test: isolate exec allowlist env

src/agents/bash-tools.exec.approval-id.test.ts

@@ -80,14 +80,10 @@ describe("exec approvals", () => {
     if (process.platform !== "win32") {
       await fs.chmod(exePath, 0o755);
     }
-    const prevPath = process.env.PATH;
+    const execEnv: Record<string, string> = { PATH: binDir };
-    const prevPathExt = process.env.PATHEXT;
-    process.env.PATH = binDir;
     if (process.platform === "win32") {
-      process.env.PATHEXT = ".CMD";
+      execEnv.PATHEXT = ".CMD";
     }
-
-    try {
     const approvalsFile = {
       version: 1,
       defaults: { security: "allowlist", ask: "on-miss", askFallback: "deny" },
@@ -120,18 +116,13 @@ describe("exec approvals", () => {
       approvalRunningNoticeMs: 0,
     });
 
-      const result = await tool.execute("call2", { command: `${exeName} --help` });
+    const result = await tool.execute("call2", {
+      command: `${exeName} --help`,
+      env: execEnv,
+    });
     expect(result.details.status).toBe("completed");
     expect(calls).toContain("exec.approvals.node.get");
     expect(calls).toContain("node.invoke");
     expect(calls).not.toContain("exec.approval.request");
-    } finally {
-      process.env.PATH = prevPath;
-      if (prevPathExt === undefined) {
-        delete process.env.PATHEXT;
-      } else {
-        process.env.PATHEXT = prevPathExt;
-      }
-    }
   });
 });