2026-01-10 17:26:29 +01:00
|
|
|
import fs from "node:fs/promises";
|
|
|
|
|
import os from "node:os";
|
|
|
|
|
import path from "node:path";
|
2026-02-05 15:51:27 -08:00
|
|
|
import { describe, expect, it, vi } from "vitest";
|
2026-02-24 17:22:46 +00:00
|
|
|
import type { OpenClawConfig } from "../config/config.js";
|
2026-01-30 03:15:10 +01:00
|
|
|
import { createOpenClawCodingTools } from "./pi-tools.js";
|
2026-02-13 17:29:10 +02:00
|
|
|
import { createHostSandboxFsBridge } from "./test-helpers/host-sandbox-fs-bridge.js";
|
2026-02-21 23:56:58 +00:00
|
|
|
import { expectReadWriteEditTools, getTextContent } from "./test-helpers/pi-tools-fs-helpers.js";
|
2026-02-19 09:21:33 +00:00
|
|
|
import { createPiToolsSandboxContext } from "./test-helpers/pi-tools-sandbox-context.js";
|
2026-02-05 15:51:27 -08:00
|
|
|
|
|
|
|
|
vi.mock("../infra/shell-env.js", async (importOriginal) => {
|
|
|
|
|
const mod = await importOriginal<typeof import("../infra/shell-env.js")>();
|
|
|
|
|
return { ...mod, getShellPathFromLoginShell: () => null };
|
|
|
|
|
});
|
2026-01-10 17:26:29 +01:00
|
|
|
async function withTempDir<T>(prefix: string, fn: (dir: string) => Promise<T>) {
|
|
|
|
|
const dir = await fs.mkdtemp(path.join(os.tmpdir(), prefix));
|
|
|
|
|
try {
|
|
|
|
|
return await fn(dir);
|
|
|
|
|
} finally {
|
|
|
|
|
await fs.rm(dir, { recursive: true, force: true });
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
describe("workspace path resolution", () => {
|
2026-02-22 12:25:57 +00:00
|
|
|
it("resolves relative read/write/edit paths against workspaceDir even after cwd changes", async () => {
|
2026-01-30 03:15:10 +01:00
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
|
|
|
|
await withTempDir("openclaw-cwd-", async (otherDir) => {
|
2026-02-05 17:06:11 -07:00
|
|
|
const cwdSpy = vi.spyOn(process, "cwd").mockReturnValue(otherDir);
|
2026-01-10 17:26:29 +01:00
|
|
|
try {
|
2026-01-30 03:15:10 +01:00
|
|
|
const tools = createOpenClawCodingTools({ workspaceDir });
|
2026-02-22 12:25:57 +00:00
|
|
|
const { readTool, writeTool, editTool } = expectReadWriteEditTools(tools);
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-02-22 12:25:57 +00:00
|
|
|
const readFile = "read.txt";
|
|
|
|
|
await fs.writeFile(path.join(workspaceDir, readFile), "workspace read ok", "utf8");
|
|
|
|
|
const readResult = await readTool.execute("ws-read", { path: readFile });
|
|
|
|
|
expect(getTextContent(readResult)).toContain("workspace read ok");
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-02-22 12:25:57 +00:00
|
|
|
const writeFile = "write.txt";
|
|
|
|
|
await writeTool.execute("ws-write", {
|
|
|
|
|
path: writeFile,
|
|
|
|
|
content: "workspace write ok",
|
2026-01-10 17:26:29 +01:00
|
|
|
});
|
2026-02-22 12:25:57 +00:00
|
|
|
expect(await fs.readFile(path.join(workspaceDir, writeFile), "utf8")).toBe(
|
|
|
|
|
"workspace write ok",
|
|
|
|
|
);
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-02-22 12:25:57 +00:00
|
|
|
const editFile = "edit.txt";
|
|
|
|
|
