Gateway Auth: allowlist connection auth precedence fixtures

2026-03-12 07:20:45 +00:00 · 2026-03-07 16:42:53 -08:00
parent 83290c5cef
commit ac02529844
1 changed files with 7 additions and 7 deletions
--- a/src/gateway/connection-auth.test.ts
+++ b/src/gateway/connection-auth.test.ts
@@ -62,7 +62,7 @@ describe("resolveGatewayConnectionAuth", () => {
      env: DEFAULT_ENV,
      options: {
        localTokenPrecedence: "config-first",
-        localPasswordPrecedence: "config-first",
+        localPasswordPrecedence: "config-first", // pragma: allowlist secret
      },
      expected: {
        token: "config-token",
@@ -84,7 +84,7 @@ describe("resolveGatewayConnectionAuth", () => {
      env: DEFAULT_ENV,
      options: {
        localTokenPrecedence: "env-first",
-        localPasswordPrecedence: "config-first",
+        localPasswordPrecedence: "config-first", // pragma: allowlist secret
      },
      expected: {
        token: "env-token",
@@ -132,7 +132,7 @@ describe("resolveGatewayConnectionAuth", () => {
      env: DEFAULT_ENV,
      options: {
        remoteTokenPrecedence: "env-first",
-        remotePasswordPrecedence: "remote-first",
+        remotePasswordPrecedence: "remote-first", // pragma: allowlist secret
      },
      expected: {
        token: "env-token",
@@ -157,7 +157,7 @@ describe("resolveGatewayConnectionAuth", () => {
      env: DEFAULT_ENV,
      options: {
        remoteTokenFallback: "remote-only",
-        remotePasswordFallback: "remote-only",
+        remotePasswordFallback: "remote-only", // pragma: allowlist secret
      },
      expected: {
        token: "remote-token",
@@ -184,7 +184,7 @@ describe("resolveGatewayConnectionAuth", () => {
      options: {
        modeOverride: "remote",
        remoteTokenPrecedence: "remote-first",
-        remotePasswordPrecedence: "remote-first",
+        remotePasswordPrecedence: "remote-first", // pragma: allowlist secret
      },
      expected: {
        token: "remote-token",
@@ -267,7 +267,7 @@ describe("resolveGatewayConnectionAuth", () => {
    });
    const env = {
      CLAWDBOT_GATEWAY_TOKEN: "legacy-token",
-      LOCAL_SECRET_TOKEN: "resolved-from-secretref",
+      LOCAL_SECRET_TOKEN: "resolved-from-secretref", // pragma: allowlist secret
    } as NodeJS.ProcessEnv;

    const resolved = await resolveGatewayConnectionAuth({
@@ -336,7 +336,7 @@ describe("resolveGatewayConnectionAuth", () => {
      config,
      env,
      includeLegacyEnv: false,
-      localPasswordPrecedence: "config-first",
+      localPasswordPrecedence: "config-first", // pragma: allowlist secret
    });
    expect(resolved).toEqual({
      token: undefined,