@lobu/worker 6.0.1 → 7.0.0

package/src/__tests__/tool-implementations.test.ts

@@ -0,0 +1,196 @@
+import { afterEach, describe, expect, mock, test } from "bun:test";
+import { mkdtempSync, writeFileSync } from "node:fs";
+import { rm } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import {
+  askUserQuestion,
+  getChannelHistory,
+  uploadUserFile,
+} from "../shared/tool-implementations";
+
+const originalFetch = globalThis.fetch;
+
+const gw = {
+  gatewayUrl: "http://gateway",
+  workerToken: "worker-token",
+  channelId: "channel-1",
+  conversationId: "conversation-1",
+  platform: "telegram",
+};
+
+function extractText(result: {
+  content: Array<{ type: "text"; text: string }>;
+}): string {
+  return result.content[0]?.text || "";
+}
+
+describe("tool implementations", () => {
+  afterEach(() => {
+    globalThis.fetch = originalFetch;
+    mock.restore();
+  });
+
+  test("uploadUserFile uploads an existing file and emits onUploaded metadata", async () => {
+    const tempDir = mkdtempSync(join(tmpdir(), "lobu-upload-"));
+    const filePath = join(tempDir, "e2e.txt");
+    writeFileSync(filePath, "lobu e2e");
+
+    const uploaded: Array<Record<string, unknown>> = [];
+    const fetchMock = mock(
+      async (input: RequestInfo | URL, init?: RequestInit) => {
+        const url = String(input);
+        if (url.endsWith("/internal/files/upload")) {
+          const headers = new Headers(init?.headers);
+          expect(init?.method).toBe("POST");
+          expect(headers.get("Authorization")).toBe("Bearer worker-token");
+          expect(headers.get("X-Channel-Id")).toBe("channel-1");
+          expect(headers.get("X-Conversation-Id")).toBe("conversation-1");
+          return Response.json({
+            fileId: "file-123",
+            name: "e2e.txt",
+            permalink: "https://files.example/e2e.txt",
+          });
+        }
+        throw new Error(`Unexpected fetch: ${url}`);
+      }
+    );
+    globalThis.fetch = fetchMock as unknown as typeof fetch;
+
+    try {
+      const result = await uploadUserFile(
+        gw,
+        { file_path: filePath, description: "Test file" },
+        {
+          onUploaded: (payload) => {
+            uploaded.push(payload);
+          },
+        }
+      );
+
+      expect(extractText(result as any)).toContain(
+        "Successfully showed e2e.txt to the user"
+      );
+      expect(uploaded).toEqual([
+        {
+          tool: "UploadUserFile",
+          platform: "telegram",
+          fileId: "file-123",
+          name: "e2e.txt",
+          permalink: "https://files.example/e2e.txt",
+          size: 8,
+        },
+      ]);
+    } finally {
+      await rm(tempDir, { recursive: true, force: true });
+    }
+  });
+
+  test("uploadUserFile forwards artifact fallback metadata", async () => {
+    const tempDir = mkdtempSync(join(tmpdir(), "lobu-upload-artifact-"));
+    const filePath = join(tempDir, "fallback.txt");
+    writeFileSync(filePath, "artifact");
+
+    const uploaded: Array<Record<string, unknown>> = [];
+    globalThis.fetch = mock(async () =>
+      Response.json({
+        fileId: "artifact-123",
+        artifactId: "artifact-123",
+        name: "fallback.txt",
+        permalink:
+          "https://gateway.example.com/api/v1/files/artifact-123?token=abc",
+        delivery: "artifact-url",
+      })
+    ) as unknown as typeof fetch;
+
+    try {
+      const result = await uploadUserFile(
+        gw,
+        { file_path: filePath },
+        {
+          onUploaded: (payload) => uploaded.push(payload),
+        }
+      );
+
+      expect(extractText(result as any)).toContain(
+        "Successfully showed fallback.txt to the user"
+      );
+      expect(uploaded).toEqual([
+        {
+          tool: "UploadUserFile",
+          platform: "telegram",
+          fileId: "artifact-123",
+          artifactId: "artifact-123",
+          name: "fallback.txt",
+          permalink:
+            "https://gateway.example.com/api/v1/files/artifact-123?token=abc",
+          size: 8,
+          delivery: "artifact-url",
+        },
+      ]);
+    } finally {
+      await rm(tempDir, { recursive: true, force: true });
+    }
+  });
+
+  test("uploadUserFile returns a clear error for missing files", async () => {
