vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-12 01:31:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: trim slow provider auth marker coverage

Browse Source
This commit is contained in:
Peter Steinberger
2026-04-05 15:06:53 +01:00
parent 79d722e922
commit b0f4af3bad
1 changed files with 23 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
src/agents/models-config.providers.discovery-auth.test.ts
View File

@@ -1,15 +1,8 @@
import { mkdtempSync } from "node:fs";
import { writeFile } from "node:fs/promises";
import { tmpdir } from "node:os";
import { join } from "node:path";
import { afterEach, describe, expect, it, vi } from "vitest";
import { buildHuggingfaceProvider } from "../../extensions/huggingface/provider-catalog.js";
import { buildVllmProvider } from "../../extensions/vllm/models.js";
import { NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js";
import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js";
type AuthProfilesFile = {
version: 1;
profiles: Record<string, Record<string, unknown>>;
};
import { resolveApiKeyFromCredential } from "./models-config.providers.secrets.js";
describe("provider discovery auth marker guardrails", () => {
let originalVitest: string | undefined;
@@ -33,8 +26,8 @@ describe("provider discovery auth marker guardrails", () => {
});
function enableDiscovery() {
originalVitest = process.env.VITEST;
originalNodeEnv = process.env.NODE_ENV;
originalVitest = process.env.VITEST ?? "true";
originalNodeEnv = process.env.NODE_ENV ?? "test";
originalFetch = globalThis.fetch;
delete process.env.VITEST;
delete process.env.NODE_ENV;
@@ -49,29 +42,17 @@ describe("provider discovery auth marker guardrails", () => {
return fetchMock;
}
async function createAgentDirWithAuthProfiles(profiles: AuthProfilesFile["profiles"]) {
const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-"));
await writeFile(
join(agentDir, "auth-profiles.json"),
JSON.stringify({ version: 1, profiles } satisfies AuthProfilesFile, null, 2),
"utf8",
);
return agentDir;
}
it("does not send marker value as vLLM bearer token during discovery", async () => {
enableDiscovery();
const fetchMock = installFetchMock({ data: [] });
const agentDir = await createAgentDirWithAuthProfiles({
"vllm:default": {
type: "api_key",
provider: "vllm",
keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" },
},
const resolved = resolveApiKeyFromCredential({
type: "api_key",
provider: "vllm",
keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" },
});
const providers = await resolveImplicitProvidersForTest({ agentDir, env: {}, config: {} });
expect(providers?.vllm?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
expect(resolved?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
await buildVllmProvider({ apiKey: resolved?.discoveryApiKey });
const request = fetchMock.mock.calls[0]?.[1] as
| { headers?: Record<string, string> }
| undefined;
@@ -81,16 +62,14 @@ describe("provider discovery auth marker guardrails", () => {
it("does not call Hugging Face discovery with marker-backed credentials", async () => {
enableDiscovery();
const fetchMock = installFetchMock();
const agentDir = await createAgentDirWithAuthProfiles({
"huggingface:default": {
type: "api_key",
provider: "huggingface",
keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" },
},
const resolved = resolveApiKeyFromCredential({
type: "api_key",
provider: "huggingface",
keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" },
});
const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} });
expect(providers?.huggingface?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
expect(resolved?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
await buildHuggingfaceProvider(resolved?.discoveryApiKey);
const huggingfaceCalls = fetchMock.mock.calls.filter(([url]) =>
String(url).includes("router.huggingface.co"),
);
@@ -100,86 +79,16 @@ describe("provider discovery auth marker guardrails", () => {
it("keeps all-caps plaintext API keys for authenticated discovery", async () => {
enableDiscovery();
const fetchMock = installFetchMock({ data: [{ id: "vllm/test-model" }] });
const agentDir = await createAgentDirWithAuthProfiles({
"vllm:default": {
type: "api_key",
provider: "vllm",
key: "ALLCAPS_SAMPLE",
},
const resolved = resolveApiKeyFromCredential({
type: "api_key",
provider: "vllm",
key: "ALLCAPS_SAMPLE",
});
await resolveImplicitProvidersForTest({ agentDir, env: {}, config: {} });
expect(resolved?.apiKey).toBe("ALLCAPS_SAMPLE");
await buildVllmProvider({ apiKey: resolved?.discoveryApiKey });
const vllmCall = fetchMock.mock.calls.find(([url]) => String(url).includes(":8000"));
const request = vllmCall?.[1] as { headers?: Record<string, string> } | undefined;
expect(request?.headers?.Authorization).toBe("Bearer ALLCAPS_SAMPLE");
});
it("surfaces xai provider auth from legacy grok web search config without persisting plaintext", async () => {
const agentDir = await createAgentDirWithAuthProfiles({});
const providers = await resolveImplicitProvidersForTest({
agentDir,
env: {},
config: {
tools: {
web: {
search: {
grok: {
apiKey: "xai-legacy-config-key", // pragma: allowlist secret
},
},
},
},
},
});
expect(providers?.xai?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
});
it("surfaces xai provider auth from SecretRef-backed legacy grok web search config", async () => {
const agentDir = await createAgentDirWithAuthProfiles({});
const providers = await resolveImplicitProvidersForTest({
agentDir,
env: {},
config: {
tools: {
web: {
search: {
grok: {
apiKey: { source: "exec", provider: "vault", id: "providers/xai/token" },
},
},
},
},
},
});
expect(providers?.xai?.apiKey).toBe(NON_ENV_SECRETREF_MARKER);
});
it("does not surface xai provider auth when the xai plugin is disabled", async () => {
const agentDir = await createAgentDirWithAuthProfiles({});
const providers = await resolveImplicitProvidersForTest({
agentDir,
env: {},
config: {
plugins: {
entries: {
xai: {
enabled: false,
config: {
webSearch: {
apiKey: "xai-plugin-config-key", // pragma: allowlist secret
},
},
},
},
},
},
});
expect(providers?.xai).toBeUndefined();
});
});