test: update gateway node/e2e tests

2026-01-20 10:39:29 +00:00
parent 47cf28f6b6
commit 6942ceb7a9
3 changed files with 199 additions and 185 deletions
--- a/src/gateway/server.health.test.ts
+++ b/src/gateway/server.health.test.ts
@@ -1,7 +1,14 @@
 import { randomUUID } from "node:crypto";
+import os from "node:os";
+import path from "node:path";
 import { describe, expect, test } from "vitest";
 import { WebSocket } from "ws";
 import { emitAgentEvent } from "../infra/agent-events.js";
+import {
+  loadOrCreateDeviceIdentity,
+  publicKeyRawBase64UrlFromPem,
+  signDevicePayload,
+} from "../infra/device-identity.js";
 import { emitHeartbeatEvent } from "../infra/heartbeat-events.js";
 import { loadOrCreateDeviceIdentity } from "../infra/device-identity.js";
 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
@@ -13,6 +20,7 @@ import {
  startGatewayServer,
  startServerWithClient,
 } from "./test-helpers.js";
+import { buildDeviceAuthPayload } from "./device-auth.js";

 installGatewayTestHooks();

@@ -201,8 +209,24 @@ describe("gateway server health/presence", () => {
  });

  test("presence includes client fingerprint", async () => {
+    const identityPath = path.join(os.tmpdir(), `clawdbot-device-${randomUUID()}.json`);
+    const identity = loadOrCreateDeviceIdentity(identityPath);
+    const role = "operator";
+    const scopes: string[] = [];
+    const signedAtMs = Date.now();
+    const payload = buildDeviceAuthPayload({
+      deviceId: identity.deviceId,
+      clientId: GATEWAY_CLIENT_NAMES.FINGERPRINT,
+      clientMode: GATEWAY_CLIENT_MODES.UI,
+      role,
+      scopes,
+      signedAtMs,
+      token: null,
+    });
    const { server, ws } = await startServerWithClient();
    await connectOk(ws, {
+      role,
+      scopes,
      client: {
        id: GATEWAY_CLIENT_NAMES.FINGERPRINT,
        version: "9.9.9",
@@ -212,6 +236,12 @@ describe("gateway server health/presence", () => {
        mode: GATEWAY_CLIENT_MODES.UI,
        instanceId: "abc",
      },
+      device: {
+        id: identity.deviceId,
+        publicKey: publicKeyRawBase64UrlFromPem(identity.publicKeyPem),
+        signature: signDevicePayload(identity.privateKeyPem, payload),
+        signedAt: signedAtMs,
+      },
    });

    const presenceP = onceMessage(ws, (o) => o.type === "res" && o.id === "fingerprint", 4000);
@@ -224,9 +254,10 @@ describe("gateway server health/presence", () => {
    );

    const presenceRes = await presenceP;
-    const identity = loadOrCreateDeviceIdentity();
    const entries = presenceRes.payload as Array<Record<string, unknown>>;
-    const clientEntry = entries.find((e) => e.instanceId === identity.deviceId);
+    const clientEntry = entries.find(
+      (e) => e.host === GATEWAY_CLIENT_NAMES.FINGERPRINT && e.version === "9.9.9",
+    );
    expect(clientEntry?.host).toBe(GATEWAY_CLIENT_NAMES.FINGERPRINT);
    expect(clientEntry?.version).toBe("9.9.9");
    expect(clientEntry?.mode).toBe("ui");
--- a/src/gateway/server.nodes.allowlist.test.ts
+++ b/src/gateway/server.nodes.allowlist.test.ts
@@ -1,32 +1,77 @@
 import { describe, expect, test } from "vitest";
-import { WebSocket } from "ws";

 import { GATEWAY_CLIENT_MODES, GATEWAY_CLIENT_NAMES } from "../utils/message-channel.js";
 import {
  connectOk,
  installGatewayTestHooks,
-  onceMessage,
  rpcReq,
  startServerWithClient,
 } from "./test-helpers.js";
+import { GatewayClient } from "./client.js";

 installGatewayTestHooks();

+const sleep = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms));
+
+const connectNodeClient = async (params: {
+  port: number;
+  commands: string[];
+  instanceId?: string;
+  displayName?: string;
+  onEvent?: (evt: { event?: string; payload?: unknown }) => void;
+}) => {
+  let settled = false;
+  let resolveReady: (() => void) | null = null;
+  let rejectReady: ((err: Error) => void) | null = null;
+  const ready = new Promise<void>((resolve, reject) => {
+    resolveReady = resolve;
+    rejectReady = reject;
+  });
+  const client = new GatewayClient({
+    url: `ws://127.0.0.1:${params.port}`,
+    role: "node",
+    clientName: GATEWAY_CLIENT_NAMES.NODE_HOST,
+    clientVersion: "1.0.0",
+    clientDisplayName: params.displayName,
+    platform: "ios",
+    mode: GATEWAY_CLIENT_MODES.NODE,
+    instanceId: params.instanceId,
+    scopes: [],
+    commands: params.commands,
+    onEvent: params.onEvent,
+    onHelloOk: () => {
+      if (settled) return;
+      settled = true;
+      resolveReady?.();
+    },
+    onConnectError: (err) => {
+      if (settled) return;
+      settled = true;
+      rejectReady?.(err);
+    },
+    onClose: (code, reason) => {
+      if (settled) return;
+      settled = true;
+      rejectReady?.(new Error(`gateway closed (${code}): ${reason}`));
+    },
+  });
+  client.start();
+  await Promise.race([
+    ready,
+    sleep(10_000).then(() => {
+      throw new Error("timeout waiting for node to connect");
+    }),
+  ]);
+  return client;
+};
+
 describe("gateway node command allowlist", () => {
  test("rejects commands outside platform allowlist", async () => {
    const { server, ws, port } = await startServerWithClient();
    await connectOk(ws);

