strict_1.default.equal(result.created, true);
@@ -101,13 +137,14 @@ function fakeGateway(jobs = []) {
         const job = gateway.calls[1].params;
         strict_1.default.equal(job.name, 'agentguard-threat-feed');
         strict_1.default.deepEqual(job.schedule, { kind: 'cron', expr: '0 * * * *', tz: 'Asia/Shanghai' });
-        strict_1.default.deepEqual(job.delivery, { mode: 'announce', channel: 'last' });
+        strict_1.default.deepEqual(job.delivery, { mode: 'none' });
         strict_1.default.equal(job.sessionTarget, 'isolated');
         strict_1.default.equal(job.payload.kind, 'agentTurn');
         strict_1.default.equal('agentguard' in job.payload, false);
         strict_1.default.match(job.payload.message, /Mode: manual/);
-        strict_1.default.match(job.payload.message, /Command: `agentguard subscribe --cron-notify-run`/);
-        strict_1.default.match(job.payload.message, /agentguard subscribe --cron-notify-run/);
+        strict_1.default.match(job.payload.message, /Command: `agentguard subscribe --json --cron-run`/);
+        strict_1.default.match(job.payload.message, /agentguard subscribe --json --cron-run/);
+        strict_1.default.match(job.payload.message, /handles its own OpenClaw notification delivery/);
         strict_1.default.match(job.payload.message, /NO_REPLY/);
     });
     (0, node_test_1.it)('auto-installs system crontab jobs for Codex and Claude Code agents', async () => {
@@ -143,6 +180,78 @@ function fakeGateway(jobs = []) {
         strict_1.default.match(script, new RegExp(`export AGENTGUARD_HOME='${home.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}'`));
         strict_1.default.match(script, /exec agentguard subscribe --quiet --json --cron-run/);
     });
+    (0, node_test_1.it)('removes the managed system crontab block without touching other entries', async () => {
+        const calls = [];
+        const home = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-system-remove-'));
+        const current = [
+            '# existing',
+            '# AgentGuard begin agentguard-threat-feed',
+            '0 * * * * /tmp/agentguard-threat-feed.sh',
+            '# AgentGuard end agentguard-threat-feed',
+            '15 * * * * /tmp/other-job.sh',
+            '',
+        ].join('\n');
+        const runner = async (command, args, input) => {
+            calls.push({ command, args, input });
+            if (command === 'crontab' && args[0] === '-l') {
+                return { stdout: current, stderr: '' };
+            }
+            return { stdout: '', stderr: '' };
+        };
+        const result = await (0, cron_js_1.removeThreatFeedCron)({
+            name: 'agentguard-threat-feed',
+            backend: 'system',
+            agentGuardHome: home,
+        }, { runCommand: runner });
+        strict_1.default.deepEqual(result, [{ name: 'agentguard-threat-feed', backend: 'system', removed: true }]);
+        strict_1.default.deepEqual(calls.map((call) => call.args[0]), ['-l', '-']);
+        strict_1.default.match(calls[1].input ?? '', /# existing/);
+        strict_1.default.match(calls[1].input ?? '', /other-job/);
+        strict_1.default.doesNotMatch(calls[1].input ?? '', /AgentGuard begin agentguard-threat-feed/);
+    });
+    (0, node_test_1.it)('removes OpenClaw gateway cron jobs by default subscribe name', async () => {
+        const gateway = fakeGateway([{ id: 'job-1', name: 'agentguard-threat-feed' }]);
+        const result = await (0, cron_js_1.removeThreatFeedCron)({
+            name: 'agentguard-threat-feed',
+            backend: 'openclaw',
+        }, {
+            async runCommand() {
+                throw new Error('native openclaw unavailable');
+            },
+            gateway: { request: gateway.request },
+        });
+        strict_1.default.deepEqual(result.map((item) => item.backend), ['openclaw', 'openclaw-gateway']);
+        strict_1.default.equal(result[0].removed, false);
+        strict_1.default.match(result[0].error ?? '', /native openclaw unavailable/);
+        strict_1.default.equal(result[1].removed, true);
+        strict_1.default.deepEqual(gateway.calls.map((call) => call.method), ['cron.list', 'cron.remove']);
