Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
openclaw/src/config/plugin-auto-enable.test.ts

326 lines
10 KiB
TypeScript
Raw Normal View History

feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
import { describe, expect, it } from "vitest";
fix(doctor): use plugin manifest id for third-party channel auto-enable When a third-party channel plugin declares a channel ID that differs from its plugin ID (e.g. plugin id="apn-channel", channels=["apn"]), the doctor plugin auto-enable logic was using the channel ID ("apn") as the key for plugins.entries, producing an entry that fails config validation: Error: plugins.entries.apn: plugin not found: apn Root cause: resolveConfiguredPlugins iterated over cfg.channels keys and used each key directly as both the channel ID (for isChannelConfigured) and the plugin ID (for plugins.entries). For built-in channels these are always the same, but for third-party plugins they can differ. Fix: load the installed plugin manifest registry and build a reverse map from channel ID to plugin ID. When a cfg.channels key does not resolve to a built-in channel, look up the declaring plugin's manifest ID and use that as the pluginId in the PluginEnableChange, so registerPluginEntry writes the correct plugins.entries["apn-channel"] key. The applyPluginAutoEnable function now accepts an optional manifestRegistry parameter for testing, avoiding filesystem access in unit tests. Fixes #25261 Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-24 11:09:31 +01:00
import type { PluginManifestRegistry } from "../plugins/manifest-registry.js";
fix(config): align whatsapp enabled schema with auto-enable
2026-02-24 03:39:25 +00:00
import { validateConfigObject } from "./config.js";
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
import { applyPluginAutoEnable } from "./plugin-auto-enable.js";
fix(doctor): use plugin manifest id for third-party channel auto-enable When a third-party channel plugin declares a channel ID that differs from its plugin ID (e.g. plugin id="apn-channel", channels=["apn"]), the doctor plugin auto-enable logic was using the channel ID ("apn") as the key for plugins.entries, producing an entry that fails config validation: Error: plugins.entries.apn: plugin not found: apn Root cause: resolveConfiguredPlugins iterated over cfg.channels keys and used each key directly as both the channel ID (for isChannelConfigured) and the plugin ID (for plugins.entries). For built-in channels these are always the same, but for third-party plugins they can differ. Fix: load the installed plugin manifest registry and build a reverse map from channel ID to plugin ID. When a cfg.channels key does not resolve to a built-in channel, look up the declaring plugin's manifest ID and use that as the pluginId in the PluginEnableChange, so registerPluginEntry writes the correct plugins.entries["apn-channel"] key. The applyPluginAutoEnable function now accepts an optional manifestRegistry parameter for testing, avoiding filesystem access in unit tests. Fixes #25261 Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-24 11:09:31 +01:00
/** Helper to build a minimal PluginManifestRegistry for testing. */
fix: doctor plugin-id mapping for channel auto-enable (#25275) (thanks @zerone0x)
2026-02-24 14:35:25 +00:00
function makeRegistry(plugins: Array<{ id: string; channels: string[] }>): PluginManifestRegistry {
fix(doctor): use plugin manifest id for third-party channel auto-enable When a third-party channel plugin declares a channel ID that differs from its plugin ID (e.g. plugin id="apn-channel", channels=["apn"]), the doctor plugin auto-enable logic was using the channel ID ("apn") as the key for plugins.entries, producing an entry that fails config validation: Error: plugins.entries.apn: plugin not found: apn Root cause: resolveConfiguredPlugins iterated over cfg.channels keys and used each key directly as both the channel ID (for isChannelConfigured) and the plugin ID (for plugins.entries). For built-in channels these are always the same, but for third-party plugins they can differ. Fix: load the installed plugin manifest registry and build a reverse map from channel ID to plugin ID. When a cfg.channels key does not resolve to a built-in channel, look up the declaring plugin's manifest ID and use that as the pluginId in the PluginEnableChange, so registerPluginEntry writes the correct plugins.entries["apn-channel"] key. The applyPluginAutoEnable function now accepts an optional manifestRegistry parameter for testing, avoiding filesystem access in unit tests. Fixes #25261 Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-24 11:09:31 +01:00