+    const result = await uploadUserFile(gw, {
+      file_path: "/tmp/does-not-exist",
+    });
+    expect(extractText(result as any)).toContain("not found or is not a file");
+  });
+
+  test("askUserQuestion posts a question interaction", async () => {
+    let capturedBody: Record<string, unknown> | null = null;
+    globalThis.fetch = mock(
+      async (_input: RequestInfo | URL, init?: RequestInit) => {
+        capturedBody = JSON.parse(String(init?.body));
+        return Response.json({ id: "question-1" });
+      }
+    ) as unknown as typeof fetch;
+
+    const result = await askUserQuestion(gw, {
+      question: "Pick one",
+      options: ["A", "B"],
+    });
+
+    expect(capturedBody).toEqual({
+      interactionType: "question",
+      question: "Pick one",
+      options: ["A", "B"],
+    });
+    expect(extractText(result as any)).toContain(
+      "Question posted with buttons"
+    );
+  });
+
+  test("getChannelHistory returns note responses and formatted history", async () => {
+    globalThis.fetch = mock(async () =>
+      Response.json({ note: "History unavailable" })
+    ) as unknown as typeof fetch;
+
+    const note = await getChannelHistory(gw, { limit: 5 });
+    expect(extractText(note as any)).toBe("History unavailable");
+
+    globalThis.fetch = mock(async () =>
+      Response.json({
+        messages: [
+          {
+            timestamp: "2026-04-11T18:30:00.000Z",
+            user: "Burak",
+            text: "Hello",
+            isBot: false,
+          },
+        ],
+        nextCursor: "2026-04-11T18:00:00.000Z",
+        hasMore: true,
+      })
+    ) as unknown as typeof fetch;
+
+    const history = await getChannelHistory(gw, { limit: 5 });
+    const text = extractText(history as any);
+    expect(text).toContain("Found 1 messages");
+    expect(text).toContain("Burak: Hello");
+    expect(text).toContain('before="2026-04-11T18:00:00.000Z"');
+  });
+});

package/src/__tests__/tool-policy-edge-cases.test.ts

@@ -0,0 +1,263 @@
+/**
+ * Tool-Policy Edge-Case Tests
+ *
+ * Supplements the main tool-policy.test.ts with cases that were missing:
+ *
+ *   - isDirectPackageInstallCommand: compound commands, piped package installs,
+ *     edge cases that should NOT be caught (false positives)
+ *   - enforceBashCommandPolicy: empty allow-prefixes with allowAll=false
+ *     (no filter = pass-through) versus explicit empty allow-prefixes
+ *   - buildToolPolicy: wildcard prefix matching (e.g. "Read*")
+ *   - normalizeToolList: mixed array with numbers coerced to strings
+ *   - isToolAllowedByPolicy: tool name with trailing/leading whitespace in policy
+ *   - Bash deny entries do NOT block other tool names that happen to start with "Bash"
+ */
+
+import { describe, expect, test } from "bun:test";
+import {
+  buildToolPolicy,
+  enforceBashCommandPolicy,
+  isDirectPackageInstallCommand,
+  isToolAllowedByPolicy,
+  normalizeToolList,
+  type BashCommandPolicy,
+} from "../openclaw/tool-policy";
+
+// ---------------------------------------------------------------------------
+// isDirectPackageInstallCommand
+// ---------------------------------------------------------------------------
+
+describe("isDirectPackageInstallCommand", () => {
+  // Should detect
+  const detected = [
+    "npm install lodash",
+    "npm i lodash",
+    "npm install",
+    "pnpm add react",
+    "pnpm install",
+    "yarn add typescript",
+    "yarn install",
+    "bun install",
+    "bun add express",
+    "pip install requests",
+    "pip3 install requests",
+    "uv pip install pandas",
+    "cargo install ripgrep",
+    "go install golang.org/x/tools/gopls@latest",
+    "gem install bundler",
+    "poetry add numpy",
+    "composer require monolog/monolog",
+    "apt install curl",
+    "apt-get install -y ffmpeg",
+    "sudo apt install curl",
+    "sudo apt-get install curl",
+    "brew install wget",
+    "apk add bash",
+    // piped / chained
+    "echo hi | npm install",
+    "true && npm install foo",
+    "npm install; echo done",
+    // quoted inside
+    "bash -c 'npm install foo'",
+  ];
+
+  for (const cmd of detected) {
+    test(`detects package install: ${cmd}`, () => {
+      expect(isDirectPackageInstallCommand(cmd)).toBe(true);
+    });
+  }
+
+  // Should NOT detect (false positive guard).