+        strict_1.default.deepEqual(gateway.calls[1].params, { jobId: 'job-1' });
+    });
+    (0, node_test_1.it)('removes native OpenClaw cron jobs by id', async () => {
+        const calls = [];
+        const runner = async (command, args) => {
+            calls.push({ command, args });
+            if (args.join(' ') === 'cron list') {
+                return {
+                    stdout: JSON.stringify({
+                        jobs: [
+                            { id: '7407b173-da3f-4ded-b6e3-722a9c5248b0', name: 'agentguard-threat-feed' },
+                        ],
+                    }),
+                    stderr: '',
+                };
+            }
+            return { stdout: '', stderr: '' };
+        };
+        const result = await (0, cron_js_1.removeThreatFeedCron)({
+            name: 'agentguard-threat-feed',
+            backend: 'openclaw',
+        }, { runCommand: runner, gateway: { request: fakeGateway().request } });
+        strict_1.default.equal(result[0].backend, 'openclaw');
+        strict_1.default.equal(result[0].removed, true);
+        strict_1.default.deepEqual(calls.map((call) => call.args.slice(0, 2).join(' ')), ['cron list', 'cron remove']);
+        strict_1.default.deepEqual(calls[1].args, ['cron', 'remove', '7407b173-da3f-4ded-b6e3-722a9c5248b0']);
+    });
     (0, node_test_1.it)('rejects unsafe AgentGuard home paths for system crontab jobs', async () => {
         await strict_1.default.rejects(() => (0, cron_js_1.installThreatFeedCron)({
             name: 'agentguard-threat-feed',
@@ -201,9 +310,8 @@ function fakeGateway(jobs = []) {
         strict_1.default.deepEqual(calls.map((call) => call.args.slice(0, 2).join(' ')), ['cron list', 'cron add']);
         strict_1.default.ok(calls[1].args.includes('--timeout-seconds'));
         strict_1.default.ok(calls[1].args.includes('300'));
-        strict_1.default.ok(calls[1].args.includes('--announce'));
-        strict_1.default.ok(calls[1].args.includes('--channel'));
-        strict_1.default.ok(calls[1].args.includes('last'));
+        strict_1.default.ok(calls[1].args.includes('--no-deliver'));
+        strict_1.default.ok(!calls[1].args.includes('--announce'));
     });
     (0, node_test_1.it)('does not treat native OpenClaw cron name substrings as existing jobs', async () => {
         const calls = [];
@@ -247,6 +355,35 @@ function fakeGateway(jobs = []) {
         strict_1.default.equal(result.created, false);
         strict_1.default.deepEqual(calls.map((call) => call.args.slice(0, 2).join(' ')), ['cron list']);
     });
+    (0, node_test_1.it)('replaces native OpenClaw cron jobs by id when force is set', async () => {
+        const calls = [];
+        const runner = async (command, args) => {
+            calls.push({ command, args });
+            if (args.join(' ') === 'cron list') {
+                return {
+                    stdout: [
+                        'ID                                   Name                     Schedule',
+                        '7407b173-da3f-4ded-b6e3-722a9c5248b0 agentguard-threat-feed   cron */5 * * * * @ UTC',
+                    ].join('\n'),
+                    stderr: '',
+                };
+            }
+            return { stdout: '', stderr: '' };
+        };
+        const result = await (0, cron_js_1.installThreatFeedCron)({
+            name: 'agentguard-threat-feed',
+            cronExpression: '*/5 * * * *',
+            quiet: true,
+            force: true,
+            backend: 'auto',
+            agentHost: 'openclaw',
+            timezone: 'UTC',
+        }, { runCommand: runner });
+        strict_1.default.equal(result.created, true);
+        strict_1.default.deepEqual(calls.map((call) => call.args.slice(0, 2).join(' ')), ['cron list', 'cron remove', 'cron add']);
+        strict_1.default.deepEqual(calls[1].args, ['cron', 'remove', '7407b173-da3f-4ded-b6e3-722a9c5248b0']);
+        strict_1.default.ok(!calls[2].args.includes('--force'));
+    });
     (0, node_test_1.it)('does not fall back to OpenClaw Gateway when native OpenClaw cron add fails', async () => {
         const gateway = fakeGateway();
         const runner = async (_command, args) => {
@@ -287,6 +424,8 @@ function fakeGateway(jobs = []) {
