chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,59 @@
|
||||
import { test } from "node:test";
|
||||
import assert from "node:assert/strict";
|
||||
import {
|
||||
buildCodexEnv,
|
||||
buildCodexProviderArgs,
|
||||
resolveCodexTarget,
|
||||
} from "../../../bin/cli/commands/launch-codex.mjs";
|
||||
|
||||
test("buildCodexEnv strips stale OpenAI/Codex creds from the child env (defense-in-depth)", () => {
|
||||
const env = buildCodexEnv(
|
||||
{
|
||||
OPENAI_API_KEY: "leak",
|
||||
OPENAI_BASE_URL: "https://api.openai.com/v1",
|
||||
OPENAI_ORG_ID: "org",
|
||||
CODEX_API_KEY: "leak2",
|
||||
PATH: "/bin",
|
||||
},
|
||||
"oma_live_x"
|
||||
);
|
||||
assert.equal(env.OPENAI_API_KEY, undefined);
|
||||
assert.equal(env.OPENAI_BASE_URL, undefined);
|
||||
assert.equal(env.OPENAI_ORG_ID, undefined);
|
||||
assert.equal(env.CODEX_API_KEY, undefined);
|
||||
assert.equal(env.OMNIROUTE_API_KEY, "oma_live_x");
|
||||
assert.equal(env.PATH, "/bin", "unrelated vars preserved");
|
||||
});
|
||||
|
||||
test("buildCodexEnv uses a no-auth sentinel when no token is given", () => {
|
||||
const env = buildCodexEnv({ PATH: "/bin" }, undefined);
|
||||
assert.equal(env.OMNIROUTE_API_KEY, "omniroute-no-auth");
|
||||
});
|
||||
|
||||
test("buildCodexEnv does not mutate the input env", () => {
|
||||
const input = { OPENAI_API_KEY: "leak", PATH: "/bin" };
|
||||
buildCodexEnv(input, "x");
|
||||
assert.equal(input.OPENAI_API_KEY, "leak");
|
||||
});
|
||||
|
||||
test("buildCodexProviderArgs defines the omniroute provider inline (works without config.toml)", () => {
|
||||
const args = buildCodexProviderArgs("http://vps:20128");
|
||||
const joined = args.join(" ");
|
||||
assert.ok(joined.includes('model_provider="omniroute"'));
|
||||
assert.ok(joined.includes('model_providers.omniroute.base_url="http://vps:20128/v1"'));
|
||||
assert.ok(joined.includes('model_providers.omniroute.env_key="OMNIROUTE_API_KEY"'));
|
||||
assert.ok(joined.includes('model_providers.omniroute.wire_api="responses"'));
|
||||
assert.ok(joined.includes("model_providers.omniroute.requires_openai_auth=false"));
|
||||
// each assignment is preceded by a -c flag
|
||||
assert.equal(args.filter((a) => a === "-c").length, 6);
|
||||
});
|
||||
|
||||
test("resolveCodexTarget: --remote wins and /v1 is stripped from the root", () => {
|
||||
const { baseUrl } = resolveCodexTarget({ remote: "http://vps:20128/v1" });
|
||||
assert.equal(baseUrl, "http://vps:20128");
|
||||
});
|
||||
|
||||
test("resolveCodexTarget: explicit --api-key wins", () => {
|
||||
const { authToken } = resolveCodexTarget({ remote: "http://x:20128", apiKey: "tok-explicit" });
|
||||
assert.equal(authToken, "tok-explicit");
|
||||
});
|
||||
Reference in New Issue
Block a user