await fs.writeFile(path.join(workspaceDir, editFile), "hello world", "utf8");
|
|
|
|
|
await editTool.execute("ws-edit", {
|
|
|
|
|
path: editFile,
|
2026-01-10 17:26:29 +01:00
|
|
|
oldText: "world",
|
2026-01-30 03:15:10 +01:00
|
|
|
newText: "openclaw",
|
2026-01-10 17:26:29 +01:00
|
|
|
});
|
2026-02-22 12:25:57 +00:00
|
|
|
expect(await fs.readFile(path.join(workspaceDir, editFile), "utf8")).toBe(
|
|
|
|
|
"hello openclaw",
|
|
|
|
|
);
|
2026-01-10 17:26:29 +01:00
|
|
|
} finally {
|
2026-02-05 17:06:11 -07:00
|
|
|
cwdSpy.mockRestore();
|
2026-01-10 17:26:29 +01:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2026-02-23 13:35:14 -05:00
|
|
|
it("allows deletion edits with empty newText", async () => {
|
|
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
|
|
|
|
await withTempDir("openclaw-cwd-", async (otherDir) => {
|
|
|
|
|
const testFile = "delete.txt";
|
|
|
|
|
await fs.writeFile(path.join(workspaceDir, testFile), "hello world", "utf8");
|
|
|
|
|
|
|
|
|
|
const cwdSpy = vi.spyOn(process, "cwd").mockReturnValue(otherDir);
|
|
|
|
|
try {
|
|
|
|
|
const tools = createOpenClawCodingTools({ workspaceDir });
|
|
|
|
|
const { editTool } = expectReadWriteEditTools(tools);
|
|
|
|
|
|
|
|
|
|
await editTool.execute("ws-edit-delete", {
|
|
|
|
|
path: testFile,
|
|
|
|
|
oldText: " world",
|
|
|
|
|
newText: "",
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(await fs.readFile(path.join(workspaceDir, testFile), "utf8")).toBe("hello");
|
|
|
|
|
} finally {
|
|
|
|
|
cwdSpy.mockRestore();
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2026-01-12 02:49:55 +00:00
|
|
|
it("defaults exec cwd to workspaceDir when workdir is omitted", async () => {
|
2026-01-30 03:15:10 +01:00
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
2026-02-13 19:57:02 +01:00
|
|
|
const tools = createOpenClawCodingTools({
|
|
|
|
|
workspaceDir,
|
|
|
|
|
exec: { host: "gateway", ask: "off", security: "full" },
|
|
|
|
|
});
|
2026-01-12 02:49:55 +00:00
|
|
|
const execTool = tools.find((tool) => tool.name === "exec");
|
|
|
|
|
expect(execTool).toBeDefined();
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-01-12 02:49:55 +00:00
|
|
|
const result = await execTool?.execute("ws-exec", {
|
2026-01-10 18:02:21 +01:00
|
|
|
command: "echo ok",
|
2026-01-10 17:26:29 +01:00
|
|
|
});
|
2026-01-10 18:02:21 +01:00
|
|
|
const cwd =
|
2026-01-14 14:31:43 +00:00
|
|
|
result?.details && typeof result.details === "object" && "cwd" in result.details
|
2026-01-10 18:02:21 +01:00
|
|
|
? (result.details as { cwd?: string }).cwd
|
|
|
|
|
: undefined;
|
|
|
|
|
expect(cwd).toBeTruthy();
|
2026-01-10 17:26:29 +01:00
|
|
|
const [resolvedOutput, resolvedWorkspace] = await Promise.all([
|
2026-01-10 18:02:21 +01:00
|
|
|
fs.realpath(String(cwd)),
|
2026-01-10 17:26:29 +01:00
|
|
|
fs.realpath(workspaceDir),
|
|
|
|
|
]);
|
|
|
|
|
expect(resolvedOutput).toBe(resolvedWorkspace);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2026-01-12 02:49:55 +00:00
|
|
|