         strict_1.default.deepEqual(job.delivery, { mode: 'announce', channel: 'last' });
         strict_1.default.equal('agentguard' in job.payload, false);
         strict_1.default.match(job.payload.message, /Command: `agentguard subscribe --cron-notify-run`/);
+        strict_1.default.match(job.payload.message, /remediation guidance/);
+        strict_1.default.match(job.payload.message, /manual response steps/);
     });
     (0, node_test_1.it)('auto-installs native Hermes cron jobs for Hermes agents', async () => {
         const calls = [];
@@ -367,6 +506,17 @@ function fakeGateway(jobs = []) {
         strict_1.default.equal(result.backend, 'openclaw-gateway');
         strict_1.default.deepEqual(gateway.calls.map((call) => call.method), ['cron.list', 'cron.add']);
     });
+    (0, node_test_1.it)('rejects an explicit OpenClaw cron target when the saved agent host is different', async () => {
+        await strict_1.default.rejects(() => (0, cron_js_1.installThreatFeedCron)({
+            name: 'agentguard-threat-feed',
+            cronExpression: '0 * * * *',
+            quiet: false,
+            force: false,
+            backend: 'openclaw',
+            agentHost: 'codex',
+            timezone: 'UTC',
+        }), /Cron target openclaw conflicts with saved agent host "codex"/);
+    });
     (0, node_test_1.it)('fails fast when OpenClaw Gateway cron.list is unavailable', async () => {
         await strict_1.default.rejects(() => (0, cron_js_1.installOpenClawThreatFeedCron)({ name: 'agentguard-threat-feed', cronExpression: '0 * * * *', quiet: false, force: false, timezone: 'UTC' }, {
             async request(method) {
@@ -391,9 +541,9 @@ function fakeGateway(jobs = []) {
         strict_1.default.deepEqual(gateway.calls[2].params.schedule, { kind: 'cron', expr: '*/5 * * * *', tz: 'UTC' });
         strict_1.default.equal('agentguard' in gateway.calls[2].params.payload, false);
         strict_1.default.match(gateway.calls[2].params.payload.message, /Mode: quiet/);
-        strict_1.default.deepEqual(gateway.calls[2].params.delivery, { mode: 'announce', channel: 'last' });
-        strict_1.default.match(gateway.calls[2].params.payload.message, /Command: `agentguard subscribe --quiet --cron-notify-run`/);
-        strict_1.default.match(gateway.calls[2].params.payload.message, /agentguard subscribe --quiet --cron-notify-run/);
+        strict_1.default.deepEqual(gateway.calls[2].params.delivery, { mode: 'none' });
+        strict_1.default.match(gateway.calls[2].params.payload.message, /Command: `agentguard subscribe --quiet --json --cron-run`/);
+        strict_1.default.match(gateway.calls[2].params.payload.message, /agentguard subscribe --quiet --json --cron-run/);
     });
     (0, node_test_1.it)('does not add a replacement if force removal fails', async () => {
         const calls = [];
@@ -416,11 +566,39 @@ function fakeGateway(jobs = []) {
             },
         }), /timed out/);
     });
+    (0, node_test_1.it)('prefers the OpenClaw CLI Gateway call for default local OpenClaw requests', async () => {
+        const calls = [];
+        const result = await (0, cron_js_1.openClawGatewayRequest)('sessions.list', { limit: 1 }, {
+            timeoutMs: 1234,
+            runCommand: async (command, args) => {
+                calls.push({ command, args });
+                return {
+                    stdout: JSON.stringify({ sessions: [{ key: 'session-1' }] }),
+                    stderr: '',
+                };
+            },
+        });
+        strict_1.default.deepEqual(result, { sessions: [{ key: 'session-1' }] });
+        strict_1.default.equal(calls.length, 1);
+        strict_1.default.equal(calls[0].command, 'openclaw');
+        strict_1.default.deepEqual(calls[0].args, [
+            'gateway',
+            'call',
+            'sessions.list',
+            '--params',
+            '{"limit":1}',
+            '--timeout',
+            '1234',
+            '--json',
+        ]);
+    });
     (0, node_test_1.it)('keeps the default HTTP JSON-RPC Gateway path and legacy cron.add params', async () => {
         let requestBody;
+        let authorization;
         const server = node_http_1.default.createServer((req, res) => {
             strict_1.default.equal(req.method, 'POST');
             strict_1.default.equal(req.url, '/');
+            authorization = req.headers.authorization;
             let raw = '';
             req.setEncoding('utf8');
             req.on('data', (chunk) => {
@@ -437,9 +615,14 @@ function fakeGateway(jobs = []) {
             const result = await (0, cron_js_1.openClawGatewayRequest)('cron.add', { name: 'agentguard-threat-feed' }, {
                 host: '127.0.0.1',
                 port: serverPort(server),
+                token: 'gateway-test-token',
                 timeoutMs: 100,
+                runCommand: async () => {
+                    throw new Error('explicit host/port should skip OpenClaw CLI');
+                },
             });
             strict_1.default.deepEqual(result, { ok: true });
+            strict_1.default.equal(authorization, 'Bearer gateway-test-token');
             strict_1.default.equal(requestBody.method, 'cron.add');
             strict_1.default.deepEqual(requestBody.params, [{ name: 'agentguard-threat-feed' }]);
         }
@@ -447,6 +630,67 @@ function fakeGateway(jobs = []) {
             await closeServer(server);
         }
     });
+    (0, node_test_1.it)('loads the local OpenClaw Gateway token for direct HTTP fallback requests', async () => {
+        const stateDir = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-openclaw-token-state-'));
+        const previousStateDir = process.env.OPENCLAW_STATE_DIR;
+        const previousConfigPath = process.env.OPENCLAW_CONFIG_PATH;
+        const previousAgentGuardToken = process.env.AGENTGUARD_OPENCLAW_GATEWAY_TOKEN;
+        const previousOpenClawToken = process.env.OPENCLAW_GATEWAY_TOKEN;
+        let authorization;
+        (0, node_fs_1.mkdirSync)(stateDir, { recursive: true });
+        (0, node_fs_1.writeFileSync)((0, node_path_1.join)(stateDir, 'openclaw.json'), JSON.stringify({
+            gateway: {
+                auth: {
+                    token: 'config-gateway-token',
+                },
+            },
+        }));
+        process.env.OPENCLAW_STATE_DIR = stateDir;
+        delete process.env.OPENCLAW_CONFIG_PATH;
+        delete process.env.AGENTGUARD_OPENCLAW_GATEWAY_TOKEN;
+        delete process.env.OPENCLAW_GATEWAY_TOKEN;
+        const server = node_http_1.default.createServer((req, res) => {
+            authorization = req.headers.authorization;
+            let raw = '';
+            req.setEncoding('utf8');
+            req.on('data', (chunk) => {
+                raw += chunk;
+            });
+            req.on('end', () => {
+                const requestBody = JSON.parse(raw);
+                res.setHeader('Content-Type', 'application/json');
+                res.end(JSON.stringify({ jsonrpc: '2.0', id: requestBody.id, result: { sessions: [] } }));
+            });
+        });
+        await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+        try {
+            await (0, cron_js_1.openClawGatewayRequest)('sessions.list', {}, {
+                host: '127.0.0.1',
+                port: serverPort(server),
+                timeoutMs: 100,
+            });
+            strict_1.default.equal(authorization, 'Bearer config-gateway-token');
+        }
+        finally {
+            if (previousStateDir === undefined)
+                delete process.env.OPENCLAW_STATE_DIR;
+            else
+                process.env.OPENCLAW_STATE_DIR = previousStateDir;
+            if (previousConfigPath === undefined)
+                delete process.env.OPENCLAW_CONFIG_PATH;
+            else
+                process.env.OPENCLAW_CONFIG_PATH = previousConfigPath;
+            if (previousAgentGuardToken === undefined)
+                delete process.env.AGENTGUARD_OPENCLAW_GATEWAY_TOKEN;
+            else
+                process.env.AGENTGUARD_OPENCLAW_GATEWAY_TOKEN = previousAgentGuardToken;
+            if (previousOpenClawToken === undefined)
+                delete process.env.OPENCLAW_GATEWAY_TOKEN;
+            else
+                process.env.OPENCLAW_GATEWAY_TOKEN = previousOpenClawToken;
+            await closeServer(server);
+        }
+    });
