test: isolate exec allowlist env

2026-01-22 08:58:55 +00:00
parent 0e17e55be9
commit 0824bc0236
1 changed files with 39 additions and 48 deletions
--- a/src/agents/bash-tools.exec.approval-id.test.ts
+++ b/src/agents/bash-tools.exec.approval-id.test.ts
@@ -80,58 +80,49 @@ describe("exec approvals", () => {
    if (process.platform !== "win32") {
      await fs.chmod(exePath, 0o755);
    }
-    const prevPath = process.env.PATH;
-    const prevPathExt = process.env.PATHEXT;
-    process.env.PATH = binDir;
+    const execEnv: Record<string, string> = { PATH: binDir };
    if (process.platform === "win32") {
-      process.env.PATHEXT = ".CMD";
+      execEnv.PATHEXT = ".CMD";
    }
-
-    try {
-      const approvalsFile = {
-        version: 1,
-        defaults: { security: "allowlist", ask: "on-miss", askFallback: "deny" },
-        agents: {
-          main: {
-            allowlist: [{ pattern: exePath }],
-          },
+    const approvalsFile = {
+      version: 1,
+      defaults: { security: "allowlist", ask: "on-miss", askFallback: "deny" },
+      agents: {
+        main: {
+          allowlist: [{ pattern: exePath }],
        },
-      };
+      },
+    };

-      const calls: string[] = [];
-      vi.mocked(callGatewayTool).mockImplementation(async (method) => {
-        calls.push(method);
-        if (method === "exec.approvals.node.get") {
-          return { file: approvalsFile };
-        }
-        if (method === "node.invoke") {
-          return { payload: { success: true, stdout: "ok" } };
-        }
-        if (method === "exec.approval.request") {
-          return { decision: "allow-once" };
-        }
-        return { ok: true };
-      });
-
-      const { createExecTool } = await import("./bash-tools.exec.js");
-      const tool = createExecTool({
-        host: "node",
-        ask: "on-miss",
-        approvalRunningNoticeMs: 0,
-      });
-
-      const result = await tool.execute("call2", { command: `${exeName} --help` });
-      expect(result.details.status).toBe("completed");
-      expect(calls).toContain("exec.approvals.node.get");
-      expect(calls).toContain("node.invoke");
-      expect(calls).not.toContain("exec.approval.request");
-    } finally {
-      process.env.PATH = prevPath;
-      if (prevPathExt === undefined) {
-        delete process.env.PATHEXT;
-      } else {
-        process.env.PATHEXT = prevPathExt;
+    const calls: string[] = [];
+    vi.mocked(callGatewayTool).mockImplementation(async (method) => {
+      calls.push(method);
+      if (method === "exec.approvals.node.get") {
+        return { file: approvalsFile };
      }
-    }
+      if (method === "node.invoke") {
+        return { payload: { success: true, stdout: "ok" } };
+      }
+      if (method === "exec.approval.request") {
+        return { decision: "allow-once" };
+      }
+      return { ok: true };
+    });
+
+    const { createExecTool } = await import("./bash-tools.exec.js");
+    const tool = createExecTool({
+      host: "node",
+      ask: "on-miss",
+      approvalRunningNoticeMs: 0,
+    });
+
+    const result = await tool.execute("call2", {
+      command: `${exeName} --help`,
+      env: execEnv,
+    });
+    expect(result.details.status).toBe("completed");
+    expect(calls).toContain("exec.approvals.node.get");
+    expect(calls).toContain("node.invoke");
+    expect(calls).not.toContain("exec.approval.request");
  });
 });