it("lets exec workdir override the workspace default", async () => {
|
2026-01-30 03:15:10 +01:00
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
|
|
|
|
await withTempDir("openclaw-override-", async (overrideDir) => {
|
2026-02-13 19:57:02 +01:00
|
|
|
const tools = createOpenClawCodingTools({
|
|
|
|
|
workspaceDir,
|
|
|
|
|
exec: { host: "gateway", ask: "off", security: "full" },
|
|
|
|
|
});
|
2026-01-12 02:49:55 +00:00
|
|
|
const execTool = tools.find((tool) => tool.name === "exec");
|
|
|
|
|
expect(execTool).toBeDefined();
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-01-12 02:49:55 +00:00
|
|
|
const result = await execTool?.execute("ws-exec-override", {
|
2026-01-10 18:02:21 +01:00
|
|
|
command: "echo ok",
|
2026-01-10 17:26:29 +01:00
|
|
|
workdir: overrideDir,
|
|
|
|
|
});
|
2026-01-10 18:02:21 +01:00
|
|
|
const cwd =
|
2026-01-14 14:31:43 +00:00
|
|
|
result?.details && typeof result.details === "object" && "cwd" in result.details
|
2026-01-10 18:02:21 +01:00
|
|
|
? (result.details as { cwd?: string }).cwd
|
|
|
|
|
: undefined;
|
|
|
|
|
expect(cwd).toBeTruthy();
|
2026-01-10 17:26:29 +01:00
|
|
|
const [resolvedOutput, resolvedOverride] = await Promise.all([
|
2026-01-10 18:02:21 +01:00
|
|
|
fs.realpath(String(cwd)),
|
2026-01-10 17:26:29 +01:00
|
|
|
fs.realpath(overrideDir),
|
|
|
|
|
]);
|
|
|
|
|
expect(resolvedOutput).toBe(resolvedOverride);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
2026-02-24 17:22:46 +00:00
|
|
|
|
|
|
|
|
it("rejects @-prefixed absolute paths outside workspace when workspaceOnly is enabled", async () => {
|
|
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
|
|
|
|
const cfg: OpenClawConfig = { tools: { fs: { workspaceOnly: true } } };
|
|
|
|
|
const tools = createOpenClawCodingTools({ workspaceDir, config: cfg });
|
|
|
|
|
const { readTool } = expectReadWriteEditTools(tools);
|
|
|
|
|
|
|
|
|
|
const outsideAbsolute = path.resolve(path.parse(workspaceDir).root, "outside-openclaw.txt");
|
|
|
|
|
await expect(
|
|
|
|
|
readTool.execute("ws-read-at-prefix", { path: `@${outsideAbsolute}` }),
|
|
|
|
|
).rejects.toThrow(/Path escapes sandbox root/i);
|
|
|
|
|
});
|
|
|
|
|
});
|
2026-02-26 03:42:22 +01:00
|
|
|
|
|
|
|
|
it("rejects hardlinked file aliases when workspaceOnly is enabled", async () => {
|
|
|
|
|
if (process.platform === "win32") {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
await withTempDir("openclaw-ws-", async (workspaceDir) => {
|
|
|
|
|
const cfg: OpenClawConfig = { tools: { fs: { workspaceOnly: true } } };
|
|
|
|
|
const tools = createOpenClawCodingTools({ workspaceDir, config: cfg });
|
|
|
|
|
const { readTool, writeTool } = expectReadWriteEditTools(tools);
|
|
|
|
|
const outsidePath = path.join(
|
|
|
|
|
path.dirname(workspaceDir),
|
|
|
|
|
`outside-hardlink-${process.pid}-${Date.now()}.txt`,
|
|
|
|
|
);
|
|
|
|
|
const hardlinkPath = path.join(workspaceDir, "linked.txt");
|
|
|
|
|
await fs.writeFile(outsidePath, "top-secret", "utf8");
|
|
|
|
|
try {
|
|
|
|
|
try {
|
|
|
|
|
await fs.link(outsidePath, hardlinkPath);
