clawsec

gnezim/clawsec

Fork 0

mirror of https://github.com/prompt-security/clawsec.git synced 2026-06-17 07:21:21 +03:00

Commit Graph

Author	SHA1	Message	Date
davida-ps	c9a66d5c99	Extract Shared Test Harness Module from 9 Test Files (#85 ) * refactor: extract shared test harness module from 9 test files Extract duplicated test utilities into a reusable test_harness.mjs module to eliminate ~200-250 lines of boilerplate code across test files. Changes: - Create skills/clawsec-suite/test/lib/test_harness.mjs with: - Test reporting: pass(), fail(), report(), exitWithResults() - Crypto utilities: generateEd25519KeyPair(), signPayload() - Temp directory: createTempDir() with cleanup - Environment helpers: withEnv() for isolated env vars - Test runner factory: createTestRunner() for isolated counters - Refactor 9 test files to use shared harness: - feed_verification.test.mjs - guarded_install.test.mjs - skill_catalog_discovery.test.mjs - advisory_suppression.test.mjs - advisory_application_scope.test.mjs - path_resolution.test.mjs - fuzz_properties.test.mjs - suppression_config.test.mjs - render_report_suppression.test.mjs Benefits: - Single source of truth for test utilities - Consistent test reporting across all files - Easier to add new test files - Reduced maintenance burden Verification: - All 80 tests pass (15+8+3+15+4+6+1+17+11) - Zero ESLint warnings - No behavior changes - only code deduplication - Cross-skill module sharing works (openclaw-audit-watchdog → clawsec-suite) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com> * fix: update minimatch override to 10.2.4 to resolve ReDoS vulnerabilities Bump minimatch from 10.2.1 to 10.2.4 in overrides to fix 10 high-severity ReDoS vulnerabilities (GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74). Also add .venv/ to ESLint ignores to prevent linting Python venv files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-02-27 09:20:36 +02:00
Aldo Delgado	7cdb4ab7e2	fix(portability): harden cross-platform path handling and install workflows (#62 ) * docs: add agent collaboration and git safety rules to AGENTS.md * fix(portability): harden cross-platform path handling and install workflows - add shared path resolution utility for advisory guardian components - expand and normalize home-path tokens: ~, $HOME, ${HOME}, %USERPROFILE%, $env:USERPROFILE - reject unresolved/escaped home tokens to prevent literal "$HOME" directory creation - fix install/runtime path handling in: - openclaw-audit-watchdog setup_cron and suppression config loader - clawsec-suite advisory hook handler, suppression loader, and guarded installer - remove hardcoded Homebrew binary assumptions in watchdog scripts/tests - add LF enforcement via .gitattributes to reduce CRLF script breakage - expand CI Node checks to linux/macos/windows matrix - add cross-platform test coverage for path expansion and token rejection - update README and SKILL docs with bash/zsh/PowerShell-safe path guidance - add compatibility deliverables: - docs/COMPATIBILITY_REPORT.md - docs/REMEDIATION_PLAN.md - docs/PLATFORM_VERIFICATION.md Validation: - node skills/clawsec-suite/test/path_resolution.test.mjs - node skills/clawsec-suite/test/guarded_install.test.mjs - node skills/clawsec-suite/test/advisory_suppression.test.mjs - node skills/openclaw-audit-watchdog/test/suppression_config.test.mjs - node skills/openclaw-audit-watchdog/test/render_report_suppression.test.mjs * fix(advisory): avoid fail-open on invalid path vars and cover watchdog tests * docs: move signing runbooks into docs folder * docs: remove root-level signing runbooks after move * chore(clawsec-suite): bump version to 0.1.3 * chore(openclaw-audit-watchdog): bump version to 0.1.1 * docs(changelog): add entries for clawsec-suite 0.1.3 and watchdog 0.1.1 * docs(changelog): credit @aldodelgado for PR #62 contributions * feat(clawsec-suite): scope advisories to openclaw application * fix(ci): run advisory scope tests without TypeScript loader --------- Co-authored-by: David Abutbul <David.a@prompt.security>	2026-02-25 13:24:31 +02:00

Author

SHA1

Message

Date

davida-ps

c9a66d5c99

Extract Shared Test Harness Module from 9 Test Files (#85 )

* refactor: extract shared test harness module from 9 test files

Extract duplicated test utilities into a reusable test_harness.mjs module
to eliminate ~200-250 lines of boilerplate code across test files.

