test: avoid channel contract imports in config policy tests

2026-04-17 04:01:05 +00:00 · 2026-04-11 05:34:31 +01:00
parent f25fd327c3
commit 9f5e476d27
2 changed files with 37 additions and 11 deletions
--- a/src/config/config.secrets-schema.test.ts
+++ b/src/config/config.secrets-schema.test.ts
@@ -4,6 +4,7 @@ import {
  VALID_EXEC_SECRET_REF_IDS,
 } from "../test-utils/secret-ref-test-vectors.js";
 import { validateConfigObjectRaw } from "./validation.js";
+import { GoogleChatConfigSchema } from "./zod-schema.providers-core.js";

 function validateOpenAiApiKeyRef(apiKey: unknown) {
  return validateConfigObjectRaw({
@@ -70,19 +71,15 @@ describe("config secret refs schema", () => {
  });

  it("accepts googlechat serviceAccount refs", () => {
-    const result = validateConfigObjectRaw({
-      channels: {
-        googlechat: {
-          serviceAccountRef: {
-            source: "file",
-            provider: "filemain",
-            id: "/channels/googlechat/serviceAccount",
-          },
-        },
+    const result = GoogleChatConfigSchema.safeParse({
+      serviceAccountRef: {
+        source: "file",
+        provider: "filemain",
+        id: "/channels/googlechat/serviceAccount",
      },
    });

-    expect(result.ok).toBe(true);
+    expect(result.success).toBe(true);
  });

  it("accepts skills entry apiKey refs", () => {
--- a/src/config/validation.policy.test.ts
+++ b/src/config/validation.policy.test.ts
@@ -1,6 +1,35 @@
-import { describe, expect, it } from "vitest";
+import { describe, expect, it, vi } from "vitest";
 import { validateConfigObjectRaw } from "./validation.js";

+vi.mock("../secrets/unsupported-surface-policy.js", () => ({
+  collectUnsupportedSecretRefConfigCandidates: (raw: unknown) => {
+    const isRecord = (value: unknown): value is Record<string, unknown> =>
+      Boolean(value) && typeof value === "object" && !Array.isArray(value);
+    const candidates: Array<{ path: string; value: unknown }> = [];
+    if (!isRecord(raw)) {
+      return candidates;
+    }
+
+    const hooks = isRecord(raw.hooks) ? raw.hooks : null;
+    if (hooks) {
+      candidates.push({ path: "hooks.token", value: hooks.token });
+    }
+
+    const channels = isRecord(raw.channels) ? raw.channels : null;
+    const discord = channels && isRecord(channels.discord) ? channels.discord : null;
+    const threadBindings =
+      discord && isRecord(discord.threadBindings) ? discord.threadBindings : null;
+    if (threadBindings) {
+      candidates.push({
+        path: "channels.discord.threadBindings.webhookToken",
+        value: threadBindings.webhookToken,
+      });
+    }
+
+    return candidates;
+  },
+}));
+
 describe("config validation SecretRef policy guards", () => {
  it("surfaces a policy error for hooks.token SecretRef objects", () => {
    const result = validateConfigObjectRaw({