negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
fbc66324ee2b4521f5a55493cb7dcee2e1558dee
openclaw/src/agents/model-auth-label.test.ts
Josh Avant fbc66324ee SecretRef: harden custom/provider secret persistence and reuse (#42554) 
* Models: gate custom provider keys by usable secret semantics

* Config: project runtime writes onto source snapshot

* Models: prevent stale apiKey preservation for marker-managed providers

* Runner: strip SecretRef marker headers from resolved models

* Secrets: scan active agent models.json path in audit

* Config: guard runtime-source projection for unrelated configs

* Extensions: fix onboarding type errors in CI

* Tests: align setup helper account-enabled expectation

* Secrets audit: harden models.json file reads

* fix: harden SecretRef custom/provider secret persistence (#42554) (thanks @joshavant)
2026-03-10 18:46:47 -05:00

102 lines
3.3 KiB
TypeScript
Raw Blame History

import { beforeEach, describe, expect, it, vi } from "vitest";
const ensureAuthProfileStoreMock = vi.hoisted(() => vi.fn());
const resolveAuthProfileOrderMock = vi.hoisted(() => vi.fn());
const resolveAuthProfileDisplayLabelMock = vi.hoisted(() => vi.fn());
vi.mock("./auth-profiles.js", () => ({
ensureAuthProfileStore: (...args: unknown[]) => ensureAuthProfileStoreMock(...args),
resolveAuthProfileOrder: (...args: unknown[]) => resolveAuthProfileOrderMock(...args),
resolveAuthProfileDisplayLabel: (...args: unknown[]) =>
resolveAuthProfileDisplayLabelMock(...args),
}));
vi.mock("./model-auth.js", () => ({
resolveUsableCustomProviderApiKey: () => null,
resolveEnvApiKey: () => null,
}));
const { resolveModelAuthLabel } = await import("./model-auth-label.js");
describe("resolveModelAuthLabel", () => {
beforeEach(() => {
ensureAuthProfileStoreMock.mockReset();
resolveAuthProfileOrderMock.mockReset();
resolveAuthProfileDisplayLabelMock.mockReset();
});
it("does not include token value in label for token profiles", () => {
ensureAuthProfileStoreMock.mockReturnValue({
version: 1,
profiles: {
"github-copilot:default": {
type: "token",
provider: "github-copilot",
token: "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", // pragma: allowlist secret
tokenRef: { source: "env", provider: "default", id: "GITHUB_TOKEN" },
},
},
} as never);
resolveAuthProfileOrderMock.mockReturnValue(["github-copilot:default"]);
resolveAuthProfileDisplayLabelMock.mockReturnValue("github-copilot:default");
const label = resolveModelAuthLabel({
provider: "github-copilot",
cfg: {},
sessionEntry: { authProfileOverride: "github-copilot:default" } as never,
});
expect(label).toBe("token (github-copilot:default)");
expect(label).not.toContain("ghp_");
expect(label).not.toContain("ref(");
});
it("does not include api-key value in label for api-key profiles", () => {
const shortSecret = "abc123"; // pragma: allowlist secret
ensureAuthProfileStoreMock.mockReturnValue({
version: 1,
profiles: {
"openai:default": {
type: "api_key",
provider: "openai",
key: shortSecret,
},
},
} as never);
resolveAuthProfileOrderMock.mockReturnValue(["openai:default"]);
resolveAuthProfileDisplayLabelMock.mockReturnValue("openai:default");
const label = resolveModelAuthLabel({
provider: "openai",
cfg: {},
sessionEntry: { authProfileOverride: "openai:default" } as never,
});
expect(label).toBe("api-key (openai:default)");
expect(label).not.toContain(shortSecret);
expect(label).not.toContain("...");
});
it("shows oauth type with profile label", () => {
ensureAuthProfileStoreMock.mockReturnValue({
version: 1,
profiles: {
"anthropic:oauth": {
type: "oauth",
provider: "anthropic",
},
},
} as never);
resolveAuthProfileOrderMock.mockReturnValue(["anthropic:oauth"]);
resolveAuthProfileDisplayLabelMock.mockReturnValue("anthropic:oauth");
const label = resolveModelAuthLabel({
provider: "anthropic",
cfg: {},
sessionEntry: { authProfileOverride: "anthropic:oauth" } as never,
});
expect(label).toBe("oauth (anthropic:oauth)");
});
});
Reference in New Issue View Git Blame Copy Permalink