test: tighten sandbox policy assertions

2026-05-18 15:24:46 +00:00 · 2026-05-09 15:41:14 +01:00
parent 9b629758fe
commit c6f2fa5c6f
2 changed files with 8 additions and 4 deletions
--- a/src/agents/sandbox/sanitize-env-vars.test.ts
+++ b/src/agents/sandbox/sanitize-env-vars.test.ts
@@ -14,7 +14,7 @@ describe("sanitizeEnvVars", () => {
      NODE_ENV: "test",
      FOO: "bar",
    });
-    expect(result.blocked).toEqual(expect.arrayContaining(["OPENAI_API_KEY", "GITHUB_TOKEN"]));
+    expect(result.blocked).toStrictEqual(["OPENAI_API_KEY", "GITHUB_TOKEN"]);
  });

  it("blocks credentials even when suffix pattern matches", () => {
@@ -25,7 +25,7 @@ describe("sanitizeEnvVars", () => {
    });

    expect(result.allowed).toEqual({ USER: "alice" });
-    expect(result.blocked).toEqual(expect.arrayContaining(["MY_TOKEN", "MY_SECRET"]));
+    expect(result.blocked).toStrictEqual(["MY_TOKEN", "MY_SECRET"]);
  });

  it("adds warnings for suspicious values", () => {
--- a/src/agents/sandbox/tool-policy.test.ts
+++ b/src/agents/sandbox/tool-policy.test.ts
@@ -137,14 +137,18 @@ describe("sandbox/tool-policy", () => {
    };

    const sandbox = resolveSandboxConfigForAgent(cfg, "tavern");
-    expect(sandbox.tools.allow).toEqual(expect.arrayContaining(["browser", "message", "tts"]));
+    expect(sandbox.tools.allow).toContain("browser");
+    expect(sandbox.tools.allow).toContain("message");
+    expect(sandbox.tools.allow).toContain("tts");
    expect(sandbox.tools.deny).not.toContain("browser");

    const runtime = resolveSandboxRuntimeStatus({
      cfg,
      sessionKey: "agent:tavern:main",
    });
-    expect(runtime.toolPolicy.allow).toEqual(expect.arrayContaining(["browser", "message", "tts"]));
+    expect(runtime.toolPolicy.allow).toContain("browser");
+    expect(runtime.toolPolicy.allow).toContain("message");
+    expect(runtime.toolPolicy.allow).toContain("tts");
    expect(runtime.toolPolicy.deny).not.toContain("browser");
  });