From 1750d0855bf5c0356559008a19f99ad4b40bb4de Mon Sep 17 00:00:00 2001 From: Andrew Lauppe Date: Sun, 25 Jan 2026 14:39:43 -0500 Subject: [PATCH] fix(test): isolate env vars in security audit tests The security audit tests were failing intermittently because resolveGatewayAuth picks up CLAWDBOT_GATEWAY_TOKEN from the environment. When that env var is set, auth mode becomes 'token' instead of 'none', causing the 'flags non-loopback bind without auth as critical' test to fail. Added vi.stubEnv() calls to isolate gateway auth env vars during tests. --- src/security/audit.test.ts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/security/audit.test.ts b/src/security/audit.test.ts index 2ee7e27ee..11f607309 100644 --- a/src/security/audit.test.ts +++ b/src/security/audit.test.ts @@ -1,4 +1,4 @@ -import { afterEach, beforeEach, describe, expect, it } from "vitest"; +import { afterEach, beforeEach, describe, expect, it, vi } from "vitest"; import type { ClawdbotConfig } from "../config/config.js"; import type { ChannelPlugin } from "../channels/plugins/types.js"; @@ -13,6 +13,15 @@ import path from "node:path"; const isWindows = process.platform === "win32"; describe("security audit", () => { + // Isolate gateway auth env vars so tests don't inherit from shell + beforeEach(() => { + vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", ""); + vi.stubEnv("CLAWDBOT_GATEWAY_PASSWORD", ""); + }); + afterEach(() => { + vi.unstubAllEnvs(); + }); + it("includes an attack surface summary (info)", async () => { const cfg: ClawdbotConfig = { channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } },