From 9ff473fa052e458dbfde347afea0461236984748 Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Mon, 16 Feb 2026 18:24:36 +0000 Subject: [PATCH] refactor(test): share sandbox config test helpers --- ....agent-specific-sandbox-config.e2e.test.ts | 153 ++++++------------ 1 file changed, 53 insertions(+), 100 deletions(-) diff --git a/src/agents/sandbox-agent-config.agent-specific-sandbox-config.e2e.test.ts b/src/agents/sandbox-agent-config.agent-specific-sandbox-config.e2e.test.ts index 039138f964..b112762260 100644 --- a/src/agents/sandbox-agent-config.agent-specific-sandbox-config.e2e.test.ts +++ b/src/agents/sandbox-agent-config.agent-specific-sandbox-config.e2e.test.ts @@ -1,7 +1,7 @@ import { EventEmitter } from "node:events"; import path from "node:path"; import { Readable } from "node:stream"; -import { beforeEach, describe, expect, it, vi } from "vitest"; +import { beforeAll, beforeEach, describe, expect, it, vi } from "vitest"; import type { OpenClawConfig } from "../config/config.js"; type SpawnCall = { @@ -48,14 +48,39 @@ vi.mock("../skills.js", async (importOriginal) => { }; }); +let resolveSandboxContext: typeof import("./sandbox.js").resolveSandboxContext; +let resolveSandboxConfigForAgent: typeof import("./sandbox.js").resolveSandboxConfigForAgent; + +async function resolveContext(config: OpenClawConfig, sessionKey: string, workspaceDir: string) { + return resolveSandboxContext({ + config, + sessionKey, + workspaceDir, + }); +} + +function expectDockerSetupCommand(command: string) { + expect( + spawnCalls.some( + (call) => + call.command === "docker" && + call.args[0] === "exec" && + call.args.includes("-lc") && + call.args.includes(command), + ), + ).toBe(true); +} + describe("Agent-specific sandbox config", () => { + beforeAll(async () => { + ({ resolveSandboxConfigForAgent, resolveSandboxContext } = await import("./sandbox.js")); + }); + beforeEach(() => { spawnCalls.length = 0; }); it("should use agent-specific workspaceRoot", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -79,19 +104,13 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:isolated:main", - workspaceDir: "/tmp/test-isolated", - }); + const context = await resolveContext(cfg, "agent:isolated:main", "/tmp/test-isolated"); expect(context).toBeDefined(); expect(context?.workspaceDir).toContain(path.resolve("/tmp/isolated-sandboxes")); }); it("should prefer agent config over global for multiple agents", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -120,25 +139,23 @@ describe("Agent-specific sandbox config", () => { }, }; - const mainContext = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:main:telegram:group:789", - workspaceDir: "/tmp/test-main", - }); + const mainContext = await resolveContext( + cfg, + "agent:main:telegram:group:789", + "/tmp/test-main", + ); expect(mainContext).toBeNull(); - const familyContext = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:family:whatsapp:group:123", - workspaceDir: "/tmp/test-family", - }); + const familyContext = await resolveContext( + cfg, + "agent:family:whatsapp:group:123", + "/tmp/test-family", + ); expect(familyContext).toBeDefined(); expect(familyContext?.enabled).toBe(true); }); it("should prefer agent-specific sandbox tool policy", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -176,11 +193,7 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:restricted:main", - workspaceDir: "/tmp/test-restricted", - }); + const context = await resolveContext(cfg, "agent:restricted:main", "/tmp/test-restricted"); expect(context).toBeDefined(); expect(context?.tools).toEqual({ @@ -190,8 +203,6 @@ describe("Agent-specific sandbox config", () => { }); it("should use global sandbox config when no agent-specific config exists", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -209,19 +220,13 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:main:main", - workspaceDir: "/tmp/test", - }); + const context = await resolveContext(cfg, "agent:main:main", "/tmp/test"); expect(context).toBeDefined(); expect(context?.enabled).toBe(true); }); it("should allow agent-specific docker setupCommand overrides", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -249,28 +254,14 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:work:main", - workspaceDir: "/tmp/test-work", - }); + const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work"); expect(context).toBeDefined(); expect(context?.docker.setupCommand).toBe("echo work"); - expect( - spawnCalls.some( - (call) => - call.command === "docker" && - call.args[0] === "exec" && - call.args.includes("-lc") && - call.args.includes("echo work"), - ), - ).toBe(true); + expectDockerSetupCommand("echo work"); }); it("should ignore agent-specific docker overrides when scope is shared", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -298,29 +289,15 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:work:main", - workspaceDir: "/tmp/test-work", - }); + const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work"); expect(context).toBeDefined(); expect(context?.docker.setupCommand).toBe("echo global"); expect(context?.containerName).toContain("shared"); - expect( - spawnCalls.some( - (call) => - call.command === "docker" && - call.args[0] === "exec" && - call.args.includes("-lc") && - call.args.includes("echo global"), - ), - ).toBe(true); + expectDockerSetupCommand("echo global"); }); it("should allow agent-specific docker settings beyond setupCommand", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -350,11 +327,7 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:work:main", - workspaceDir: "/tmp/test-work", - }); + const context = await resolveContext(cfg, "agent:work:main", "/tmp/test-work"); expect(context).toBeDefined(); expect(context?.docker.image).toBe("work-image"); @@ -362,8 +335,6 @@ describe("Agent-specific sandbox config", () => { }); it("should override with agent-specific sandbox mode 'off'", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -384,18 +355,12 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:main:main", - workspaceDir: "/tmp/test", - }); + const context = await resolveContext(cfg, "agent:main:main", "/tmp/test"); expect(context).toBeNull(); }); it("should use agent-specific sandbox mode 'all'", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -416,19 +381,17 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:family:whatsapp:group:123", - workspaceDir: "/tmp/test-family", - }); + const context = await resolveContext( + cfg, + "agent:family:whatsapp:group:123", + "/tmp/test-family", + ); expect(context).toBeDefined(); expect(context?.enabled).toBe(true); }); it("should use agent-specific scope", async () => { - const { resolveSandboxContext } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -450,19 +413,13 @@ describe("Agent-specific sandbox config", () => { }, }; - const context = await resolveSandboxContext({ - config: cfg, - sessionKey: "agent:work:slack:channel:456", - workspaceDir: "/tmp/test-work", - }); + const context = await resolveContext(cfg, "agent:work:slack:channel:456", "/tmp/test-work"); expect(context).toBeDefined(); expect(context?.containerName).toContain("agent-work"); }); it("includes session_status in default sandbox allowlist", async () => { - const { resolveSandboxConfigForAgent } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -479,8 +436,6 @@ describe("Agent-specific sandbox config", () => { }); it("includes image in default sandbox allowlist", async () => { - const { resolveSandboxConfigForAgent } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { agents: { defaults: { @@ -497,8 +452,6 @@ describe("Agent-specific sandbox config", () => { }); it("injects image into explicit sandbox allowlists", async () => { - const { resolveSandboxConfigForAgent } = await import("./sandbox.js"); - const cfg: OpenClawConfig = { tools: { sandbox: {