From f00ef03d9132c03f9e498c07404738bee226d14a Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Sat, 18 Apr 2026 21:57:56 +0100
Subject: [PATCH] test: dedupe bash gateway inline eval setup

---
 .../bash-tools.exec-host-gateway.test.ts      | 111 ++++++++----------
 1 file changed, 47 insertions(+), 64 deletions(-)

diff --git a/src/agents/bash-tools.exec-host-gateway.test.ts b/src/agents/bash-tools.exec-host-gateway.test.ts
index bebfd1881f8..4234496d95a 100644
--- a/src/agents/bash-tools.exec-host-gateway.test.ts
+++ b/src/agents/bash-tools.exec-host-gateway.test.ts
@@ -193,6 +193,47 @@ describe("processGatewayAllowlist", () => {
     });
   });
 
+  async function runTimedOutStrictInlineEval(params: {
+    security: "full" | "allowlist";
+    askFallback: "full" | "allowlist";
+    approvedByAsk: boolean;
+  }) {
+    resolveExecHostApprovalContextMock.mockReturnValue({
+      approvals: { allowlist: [], file: { version: 1, agents: {} } },
+      hostSecurity: params.security,
+      hostAsk: "always",
+      askFallback: params.askFallback,
+    });
+    detectInterpreterInlineEvalArgvMock.mockReturnValue(INLINE_EVAL_HIT);
+    resolveApprovalDecisionOrUndefinedMock.mockResolvedValue(null);
+    createExecApprovalDecisionStateMock.mockReturnValue({
+      baseDecision: { timedOut: true },
+      approvedByAsk: params.approvedByAsk,
+      deniedReason: null,
+    });
+    enforceStrictInlineEvalApprovalBoundaryMock.mockReturnValue({
+      approvedByAsk: false,
+      deniedReason: "approval-timeout",
+    });
+
+    return processGatewayAllowlist({
+      command: "python3 -c 'print(1)'",
+      workdir: process.cwd(),
+      env: process.env as Record<string, string>,
+      pty: false,
+      defaultTimeoutSec: 30,
+      security: params.security,
+      ask: "always",
+      safeBins: new Set(),
+      safeBinProfiles: {},
+      strictInlineEval: true,
+      warnings: [],
+      approvalRunningNoticeMs: 0,
+      maxOutput: 1000,
+      pendingMaxOutput: 1000,
+    });
+  }
+
   it("still requires approval when allowlist execution plan is unavailable despite durable trust", async () => {
     const result = await processGatewayAllowlist({
       command: "echo ok",
@@ -303,39 +344,10 @@ describe("processGatewayAllowlist", () => {
   });
 
   it("denies timed-out inline-eval requests instead of auto-running them", async () => {
-    resolveExecHostApprovalContextMock.mockReturnValue({
-      approvals: { allowlist: [], file: { version: 1, agents: {} } },
-      hostSecurity: "full",
-      hostAsk: "always",
-      askFallback: "full",
-    });
-    detectInterpreterInlineEvalArgvMock.mockReturnValue(INLINE_EVAL_HIT);
-    resolveApprovalDecisionOrUndefinedMock.mockResolvedValue(null);
-    createExecApprovalDecisionStateMock.mockReturnValue({
-      baseDecision: { timedOut: true },
-      approvedByAsk: true,
-      deniedReason: null,
-    });
-    enforceStrictInlineEvalApprovalBoundaryMock.mockReturnValue({
-      approvedByAsk: false,
-      deniedReason: "approval-timeout",
-    });
-
-    const result = await processGatewayAllowlist({
-      command: "python3 -c 'print(1)'",
-      workdir: process.cwd(),
-      env: process.env as Record<string, string>,
-      pty: false,
-      defaultTimeoutSec: 30,
+    const result = await runTimedOutStrictInlineEval({
       security: "full",
-      ask: "always",
-      safeBins: new Set(),
-      safeBinProfiles: {},
-      strictInlineEval: true,
-      warnings: [],
-      approvalRunningNoticeMs: 0,
-      maxOutput: 1000,
-      pendingMaxOutput: 1000,
+      askFallback: "full",
+      approvedByAsk: true,
     });
 
     expect(result.pendingResult?.details.status).toBe("approval-pending");
@@ -349,39 +361,10 @@ describe("processGatewayAllowlist", () => {
   });
 
   it("denies allowlist timeout fallback for strict inline-eval commands", async () => {
-    resolveExecHostApprovalContextMock.mockReturnValue({
-      approvals: { allowlist: [], file: { version: 1, agents: {} } },
-      hostSecurity: "allowlist",
-      hostAsk: "always",
-      askFallback: "allowlist",
-    });
-    detectInterpreterInlineEvalArgvMock.mockReturnValue(INLINE_EVAL_HIT);
-    resolveApprovalDecisionOrUndefinedMock.mockResolvedValue(null);
-    createExecApprovalDecisionStateMock.mockReturnValue({
-      baseDecision: { timedOut: true },
-      approvedByAsk: false,
-      deniedReason: null,
-    });
-    enforceStrictInlineEvalApprovalBoundaryMock.mockReturnValue({
-      approvedByAsk: false,
-      deniedReason: "approval-timeout",
-    });
-
-    const result = await processGatewayAllowlist({
-      command: "python3 -c 'print(1)'",
-      workdir: process.cwd(),
-      env: process.env as Record<string, string>,
-      pty: false,
-      defaultTimeoutSec: 30,
+    const result = await runTimedOutStrictInlineEval({
       security: "allowlist",
-      ask: "always",
-      safeBins: new Set(),
-      safeBinProfiles: {},
-      strictInlineEval: true,
-      warnings: [],
-      approvalRunningNoticeMs: 0,
-      maxOutput: 1000,
-      pendingMaxOutput: 1000,
+      askFallback: "allowlist",
+      approvedByAsk: false,
     });
 
     expect(result.pendingResult?.details.status).toBe("approval-pending");