test(secrets): align secret ref fixtures

2026-06-28 12:03:32 +00:00 · 2026-06-19 17:51:58 +02:00
parent 80010a864b
commit 3bcdf20a44
2 changed files with 27 additions and 14 deletions
--- a/src/secrets/runtime.coverage.test.ts
+++ b/src/secrets/runtime.coverage.test.ts
@@ -1,4 +1,5 @@
 /** Coverage tests for secrets runtime collector breadth and target surfaces. */
+import { createHash } from "node:crypto";
 import fs from "node:fs";
 import path from "node:path";
 import { afterAll, beforeAll, describe, expect, test, vi } from "vitest";
@@ -312,6 +313,18 @@ function resolveCoverageEnvId(entry: SecretRegistryEntry, fallbackEnvId: string)
    : fallbackEnvId;
 }

+function toCoverageEnvRefId(prefix: string, id: string): string {
+  const normalized = id
+    .toUpperCase()
+    .replace(/[^A-Z0-9_]/g, "_")
+    .replace(/_+/g, "_")
+    .replace(/^_+|_+$/g, "");
+  const name = normalized || "TARGET";
+  const hash = createHash("sha256").update(id).digest("hex").slice(0, 12).toUpperCase();
+  const maxNameLength = 128 - prefix.length - hash.length - 2;
+  return `${prefix}_${name.slice(0, Math.max(1, maxNameLength))}_${hash}`;
+}
+
 function resolveCoverageResolvedPath(entry: SecretRegistryEntry): string {
  return canonicalizeSecretTargetCoverageId(entry.id);
 }
@@ -756,7 +769,7 @@ async function expectOpenClawCoverageBatchResolved(
  const config = {} as OpenClawConfig;
  const env: Record<string, string> = {};
  for (const [index, entry] of batch.entries()) {
-    const envId = `OPENCLAW_SECRET_TARGET_${entry.id}`;
+    const envId = toCoverageEnvRefId("OPENCLAW_SECRET_TARGET", entry.id);
    const runtimeEnvId = resolveCoverageEnvId(entry, envId);
    const expectedValue = `resolved-${entry.id}`;
    const wildcardToken = resolveCoverageWildcardToken(index);
@@ -857,7 +870,7 @@ describe("secrets runtime target coverage", () => {
          profiles: {},
        };
        for (const [index, entry] of batch.entries()) {
-          const envId = `OPENCLAW_AUTH_SECRET_TARGET_${entry.id}`;
+          const envId = toCoverageEnvRefId("OPENCLAW_AUTH_SECRET_TARGET", entry.id);
          env[envId] = `resolved-${entry.id}`;
          applyAuthStoreTarget(authStore, entry, envId, resolveCoverageWildcardToken(index));
        }
--- a/src/tui/gateway-chat.test.ts
+++ b/src/tui/gateway-chat.test.ts
@@ -47,13 +47,13 @@ type ModeExecProviderFixture = {
  tokenMarker: string;
  passwordMarker: string;
  providers: {
-    tokenProvider: {
+    tokenprovider: {
      source: "exec";
      command: string;
      args: string[];
      allowInsecurePath: true;
    };
-    passwordProvider: {
+    passwordprovider: {
      source: "exec";
      command: string;
      args: string[];
@@ -85,13 +85,13 @@ async function withModeExecProviderFixture(
      tokenMarker,
      passwordMarker,
      providers: {
-        tokenProvider: {
+        tokenprovider: {
          source: "exec",
          command: process.execPath,
          args: ["-e", tokenExecProgram],
          allowInsecurePath: true,
        },
-        passwordProvider: {
+        passwordprovider: {
          source: "exec",
          command: process.execPath,
          args: ["-e", passwordExecProgram],
@@ -361,7 +361,7 @@ describe("resolveGatewayConnection", () => {
      loadConfig.mockReturnValue({
        secrets: {
          providers: {
-            fileProvider: {
+            fileprovider: {
              source: "file",
              path: secretFile,
              mode: "json",
@@ -372,7 +372,7 @@ describe("resolveGatewayConnection", () => {
        gateway: {
          mode: "local",
          auth: {
-            token: { source: "file", provider: "fileProvider", id: "/gatewayToken" },
+            token: { source: "file", provider: "fileprovider", id: "/gatewayToken" },
          },
        },
      });
@@ -396,7 +396,7 @@ describe("resolveGatewayConnection", () => {
    loadConfig.mockReturnValue({
      secrets: {
        providers: {
-          execProvider: {
+          execprovider: {
            source: "exec",
            command: process.execPath,
            args: ["-e", execProgram],
@@ -407,7 +407,7 @@ describe("resolveGatewayConnection", () => {
      gateway: {
        mode: "local",
        auth: {
-          token: { source: "exec", provider: "execProvider", id: "EXEC_GATEWAY_TOKEN" },
+          token: { source: "exec", provider: "execprovider", id: "EXEC_GATEWAY_TOKEN" },
        },
      },
    });
@@ -428,8 +428,8 @@ describe("resolveGatewayConnection", () => {
            mode: "local",
            auth: {
              mode: "token",
-              token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
-              password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
+              token: { source: "exec", provider: "tokenprovider", id: "TOKEN_SECRET" },
+              password: { source: "exec", provider: "passwordprovider", id: "PASSWORD_SECRET" },
            },
          },
        });
@@ -455,8 +455,8 @@ describe("resolveGatewayConnection", () => {
            mode: "local",
            auth: {
              mode: "password",
-              token: { source: "exec", provider: "tokenProvider", id: "TOKEN_SECRET" },
-              password: { source: "exec", provider: "passwordProvider", id: "PASSWORD_SECRET" },
+              token: { source: "exec", provider: "tokenprovider", id: "TOKEN_SECRET" },
+              password: { source: "exec", provider: "passwordprovider", id: "PASSWORD_SECRET" },
            },
          },
        });