From 0fbd975fe8908f6ae9908fe140b21069fd20a3d9 Mon Sep 17 00:00:00 2001
From: Vincent Koc <vincentkoc@ieee.org>
Date: Fri, 29 May 2026 09:26:46 +0200
Subject: [PATCH] test(infra): avoid host-specific exec path fixtures

---
 src/infra/exec-approvals-analysis.test.ts  | 8 ++++----
 src/infra/exec-approvals-safe-bins.test.ts | 6 ++++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/infra/exec-approvals-analysis.test.ts b/src/infra/exec-approvals-analysis.test.ts
index 93e84e89c1c..36ba0a0daa9 100644
--- a/src/infra/exec-approvals-analysis.test.ts
+++ b/src/infra/exec-approvals-analysis.test.ts
@@ -563,9 +563,9 @@ describe("exec approvals shell analysis", () => {
   describe("shell allowlist (chained commands)", () => {
     it.each([
       {
-        allowlist: [{ pattern: "/usr/bin/obsidian-cli" }, { pattern: "/usr/bin/head" }],
+        allowlist: [{ pattern: "/usr/bin/obsidian-cli" }, { pattern: "/opt/openclaw-test/head" }],
         command:
-          "/usr/bin/obsidian-cli print-default && /usr/bin/obsidian-cli search foo | /usr/bin/head",
+          "/usr/bin/obsidian-cli print-default && /usr/bin/obsidian-cli search foo | /opt/openclaw-test/head",
         expectedAnalysisOk: true,
         expectedAllowlistSatisfied: true,
       },
@@ -689,12 +689,12 @@ describe("exec approvals shell analysis", () => {
       expect(result.segmentSatisfiedBy).toEqual([null]);
     });
 
-    it.each(['/usr/bin/echo "foo && bar"', '/usr/bin/echo "foo\\" && bar"'])(
+    it.each(['/opt/openclaw-test/echo "foo && bar"', '/opt/openclaw-test/echo "foo\\" && bar"'])(
       "respects quoted chain separator for %s",
       (command) => {
         const result = evaluateShellAllowlist({
           command,
-          allowlist: [{ pattern: "/usr/bin/echo" }],
+          allowlist: [{ pattern: "/opt/openclaw-test/echo" }],
           safeBins: new Set(),
           cwd: "/tmp",
         });
diff --git a/src/infra/exec-approvals-safe-bins.test.ts b/src/infra/exec-approvals-safe-bins.test.ts
index 5b8e60f1d49..40f70b2e2d3 100644
--- a/src/infra/exec-approvals-safe-bins.test.ts
+++ b/src/infra/exec-approvals-safe-bins.test.ts
@@ -463,21 +463,23 @@ describe("exec approvals safe bins", () => {
       argv: ["echo", "hello"],
       resolution: {
         rawExecutable: "echo",
-        resolvedPath: "/bin/echo",
+        resolvedPath: "/opt/openclaw-test/bin/echo",
         executableName: "echo",
       },
       safeBins: normalizeSafeBins(["echo"]),
       safeBinProfiles,
+      trustedSafeBinDirs: new Set(["/opt/openclaw-test/bin"]),
     });
     const deny = isSafeBinUsage({
       argv: ["echo", "hello", "world"],
       resolution: {
         rawExecutable: "echo",
-        resolvedPath: "/bin/echo",
+        resolvedPath: "/opt/openclaw-test/bin/echo",
         executableName: "echo",
       },
       safeBins: normalizeSafeBins(["echo"]),
       safeBinProfiles,
+      trustedSafeBinDirs: new Set(["/opt/openclaw-test/bin"]),
     });
     expect(allow).toBe(true);
     expect(deny).toBe(false);