Skip to content

Commit b66c99e

Browse files
ndycodendycode
committed
test(wrapper): strengthen concurrent forwarding coverage
1 parent 5a486d5 commit b66c99e

1 file changed

Lines changed: 122 additions & 121 deletions

File tree

test/codex-bin-wrapper.test.ts

Lines changed: 122 additions & 121 deletions
Original file line numberDiff line numberDiff line change
@@ -269,126 +269,124 @@ describe("codex bin wrapper", () => {
269269
expect(combinedOutput(result)).toContain("EPERM: locked auth store");
270270
});
271271

272-
it("installs Windows codex shell guards to survive shim takeover", () => {
273-
if (process.platform !== "win32") {
274-
return;
275-
}
276-
277-
const fixtureRoot = createWrapperFixture();
278-
const fakeBin = createFakeCodexBin(fixtureRoot);
279-
const shimDir = join(fixtureRoot, "shim-bin");
280-
mkdirSync(shimDir, { recursive: true });
281-
writeFileSync(
282-
join(shimDir, "codex-multi-auth.cmd"),
283-
"@ECHO OFF\r\nREM fixture codex-multi-auth shim\r\n",
284-
"utf8",
285-
);
286-
writeFileSync(
287-
join(shimDir, "codex.cmd"),
288-
'@ECHO OFF\r\necho "%dp0%\\node_modules\\@openai\\codex\\bin\\codex.js"\r\n',
289-
"utf8",
290-
);
291-
writeFileSync(
292-
join(shimDir, "codex.ps1"),
293-
'Write-Output "$basedir/node_modules/@openai/codex/bin/codex.js"' +
294-
"\r\n",
295-
"utf8",
296-
);
297-
298-
const result = runWrapper(fixtureRoot, ["--version"], {
299-
CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
300-
CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD: "1",
301-
PATH: `${shimDir}${delimiter}${process.env.PATH ?? ""}`,
302-
USERPROFILE: fixtureRoot,
303-
HOME: fixtureRoot,
304-
});
305-
expect(result.status).toBe(0);
306-
307-
const codexBatchPath = join(shimDir, "codex.bat");
308-
expect(readFileSync(codexBatchPath, "utf8")).toContain(
309-
"codex-multi-auth windows shim guardian v1",
310-
);
311-
const codexCmdPath = join(shimDir, "codex.cmd");
312-
expect(readFileSync(codexCmdPath, "utf8")).toContain(
313-
"codex-multi-auth windows shim guardian v1",
314-
);
315-
expect(readFileSync(codexCmdPath, "utf8")).toContain(
316-
"node_modules\\codex-multi-auth\\scripts\\codex.js",
317-
);
318-
const codexPs1Path = join(shimDir, "codex.ps1");
319-
expect(readFileSync(codexPs1Path, "utf8")).toContain(
320-
"codex-multi-auth windows shim guardian v1",
321-
);
322-
expect(readFileSync(codexPs1Path, "utf8")).toContain(
323-
"node_modules/codex-multi-auth/scripts/codex.js",
324-
);
325-
const pwshProfilePath = join(
326-
fixtureRoot,
327-
"Documents",
328-
"PowerShell",
329-
"Microsoft.PowerShell_profile.ps1",
330-
);
331-
expect(readFileSync(pwshProfilePath, "utf8")).toContain(
332-
"# >>> codex-multi-auth shell guard >>>",
333-
);
334-
expect(readFileSync(pwshProfilePath, "utf8")).toContain(
335-
"CodexMultiAuthShim",
336-
);
337-
});
338-
339-
it("prefers invocation-derived shim directory over PATH-decoy shim entries", () => {
340-
if (process.platform !== "win32") {
341-
return;
342-
}
272+
it.skipIf(process.platform !== "win32")(
273+
"installs Windows codex shell guards to survive shim takeover",
274+
() => {
275+
const fixtureRoot = createWrapperFixture();
276+
const fakeBin = createFakeCodexBin(fixtureRoot);
277+
const shimDir = join(fixtureRoot, "shim-bin");
278+
mkdirSync(shimDir, { recursive: true });
279+
writeFileSync(
280+
join(shimDir, "codex-multi-auth.cmd"),
281+
"@ECHO OFF\r\nREM fixture codex-multi-auth shim\r\n",
282+
"utf8",
283+
);
284+
writeFileSync(
285+
join(shimDir, "codex.cmd"),
286+
'@ECHO OFF\r\necho "%dp0%\\node_modules\\@openai\\codex\\bin\\codex.js"\r\n',
287+
"utf8",
288+
);
289+
writeFileSync(
290+
join(shimDir, "codex.ps1"),
291+
'Write-Output "$basedir/node_modules/@openai/codex/bin/codex.js"' +
292+
"\r\n",
293+
"utf8",
294+
);
295+
296+
const result = runWrapper(fixtureRoot, ["--version"], {
297+
CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
298+
CODEX_MULTI_AUTH_WINDOWS_BATCH_SHIM_GUARD: "1",
299+
PATH: `${shimDir}${delimiter}${process.env.PATH ?? ""}`,
300+
USERPROFILE: fixtureRoot,
301+
HOME: fixtureRoot,
302+
});
303+
expect(result.status).toBe(0);
304+
305+
const codexBatchPath = join(shimDir, "codex.bat");
306+
expect(readFileSync(codexBatchPath, "utf8")).toContain(
307+
"codex-multi-auth windows shim guardian v1",
308+
);
309+
const codexCmdPath = join(shimDir, "codex.cmd");
310+
expect(readFileSync(codexCmdPath, "utf8")).toContain(
311+
"codex-multi-auth windows shim guardian v1",
312+
);
313+
expect(readFileSync(codexCmdPath, "utf8")).toContain(
314+
"node_modules\\codex-multi-auth\\scripts\\codex.js",
315+
);
316+
const codexPs1Path = join(shimDir, "codex.ps1");
317+
expect(readFileSync(codexPs1Path, "utf8")).toContain(
318+
"codex-multi-auth windows shim guardian v1",
319+
);
320+
expect(readFileSync(codexPs1Path, "utf8")).toContain(
321+
"node_modules/codex-multi-auth/scripts/codex.js",
322+
);
323+
const pwshProfilePath = join(
324+
fixtureRoot,
325+
"Documents",
326+
"PowerShell",
327+
"Microsoft.PowerShell_profile.ps1",
328+
);
329+
expect(readFileSync(pwshProfilePath, "utf8")).toContain(
330+
"# >>> codex-multi-auth shell guard >>>",
331+
);
332+
expect(readFileSync(pwshProfilePath, "utf8")).toContain(
333+
"CodexMultiAuthShim",
334+
);
335+
},
336+
);
343337

