Skip to content

test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy#22045

Merged
mbelinky merged 2 commits intomainfrom
test/ios-mapped-ipv6-loopback-coverage
Feb 20, 2026
Merged

test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy#22045
mbelinky merged 2 commits intomainfrom
test/ios-mapped-ipv6-loopback-coverage

Conversation

@mbelinky
Copy link
Contributor

@mbelinky mbelinky commented Feb 20, 2026
edited by greptile-apps bot
Loading

Summary

  • add regression coverage for ::ffff:127.0.0.1 in manual host TLS resolution tests
  • confirms IPv4-mapped IPv6 loopback is treated as loopback (no forced TLS)

Why

Greptile correctly pointed out this specific test gap after the loopback hardening changes.

Changes

  • apps/ios/Tests/GatewayConnectionSecurityTests.swift
    • add:
      • #expect(controller._test_resolveManualUseTLS(host: "::ffff:127.0.0.1", useTLS: false) == false)

Verification

  • attempted targeted test run:
    • xcodebuild -project apps/ios/OpenClaw.xcodeproj -scheme OpenClaw -destination 'platform=iOS Simulator,name=iPhone 17' test -only-testing:OpenClawTests/GatewayConnectionSecurityTests/manualConnectionsForceTLSForNonLoopbackHosts
    • blocked in this environment because the scheme requires watchOS runtime (watchOS 26.2 must be installed).

Greptile Summary

Added regression test for IPv4-mapped IPv6 loopback address (::ffff:127.0.0.1) to verify it's correctly treated as loopback and doesn't force TLS in manual gateway connections.

  • Test coverage fills gap identified after loopback hardening changes in fix(ios): force tls for non-loopback manual gateway hosts #21969
  • Implementation in isLoopbackIPv6 (lines 695-707) already handles IPv4-mapped addresses by checking bytes[10-11] for 0xFF and bytes[12] for 127
  • New test assertion verifies expected behavior is working correctly

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • Single test assertion added to existing test suite with no production code changes. The test verifies that IPv4-mapped IPv6 loopback addresses are correctly handled by existing implementation (confirmed by code review of isLoopbackIPv6 at lines 704-705), filling a gap in test coverage.
  • No files require special attention

Last reviewed commit: 822d26e

@openclaw-barnacle openclaw-barnacle bot added app: ios App: ios size: XS maintainer Maintainer-authored PR labels Feb 20, 2026
@mbelinky mbelinky merged commit fe32150 into main Feb 20, 2026
14 checks passed
@mbelinky mbelinky deleted the test/ios-mapped-ipv6-loopback-coverage branch February 20, 2026 17:23
@mbelinky
Copy link
Contributor Author

mbelinky commented Feb 20, 2026

Merged via squash.

Thanks @mbelinky!

@github-actions github-actions bot mentioned this pull request Feb 20, 2026
Open
rodrigogs pushed a commit to rodrigogs/openclaw that referenced this pull request Feb 20, 2026
@mbelinky
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
0ccdc25 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
Hansen1018 added a commit to Hansen1018/openclaw that referenced this pull request Feb 21, 2026
@Hansen1018 @mbelinky
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
69d6b1a 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
vincentkoc pushed a commit that referenced this pull request Feb 21, 2026
@mbelinky @vincentkoc
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (#22045)
d1cd596 
Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
dgarson pushed a commit to dgarson/clawdbot that referenced this pull request Feb 21, 2026
@mbelinky @dgarson
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
54bb993 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
mmyyfirstb pushed a commit to mmyyfirstb/openclaw that referenced this pull request Feb 21, 2026
@mbelinky @mmyyfirstb
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
8b8499d 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
obviyus pushed a commit to guirguispierre/openclaw that referenced this pull request Feb 22, 2026
@mbelinky @obviyus
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
4f264bd 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
mreedr pushed a commit to mreedr/openclaw-custom that referenced this pull request Feb 24, 2026
@mbelinky
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
d8a62cc 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
@github-actions github-actions bot mentioned this pull request Mar 1, 2026
Closed
6 tasks
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 1, 2026
@mbelinky @github-actions
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
c678f31 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky

(cherry picked from commit fe32150)

# Conflicts:
#	CHANGELOG.md
hughdidit pushed a commit to hughdidit/DAISy-Agency that referenced this pull request Mar 3, 2026
@mbelinky @github-actions
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
2862eb7 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky

(cherry picked from commit fe32150)

# Conflicts:
#	CHANGELOG.md
zooqueen pushed a commit to hanzoai/bot that referenced this pull request Mar 6, 2026
@mbelinky
test(ios): cover IPv4-mapped IPv6 loopback in manual TLS policy (open…
914cc3b 
…claw#22045)

Merged via /review-pr -> /prepare-pr -> /merge-pr.

Prepared head SHA: ec952f0
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Co-authored-by: mbelinky <132747814+mbelinky@users.noreply.github.com>
Reviewed-by: @mbelinky
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

app: ios App: ios maintainer Maintainer-authored PR size: XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mbelinky