fix: race in HTTP channel test, protocol display names, lint exclusions

nnemirovsky · nnemirovsky · commit fb4770238814 · 2026-04-05T21:08:48.000+08:00
diff --git a/.golangci.yml b/.golangci.yml
@@ -13,6 +13,17 @@ linters:
     - recvcheck
     - bodyclose
 
+  exclusions:
+    rules:
+      - path: internal/api/
+        linters:
+          - revive
+        text: "avoid meaningless package names"
+      - path: internal/channel/http/
+        linters:
+          - revive
+        text: "avoid package names that conflict"
+
 formatters:
   enable:
     - gci
diff --git a/README.md b/README.md
@@ -160,7 +160,7 @@ default = "deny"
 # Network rules
 [[allow]]
 destination = "api.anthropic.com"
-protocols = ["https"]
+protocols = ["http", "https"]
 
 [[allow]]
 destination = "dns.google"
diff --git a/internal/channel/http/http_test.go b/internal/channel/http/http_test.go
@@ -57,21 +57,23 @@ func TestStartStop(t *testing.T) {
 }
 
 func TestRequestApproval_SyncPath(t *testing.T) {
-	var received WebhookPayload
-	var receivedSig string
 	secret := "test-secret-123"
+	payloadCh := make(chan WebhookPayload, 1)
 
 	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		receivedSig = r.Header.Get("X-Sluice-Signature")
+		sig := r.Header.Get("X-Sluice-Signature")
 		body, _ := io.ReadAll(r.Body)
-		_ = json.Unmarshal(body, &received)
+
+		var payload WebhookPayload
+		_ = json.Unmarshal(body, &payload)
+		payloadCh <- payload
 
 		// Verify HMAC signature.
 		mac := hmac.New(sha256.New, []byte(secret))
 		mac.Write(body)
 		expectedSig := "sha256=" + hex.EncodeToString(mac.Sum(nil))
-		if receivedSig != expectedSig {
-			t.Errorf("signature mismatch: got %s, want %s", receivedSig, expectedSig)
+		if sig != expectedSig {
+			t.Errorf("signature mismatch: got %s, want %s", sig, expectedSig)
 		}
 
 		w.Header().Set("Content-Type", "application/json")
@@ -112,6 +114,9 @@ func TestRequestApproval_SyncPath(t *testing.T) {
 	if resp != channel.ResponseAllowOnce {
 		t.Errorf("got response %v, want %v", resp, channel.ResponseAllowOnce)
 	}
+
+	// Read the payload that was captured by the handler (no race).
+	received := <-payloadCh
 	if received.ID == "" {
 		t.Error("webhook did not receive a request ID")
 	}
diff --git a/internal/telegram/bot.go b/internal/telegram/bot.go
@@ -23,6 +23,24 @@ func sanitizeError(err error) string {
 // We leave a small margin for the truncation notice.
 const telegramMaxMessage = 4000
 
+// protoDisplayName returns the human-readable display name for a protocol.
+var protoDisplayName = map[string]string{
+	"http":    "HTTP",
+	"https":   "HTTPS",
+	"ssh":     "SSH",
+	"imap":    "IMAP",
+	"smtp":    "SMTP",
+	"ws":      "WebSocket",
+	"wss":     "WebSocket (TLS)",
+	"grpc":    "gRPC",
+	"dns":     "DNS",
+	"quic":    "QUIC",
+	"apns":    "APNS",
+	"tcp":     "TCP",
+	"udp":     "UDP",
+	"generic": "TCP",
+}
+
 // FormatApprovalMessage builds the Telegram message text for an approval
 // request. MCP tool calls (protocol == "mcp") show the tool name and
 // arguments. Network connections show the protocol, destination, and port.
@@ -35,9 +53,9 @@ func FormatApprovalMessage(req channel.ApprovalRequest) string {
 		msg += "\n\nAllow this tool call?"
 		return msg
 	}
-	proto := req.Protocol
-	if proto == "" {
-		proto = "tcp"
+	display := protoDisplayName[req.Protocol]
+	if display == "" {
+		display = req.Protocol
 	}
-	return fmt.Sprintf("OpenClaw wants to connect to:\n\n%s://%s:%d\n\nAllow this connection?", proto, req.Destination, req.Port)
+	return fmt.Sprintf("OpenClaw wants to connect to:\n\n%s %s:%d\n\nAllow this connection?", display, req.Destination, req.Port)
 }
diff --git a/internal/telegram/bot_test.go b/internal/telegram/bot_test.go
@@ -62,22 +62,23 @@ func TestFormatApprovalMessage(t *testing.T) {
 		if !strings.Contains(msg, "443") {
 			t.Error("message should contain port")
 		}
-		if !strings.Contains(msg, "https://") {
-			t.Error("message should contain protocol scheme")
+		if !strings.Contains(msg, "HTTPS ") {
+			t.Error("message should contain protocol display name")
 		}
 		if !strings.Contains(msg, "OpenClaw wants to connect") {
 			t.Error("message should use network connection wording")
 		}
 	})
 
-	t.Run("network connection with empty protocol", func(t *testing.T) {
+	t.Run("network connection with protocol", func(t *testing.T) {
 		req := channel.ApprovalRequest{
 			Destination: "example.com",
 			Port:        8080,
+			Protocol:    "http",
 		}
 		msg := FormatApprovalMessage(req)
-		if !strings.Contains(msg, "tcp://") {
-			t.Error("empty protocol should default to tcp")
+		if !strings.Contains(msg, "HTTP example.com:8080") {
+			t.Errorf("expected 'HTTP example.com:8080' in message, got: %s", msg)
 		}
 	})
 

Original file line number	Diff line number	Diff line change
`@@ -62,22 +62,23 @@ func TestFormatApprovalMessage(t *testing.T) {`
`62`	`62`	`if !strings.Contains(msg, "443") {`
`63`	`63`	`t.Error("message should contain port")`
`64`	`64`	`}`
`65`		`- if !strings.Contains(msg, "https://") {`
`66`		`- t.Error("message should contain protocol scheme")`
	`65`	`+ if !strings.Contains(msg, "HTTPS ") {`
	`66`	`+ t.Error("message should contain protocol display name")`
`67`	`67`	`}`
`68`	`68`	`if !strings.Contains(msg, "OpenClaw wants to connect") {`
`69`	`69`	`t.Error("message should use network connection wording")`
`70`	`70`	`}`
`71`	`71`	`})`
`72`	`72`
`73`		`- t.Run("network connection with empty protocol", func(t *testing.T) {`
	`73`	`+ t.Run("network connection with protocol", func(t *testing.T) {`
`74`	`74`	`req := channel.ApprovalRequest{`
`75`	`75`	`Destination: "example.com",`
`76`	`76`	`Port: 8080,`
	`77`	`+ Protocol: "http",`
`77`	`78`	`}`
`78`	`79`	`msg := FormatApprovalMessage(req)`
`79`		`- if !strings.Contains(msg, "tcp://") {`
`80`		`- t.Error("empty protocol should default to tcp")`
	`80`	`+ if !strings.Contains(msg, "HTTP example.com:8080") {`
	`81`	`+ t.Errorf("expected 'HTTP example.com:8080' in message, got: %s", msg)`
`81`	`82`	`}`
`82`	`83`	`})`
`83`	`84`