|
|
|
|
|
} catch (err) {
|
|
|
|
|
if ((err as NodeJS.ErrnoException).code === "EXDEV") {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
throw err;
|
|
|
|
|
}
|
|
|
|
|
await expect(readTool.execute("ws-read-hardlink", { path: "linked.txt" })).rejects.toThrow(
|
|
|
|
|
/hardlink|sandbox/i,
|
|
|
|
|
);
|
|
|
|
|
await expect(
|
|
|
|
|
writeTool.execute("ws-write-hardlink", {
|
|
|
|
|
path: "linked.txt",
|
|
|
|
|
content: "pwned",
|
|
|
|
|
}),
|
|
|
|
|
).rejects.toThrow(/hardlink|sandbox/i);
|
|
|
|
|
expect(await fs.readFile(outsidePath, "utf8")).toBe("top-secret");
|
|
|
|
|
} finally {
|
|
|
|
|
await fs.rm(hardlinkPath, { force: true });
|
|
|
|
|
await fs.rm(outsidePath, { force: true });
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
2026-01-10 17:26:29 +01:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
describe("sandboxed workspace paths", () => {
|
|
|
|
|
it("uses sandbox workspace for relative read/write/edit", async () => {
|
2026-01-30 03:15:10 +01:00
|
|
|
await withTempDir("openclaw-sandbox-", async (sandboxDir) => {
|
|
|
|
|
await withTempDir("openclaw-workspace-", async (workspaceDir) => {
|
2026-02-19 09:21:33 +00:00
|
|
|
const sandbox = createPiToolsSandboxContext({
|
2026-01-10 17:26:29 +01:00
|
|
|
workspaceDir: sandboxDir,
|
|
|
|
|
agentWorkspaceDir: workspaceDir,
|
2026-02-17 15:48:44 +09:00
|
|
|
workspaceAccess: "rw" as const,
|
2026-02-13 17:29:10 +02:00
|
|
|
fsBridge: createHostSandboxFsBridge(sandboxDir),
|
2026-01-10 17:26:29 +01:00
|
|
|
tools: { allow: [], deny: [] },
|
2026-02-19 09:21:33 +00:00
|
|
|
});
|
2026-01-10 17:26:29 +01:00
|
|
|
|
|
|
|
|
const testFile = "sandbox.txt";
|
2026-01-14 14:31:43 +00:00
|
|
|
await fs.writeFile(path.join(sandboxDir, testFile), "sandbox read", "utf8");
|
|
|
|
|
await fs.writeFile(path.join(workspaceDir, testFile), "workspace read", "utf8");
|
2026-01-10 17:26:29 +01:00
|
|
|
|
2026-01-30 03:15:10 +01:00
|
|
|
const tools = createOpenClawCodingTools({ workspaceDir, sandbox });
|
2026-02-21 23:56:58 +00:00
|
|
|
const { readTool, writeTool, editTool } = expectReadWriteEditTools(tools);
|
2026-01-10 17:26:29 +01:00
|
|
|
|
|
|
|
|
const result = await readTool?.execute("sbx-read", { path: testFile });
|
|
|
|
|
expect(getTextContent(result)).toContain("sandbox read");
|
|
|
|
|
|
|
|
|
|
await writeTool?.execute("sbx-write", {
|
|
|
|
|
path: "new.txt",
|
|
|
|
|
content: "sandbox write",
|
|
|
|
|
});
|
2026-01-14 14:31:43 +00:00
|
|
|
const written = await fs.readFile(path.join(sandboxDir, "new.txt"), "utf8");
|
2026-01-10 17:26:29 +01:00
|
|
|
expect(written).toBe("sandbox write");
|
|
|
|
|
|
|
|
|
|
await editTool?.execute("sbx-edit", {
|
|
|
|
|
path: "new.txt",
|
|
|
|
|
oldText: "write",
|
|
|
|
|
newText: "edit",
|
|
|
|
|
});
|
2026-01-14 14:31:43 +00:00
|
|
|
const edited = await fs.readFile(path.join(sandboxDir, "new.txt"), "utf8");
|
2026-01-10 17:26:29 +01:00
|
|
|
expect(edited).toBe("sandbox edit");
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
