test: add OpenClaw bypass parity coverage

[jesse-merhi]

Summary

• expand this PR into a bypass-focused parity suite for both read-like and write-like OpenClaw migration surfaces
• add payload-driven read tests for root().read, root().open, root().stat, root().list, pathScope, openRootFile, openPinnedFileSync, and resolveAbsolutePathForRead
• add write/move/delete tests for root().write, root().create, root().append, root().openWritable, root().copyFrom, root().mkdir, root().remove, and root().move
• exercise dot-dot traversal, nested traversal, slash normalization, encoded/double-encoded traversal strings, NUL-byte strings, Windows/backslash/drive/UNC-looking payloads, absolute outside paths, symlink parents, final symlink leaves, hardlinks, and no-outside-bytes/no-outside-clobber behavior

Payload sources

Representative payload categories are based on common OWASP / PayloadsAllTheThings directory traversal testing guidance: dot-dot traversal, URL-encoded traversal, double encoding, null-byte strings, Windows drive paths, backslash traversal, and UNC paths.

Validation

• pnpm check

Notes

This PR is intentionally test-only. The new tests did not require production fixes; where platform-looking strings are legal POSIX literals, the assertions verify they stay inside the root and do not touch outside files.

[Copilot]

Pull request overview

Adds test-only coverage to support the planned OpenClaw migration by (a) documenting which raw fs.* operations are currently covered by @openclaw/fs-safe APIs and (b) asserting “read-like” bypass resistance across multiple surfaces (root APIs, path scoping, pinned/root file open helpers, and absolute-path read resolution).

Changes:

• Introduces a coverage map test that classifies each OpenClaw raw fs.* operation as covered/partial/missing/trusted-only/out-of-scope.
• Adds read bypass parity tests covering traversal attempts, symlink parents/leaves, hardlinks (when configured to reject), and absolute-path symlink behavior.
• Adds a “no outside bytes” regression test to ensure rejected paths don’t accidentally leak readable content via returned handles/results.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
test/openclaw-read-bypass-parity.test.ts	New bypass/parity tests asserting read/open/stat/list/pathScope/root-file-open behaviors against traversal, symlinks, hardlinks, and leakage.
test/openclaw-fs-operation-coverage.test.ts	New operation coverage map + assertions to keep missing raw fs.* operations explicit for migration planning.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.