test: tighten audit extra assertions

2026-05-10 00:10:42 +00:00 · 2026-05-08 21:06:13 +01:00
parent 2e28459a0e
commit 3cdb73c423
1 changed files with 25 additions and 10 deletions
--- a/src/security/audit-extra.sync.test.ts
+++ b/src/security/audit-extra.sync.test.ts
@@ -10,6 +10,15 @@ vi.mock("../plugins/web-search-credential-presence.js", () => ({
  hasConfiguredWebSearchCredential: () => false,
 }));

+function requireFirstFinding<T>(findings: readonly T[], label: string): T {
+  const [finding] = findings;
+  expect(finding).toBeDefined();
+  if (!finding) {
+    throw new Error(`Expected ${label} finding`);
+  }
+  return finding;
+}
+
 describe("collectAttackSurfaceSummaryFindings", () => {
  it.each([
    {
@@ -39,7 +48,10 @@ describe("collectAttackSurfaceSummaryFindings", () => {
      expectedDetail: ["hooks.internal: disabled"],
    },
  ])("$name", ({ cfg, expectedDetail }) => {
-    const [finding] = collectAttackSurfaceSummaryFindings(cfg);
+    const finding = requireFirstFinding(
+      collectAttackSurfaceSummaryFindings(cfg),
+      "attack surface summary",
+    );
    expect(finding.checkId).toBe("summary.attack_surface");
    for (const snippet of expectedDetail) {
      expect(finding.detail).toContain(snippet);
@@ -89,19 +101,22 @@ describe("collectSmallModelRiskFindings", () => {
      detailExcludes: ["No web/browser tools detected"],
    },
  ])("$name", ({ cfg, env, detailIncludes, detailExcludes }) => {
-    const [finding] = collectSmallModelRiskFindings({
-      cfg,
-      env,
-    });
+    const finding = requireFirstFinding(
+      collectSmallModelRiskFindings({
+        cfg,
+        env,
+      }),
+      "small model risk",
+    );

-    expect(finding?.checkId).toBe("models.small_params");
-    expect(finding?.severity).toBe("critical");
-    expect(finding?.detail).toContain("ollama/mistral-8b");
+    expect(finding.checkId).toBe("models.small_params");
+    expect(finding.severity).toBe("critical");
+    expect(finding.detail).toContain("ollama/mistral-8b");
    for (const snippet of detailIncludes) {
-      expect(finding?.detail).toContain(snippet);
+      expect(finding.detail).toContain(snippet);
    }
    for (const snippet of detailExcludes) {
-      expect(finding?.detail).not.toContain(snippet);
+      expect(finding.detail).not.toContain(snippet);
    }
  });
 });