return {
plugins: plugins.map((p) => ({
id: p.id,
channels: p.channels,
providers: [],
skills: [],
origin: "config" as const,
rootDir: `/fake/${p.id}`,
source: `/fake/${p.id}/index.js`,
manifestPath: `/fake/${p.id}/openclaw.plugin.json`,
})),
diagnostics: [],
};
}
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
describe("applyPluginAutoEnable", () => {
fix(config): allowlist auto-enabled built-in channels when restricted Co-authored-by: 4rev <4rev@users.noreply.github.com>
2026-02-22 19:30:29 +01:00
it("auto-enables built-in channels and appends to existing allowlist", () => {
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
const result = applyPluginAutoEnable({
config: {
channels: { slack: { botToken: "x" } },
plugins: { allow: ["telegram"] },
},
fix: stabilize tests and logging
2026-01-18 18:43:31 +00:00
env: {},
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
expect(result.config.channels?.slack?.enabled).toBe(true);
expect(result.config.plugins?.entries?.slack).toBeUndefined();
fix(config): allowlist auto-enabled built-in channels when restricted Co-authored-by: 4rev <4rev@users.noreply.github.com>
2026-02-22 19:30:29 +01:00
expect(result.config.plugins?.allow).toEqual(["telegram", "slack"]);
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.changes.join("\n")).toContain("Slack configured, enabled automatically.");
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
fix(config): allowlist auto-enabled built-in channels when restricted Co-authored-by: 4rev <4rev@users.noreply.github.com>
2026-02-22 19:30:29 +01:00
it("does not create plugins.allow when allowlist is unset", () => {
const result = applyPluginAutoEnable({
config: {
channels: { slack: { botToken: "x" } },
},
env: {},
});
expect(result.config.channels?.slack?.enabled).toBe(true);
expect(result.config.plugins?.allow).toBeUndefined();
});
fix: cover channels.modelByChannel validation/auto-enable
2026-02-22 10:24:59 +01:00
it("ignores channels.modelByChannel for plugin auto-enable", () => {
const result = applyPluginAutoEnable({
config: {
channels: {
modelByChannel: {
openai: {
whatsapp: "openai/gpt-5.2",
},
},
},
},
env: {},
});
expect(result.config.plugins?.entries?.modelByChannel).toBeUndefined();
expect(result.config.plugins?.allow).toBeUndefined();
expect(result.changes).toEqual([]);
});
fix(config): align whatsapp enabled schema with auto-enable
2026-02-24 03:39:25 +00:00
it("keeps auto-enabled WhatsApp config schema-valid", () => {
const result = applyPluginAutoEnable({
config: {
channels: {
whatsapp: {
allowFrom: ["+15555550123"],
},
},
},
env: {},
});
expect(result.config.channels?.whatsapp?.enabled).toBe(true);
const validated = validateConfigObject(result.config);
expect(validated.ok).toBe(true);
});
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
it("respects explicit disable", () => {
const result = applyPluginAutoEnable({
config: {
channels: { slack: { botToken: "x" } },
plugins: { entries: { slack: { enabled: false } } },
},
fix: stabilize tests and logging
2026-01-18 18:43:31 +00:00
env: {},
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
expect(result.config.plugins?.entries?.slack?.enabled).toBe(false);
expect(result.changes).toEqual([]);
});
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
it("respects built-in channel explicit disable via channels.<id>.enabled", () => {
const result = applyPluginAutoEnable({
config: {
channels: { slack: { botToken: "x", enabled: false } },
},
env: {},
});
expect(result.config.channels?.slack?.enabled).toBe(false);
expect(result.config.plugins?.entries?.slack).toBeUndefined();
expect(result.changes).toEqual([]);
});
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
it("auto-enables irc when configured via env", () => {
feat: IRC — add first-class channel support Adds IRC as a first-class channel with core config surfaces (schema/hints/dock), plugin auto-enable detection, routing/policy alignment, and docs/tests. Co-authored-by: Vignesh <vigneshnatarajan92@gmail.com>
2026-02-10 15:33:57 -08:00
const result = applyPluginAutoEnable({
config: {},
env: {
IRC_HOST: "irc.libera.chat",
IRC_NICK: "openclaw-bot",
},
});
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