Changes:
- Create skills/clawsec-suite/test/lib/test_harness.mjs with:
  - Test reporting: pass(), fail(), report(), exitWithResults()
  - Crypto utilities: generateEd25519KeyPair(), signPayload()
  - Temp directory: createTempDir() with cleanup
  - Environment helpers: withEnv() for isolated env vars
  - Test runner factory: createTestRunner() for isolated counters

- Refactor 9 test files to use shared harness:
  - feed_verification.test.mjs
  - guarded_install.test.mjs
  - skill_catalog_discovery.test.mjs
  - advisory_suppression.test.mjs
  - advisory_application_scope.test.mjs
  - path_resolution.test.mjs
  - fuzz_properties.test.mjs
  - suppression_config.test.mjs
  - render_report_suppression.test.mjs

Benefits:
- Single source of truth for test utilities
- Consistent test reporting across all files
- Easier to add new test files
- Reduced maintenance burden

Verification:
- All 80 tests pass (15+8+3+15+4+6+1+17+11)
- Zero ESLint warnings
- No behavior changes - only code deduplication
- Cross-skill module sharing works (openclaw-audit-watchdog → clawsec-suite)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

* fix: update minimatch override to 10.2.4 to resolve ReDoS vulnerabilities

Bump minimatch from 10.2.1 to 10.2.4 in overrides to fix 10 high-severity
ReDoS vulnerabilities (GHSA-7r86-cg39-jmmj, GHSA-23c5-xmqv-rm74).
Also add .venv/ to ESLint ignores to prevent linting Python venv files.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-02-27 09:20:36 +02:00

Aldo Delgado

7cdb4ab7e2

fix(portability): harden cross-platform path handling and install workflows (#62 )

* docs: add agent collaboration and git safety rules to AGENTS.md

* fix(portability): harden cross-platform path handling and install workflows

- add shared path resolution utility for advisory guardian components
- expand and normalize home-path tokens: ~, $HOME, ${HOME}, %USERPROFILE%, $env:USERPROFILE
- reject unresolved/escaped home tokens to prevent literal "$HOME" directory creation
- fix install/runtime path handling in:
  - openclaw-audit-watchdog setup_cron and suppression config loader
  - clawsec-suite advisory hook handler, suppression loader, and guarded installer
- remove hardcoded Homebrew binary assumptions in watchdog scripts/tests
- add LF enforcement via .gitattributes to reduce CRLF script breakage
- expand CI Node checks to linux/macos/windows matrix
- add cross-platform test coverage for path expansion and token rejection
- update README and SKILL docs with bash/zsh/PowerShell-safe path guidance
- add compatibility deliverables:
  - docs/COMPATIBILITY_REPORT.md
  - docs/REMEDIATION_PLAN.md
  - docs/PLATFORM_VERIFICATION.md

Validation:
- node skills/clawsec-suite/test/path_resolution.test.mjs
- node skills/clawsec-suite/test/guarded_install.test.mjs
- node skills/clawsec-suite/test/advisory_suppression.test.mjs
- node skills/openclaw-audit-watchdog/test/suppression_config.test.mjs
- node skills/openclaw-audit-watchdog/test/render_report_suppression.test.mjs

* fix(advisory): avoid fail-open on invalid path vars and cover watchdog tests

* docs: move signing runbooks into docs folder

* docs: remove root-level signing runbooks after move

* chore(clawsec-suite): bump version to 0.1.3

* chore(openclaw-audit-watchdog): bump version to 0.1.1

* docs(changelog): add entries for clawsec-suite 0.1.3 and watchdog 0.1.1

* docs(changelog): credit @aldodelgado for PR #62 contributions

* feat(clawsec-suite): scope advisories to openclaw application

* fix(ci): run advisory scope tests without TypeScript loader

---------

Co-authored-by: David Abutbul <David.a@prompt.security>

2026-02-25 13:24:31 +02:00

2 Commits