-    const nodeWs = new WebSocket(`ws://127.0.0.1:${port}`);
-    await new Promise<void>((resolve) => nodeWs.once("open", resolve));
-    await connectOk(nodeWs, {
-      role: "node",
-      client: {
-        id: GATEWAY_CLIENT_NAMES.NODE_HOST,
-        version: "1.0.0",
-        platform: "ios",
-        mode: GATEWAY_CLIENT_MODES.NODE,
-      },
+    const nodeClient = await connectNodeClient({
+      port,
      commands: ["system.run"],
    });

@@ -43,7 +88,7 @@ describe("gateway node command allowlist", () => {
    expect(res.ok).toBe(false);
    expect(res.error?.message).toContain("node command not allowed");

-    nodeWs.close();
+    nodeClient.stop();
    ws.close();
    await server.close();
  });
@@ -52,19 +97,11 @@ describe("gateway node command allowlist", () => {
    const { server, ws, port } = await startServerWithClient();
    await connectOk(ws);

-    const nodeWs = new WebSocket(`ws://127.0.0.1:${port}`);
-    await new Promise<void>((resolve) => nodeWs.once("open", resolve));
-    await connectOk(nodeWs, {
-      role: "node",
-      client: {
-        id: GATEWAY_CLIENT_NAMES.NODE_HOST,
-        displayName: "node-empty",
-        version: "1.0.0",
-        platform: "ios",
-        mode: GATEWAY_CLIENT_MODES.NODE,
-        instanceId: "node-empty",
-      },
+    const nodeClient = await connectNodeClient({
+      port,
      commands: [],
+      instanceId: "node-empty",
+      displayName: "node-empty",
    });

    const listRes = await rpcReq<{ nodes?: Array<{ nodeId: string }> }>(ws, "node.list", {});
@@ -80,7 +117,7 @@ describe("gateway node command allowlist", () => {
    expect(res.ok).toBe(false);
    expect(res.error?.message).toContain("node command not allowed");

-    nodeWs.close();
+    nodeClient.stop();
    ws.close();
    await server.close();
  });
@@ -89,30 +126,27 @@ describe("gateway node command allowlist", () => {
    const { server, ws, port } = await startServerWithClient();
    await connectOk(ws);

-    const nodeWs = new WebSocket(`ws://127.0.0.1:${port}`);
-    await new Promise<void>((resolve) => nodeWs.once("open", resolve));
-    await connectOk(nodeWs, {
-      role: "node",
-      client: {
-        id: GATEWAY_CLIENT_NAMES.NODE_HOST,
-        displayName: "node-allowed",
-        version: "1.0.0",
-        platform: "ios",
-        mode: GATEWAY_CLIENT_MODES.NODE,
-        instanceId: "node-allowed",
-      },
+    let resolveInvoke: ((payload: { id?: string; nodeId?: string }) => void) | null = null;
+    const invokeReqP = new Promise<{ id?: string; nodeId?: string }>((resolve) => {
+      resolveInvoke = resolve;
+    });
+    const nodeClient = await connectNodeClient({
+      port,
      commands: ["canvas.snapshot"],
+      instanceId: "node-allowed",
+      displayName: "node-allowed",
+      onEvent: (evt) => {
+        if (evt.event === "node.invoke.request") {
+          const payload = evt.payload as { id?: string; nodeId?: string };
+          resolveInvoke?.(payload);
+        }
+      },
    });

    const listRes = await rpcReq<{ nodes?: Array<{ nodeId: string }> }>(ws, "node.list", {});
    const nodeId = listRes.payload?.nodes?.[0]?.nodeId ?? "";
    expect(nodeId).toBeTruthy();

-    const invokeReqP = onceMessage<{ type: "event"; event: string; payload?: unknown }>(
-      nodeWs,
-      (o) => o.type === "event" && o.event === "node.invoke.request",
-    );
-
    const invokeResP = rpcReq(ws, "node.invoke", {
      nodeId,
      command: "canvas.snapshot",
@@ -120,31 +154,21 @@ describe("gateway node command allowlist", () => {
      idempotencyKey: "allowlist-3",
    });

-    const invokeReq = await invokeReqP;
-    const payload = invokeReq.payload as { id?: string; nodeId?: string };
+    const payload = await invokeReqP;
    const requestId = payload?.id ?? "";
    const nodeIdFromReq = payload?.nodeId ?? "node-allowed";

-    nodeWs.send(
-      JSON.stringify({
-        type: "req",
-        id: "node-result",
-        method: "node.invoke.result",
-        params: {
-          id: requestId,
-          nodeId: nodeIdFromReq,
-          ok: true,
-          payloadJSON: JSON.stringify({ ok: true }),
-        },
-      }),
-    );
-
-    await onceMessage(nodeWs, (o) => o.type === "res" && o.id === "node-result");
+    await nodeClient.request("node.invoke.result", {
+      id: requestId,
+      nodeId: nodeIdFromReq,
+      ok: true,
+      payloadJSON: JSON.stringify({ ok: true }),
+    });

    const invokeRes = await invokeResP;
    expect(invokeRes.ok).toBe(true);

-    nodeWs.close();
+    nodeClient.stop();
    ws.close();
    await server.close();
  });