Add unit tests and code review for Moltbot.Shared#1
Merged
shanselman merged 4 commits intomasterfrom Jan 29, 2026
Merged
Conversation
Co-authored-by: shanselman <2892+shanselman@users.noreply.github.com>
Co-authored-by: shanselman <2892+shanselman@users.noreply.github.com>
Co-authored-by: shanselman <2892+shanselman@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Review code for correctness and add unit tests
Add unit tests and code review for Moltbot.Shared
Jan 29, 2026
codemonkeychris
referenced
this pull request
in codemonkeychris/openclaw-windows-node
Apr 27, 2026
The new canvas.a2ui.dump and canvas.caps commands shipped without unit coverage in the capability layer. Adds CanHandle assertions plus execution-path tests for both: not-open error paths, success paths returning structured JSON payloads (not quoted strings), and the default-when-no-handler shape that canvas.caps returns. Closes the test gap flagged in local-mcp-a2ui-closeout.md item #1.
codemonkeychris
referenced
this pull request
in codemonkeychris/openclaw-windows-node
Apr 27, 2026
The new canvas.a2ui.dump and canvas.caps commands shipped without unit coverage in the capability layer. Adds CanHandle assertions plus execution-path tests for both: not-open error paths, success paths returning structured JSON payloads (not quoted strings), and the default-when-no-handler shape that canvas.caps returns. Closes the test gap flagged in local-mcp-a2ui-closeout.md item #1.
codemonkeychris
referenced
this pull request
in codemonkeychris/openclaw-windows-node
Apr 27, 2026
The new canvas.a2ui.dump and canvas.caps commands shipped without unit coverage in the capability layer. Adds CanHandle assertions plus execution-path tests for both: not-open error paths, success paths returning structured JSON payloads (not quoted strings), and the default-when-no-handler shape that canvas.caps returns. Closes the test gap flagged in local-mcp-a2ui-closeout.md item #1.
codemonkeychris
referenced
this pull request
in codemonkeychris/openclaw-windows-node
Apr 27, 2026
The new canvas.a2ui.dump and canvas.caps commands shipped without unit coverage in the capability layer. Adds CanHandle assertions plus execution-path tests for both: not-open error paths, success paths returning structured JSON payloads (not quoted strings), and the default-when-no-handler shape that canvas.caps returns. Closes the test gap flagged in local-mcp-a2ui-closeout.md item #1.
codemonkeychris
referenced
this pull request
in codemonkeychris/openclaw-windows-node
Apr 28, 2026
The new canvas.a2ui.dump and canvas.caps commands shipped without unit coverage in the capability layer. Adds CanHandle assertions plus execution-path tests for both: not-open error paths, success paths returning structured JSON payloads (not quoted strings), and the default-when-no-handler shape that canvas.caps returns. Closes the test gap flagged in local-mcp-a2ui-closeout.md item #1.
7 tasks
AlexAlves87
pushed a commit
to AlexAlves87/openclaw-windows-node
that referenced
this pull request
May 4, 2026
Three gaps addressed (Hanselman review finding openclaw#1): - SegmentUsesEncodedCommand now extracts quoted tokens as a unit so `"-enc"` and `'-enc'` are detected alongside the unquoted forms. - IsEncodedCommandFlag handles colon/equals separators (-EncodedCommand:payload) and any unambiguous prefix abbreviation of -encodedcommand longer than -enc (e.g. -encod, -encode). - DirectExecUsesEncodedCommand added: direct top-level invocations ["powershell", "-enc", "..."] and transparent-env-wrapped forms ["env", "pwsh", "-enc", "..."] were not checked at all before; both now return [] from ResolveForAllowlist. Tests added: direct -EncodedCommand, -ec alias, -enco abbreviation, powershell.exe suffix, transparent env+pwsh, quoted flag in segment, colon-separator form, and a non-fail-closed guard for -Command. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
RBrid
added a commit
to RBrid/openclaw-windows-node
that referenced
this pull request
May 6, 2026
Critical (rubber-duck openclaw#1) — fail-closed integrity check before install. * New `Sha256` field on `WhisperModelInfo` and `PiperVoiceInfo`. * All 9 catalog entries (3 Whisper models + 6 Piper voices) carry a pinned lowercase-hex SHA-256, captured against the live HuggingFace and sherpa-onnx GitHub releases on 2026-05-05. * Download core methods now: 1. Refuse outright if the catalog entry has no pinned hash (`InvalidOperationException`). 2. Compute SHA-256 of the temp file BEFORE the atomic rename (Whisper) or BEFORE the tar extraction (Piper). 3. On mismatch, throw `System.Security.SecurityException`, delete the temp file, and let the catch block tear down any half-installed directory. Sanitized message — does NOT echo the actual hash (no confirmation oracle). * New `AssetHashPinningTests` enforces that every catalog entry has a 64-hex-char SHA-256 and an https URL — future additions that forget the hash now break the build. Audio_FollowUps.md §2 updated: * Status block at the top documents what landed today. * Pre-public-release TODO list trimmed to: independent re-verification of the pinned hashes, on-load verification (not just on download), and a future signed-manifest format so updates don't require a tray rebuild. The original detailed design notes are preserved as the spec for that next iteration. Tests: Shared 1275 / Tray 462. Build green. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Code Review Findings
Analyzed
Moltbot.Sharedlibrary for correctness and identified 7 issues:Medium Priority
ParseSessions()handles 2 format variations with ad-hoc validation; fragile to schema changesCheckHealthAsync,ListenForMessagesAsync) without coordination; potential rapid retry loopssettings.json; recommend DPAPI encryptionLow Priority
RequestUsageAsync()silently swallows exceptions, others log/rethrowIsMainderived from multiple key patterns (":main",":main:main")Full analysis in CODE_REVIEW.md.
Test Coverage
Added 88 unit tests (xUnit, .NET 9.0):
Coverage highlights:
Path.GetFileName())Not covered (requires integration tests):
Security
CodeQL scan: 0 vulnerabilities
Documentation
CODE_REVIEW.md- Issue analysis with severity ratings and recommendationsTEST_COVERAGE.md- Test statistics and coverage breakdowntests/Moltbot.Shared.Tests/README.md- Test usage guideAll tests passing. Codebase is production-ready with documented improvement paths.
💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.