fix(test): isolate env vars in security audit tests

The security audit tests were failing intermittently because
resolveGatewayAuth picks up CLAWDBOT_GATEWAY_TOKEN from the environment.
When that env var is set, auth mode becomes 'token' instead of 'none',
causing the 'flags non-loopback bind without auth as critical' test to fail.

Added vi.stubEnv() calls to isolate gateway auth env vars during tests.
This commit is contained in:
Andrew Lauppe 2026-01-25 14:39:43 -05:00
parent 35e83a378b
commit 1750d0855b

View File

@ -1,4 +1,4 @@
import { afterEach, beforeEach, describe, expect, it } from "vitest"; import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
import type { ClawdbotConfig } from "../config/config.js"; import type { ClawdbotConfig } from "../config/config.js";
import type { ChannelPlugin } from "../channels/plugins/types.js"; import type { ChannelPlugin } from "../channels/plugins/types.js";
@ -13,6 +13,15 @@ import path from "node:path";
const isWindows = process.platform === "win32"; const isWindows = process.platform === "win32";
describe("security audit", () => { describe("security audit", () => {
// Isolate gateway auth env vars so tests don't inherit from shell
beforeEach(() => {
vi.stubEnv("CLAWDBOT_GATEWAY_TOKEN", "");
vi.stubEnv("CLAWDBOT_GATEWAY_PASSWORD", "");
});
afterEach(() => {
vi.unstubAllEnvs();
});
it("includes an attack surface summary (info)", async () => { it("includes an attack surface summary (info)", async () => {
const cfg: ClawdbotConfig = { const cfg: ClawdbotConfig = {
channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } }, channels: { whatsapp: { groupPolicy: "open" }, telegram: { groupPolicy: "allowlist" } },