     (0, node_test_1.it)('handles fragmented WebSocket Gateway text responses', async () => {
         const server = node_net_1.default.createServer((socket) => {
             let handshakeComplete = false;
@@ -512,5 +756,257 @@ function fakeGateway(jobs = []) {
             await closeServer(server);
         }
     });
+    (0, node_test_1.it)('sends signed device identity during the WebSocket connect handshake when OpenClaw identity exists', async () => {
+        const stateDir = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-openclaw-state-'));
+        const identity = writeOpenClawIdentity(stateDir);
+        const previousStateDir = process.env.OPENCLAW_STATE_DIR;
+        process.env.OPENCLAW_STATE_DIR = stateDir;
+        let connectParams;
+        const server = node_net_1.default.createServer((socket) => {
+            let handshakeComplete = false;
+            let buffer = Buffer.alloc(0);
+            let clientRequests = 0;
+            socket.on('data', (chunk) => {
+                buffer = Buffer.concat([buffer, chunk]);
+                if (!handshakeComplete) {
+                    const headerEnd = buffer.indexOf('\r\n\r\n');
+                    if (headerEnd === -1)
+                        return;
+                    const header = buffer.subarray(0, headerEnd + 4).toString('utf8');
+                    const key = /^Sec-WebSocket-Key:\s*(.+)$/im.exec(header)?.[1]?.trim();
+                    strict_1.default.ok(key);
+                    const accept = (0, node_crypto_1.createHash)('sha1')
+                        .update(`${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11`)
+                        .digest('base64');
+                    socket.write([
+                        'HTTP/1.1 101 Switching Protocols',
+                        'Upgrade: websocket',
+                        'Connection: Upgrade',
+                        `Sec-WebSocket-Accept: ${accept}`,
+                        '',
+                        '',
+                    ].join('\r\n'));
+                    handshakeComplete = true;
+                    buffer = buffer.subarray(headerEnd + 4);
+                    socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                        type: 'event',
+                        event: 'connect.challenge',
+                        payload: { nonce: 'nonce-1' },
+                    })));
+                }
+                while (true) {
+                    const parsed = readClientWebSocketFrame(buffer);
+                    if (!parsed)
+                        break;
+                    buffer = parsed.rest;
+                    clientRequests += 1;
+                    const frame = JSON.parse(parsed.payload);
+                    if (clientRequests === 1) {
+                        connectParams = frame.params;
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({ type: 'res', id: frame.id, ok: true, payload: {} })));
+                    }
+                    else {
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                            type: 'res',
+                            id: frame.id,
+                            ok: true,
+                            payload: { jobs: [] },
+                        })));
+                    }
+                }
+            });
+        });
+        await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+        try {
+            const result = await (0, cron_js_1.openClawGatewayRequest)('cron.list', {}, {
+                url: `ws://127.0.0.1:${serverPort(server)}`,
+                timeoutMs: 500,
+            });
+            strict_1.default.deepEqual(result, { jobs: [] });
+            strict_1.default.equal(connectParams.minProtocol, 3);
+            strict_1.default.equal(connectParams.maxProtocol, 4);
+            strict_1.default.equal(connectParams.client.id, 'cli');
+            strict_1.default.equal(connectParams.device.id, identity.deviceId);
+            strict_1.default.equal(connectParams.device.publicKey, publicKeyRawBase64UrlFromPem(identity.publicKeyPem));
+            strict_1.default.equal(connectParams.device.nonce, 'nonce-1');
+            strict_1.default.equal(typeof connectParams.device.signedAt, 'number');
+            const signedPayload = [
