From b0f4af3bad5256c087019e7a34fe32e3516ec38c Mon Sep 17 00:00:00 2001 From: Peter Steinberger Date: Sun, 5 Apr 2026 15:06:53 +0100 Subject: [PATCH] test: trim slow provider auth marker coverage --- ...ls-config.providers.discovery-auth.test.ts | 137 +++--------------- 1 file changed, 23 insertions(+), 114 deletions(-) diff --git a/src/agents/models-config.providers.discovery-auth.test.ts b/src/agents/models-config.providers.discovery-auth.test.ts index 651cabecc0d..35296233093 100644 --- a/src/agents/models-config.providers.discovery-auth.test.ts +++ b/src/agents/models-config.providers.discovery-auth.test.ts @@ -1,15 +1,8 @@ -import { mkdtempSync } from "node:fs"; -import { writeFile } from "node:fs/promises"; -import { tmpdir } from "node:os"; -import { join } from "node:path"; import { afterEach, describe, expect, it, vi } from "vitest"; +import { buildHuggingfaceProvider } from "../../extensions/huggingface/provider-catalog.js"; +import { buildVllmProvider } from "../../extensions/vllm/models.js"; import { NON_ENV_SECRETREF_MARKER } from "./model-auth-markers.js"; -import { resolveImplicitProvidersForTest } from "./models-config.e2e-harness.js"; - -type AuthProfilesFile = { - version: 1; - profiles: Record>; -}; +import { resolveApiKeyFromCredential } from "./models-config.providers.secrets.js"; describe("provider discovery auth marker guardrails", () => { let originalVitest: string | undefined; @@ -33,8 +26,8 @@ describe("provider discovery auth marker guardrails", () => { }); function enableDiscovery() { - originalVitest = process.env.VITEST; - originalNodeEnv = process.env.NODE_ENV; + originalVitest = process.env.VITEST ?? "true"; + originalNodeEnv = process.env.NODE_ENV ?? "test"; originalFetch = globalThis.fetch; delete process.env.VITEST; delete process.env.NODE_ENV; @@ -49,29 +42,17 @@ describe("provider discovery auth marker guardrails", () => { return fetchMock; } - async function createAgentDirWithAuthProfiles(profiles: AuthProfilesFile["profiles"]) { - const agentDir = mkdtempSync(join(tmpdir(), "openclaw-test-")); - await writeFile( - join(agentDir, "auth-profiles.json"), - JSON.stringify({ version: 1, profiles } satisfies AuthProfilesFile, null, 2), - "utf8", - ); - return agentDir; - } - it("does not send marker value as vLLM bearer token during discovery", async () => { enableDiscovery(); const fetchMock = installFetchMock({ data: [] }); - const agentDir = await createAgentDirWithAuthProfiles({ - "vllm:default": { - type: "api_key", - provider: "vllm", - keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" }, - }, + const resolved = resolveApiKeyFromCredential({ + type: "api_key", + provider: "vllm", + keyRef: { source: "file", provider: "vault", id: "/vllm/apiKey" }, }); - const providers = await resolveImplicitProvidersForTest({ agentDir, env: {}, config: {} }); - expect(providers?.vllm?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); + expect(resolved?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); + await buildVllmProvider({ apiKey: resolved?.discoveryApiKey }); const request = fetchMock.mock.calls[0]?.[1] as | { headers?: Record } | undefined; @@ -81,16 +62,14 @@ describe("provider discovery auth marker guardrails", () => { it("does not call Hugging Face discovery with marker-backed credentials", async () => { enableDiscovery(); const fetchMock = installFetchMock(); - const agentDir = await createAgentDirWithAuthProfiles({ - "huggingface:default": { - type: "api_key", - provider: "huggingface", - keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" }, - }, + const resolved = resolveApiKeyFromCredential({ + type: "api_key", + provider: "huggingface", + keyRef: { source: "exec", provider: "vault", id: "providers/hf/token" }, }); - const providers = await resolveImplicitProvidersForTest({ agentDir, env: {} }); - expect(providers?.huggingface?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); + expect(resolved?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); + await buildHuggingfaceProvider(resolved?.discoveryApiKey); const huggingfaceCalls = fetchMock.mock.calls.filter(([url]) => String(url).includes("router.huggingface.co"), ); @@ -100,86 +79,16 @@ describe("provider discovery auth marker guardrails", () => { it("keeps all-caps plaintext API keys for authenticated discovery", async () => { enableDiscovery(); const fetchMock = installFetchMock({ data: [{ id: "vllm/test-model" }] }); - const agentDir = await createAgentDirWithAuthProfiles({ - "vllm:default": { - type: "api_key", - provider: "vllm", - key: "ALLCAPS_SAMPLE", - }, + const resolved = resolveApiKeyFromCredential({ + type: "api_key", + provider: "vllm", + key: "ALLCAPS_SAMPLE", }); - await resolveImplicitProvidersForTest({ agentDir, env: {}, config: {} }); + expect(resolved?.apiKey).toBe("ALLCAPS_SAMPLE"); + await buildVllmProvider({ apiKey: resolved?.discoveryApiKey }); const vllmCall = fetchMock.mock.calls.find(([url]) => String(url).includes(":8000")); const request = vllmCall?.[1] as { headers?: Record } | undefined; expect(request?.headers?.Authorization).toBe("Bearer ALLCAPS_SAMPLE"); }); - - it("surfaces xai provider auth from legacy grok web search config without persisting plaintext", async () => { - const agentDir = await createAgentDirWithAuthProfiles({}); - - const providers = await resolveImplicitProvidersForTest({ - agentDir, - env: {}, - config: { - tools: { - web: { - search: { - grok: { - apiKey: "xai-legacy-config-key", // pragma: allowlist secret - }, - }, - }, - }, - }, - }); - - expect(providers?.xai?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); - }); - - it("surfaces xai provider auth from SecretRef-backed legacy grok web search config", async () => { - const agentDir = await createAgentDirWithAuthProfiles({}); - - const providers = await resolveImplicitProvidersForTest({ - agentDir, - env: {}, - config: { - tools: { - web: { - search: { - grok: { - apiKey: { source: "exec", provider: "vault", id: "providers/xai/token" }, - }, - }, - }, - }, - }, - }); - - expect(providers?.xai?.apiKey).toBe(NON_ENV_SECRETREF_MARKER); - }); - - it("does not surface xai provider auth when the xai plugin is disabled", async () => { - const agentDir = await createAgentDirWithAuthProfiles({}); - - const providers = await resolveImplicitProvidersForTest({ - agentDir, - env: {}, - config: { - plugins: { - entries: { - xai: { - enabled: false, - config: { - webSearch: { - apiKey: "xai-plugin-config-key", // pragma: allowlist secret - }, - }, - }, - }, - }, - }, - }); - - expect(providers?.xai).toBeUndefined(); - }); });