fix: enforce message context isolation

2026-01-13 01:03:23 +00:00
parent 0edbdb1948
commit ffc465394e
6 changed files with 164 additions and 5 deletions
--- a/src/infra/outbound/message-action-runner.test.ts
+++ b/src/infra/outbound/message-action-runner.test.ts
@@ -0,0 +1,61 @@
+import { describe, expect, it } from "vitest";
+
+import type { ClawdbotConfig } from "../../config/config.js";
+import { runMessageAction } from "./message-action-runner.js";
+
+const slackConfig = {
+  slack: {
+    botToken: "xoxb-test",
+    appToken: "xapp-test",
+  },
+} as ClawdbotConfig;
+
+describe("runMessageAction context isolation", () => {
+  it("allows send when target matches current channel", async () => {
+    const result = await runMessageAction({
+      cfg: slackConfig,
+      action: "send",
+      params: {
+        provider: "slack",
+        to: "#C123",
+        message: "hi",
+      },
+      toolContext: { currentChannelId: "C123" },
+      dryRun: true,
+    });
+
+    expect(result.kind).toBe("send");
+  });
+
+  it("blocks send when target differs from current channel", async () => {
+    await expect(
+      runMessageAction({
+        cfg: slackConfig,
+        action: "send",
+        params: {
+          provider: "slack",
+          to: "channel:C999",
+          message: "hi",
+        },
+        toolContext: { currentChannelId: "C123" },
+        dryRun: true,
+      }),
+    ).rejects.toThrow(/Cross-context messaging denied/);
+  });
+
+  it("blocks thread-reply when channelId differs from current channel", async () => {
+    await expect(
+      runMessageAction({
+        cfg: slackConfig,
+        action: "thread-reply",
+        params: {
+          provider: "slack",
+          channelId: "C999",
+          message: "hi",
+        },
+        toolContext: { currentChannelId: "C123" },
+        dryRun: true,
+      }),
+    ).rejects.toThrow(/Cross-context messaging denied/);
+  });
+});