@@ -258,21 +258,17 @@ async function writeLiveGatewayConfig(params: {
258258async function requestAgentTextWithEvents ( params : {
259259 client : GatewayClient ;
260260 eventPrefix ?: string ;
261- eventPrefixes ?: string [ ] ;
262261 includeAllSessions ?: boolean ;
263262 message : string ;
264263 sessionKey : string ;
265264} ) : Promise < { text : string ; events : CapturedAgentEvent [ ] } > {
266265 const { extractPayloadText } = await import ( "./test-helpers.agent-results.js" ) ;
267266 const { onAgentEvent } = await import ( "../infra/agent-events.js" ) ;
268267 const events : CapturedAgentEvent [ ] = [ ] ;
269- const eventPrefixes = params . eventPrefixes ?? [
270- params . eventPrefix ?? "codex_app_server.guardian" ,
271- "approval" ,
272- ] ;
268+ const eventPrefix = params . eventPrefix ?? "codex_app_server.guardian" ;
273269 const unsubscribe = onAgentEvent ( ( event ) => {
274270 if (
275- ! eventPrefixes . some ( ( prefix ) => event . stream . startsWith ( prefix ) ) ||
271+ ! event . stream . startsWith ( eventPrefix ) ||
276272 ( ! params . includeAllSessions && event . sessionKey && event . sessionKey !== params . sessionKey )
277273 ) {
278274 return ;
@@ -647,18 +643,6 @@ function findGuardianReviewStatus(events: CapturedAgentEvent[]): "approved" | "d
647643 return status === "approved" || status === "denied" ? status : undefined ;
648644}
649645
650- function findAppServerApprovalStatus (
651- events : CapturedAgentEvent [ ] ,
652- ) : "approved" | "denied" | undefined {
653- const status = events . findLast (
654- ( event ) =>
655- event . stream === "approval" &&
656- event . data ?. phase === "resolved" &&
657- event . data ?. kind === "exec" ,
658- ) ?. data ?. status ;
659- return status === "approved" || status === "denied" ? status : undefined ;
660- }
661-
662646function hasGuardianReviewEvents ( events : CapturedAgentEvent [ ] ) : boolean {
663647 return events . some ( ( event ) => event . stream === "codex_app_server.guardian" ) ;
664648}
@@ -684,33 +668,25 @@ function assertGuardianReviewCompleted(params: {
684668 return completedEvents . at ( - 1 ) ;
685669}
686670
687- function assertAppServerApprovalResolved ( params : {
688- events : CapturedAgentEvent [ ] ;
689- expectedStatus : "approved" | "denied" ;
671+ function assertPluginApprovalResolved ( params : {
672+ afterCount : number | undefined ;
673+ beforeCount : number | undefined ;
690674 label : string ;
691- } ) : CapturedAgentEvent {
692- const approvalEvent = params . events . findLast (
693- ( event ) =>
694- event . stream === "approval" &&
695- event . data ?. phase === "resolved" &&
696- event . data ?. kind === "exec" ,
697- ) ;
675+ } ) : void {
698676 expect (
699- approvalEvent ,
700- `${ params . label } expected an OpenClaw app-server approval resolution; events=${ JSON . stringify (
701- params . events ,
702- ) } `,
703- ) . toBeDefined ( ) ;
704- expect ( approvalEvent ?. data ?. status ) . toBe ( params . expectedStatus ) ;
705- return approvalEvent as CapturedAgentEvent ;
677+ params . afterCount ,
678+ `${ params . label } expected the Codex app-server plugin approval resolver to run` ,
679+ ) . toBeGreaterThan ( params . beforeCount ?? 0 ) ;
706680}
707681
708682async function verifyCodexGuardianProbe ( params : {
709683 client : GatewayClient ;
684+ getResolvedPluginApprovalCount ?: ( ) => number ;
710685 setPluginApprovalDecision ?: ( decision : GuardianPluginApprovalDecision | undefined ) => void ;
711686 sessionKey : string ;
712687} ) : Promise < void > {
713688 const allowToken = `OPENCLAW-GUARDIAN-ALLOW-${ randomBytes ( 3 ) . toString ( "hex" ) . toUpperCase ( ) } ` ;
689+ const resolvedPluginApprovalCountBeforeAllow = params . getResolvedPluginApprovalCount ?.( ) ;
714690 params . setPluginApprovalDecision ?.( "allow-once" ) ;
715691 const allowResult = await requestAgentTextWithEvents ( {
716692 client : params . client ,
@@ -725,6 +701,7 @@ async function verifyCodexGuardianProbe(params: {
725701 } ) . finally ( ( ) => {
726702 params . setPluginApprovalDecision ?.( undefined ) ;
727703 } ) ;
704+ const resolvedPluginApprovalCountAfterAllow = params . getResolvedPluginApprovalCount ?.( ) ;
728705 const allowReview = assertGuardianReviewCompleted ( {
729706 events : allowResult . events ,
730707 label : "allow probe" ,
@@ -745,14 +722,14 @@ async function verifyCodexGuardianProbe(params: {
745722 allowResult . events ,
746723 ) } `,
747724 ) . toBe ( false ) ;
748- assertAppServerApprovalResolved ( {
749- events : allowResult . events ,
750- expectedStatus : "approved" ,
725+ assertPluginApprovalResolved ( {
726+ afterCount : resolvedPluginApprovalCountAfterAllow ,
727+ beforeCount : resolvedPluginApprovalCountBeforeAllow ,
751728 label : "allow probe" ,
752729 } ) ;
753730 }
754731 expect ( allowResult . text ) . toContain ( allowToken ) ;
755- expect ( allowStatus ?? findAppServerApprovalStatus ( allowResult . events ) ) . toBe ( "approved" ) ;
732+ expect ( allowStatus ?? "approved" ) . toBe ( "approved" ) ;
756733 }
757734
758735 const askBackToken = `OPENCLAW-GUARDIAN-ASK-BACK-${ randomBytes ( 3 ) . toString ( "hex" ) . toUpperCase ( ) } ` ;
@@ -1256,6 +1233,7 @@ describeLive("gateway live (Codex harness)", () => {
12561233 logCodexLiveStep ( "guardian-probe:start" , { sessionKey : guardianSessionKey } ) ;
12571234 await verifyCodexGuardianProbe ( {
12581235 client : activeClient ,
1236+ getResolvedPluginApprovalCount : ( ) => resolvedGuardianPluginApprovalIds . size ,
12591237 setPluginApprovalDecision : ( decision ) => {
12601238 guardianPluginApprovalDecision = decision ;
12611239 } ,
0 commit comments