expect(result.config.channels?.irc?.enabled).toBe(true);
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.changes.join("\n")).toContain("IRC configured, enabled automatically.");
feat: IRC — add first-class channel support Adds IRC as a first-class channel with core config surfaces (schema/hints/dock), plugin auto-enable detection, routing/policy alignment, and docs/tests. Co-authored-by: Vignesh <vigneshnatarajan92@gmail.com>
2026-02-10 15:33:57 -08:00
});
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
it("auto-enables provider auth plugins when profiles exist", () => {
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
const result = applyPluginAutoEnable({
config: {
auth: {
profiles: {
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
"google-gemini-cli:default": {
provider: "google-gemini-cli",
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
mode: "oauth",
},
},
},
},
fix: stabilize tests and logging
2026-01-18 18:43:31 +00:00
env: {},
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
refactor!: remove google-antigravity provider support
2026-02-23 05:20:14 +01:00
expect(result.config.plugins?.entries?.["google-gemini-cli-auth"]?.enabled).toBe(true);
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
feat: ACP thread-bound agents (#23580) * docs: add ACP thread-bound agents plan doc * docs: expand ACP implementation specification * feat(acp): route ACP sessions through core dispatch and lifecycle cleanup * feat(acp): add /acp commands and Discord spawn gate * ACP: add acpx runtime plugin backend * fix(subagents): defer transient lifecycle errors before announce * Agents: harden ACP sessions_spawn and tighten spawn guidance * Agents: require explicit ACP target for runtime spawns * docs: expand ACP control-plane implementation plan * ACP: harden metadata seeding and spawn guidance * ACP: centralize runtime control-plane manager and fail-closed dispatch * ACP: harden runtime manager and unify spawn helpers * Commands: route ACP sessions through ACP runtime in agent command * ACP: require persisted metadata for runtime spawns * Sessions: preserve ACP metadata when updating entries * Plugins: harden ACP backend registry across loaders * ACPX: make availability probe compatible with adapters * E2E: add manual Discord ACP plain-language smoke script * ACPX: preserve streamed spacing across Discord delivery * Docs: add ACP Discord streaming strategy * ACP: harden Discord stream buffering for thread replies * ACP: reuse shared block reply pipeline for projector * ACP: unify streaming config and adopt coalesceIdleMs * Docs: add temporary ACP production hardening plan * Docs: trim temporary ACP hardening plan goals * Docs: gate ACP thread controls by backend capabilities * ACP: add capability-gated runtime controls and /acp operator commands * Docs: remove temporary ACP hardening plan * ACP: fix spawn target validation and close cache cleanup * ACP: harden runtime dispatch and recovery paths * ACP: split ACP command/runtime internals and centralize policy * ACP: harden runtime lifecycle, validation, and observability * ACP: surface runtime and backend session IDs in thread bindings * docs: add temp plan for binding-service migration * ACP: migrate thread binding flows to SessionBindingService * ACP: address review feedback and preserve prompt wording * ACPX plugin: pin runtime dependency and prefer bundled CLI * Discord: complete binding-service migration cleanup and restore ACP plan * Docs: add standalone ACP agents guide * ACP: route harness intents to thread-bound ACP sessions * ACP: fix spawn thread routing and queue-owner stall * ACP: harden startup reconciliation and command bypass handling * ACP: fix dispatch bypass type narrowing * ACP: align runtime metadata to agentSessionId * ACP: normalize session identifier handling and labels * ACP: mark thread banner session ids provisional until first reply * ACP: stabilize session identity mapping and startup reconciliation * ACP: add resolved session-id notices and cwd in thread intros * Discord: prefix thread meta notices consistently * Discord: unify ACP/thread meta notices with gear prefix * Discord: split thread persona naming from meta formatting * Extensions: bump acpx plugin dependency to 0.1.9 * Agents: gate ACP prompt guidance behind acp.enabled * Docs: remove temp experiment plan docs * Docs: scope streaming plan to holy grail