Hugging Face's logo

Darochin
/
openskynet

English
Spanish
agent
autonomy
research
typescript
nodejs
llm
Model card Files
xet
 Community
openskynet
File size: 2,249 Bytes
fc93158
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
import { describe, expect, it } from "vitest";
import type { OpenClawConfig } from "../config/config.js";
import { resolveSenderCommandAuthorization } from "./command-auth.js";

const baseCfg = {
  commands: { useAccessGroups: true },
} as unknown as OpenClawConfig;

describe("plugin-sdk/command-auth", () => {
  it("authorizes group commands from explicit group allowlist", async () => {
    const result = await resolveSenderCommandAuthorization({
      cfg: baseCfg,
      rawBody: "/status",
      isGroup: true,
      dmPolicy: "pairing",
      configuredAllowFrom: ["dm-owner"],
      configuredGroupAllowFrom: ["group-owner"],
      senderId: "group-owner",
      isSenderAllowed: (senderId, allowFrom) => allowFrom.includes(senderId),
      readAllowFromStore: async () => ["paired-user"],
      shouldComputeCommandAuthorized: () => true,
      resolveCommandAuthorizedFromAuthorizers: ({ useAccessGroups, authorizers }) =>
        useAccessGroups && authorizers.some((entry) => entry.configured && entry.allowed),
    });
    expect(result.commandAuthorized).toBe(true);
    expect(result.senderAllowedForCommands).toBe(true);
    expect(result.effectiveAllowFrom).toEqual(["dm-owner"]);
    expect(result.effectiveGroupAllowFrom).toEqual(["group-owner"]);
  });

  it("keeps pairing-store identities DM-only for group command auth", async () => {
    const result = await resolveSenderCommandAuthorization({
      cfg: baseCfg,
      rawBody: "/status",
      isGroup: true,
      dmPolicy: "pairing",
      configuredAllowFrom: ["dm-owner"],
      configuredGroupAllowFrom: ["group-owner"],
      senderId: "paired-user",
      isSenderAllowed: (senderId, allowFrom) => allowFrom.includes(senderId),
      readAllowFromStore: async () => ["paired-user"],
      shouldComputeCommandAuthorized: () => true,
      resolveCommandAuthorizedFromAuthorizers: ({ useAccessGroups, authorizers }) =>
        useAccessGroups && authorizers.some((entry) => entry.configured && entry.allowed),
    });
    expect(result.commandAuthorized).toBe(false);
    expect(result.senderAllowedForCommands).toBe(false);
    expect(result.effectiveAllowFrom).toEqual(["dm-owner"]);
    expect(result.effectiveGroupAllowFrom).toEqual(["group-owner"]);
  });
});