+  // Note: "brew list" IS detected (brew prefix matches) — intentionally conservative.
+  // Note: "apt-get update" IS detected (apt-get prefix matches) — intentionally conservative.
+  // Note: "echo npm install" IS detected via regex (embedded npm install) — intentionally conservative.
+  const allowed = [
+    "",
+    "   ",
+    "git status",
+    "npm run build", // npm run ≠ npm install
+    "npm test",
+    "npm start",
+    "npx create-react-app my-app", // npx not npm install
+    "pip list", // pip list ≠ pip install
+    "pip show requests",
+    "pnpm run dev",
+    "bun run dev",
+    "bun test",
+    "yarn run test",
+    "cargo build",
+    "go build ./...",
+    "gem list",
+    "cat npm-install.log",
+  ];
+
+  for (const cmd of allowed) {
+    test(`does not falsely detect: ${cmd || "(empty)"}`, () => {
+      expect(isDirectPackageInstallCommand(cmd)).toBe(false);
+    });
+  }
+
+  // Conservative over-detection: document actual behavior to catch regressions
+  test("brew list IS detected (brew prefix is in deny list — conservative)", () => {
+    expect(isDirectPackageInstallCommand("brew list")).toBe(true);
+  });
+
+  test("apt-get update IS detected (apt-get prefix is in deny list — conservative)", () => {
+    expect(isDirectPackageInstallCommand("apt-get update")).toBe(true);
+  });
+
+  test("echo npm install IS detected (regex matches embedded npm install)", () => {
+    // The DIRECT_PACKAGE_INSTALL_PATTERNS match npm install anywhere in the command
+    expect(isDirectPackageInstallCommand("echo npm install")).toBe(true);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// normalizeToolList edge cases
+// ---------------------------------------------------------------------------
+
+describe("normalizeToolList edge cases", () => {
+  test("numbers in array are coerced to strings", () => {
+    // @ts-expect-error: intentional wrong type to test coercion
+    expect(normalizeToolList([1, 2, 3])).toEqual(["1", "2", "3"]);
+  });
+
+  test("mixed newline + comma separation", () => {
+    expect(normalizeToolList("Read,Write\nEdit")).toEqual([
+      "Read",
+      "Write",
+      "Edit",
+    ]);
+  });
+
+  test("single entry with no delimiter", () => {
+    expect(normalizeToolList("Read")).toEqual(["Read"]);
+  });
+
+  test("only whitespace entries are all filtered out", () => {
+    expect(normalizeToolList("   ,  ,  \n  ")).toEqual([]);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// buildToolPolicy: wildcard prefix pattern
+// ---------------------------------------------------------------------------
+
+describe("buildToolPolicy wildcard prefix", () => {
+  test("Bash(git:*) in allowed extracts 'git' prefix", () => {
+    const policy = buildToolPolicy({ allowedTools: ["Bash(git:*)"] });
+    expect(policy.bashPolicy.allowPrefixes).toContain("git");
+  });
+
+  test("wildcard prefix 'Read*' in allowedPatterns matches ReadFile and ReadDir", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true },
+      allowedTools: ["Read*"],
+    });
+    expect(isToolAllowedByPolicy("ReadFile", policy)).toBe(true);
+    expect(isToolAllowedByPolicy("ReadDir", policy)).toBe(true);
+    expect(isToolAllowedByPolicy("WriteFile", policy)).toBe(false);
+  });
+
+  test("wildcard '*' in deniedPatterns blocks everything", () => {
+    const policy = buildToolPolicy({ disallowedTools: ["*"] });
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(false);
