2026-01-18 16:22:50 +00:00
|
|
|
import { describe, expect, it } from "vitest";
|
|
|
|
|
import { applyPluginAutoEnable } from "./plugin-auto-enable.js";
|
|
|
|
|
|
|
|
|
|
describe("applyPluginAutoEnable", () => {
|
2026-02-22 19:30:29 +01:00
|
|
|
it("auto-enables built-in channels and appends to existing allowlist", () => {
|
2026-01-18 16:22:50 +00:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { slack: { botToken: "x" } },
|
|
|
|
|
plugins: { allow: ["telegram"] },
|
|
|
|
|
},
|
2026-01-18 18:43:31 +00:00
|
|
|
env: {},
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
2026-02-22 19:18:08 +01:00
|
|
|
expect(result.config.channels?.slack?.enabled).toBe(true);
|
|
|
|
|
expect(result.config.plugins?.entries?.slack).toBeUndefined();
|
2026-02-22 19:30:29 +01:00
|
|
|
expect(result.config.plugins?.allow).toEqual(["telegram", "slack"]);
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.changes.join("\n")).toContain("Slack configured, enabled automatically.");
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
2026-02-22 19:30:29 +01:00
|
|
|
it("does not create plugins.allow when allowlist is unset", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { slack: { botToken: "x" } },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.channels?.slack?.enabled).toBe(true);
|
|
|
|
|
expect(result.config.plugins?.allow).toBeUndefined();
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-22 10:24:59 +01:00
|
|
|
it("ignores channels.modelByChannel for plugin auto-enable", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: {
|
|
|
|
|
modelByChannel: {
|
|
|
|
|
openai: {
|
|
|
|
|
whatsapp: "openai/gpt-5.2",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.plugins?.entries?.modelByChannel).toBeUndefined();
|
|
|
|
|
expect(result.config.plugins?.allow).toBeUndefined();
|
|
|
|
|
expect(result.changes).toEqual([]);
|
|
|
|
|
});
|
|
|
|
|
|
2026-01-18 16:22:50 +00:00
|
|
|
it("respects explicit disable", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { slack: { botToken: "x" } },
|
|
|
|
|
plugins: { entries: { slack: { enabled: false } } },
|
|
|
|
|
},
|
2026-01-18 18:43:31 +00:00
|
|
|
env: {},
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.plugins?.entries?.slack?.enabled).toBe(false);
|
|
|
|
|
expect(result.changes).toEqual([]);
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-22 19:18:08 +01:00
|
|
|
it("respects built-in channel explicit disable via channels.<id>.enabled", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { slack: { botToken: "x", enabled: false } },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.channels?.slack?.enabled).toBe(false);
|
|
|
|
|
expect(result.config.plugins?.entries?.slack).toBeUndefined();
|
|
|
|
|
expect(result.changes).toEqual([]);
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-14 01:56:00 +00:00
|
|
|
it("auto-enables irc when configured via env", () => {
|
2026-02-10 15:33:57 -08:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {},
|
|
|
|
|
env: {
|
|
|
|
|
IRC_HOST: "irc.libera.chat",
|
|
|
|
|
IRC_NICK: "openclaw-bot",
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-22 19:18:08 +01:00
|
|
|
expect(result.config.channels?.irc?.enabled).toBe(true);
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.changes.join("\n")).toContain("IRC configured, enabled automatically.");
|
2026-02-10 15:33:57 -08:00
|
|
|
});
|
|
|
|
|
|
2026-02-14 01:56:00 +00:00
|
|
|
it("auto-enables provider auth plugins when profiles exist", () => {
|
2026-01-18 16:22:50 +00:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
auth: {
|
|
|
|
|
profiles: {
|
2026-02-23 05:20:14 +01:00
|
|
|
"google-gemini-cli:default": {
|
|
|
|
|
provider: "google-gemini-cli",
|
2026-01-18 16:22:50 +00:00
|
|
|
mode: "oauth",
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2026-01-18 18:43:31 +00:00
|
|
|
env: {},
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
2026-02-23 05:20:14 +01:00
|
|
|
expect(result.config.plugins?.entries?.["google-gemini-cli-auth"]?.enabled).toBe(true);
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("skips when plugins are globally disabled", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { slack: { botToken: "x" } },
|
|
|
|
|
plugins: { enabled: false },
|
|
|
|
|
},
|
2026-01-18 18:43:31 +00:00
|
|
|
env: {},
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.plugins?.entries?.slack?.enabled).toBeUndefined();
|
|
|
|
|
expect(result.changes).toEqual([]);
|
|
|
|
|
});
|
2026-01-19 20:16:14 -08:00
|
|
|
|
2026-01-20 11:49:31 +00:00
|
|
|
describe("preferOver channel prioritization", () => {
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
it("prefers bluebubbles: skips imessage auto-configure when both are configured", () => {
|
2026-01-19 20:16:14 -08:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: {
|
|
|
|
|
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
|
|
|
|
|
imessage: { cliPath: "/usr/local/bin/imsg" },
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(true);
|
2026-01-19 20:16:14 -08:00
|
|
|
expect(result.config.plugins?.entries?.imessage?.enabled).toBeUndefined();
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.changes.join("\n")).toContain("bluebubbles configured, enabled automatically.");
|
|
|
|
|
expect(result.changes.join("\n")).not.toContain(
|
|
|
|
|
"iMessage configured, enabled automatically.",
|
|
|
|
|
);
|
2026-01-19 20:16:14 -08:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it("keeps imessage enabled if already explicitly enabled (non-destructive)", () => {
|
|
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: {
|
|
|
|
|
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
|
|
|
|
|
imessage: { cliPath: "/usr/local/bin/imsg" },
|
|
|
|
|
},
|
|
|
|
|
plugins: { entries: { imessage: { enabled: true } } },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(true);
|
2026-01-19 20:16:14 -08:00
|
|
|
expect(result.config.plugins?.entries?.imessage?.enabled).toBe(true);
|
|
|
|
|
});
|
|
|
|
|
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
it("allows imessage auto-configure when bluebubbles is explicitly disabled", () => {
|
2026-01-19 20:16:14 -08:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: {
|
|
|
|
|
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
|
|
|
|
|
imessage: { cliPath: "/usr/local/bin/imsg" },
|
|
|
|
|
},
|
|
|
|
|
plugins: { entries: { bluebubbles: { enabled: false } } },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(false);
|
2026-02-22 19:18:08 +01:00
|
|
|
expect(result.config.channels?.imessage?.enabled).toBe(true);
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.changes.join("\n")).toContain("iMessage configured, enabled automatically.");
|
2026-01-19 20:16:14 -08:00
|
|
|
});
|
|
|
|
|
|
fix: comprehensive BlueBubbles and channel cleanup (#11093)
* feat(bluebubbles): auto-strip markdown from outbound messages (#7402)
* fix(security): add timeout to webhook body reading (#6762)
Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr
webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5).
