import type { PluginRuntime, RuntimeEnv } from "openclaw/plugin-sdk"; import { describe, expect, it, vi } from "vitest"; import type { ResolvedNextcloudTalkAccount } from "./accounts.js"; import { handleNextcloudTalkInbound } from "./inbound.js"; import { setNextcloudTalkRuntime } from "./runtime.js"; import type { CoreConfig, NextcloudTalkInboundMessage } from "./types.js"; describe("nextcloud-talk inbound authz", () => { it("does not treat DM pairing-store entries as group allowlist entries", async () => { const readAllowFromStore = vi.fn(async () => ["attacker"]); const buildMentionRegexes = vi.fn(() => [/@openclaw/i]); setNextcloudTalkRuntime({ channel: { pairing: { readAllowFromStore, }, commands: { shouldHandleTextCommands: () => false, }, text: { hasControlCommand: () => false, }, mentions: { buildMentionRegexes, matchesMentionPatterns: () => false, }, }, } as unknown as PluginRuntime); const message: NextcloudTalkInboundMessage = { messageId: "m-1", roomToken: "room-1", roomName: "Room 1", senderId: "attacker", senderName: "Attacker", text: "hello", mediaType: "text/plain", timestamp: Date.now(), isGroupChat: true, }; const account: ResolvedNextcloudTalkAccount = { accountId: "default", enabled: true, baseUrl: "", secret: "", secretSource: "none", config: { dmPolicy: "pairing", allowFrom: [], groupPolicy: "allowlist", groupAllowFrom: [], }, }; const config: CoreConfig = { channels: { "nextcloud-talk": { dmPolicy: "pairing", allowFrom: [], groupPolicy: "allowlist", groupAllowFrom: [], }, }, }; await handleNextcloudTalkInbound({ message, account, config, runtime: { log: vi.fn(), error: vi.fn(), } as unknown as RuntimeEnv, }); expect(readAllowFromStore).toHaveBeenCalledWith({ channel: "nextcloud-talk", accountId: "default", }); expect(buildMentionRegexes).not.toHaveBeenCalled(); }); });