refactor * Docs: refactor ACP agents guide for human-first flow * Docs/Skill: add ACP feature-flag guidance and direct acpx telephone-game flow * Docs/Skill: add OpenCode and Pi to ACP harness lists * Docs/Skill: align ACP harness list with current acpx registry * Dev/Test: move ACP plain-language smoke script and mark as keep * Docs/Skill: reorder ACP harness lists with Pi first * ACP: split control-plane manager into core/types/utils modules * Docs: refresh ACP thread-bound agents plan * ACP: extract dispatch lane and split manager domains * ACP: centralize binding context and remove reverse deps * Infra: unify system message formatting * ACP: centralize error boundaries and session id rendering * ACP: enforce init concurrency cap and strict meta clear * Tests: fix ACP dispatch binding mock typing * Tests: fix Discord thread-binding mock drift and ACP request id * ACP: gate slash bypass and persist cleared overrides * ACPX: await pre-abort cancel before runTurn return * Extension: pin acpx runtime dependency to 0.1.11 * Docs: add pinned acpx install strategy for ACP extension * Extensions/acpx: enforce strict local pinned startup * Extensions/acpx: tighten acp-router install guidance * ACPX: retry runtime test temp-dir cleanup * Extensions/acpx: require proactive ACPX repair for thread spawns * Extensions/acpx: require restart offer after acpx reinstall * extensions/acpx: remove workspace protocol devDependency * extensions/acpx: bump pinned acpx to 0.1.13 * extensions/acpx: sync lockfile after dependency bump * ACPX: make runtime spawn Windows-safe * fix: align doctor-config-flow repair tests with default-account migration (#23580) (thanks @osolmaz)
2026-02-26 11:00:09 +01:00
it("auto-enables acpx plugin when ACP is configured", () => {
const result = applyPluginAutoEnable({
config: {
acp: {
enabled: true,
},
},
env: {},
});
expect(result.config.plugins?.entries?.acpx?.enabled).toBe(true);
expect(result.changes.join("\n")).toContain("ACP runtime configured, enabled automatically.");
});
it("does not auto-enable acpx when a different ACP backend is configured", () => {
const result = applyPluginAutoEnable({
config: {
acp: {
enabled: true,
backend: "custom-runtime",
},
},
env: {},
});
expect(result.config.plugins?.entries?.acpx?.enabled).toBeUndefined();
});
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
it("skips when plugins are globally disabled", () => {
const result = applyPluginAutoEnable({
config: {
channels: { slack: { botToken: "x" } },
plugins: { enabled: false },
},
fix: stabilize tests and logging
2026-01-18 18:43:31 +00:00
env: {},
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
expect(result.config.plugins?.entries?.slack?.enabled).toBeUndefined();
expect(result.changes).toEqual([]);
});
Step 5 + Review
2026-01-19 20:16:14 -08:00
fix(doctor): use plugin manifest id for third-party channel auto-enable When a third-party channel plugin declares a channel ID that differs from its plugin ID (e.g. plugin id="apn-channel", channels=["apn"]), the doctor plugin auto-enable logic was using the channel ID ("apn") as the key for plugins.entries, producing an entry that fails config validation: Error: plugins.entries.apn: plugin not found: apn Root cause: resolveConfiguredPlugins iterated over cfg.channels keys and used each key directly as both the channel ID (for isChannelConfigured) and the plugin ID (for plugins.entries). For built-in channels these are always the same, but for third-party plugins they can differ. Fix: load the installed plugin manifest registry and build a reverse map from channel ID to plugin ID. When a cfg.channels key does not resolve to a built-in channel, look up the declaring plugin's manifest ID and use that as the pluginId in the PluginEnableChange, so registerPluginEntry writes the correct plugins.entries["apn-channel"] key. The applyPluginAutoEnable function now accepts an optional manifestRegistry parameter for testing, avoiding filesystem access in unit tests. Fixes #25261 Co-Authored-By: Claude <noreply@anthropic.com>
2026-02-24 11:09:31 +01:00
describe("third-party channel plugins (pluginId ≠ channelId)", () => {
it("uses the plugin manifest id, not the channel id, for plugins.entries", () => {
// Reproduces: https://github.com/openclaw/openclaw/issues/25261
// Plugin "apn-channel" declares channels: ["apn"]. Doctor must write
// plugins.entries["apn-channel"], not plugins.entries["apn"].
