From 39405ebe148670d766f70b804b956ebc39a7e4e7 Mon Sep 17 00:00:00 2001
From: Shakker <shakkerdroid@gmail.com>
Date: Fri, 8 May 2026 21:09:59 +0100
Subject: [PATCH] test: tighten small model risk assertions

---
 src/security/audit-small-model-risk.test.ts | 64 +++++++++++++--------
 1 file changed, 41 insertions(+), 23 deletions(-)

diff --git a/src/security/audit-small-model-risk.test.ts b/src/security/audit-small-model-risk.test.ts
index 7d788b96b9d..fcfdfe360e2 100644
--- a/src/security/audit-small-model-risk.test.ts
+++ b/src/security/audit-small-model-risk.test.ts
@@ -2,6 +2,18 @@ import { describe, expect, it } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
 import { collectSmallModelRiskFindings } from "./audit-extra.summary.js";
 
+function requireFirstSmallModelFinding(
+  findings: ReturnType<typeof collectSmallModelRiskFindings>,
+  label: string,
+) {
+  const [finding] = findings;
+  expect(finding, label).toBeDefined();
+  if (!finding) {
+    throw new Error(`Expected small-model risk finding for ${label}`);
+  }
+  return finding;
+}
+
 describe("security audit small-model risk findings", () => {
   it("scores small-model risk by tool/sandbox exposure", () => {
     const cases: Array<{
@@ -35,37 +47,43 @@ describe("security audit small-model risk findings", () => {
     ];
 
     for (const testCase of cases) {
-      const [finding] = collectSmallModelRiskFindings({
-        cfg: testCase.cfg,
-        env: process.env,
-      });
-      expect(finding?.severity, testCase.name).toBe(testCase.expectedSeverity);
+      const finding = requireFirstSmallModelFinding(
+        collectSmallModelRiskFindings({
+          cfg: testCase.cfg,
+          env: process.env,
+        }),
+        testCase.name,
+      );
+      expect(finding.severity, testCase.name).toBe(testCase.expectedSeverity);
       for (const snippet of testCase.detailIncludes) {
-        expect(finding?.detail, `${testCase.name}:${snippet}`).toContain(snippet);
+        expect(finding.detail, `${testCase.name}:${snippet}`).toContain(snippet);
       }
     }
   });
 
   it("resolves configured aliases before parameter-size classification", () => {
-    const [finding] = collectSmallModelRiskFindings({
-      cfg: {
-        agents: {
-          defaults: {
-            model: { primary: "tiny" },
-            models: {
-              "ollama/mistral-8b": { alias: "tiny" },
+    const finding = requireFirstSmallModelFinding(
+      collectSmallModelRiskFindings({
+        cfg: {
+          agents: {
+            defaults: {
+              model: { primary: "tiny" },
+              models: {
+                "ollama/mistral-8b": { alias: "tiny" },
+              },
             },
           },
-        },
-        tools: { web: { search: { enabled: true }, fetch: { enabled: true } } },
-        browser: { enabled: true },
-      } satisfies OpenClawConfig,
-      env: {},
-    });
+          tools: { web: { search: { enabled: true }, fetch: { enabled: true } } },
+          browser: { enabled: true },
+        } satisfies OpenClawConfig,
+        env: {},
+      }),
+      "configured alias",
+    );
 
-    expect(finding?.checkId).toBe("models.small_params");
-    expect(finding?.detail).toContain("ollama/mistral-8b");
-    expect(finding?.detail).toContain("@ agents.defaults.model.primary");
-    expect(finding?.detail).not.toContain("- tiny");
+    expect(finding.checkId).toBe("models.small_params");
+    expect(finding.detail).toContain("ollama/mistral-8b");
+    expect(finding.detail).toContain("@ agents.defaults.model.primary");
+    expect(finding.detail).not.toContain("- tiny");
   });
 });