Merged with existing maxBytes protection in voice-call.
* fix(security): unify Error objects and lint fixes in webhook timeouts (#6762)
* fix: prevent plugins from auto-enabling without user consent (#3961)
Changes default plugin enabled state from true to false in enablePluginEntry().
Preserves existing enabled:true values. Fixes #3932.
* fix: apply hierarchical mediaMaxMb config to all channels (#8749)
Generalizes resolveAttachmentMaxBytes() to use account → channel → global
config resolution for all channels, not just BlueBubbles. Fixes #7847.
* fix(bluebubbles): sanitize attachment filenames against header injection (#10333)
Strip ", \r, \n, and \\ from filenames after path.basename() to prevent
multipart Content-Disposition header injection (CWE-93, CVSS 5.4).
Also adds sanitization to setGroupIconBlueBubbles which had zero filename
sanitization.
* fix(lint): exclude extensions/ from Oxlint preflight check (#9313)
Extensions use PluginRuntime|null patterns that trigger
no-redundant-type-constituents because PluginRuntime resolves to any.
Excluding extensions/ from Oxlint unblocks user upgrades.
Re-applies the approach from closed PR #10087.
* fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745)
Non-Private-API mode (AppleScript) requires tempGuid in send payloads.
The main sendMessageBlueBubbles already had it, but createNewChatWithMessage
was missing it, causing 400 errors for new chat creation without Private API.
* fix: send stop-typing signal when run ends with NO_REPLY (#8785)
Adds onCleanup callback to the typing controller that fires when the
controller is cleaned up while typing was active (e.g., after NO_REPLY).
Channels using createTypingCallbacks automatically get stop-typing on
cleanup. This prevents the typing indicator from lingering in group chats
when the agent decides not to reply.
* fix(telegram): deduplicate skill commands in multi-agent setup (#5717)
Two fixes:
1. Skip duplicate workspace dirs when listing skill commands across agents.
Multiple agents sharing the same workspace would produce duplicate commands
with _2, _3 suffixes.
2. Clear stale commands via deleteMyCommands before registering new ones.
Commands from deleted skills now get cleaned up on restart.
* fix: add size limits to unbounded in-memory caches (#4948)
Adds max-size caps with oldest-entry eviction to prevent OOM in
long-running deployments:
- BlueBubbles serverInfoCache: 64 entries (already has TTL)
- Google Chat authCache: 32 entries
- Matrix directRoomCache: 1024 entries
- Discord presenceCache: 5000 entries per account
* fix: address review concerns (#11093)
- Chain deleteMyCommands → setMyCommands to prevent race condition (#5717)
- Rename enablePluginEntry to registerPluginEntry (now sets enabled: false)
- Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
|
|
|
it("allows imessage auto-configure when bluebubbles is in deny list", () => {
|
2026-01-19 20:16:14 -08:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: {
|
|
|
|
|
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
|
|
|
|
|
imessage: { cliPath: "/usr/local/bin/imsg" },
|
|
|
|
|
},
|
|
|
|
|
plugins: { deny: ["bluebubbles"] },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBeUndefined();
|
2026-02-22 19:18:08 +01:00
|
|
|
expect(result.config.channels?.imessage?.enabled).toBe(true);
|
2026-01-19 20:16:14 -08:00
|
|
|
});
|
|
|
|
|
|
2026-02-14 01:56:00 +00:00
|
|
|
it("auto-enables imessage when only imessage is configured", () => {
|
2026-01-19 20:16:14 -08:00
|
|
|
const result = applyPluginAutoEnable({
|
|
|
|
|
config: {
|
|
|
|
|
channels: { imessage: { cliPath: "/usr/local/bin/imsg" } },
|
|
|
|
|
},
|
|
|
|
|
env: {},
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-22 19:18:08 +01:00
|
|
|
expect(result.config.channels?.imessage?.enabled).toBe(true);
|
2026-02-14 01:56:00 +00:00
|
|
|
expect(result.changes.join("\n")).toContain("iMessage configured, enabled automatically.");
|
2026-01-19 20:16:14 -08:00
|
|
|
});
|
|
|
|
|
});
|
2026-01-18 16:22:50 +00:00
|
|
|
});
|