const result = applyPluginAutoEnable({
config: {
channels: { apn: { someKey: "value" } },
},
env: {},
manifestRegistry: makeRegistry([{ id: "apn-channel", channels: ["apn"] }]),
});
expect(result.config.plugins?.entries?.["apn-channel"]?.enabled).toBe(true);
expect(result.config.plugins?.entries?.["apn"]).toBeUndefined();
expect(result.changes.join("\n")).toContain("apn configured, enabled automatically.");
});
it("does not double-enable when plugin is already enabled under its plugin id", () => {
const result = applyPluginAutoEnable({
config: {
channels: { apn: { someKey: "value" } },
plugins: { entries: { "apn-channel": { enabled: true } } },
},
env: {},
manifestRegistry: makeRegistry([{ id: "apn-channel", channels: ["apn"] }]),
});
expect(result.changes).toEqual([]);
});
it("respects explicit disable of the plugin by its plugin id", () => {
const result = applyPluginAutoEnable({
config: {
channels: { apn: { someKey: "value" } },
plugins: { entries: { "apn-channel": { enabled: false } } },
},
env: {},
manifestRegistry: makeRegistry([{ id: "apn-channel", channels: ["apn"] }]),
});
expect(result.config.plugins?.entries?.["apn-channel"]?.enabled).toBe(false);
expect(result.changes).toEqual([]);
});
it("falls back to channel key as plugin id when no installed manifest declares the channel", () => {
// Without a matching manifest entry, behavior is unchanged (backward compat).
const result = applyPluginAutoEnable({
config: {
channels: { "unknown-chan": { someKey: "value" } },
},
env: {},
manifestRegistry: makeRegistry([]),
});
expect(result.config.plugins?.entries?.["unknown-chan"]?.enabled).toBe(true);
});
});
refactor: extend channel plugin boundary
2026-01-20 11:49:31 +00:00
describe("preferOver channel prioritization", () => {
fix: comprehensive BlueBubbles and channel cleanup (#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (#7402) * fix(security): add timeout to webhook body reading (#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (#6762) * fix: prevent plugins from auto-enabling without user consent (#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes #3932. * fix: apply hierarchical mediaMaxMb config to all channels (#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes #7847. * fix(bluebubbles): sanitize attachment filenames against header injection (#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR #10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
it("prefers bluebubbles: skips imessage auto-configure when both are configured", () => {
Step 5 + Review
2026-01-19 20:16:14 -08:00
const result = applyPluginAutoEnable({
config: {
channels: {
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
imessage: { cliPath: "/usr/local/bin/imsg" },
},
},
env: {},
});
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(true);
Step 5 + Review
2026-01-19 20:16:14 -08:00
expect(result.config.plugins?.entries?.imessage?.enabled).toBeUndefined();
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.changes.join("\n")).toContain("bluebubbles configured, enabled automatically.");
expect(result.changes.join("\n")).not.toContain(
"iMessage configured, enabled automatically.",
);
Step 5 + Review
2026-01-19 20:16:14 -08:00
});
it("keeps imessage enabled if already explicitly enabled (non-destructive)", () => {
const result = applyPluginAutoEnable({
config: {
channels: {
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
imessage: { cliPath: "/usr/local/bin/imsg" },
},
plugins: { entries: { imessage: { enabled: true } } },
},
env: {},
});
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(true);
Step 5 + Review
2026-01-19 20:16:14 -08:00
expect(result.config.plugins?.entries?.imessage?.enabled).toBe(true);
});
fix: comprehensive BlueBubbles and channel cleanup (#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (#7402) * fix(security): add timeout to webhook body reading (#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (#6762) * fix: prevent plugins from auto-enabling without user consent (#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes #3932. * fix: apply hierarchical mediaMaxMb config to all channels (#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes #7847. * fix(bluebubbles): sanitize attachment filenames against header injection (#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR #10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
it("allows imessage auto-configure when bluebubbles is explicitly disabled", () => {
Step 5 + Review
2026-01-19 20:16:14 -08:00
const result = applyPluginAutoEnable({
config: {
channels: {
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
imessage: { cliPath: "/usr/local/bin/imsg" },
},
plugins: { entries: { bluebubbles: { enabled: false } } },
},
env: {},
});
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBe(false);
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