+                'v3',
+                identity.deviceId,
+                'cli',
+                'cli',
+                'operator',
+                'operator.admin,operator.read,operator.write,operator.approvals,operator.pairing,operator.talk.secrets',
+                String(connectParams.device.signedAt),
+                '',
+                'nonce-1',
+                process.platform,
+                '',
+            ].join('|');
+            strict_1.default.equal((0, node_crypto_1.verify)(null, Buffer.from(signedPayload, 'utf8'), (0, node_crypto_1.createPublicKey)(identity.publicKeyPem), base64UrlDecode(connectParams.device.signature)), true);
+        }
+        finally {
+            if (previousStateDir === undefined)
+                delete process.env.OPENCLAW_STATE_DIR;
+            else
+                process.env.OPENCLAW_STATE_DIR = previousStateDir;
+            await closeServer(server);
+        }
+    });
+    (0, node_test_1.it)('sends the Gateway token during the WebSocket connect handshake', async () => {
+        let connectParams;
+        const server = node_net_1.default.createServer((socket) => {
+            let handshakeComplete = false;
+            let buffer = Buffer.alloc(0);
+            let clientRequests = 0;
+            socket.on('data', (chunk) => {
+                buffer = Buffer.concat([buffer, chunk]);
+                if (!handshakeComplete) {
+                    const headerEnd = buffer.indexOf('\r\n\r\n');
+                    if (headerEnd === -1)
+                        return;
+                    const header = buffer.subarray(0, headerEnd + 4).toString('utf8');
+                    const key = /^Sec-WebSocket-Key:\s*(.+)$/im.exec(header)?.[1]?.trim();
+                    strict_1.default.ok(key);
+                    const accept = (0, node_crypto_1.createHash)('sha1')
+                        .update(`${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11`)
+                        .digest('base64');
+                    socket.write([
+                        'HTTP/1.1 101 Switching Protocols',
+                        'Upgrade: websocket',
+                        'Connection: Upgrade',
+                        `Sec-WebSocket-Accept: ${accept}`,
+                        '',
+                        '',
+                    ].join('\r\n'));
+                    handshakeComplete = true;
+                    buffer = buffer.subarray(headerEnd + 4);
+                    socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                        type: 'event',
+                        event: 'connect.challenge',
+                        payload: { nonce: 'nonce-token' },
+                    })));
+                }
+                while (true) {
+                    const parsed = readClientWebSocketFrame(buffer);
+                    if (!parsed)
+                        break;
+                    buffer = parsed.rest;
+                    clientRequests += 1;
+                    const frame = JSON.parse(parsed.payload);
+                    if (clientRequests === 1) {
+                        connectParams = frame.params;
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({ type: 'res', id: frame.id, ok: true, payload: {} })));
+                    }
+                    else {
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                            type: 'res',
+                            id: frame.id,
+                            ok: true,
+                            payload: { jobs: [] },
+                        })));
+                    }
+                }
+            });
+        });
+        await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+        try {
+            const result = await (0, cron_js_1.openClawGatewayRequest)('cron.list', {}, {
+                url: `ws://127.0.0.1:${serverPort(server)}`,
+                token: 'gateway-websocket-token',
+                timeoutMs: 500,
+            });
+            strict_1.default.deepEqual(result, { jobs: [] });
+            strict_1.default.equal(connectParams.auth.token, 'gateway-websocket-token');
+        }
+        finally {
+            await closeServer(server);
+        }
+    });
