import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import { getFreePortBlockWithPermissionFallback } from "../test-utils/ports.js"; const resolveGatewayScopedToolsMock = vi.hoisted(() => vi.fn(() => ({ agentId: "main", tools: [ { name: "message", description: "send a message", parameters: { type: "object", properties: {} }, execute: async () => ({ content: [{ type: "text", text: "ok" }], }), }, ], })), ); vi.mock("../config/config.js", () => ({ loadConfig: () => ({ session: { mainKey: "main" } }), })); vi.mock("../config/sessions.js", () => ({ resolveMainSessionKey: () => "agent:main:main", })); vi.mock("./tool-resolution.js", () => ({ resolveGatewayScopedTools: (...args: Parameters) => resolveGatewayScopedToolsMock(...args), })); import { createMcpLoopbackServerConfig, closeMcpLoopbackServer, getActiveMcpLoopbackRuntime, ensureMcpLoopbackServer, startMcpLoopbackServer, } from "./mcp-http.js"; let server: Awaited> | undefined; async function sendRaw(params: { port: number; token?: string; headers?: Record; body?: string; }) { return await fetch(`http://127.0.0.1:${params.port}/mcp`, { method: "POST", headers: { ...(params.token ? { authorization: `Bearer ${params.token}` } : {}), ...params.headers, }, body: params.body, }); } beforeEach(() => { resolveGatewayScopedToolsMock.mockClear(); resolveGatewayScopedToolsMock.mockReturnValue({ agentId: "main", tools: [ { name: "message", description: "send a message", parameters: { type: "object", properties: {} }, execute: async () => ({ content: [{ type: "text", text: "ok" }], }), }, ], }); }); afterEach(async () => { await server?.close(); server = undefined; }); describe("mcp loopback server", () => { it("passes session, account, and message channel headers into shared tool resolution", async () => { const port = await getFreePortBlockWithPermissionFallback({ offsets: [0], fallbackBase: 53_000, }); server = await startMcpLoopbackServer(port); const runtime = getActiveMcpLoopbackRuntime(); const response = await sendRaw({ port: server.port, token: runtime?.token, headers: { "content-type": "application/json", "x-session-key": "agent:main:telegram:group:chat123", "x-openclaw-account-id": "work", "x-openclaw-message-channel": "telegram", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(200); expect(resolveGatewayScopedToolsMock).toHaveBeenCalledWith( expect.objectContaining({ sessionKey: "agent:main:telegram:group:chat123", accountId: "work", messageProvider: "telegram", senderIsOwner: undefined, surface: "loopback", }), ); }); it("threads senderIsOwner through loopback request context and cache separation", async () => { server = await startMcpLoopbackServer(0); const activeServer = server; const runtime = getActiveMcpLoopbackRuntime(); const sendToolsList = async (senderIsOwner: "true" | "false") => await sendRaw({ port: activeServer.port, token: runtime?.token, headers: { "content-type": "application/json", "x-session-key": "agent:main:matrix:dm:test", "x-openclaw-message-channel": "matrix", "x-openclaw-sender-is-owner": senderIsOwner, }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect((await sendToolsList("true")).status).toBe(200); expect((await sendToolsList("false")).status).toBe(200); expect(resolveGatewayScopedToolsMock).toHaveBeenCalledTimes(2); expect(resolveGatewayScopedToolsMock).toHaveBeenNthCalledWith( 1, expect.objectContaining({ sessionKey: "agent:main:matrix:dm:test", messageProvider: "matrix", senderIsOwner: true, surface: "loopback", }), ); expect(resolveGatewayScopedToolsMock).toHaveBeenNthCalledWith( 2, expect.objectContaining({ sessionKey: "agent:main:matrix:dm:test", messageProvider: "matrix", senderIsOwner: false, surface: "loopback", }), ); }); it("tracks the active runtime only while the server is running", async () => { server = await startMcpLoopbackServer(0); const active = getActiveMcpLoopbackRuntime(); expect(active?.port).toBe(server.port); expect(active?.token).toMatch(/^[0-9a-f]{64}$/); await server.close(); server = undefined; expect(getActiveMcpLoopbackRuntime()).toBeUndefined(); }); it("starts the loopback server lazily and reuses the same singleton", async () => { expect(getActiveMcpLoopbackRuntime()).toBeUndefined(); const first = await ensureMcpLoopbackServer(0); const second = await ensureMcpLoopbackServer(0); expect(second).toBe(first); expect(getActiveMcpLoopbackRuntime()?.port).toBe(first.port); await closeMcpLoopbackServer(); expect(getActiveMcpLoopbackRuntime()).toBeUndefined(); }); it("returns 401 when the bearer token is missing", async () => { server = await startMcpLoopbackServer(0); const response = await sendRaw({ port: server.port, headers: { "content-type": "application/json" }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(401); }); it("returns 415 when the content type is not JSON", async () => { server = await startMcpLoopbackServer(0); const runtime = getActiveMcpLoopbackRuntime(); const response = await sendRaw({ port: server.port, token: runtime?.token, headers: { "content-type": "text/plain" }, body: "{}", }); expect(response.status).toBe(415); }); it("rejects cross-origin browser requests before auth", async () => { server = await startMcpLoopbackServer(0); const response = await sendRaw({ port: server.port, headers: { "content-type": "application/json", origin: "https://evil.example", "sec-fetch-site": "cross-site", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(403); }); it("rejects non-loopback origins even without fetch metadata", async () => { server = await startMcpLoopbackServer(0); const response = await sendRaw({ port: server.port, headers: { "content-type": "application/json", origin: "https://evil.example", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(403); }); it("allows loopback browser origins for local clients", async () => { server = await startMcpLoopbackServer(0); const runtime = getActiveMcpLoopbackRuntime(); const response = await sendRaw({ port: server.port, token: runtime?.token, headers: { "content-type": "application/json", origin: "http://127.0.0.1:43123", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(200); }); it("allows same-origin browser requests from loopback clients", async () => { server = await startMcpLoopbackServer(0); const runtime = getActiveMcpLoopbackRuntime(); const response = await sendRaw({ port: server.port, token: runtime?.token, headers: { "content-type": "application/json", origin: `http://127.0.0.1:${server.port}`, "sec-fetch-site": "same-origin", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(200); }); it("allows cross-site fetch metadata when both ends are loopback (localhost ↔ 127.0.0.1)", async () => { // Browsers report a request from a `http://localhost:` // page to `http://127.0.0.1:` as Sec-Fetch-Site: // cross-site even though both ends are loopback. The gate must // not blanket-reject on the cross-site signal — checkBrowserOrigin // already authorizes loopback origins from loopback peers via // its `local-loopback` matcher. server = await startMcpLoopbackServer(0); const runtime = getActiveMcpLoopbackRuntime(); const response = await sendRaw({ port: server.port, token: runtime?.token, headers: { "content-type": "application/json", origin: "http://localhost:43123", "sec-fetch-site": "cross-site", }, body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "tools/list" }), }); expect(response.status).toBe(200); }); }); describe("createMcpLoopbackServerConfig", () => { it("builds a server entry with env-driven headers", () => { const config = createMcpLoopbackServerConfig(23119) as { mcpServers?: Record }>; }; expect(config.mcpServers?.openclaw?.url).toBe("http://127.0.0.1:23119/mcp"); expect(config.mcpServers?.openclaw?.headers?.Authorization).toBe( "Bearer ${OPENCLAW_MCP_TOKEN}", ); expect(config.mcpServers?.openclaw?.headers?.["x-openclaw-message-channel"]).toBe( "${OPENCLAW_MCP_MESSAGE_CHANNEL}", ); expect(config.mcpServers?.openclaw?.headers?.["x-openclaw-sender-is-owner"]).toBe( "${OPENCLAW_MCP_SENDER_IS_OWNER}", ); }); });