expect(result.config.channels?.imessage?.enabled).toBe(true);
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.changes.join("\n")).toContain("iMessage configured, enabled automatically.");
Step 5 + Review
2026-01-19 20:16:14 -08:00
});
fix: comprehensive BlueBubbles and channel cleanup (#11093) * feat(bluebubbles): auto-strip markdown from outbound messages (#7402) * fix(security): add timeout to webhook body reading (#6762) Adds 30-second timeout to readBody() in voice-call, bluebubbles, and nostr webhook handlers. Prevents Slow-Loris DoS (CWE-400, CVSS 7.5). Merged with existing maxBytes protection in voice-call. * fix(security): unify Error objects and lint fixes in webhook timeouts (#6762) * fix: prevent plugins from auto-enabling without user consent (#3961) Changes default plugin enabled state from true to false in enablePluginEntry(). Preserves existing enabled:true values. Fixes #3932. * fix: apply hierarchical mediaMaxMb config to all channels (#8749) Generalizes resolveAttachmentMaxBytes() to use account → channel → global config resolution for all channels, not just BlueBubbles. Fixes #7847. * fix(bluebubbles): sanitize attachment filenames against header injection (#10333) Strip ", \r, \n, and \\ from filenames after path.basename() to prevent multipart Content-Disposition header injection (CWE-93, CVSS 5.4). Also adds sanitization to setGroupIconBlueBubbles which had zero filename sanitization. * fix(lint): exclude extensions/ from Oxlint preflight check (#9313) Extensions use PluginRuntime|null patterns that trigger no-redundant-type-constituents because PluginRuntime resolves to any. Excluding extensions/ from Oxlint unblocks user upgrades. Re-applies the approach from closed PR #10087. * fix(bluebubbles): add tempGuid to createNewChatWithMessage payload (#7745) Non-Private-API mode (AppleScript) requires tempGuid in send payloads. The main sendMessageBlueBubbles already had it, but createNewChatWithMessage was missing it, causing 400 errors for new chat creation without Private API. * fix: send stop-typing signal when run ends with NO_REPLY (#8785) Adds onCleanup callback to the typing controller that fires when the controller is cleaned up while typing was active (e.g., after NO_REPLY). Channels using createTypingCallbacks automatically get stop-typing on cleanup. This prevents the typing indicator from lingering in group chats when the agent decides not to reply. * fix(telegram): deduplicate skill commands in multi-agent setup (#5717) Two fixes: 1. Skip duplicate workspace dirs when listing skill commands across agents. Multiple agents sharing the same workspace would produce duplicate commands with _2, _3 suffixes. 2. Clear stale commands via deleteMyCommands before registering new ones. Commands from deleted skills now get cleaned up on restart. * fix: add size limits to unbounded in-memory caches (#4948) Adds max-size caps with oldest-entry eviction to prevent OOM in long-running deployments: - BlueBubbles serverInfoCache: 64 entries (already has TTL) - Google Chat authCache: 32 entries - Matrix directRoomCache: 1024 entries - Discord presenceCache: 5000 entries per account * fix: address review concerns (#11093) - Chain deleteMyCommands → setMyCommands to prevent race condition (#5717) - Rename enablePluginEntry to registerPluginEntry (now sets enabled: false) - Add Slow-Loris timeout test for readJsonBody (#6023)
2026-02-07 05:00:55 -08:00
it("allows imessage auto-configure when bluebubbles is in deny list", () => {
Step 5 + Review
2026-01-19 20:16:14 -08:00
const result = applyPluginAutoEnable({
config: {
channels: {
bluebubbles: { serverUrl: "http://localhost:1234", password: "x" },
imessage: { cliPath: "/usr/local/bin/imsg" },
},
plugins: { deny: ["bluebubbles"] },
},
env: {},
});
expect(result.config.plugins?.entries?.bluebubbles?.enabled).toBeUndefined();
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
expect(result.config.channels?.imessage?.enabled).toBe(true);
Step 5 + Review
2026-01-19 20:16:14 -08:00
});
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
it("auto-enables imessage when only imessage is configured", () => {
Step 5 + Review
2026-01-19 20:16:14 -08:00
const result = applyPluginAutoEnable({
config: {
channels: { imessage: { cliPath: "/usr/local/bin/imsg" } },
},
env: {},
});
fix(config): persist built-in channel enable state in channels Co-authored-by: HirokiKobayashi-R <HirokiKobayashi-R@users.noreply.github.com>
2026-02-22 19:18:08 +01:00
expect(result.config.channels?.imessage?.enabled).toBe(true);
fix(config): auto-enable configured plugins
2026-02-14 01:56:00 +00:00
expect(result.changes.join("\n")).toContain("iMessage configured, enabled automatically.");
Step 5 + Review
2026-01-19 20:16:14 -08:00
});
});
feat(config): auto-enable configured plugins
2026-01-18 16:22:50 +00:00
});
Reference in New Issue Copy Permalink