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// isToolAllowedByPolicy edge cases
+// ---------------------------------------------------------------------------
+
+describe("isToolAllowedByPolicy edge cases", () => {
+  test("tool name with leading/trailing whitespace in policy entry is trimmed and matched", () => {
+    const policy = buildToolPolicy({ disallowedTools: [" Write "] });
+    // The denied pattern is stored trimmed → "Write"
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+  });
+
+  test("Bash deny filter (Bash(rm:*)) does NOT block unrelated tool 'BashHelper'", () => {
+    const policy = buildToolPolicy({ disallowedTools: ["Bash(rm:*)"] });
+    // BashHelper is not the Bash tool itself
+    expect(isToolAllowedByPolicy("BashHelper", policy)).toBe(true);
+  });
+
+  test("strict mode blocks unlisted tool even if allowedPatterns is non-empty", () => {
+    const policy = buildToolPolicy({
+      toolsConfig: { strictMode: true, allowedTools: ["Read"] },
+    });
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(true);
+  });
+
+  test("deny list takes priority over wildcard allow", () => {
+    const policy = buildToolPolicy({
+      allowedTools: ["*"],
+      disallowedTools: ["Write"],
+    });
+    expect(isToolAllowedByPolicy("Write", policy)).toBe(false);
+    expect(isToolAllowedByPolicy("Read", policy)).toBe(true);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// enforceBashCommandPolicy edge cases
+// ---------------------------------------------------------------------------
+
+describe("enforceBashCommandPolicy edge cases", () => {
+  test("deny prefix matched case-insensitively on uppercase command", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: true,
+      allowPrefixes: [],
+      denyPrefixes: ["rm"],
+    };
+    expect(() => enforceBashCommandPolicy("RM file.txt", policy)).toThrow(
+      "Bash command denied by policy"
+    );
+  });
+
+  test("allow prefix matched case-insensitively", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: false,
+      allowPrefixes: ["git"],
+      denyPrefixes: [],
+    };
+    // "GIT status" matches allowPrefix "git" (case-insensitive)
+    expect(() => enforceBashCommandPolicy("GIT status", policy)).not.toThrow();
+  });
+
+  test("command that is a prefix of a deny rule but does not match is allowed", () => {
+    const policy: BashCommandPolicy = {
+      allowAll: true,
+      allowPrefixes: [],
+      // "rm " (with space) — "rmdir" does NOT start with "rm "
+      denyPrefixes: ["rm "],
+    };
+    expect(() =>
+      enforceBashCommandPolicy("rmdir /tmp/safe", policy)
+    ).not.toThrow();
+  });
+
+  test("pip install caught by default policy", () => {
+    const policy = buildToolPolicy({});
+    expect(() =>
+      enforceBashCommandPolicy("pip install requests", policy.bashPolicy)
+    ).toThrow("Bash command denied by policy");
+  });
+
+  test("npm install caught by default policy", () => {
+    const policy = buildToolPolicy({});
+    expect(() =>
+      enforceBashCommandPolicy("npm install lodash", policy.bashPolicy)
+    ).toThrow("Bash command denied by policy");
+  });
+
+  test("npm run build NOT caught by default policy", () => {
+    const policy = buildToolPolicy({});
+    // "npm install " and "npm i " are in the deny list — "npm run" is not
+    expect(() =>
+      enforceBashCommandPolicy("npm run build", policy.bashPolicy)
+    ).not.toThrow();
+  });
+});