refactor: route runtime integration via adapter table

2026-05-08 11:05:56 +08:00
parent 34f035cfb5
commit 6bcadfae82
4 changed files with 173 additions and 30 deletions
--- a/plugins/reporting-governance/test/watchdog-chain.integration.test.mjs
+++ b/plugins/reporting-governance/test/watchdog-chain.integration.test.mjs
@@ -8,6 +8,7 @@ import {
  runOrchestratorAdapter,
  runWatchdogChain,
 } from '../src/index.mjs';
+import { createDeploymentBindingContract } from '../src/storage/profile-artifact.mjs';

 const packageRoot = path.resolve(import.meta.dirname, '..');

@@ -176,3 +177,77 @@ test('orchestrator adapter can use artifact_roots.queueItems as the default queu
    fs.rmSync(root, { recursive: true, force: true });
  }
 });
+
+test('orchestrator adapter fails closed at use time when artifact_roots.queueItems drifts through symlink escape', () => {
+  const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-orchestrator-drift-'));
+  try {
+    const fakeRepoRoot = path.join(sandbox, 'repo');
+    const outsideRoot = path.join(sandbox, 'outside');
+    const realRepoRoot = path.resolve(packageRoot, '..', '..');
+    fs.mkdirSync(path.join(fakeRepoRoot, 'scripts'), { recursive: true });
+    fs.mkdirSync(path.join(fakeRepoRoot, 'state', 'operator-notify-queue'), { recursive: true });
+    fs.mkdirSync(outsideRoot, { recursive: true });
+    for (const name of [
+      'watchdog_auto_notify_orchestrator.mjs',
+      'long_task_watchdog.mjs',
+      'operator_notify_dispatcher.mjs',
+      'operator_notify_bridge_supervisor.mjs',
+      'operator_notify_sender_binding.mjs',
+    ]) {
+      fs.copyFileSync(path.join(realRepoRoot, 'scripts', name), path.join(fakeRepoRoot, 'scripts', name));
+    }
+
+    const deploymentBinding = createDeploymentBindingContract({
+      artifact: {
+        kind: 'DeploymentProfileArtifact',
+        apiVersion: 'reporting-governance/v1alpha1',
+        metadata: {
+          id: 'drifted-queue-profile',
+          runtime: 'openclaw',
+          compatibility_mode: 'strict_envelope',
+        },
+        spec: {
+          package: { pluginVersion: '0.1.0-mainline' },
+          bindings: {
+            runtime: 'openclaw',
+            entrypoint: 'scripts/watchdog_auto_notify_orchestrator.mjs',
+            scripts: {
+              watchdog: 'scripts/long_task_watchdog.mjs',
+              dispatcher: 'scripts/operator_notify_dispatcher.mjs',
+              bridgeSupervisor: 'scripts/operator_notify_bridge_supervisor.mjs',
+              senderBinding: 'scripts/operator_notify_sender_binding.mjs',
+              orchestrator: 'scripts/watchdog_auto_notify_orchestrator.mjs'
+            },
+            artifact_roots: {
+              queueItems: 'state/operator-notify-queue'
+            }
+          }
+        }
+      },
+      repoRootOverride: fakeRepoRoot,
+    });
+
+    fs.rmSync(path.join(fakeRepoRoot, 'state', 'operator-notify-queue'), { recursive: true, force: true });
+    fs.symlinkSync(outsideRoot, path.join(fakeRepoRoot, 'state', 'operator-notify-queue'), 'dir');
+
+    const statePath = writeState(sandbox);
+
+    assert.throws(
+      () => runOrchestratorAdapter({
+        deploymentBinding,
+        repoRootOverride: fakeRepoRoot,
+        state: statePath,
+        evidenceDir: path.join(sandbox, 'evidence'),
+        eventDir: path.join(sandbox, 'events'),
+        spoolDir: path.join(sandbox, 'spool'),
+        receiptDir: path.join(sandbox, 'receipts'),
+        writeState: true,
+        dryRun: true,
+        now: '2026-05-07T08:20:00.000Z',
+      }),
+      /orchestrator adapter queueDir must stay within repo root: symlink resolution escapes realpath boundary/
+    );
+  } finally {
+    fs.rmSync(sandbox, { recursive: true, force: true });
+  }
+});