+    (0, node_test_1.it)('omits device auth instead of failing when OpenClaw identity keys are invalid', async () => {
+        const stateDir = (0, node_fs_1.mkdtempSync)((0, node_path_1.join)((0, node_os_1.tmpdir)(), 'agentguard-openclaw-bad-state-'));
+        const identityDir = (0, node_path_1.join)(stateDir, 'identity');
+        (0, node_fs_1.mkdirSync)(identityDir, { recursive: true });
+        (0, node_fs_1.writeFileSync)((0, node_path_1.join)(identityDir, 'device.json'), JSON.stringify({
+            version: 1,
+            deviceId: 'bad-device',
+            publicKeyPem: 'not a public key',
+            privateKeyPem: 'not a private key',
+        }));
+        const previousStateDir = process.env.OPENCLAW_STATE_DIR;
+        process.env.OPENCLAW_STATE_DIR = stateDir;
+        let connectParams;
+        const server = node_net_1.default.createServer((socket) => {
+            let handshakeComplete = false;
+            let buffer = Buffer.alloc(0);
+            let clientRequests = 0;
+            socket.on('data', (chunk) => {
+                buffer = Buffer.concat([buffer, chunk]);
+                if (!handshakeComplete) {
+                    const headerEnd = buffer.indexOf('\r\n\r\n');
+                    if (headerEnd === -1)
+                        return;
+                    const header = buffer.subarray(0, headerEnd + 4).toString('utf8');
+                    const key = /^Sec-WebSocket-Key:\s*(.+)$/im.exec(header)?.[1]?.trim();
+                    strict_1.default.ok(key);
+                    const accept = (0, node_crypto_1.createHash)('sha1')
+                        .update(`${key}258EAFA5-E914-47DA-95CA-C5AB0DC85B11`)
+                        .digest('base64');
+                    socket.write([
+                        'HTTP/1.1 101 Switching Protocols',
+                        'Upgrade: websocket',
+                        'Connection: Upgrade',
+                        `Sec-WebSocket-Accept: ${accept}`,
+                        '',
+                        '',
+                    ].join('\r\n'));
+                    handshakeComplete = true;
+                    buffer = buffer.subarray(headerEnd + 4);
+                    socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                        type: 'event',
+                        event: 'connect.challenge',
+                        payload: { nonce: 'nonce-bad-identity' },
+                    })));
+                }
+                while (true) {
+                    const parsed = readClientWebSocketFrame(buffer);
+                    if (!parsed)
+                        break;
+                    buffer = parsed.rest;
+                    clientRequests += 1;
+                    const frame = JSON.parse(parsed.payload);
+                    if (clientRequests === 1) {
+                        connectParams = frame.params;
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({ type: 'res', id: frame.id, ok: true, payload: {} })));
+                    }
+                    else {
+                        socket.write(encodeServerWebSocketFrame(JSON.stringify({
+                            type: 'res',
+                            id: frame.id,
+                            ok: true,
+                            payload: { jobs: [] },
+                        })));
+                    }
+                }
+            });
+        });
+        await new Promise((resolve) => server.listen(0, '127.0.0.1', resolve));
+        try {
+            const result = await (0, cron_js_1.openClawGatewayRequest)('cron.list', {}, {
+                url: `ws://127.0.0.1:${serverPort(server)}`,
+                timeoutMs: 500,
+            });
+            strict_1.default.deepEqual(result, { jobs: [] });
+            strict_1.default.equal(connectParams.client.id, 'cli');
+            strict_1.default.equal(connectParams.device, undefined);
+        }
+        finally {
+            if (previousStateDir === undefined)
+                delete process.env.OPENCLAW_STATE_DIR;
+            else
+                process.env.OPENCLAW_STATE_DIR = previousStateDir;
+            await closeServer(server);
+        }
+    });
 });
 //# sourceMappingURL=feed-cron.test.js.map