344-
const fixtureRoot = mkdtempSync(
345-
join(tmpdir(), "codex-wrapper-invoke-fixture-"),
346-
);
347-
createdDirs.push(fixtureRoot);
348-
const globalShimDir = join(fixtureRoot, "global-bin");
349-
const scriptDir = join(
350-
globalShimDir,
351-
"node_modules",
352-
"codex-multi-auth",
353-
"scripts",
354-
);
355-
mkdirSync(scriptDir, { recursive: true });
356-
copyFileSync(
357-
join(repoRootDir, "scripts", "codex.js"),
358-
join(scriptDir, "codex.js"),
359-
);
360-
copyFileSync(
361-
join(repoRootDir, "scripts", "codex-routing.js"),
362-
join(scriptDir, "codex-routing.js"),
363-
);
364-
writeFileSync(
365-
join(globalShimDir, "codex-multi-auth.cmd"),
366-
"@ECHO OFF\r\nREM real shim\r\n",
367-
"utf8",
368-
);
369-
const decoyShimDir = join(fixtureRoot, "decoy-bin");
370-
mkdirSync(decoyShimDir, { recursive: true });
371-
writeFileSync(
372-
join(decoyShimDir, "codex-multi-auth.cmd"),
373-
"@ECHO OFF\r\nREM decoy shim\r\n",
374-
"utf8",
375-
);
376-
const fakeBin = createFakeCodexBin(fixtureRoot);
377-
const scriptPath = join(scriptDir, "codex.js");
378-
const result = runWrapperScript(scriptPath, ["--version"], {
379-
CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
380-
PATH: `${decoyShimDir}${delimiter}${globalShimDir}${delimiter}${process.env.PATH ?? ""}`,
381-
USERPROFILE: fixtureRoot,
382-
HOME: fixtureRoot,
383-
});
384-
expect(result.status).toBe(0);
385-
expect(readFileSync(join(globalShimDir, "codex.bat"), "utf8")).toContain(
386-
"codex-multi-auth windows shim guardian v1",
387-
);
388-
expect(() =>
389-
readFileSync(join(decoyShimDir, "codex.bat"), "utf8"),
390-
).toThrow();
391-
});
338+
it.skipIf(process.platform !== "win32")(
339+
"prefers invocation-derived shim directory over PATH-decoy shim entries",
340+
() => {
341+
const fixtureRoot = mkdtempSync(
342+
join(tmpdir(), "codex-wrapper-invoke-fixture-"),
343+
);
344+
createdDirs.push(fixtureRoot);
345+
const globalShimDir = join(fixtureRoot, "global-bin");
346+
const scriptDir = join(
347+
globalShimDir,
348+
"node_modules",
349+
"codex-multi-auth",
350+
"scripts",
351+
);
352+
mkdirSync(scriptDir, { recursive: true });
353+
copyFileSync(
354+
join(repoRootDir, "scripts", "codex.js"),
355+
join(scriptDir, "codex.js"),
356+
);
357+
copyFileSync(
358+
join(repoRootDir, "scripts", "codex-routing.js"),
359+
join(scriptDir, "codex-routing.js"),
360+
);
361+
writeFileSync(
362+
join(globalShimDir, "codex-multi-auth.cmd"),
363+
"@ECHO OFF\r\nREM real shim\r\n",
364+
"utf8",
365+
);
366+
const decoyShimDir = join(fixtureRoot, "decoy-bin");
367+
mkdirSync(decoyShimDir, { recursive: true });
368+
writeFileSync(
369+
join(decoyShimDir, "codex-multi-auth.cmd"),
370+
"@ECHO OFF\r\nREM decoy shim\r\n",
371+
"utf8",
372+
);
373+
const fakeBin = createFakeCodexBin(fixtureRoot);
374+
const scriptPath = join(scriptDir, "codex.js");
375+
const result = runWrapperScript(scriptPath, ["--version"], {
376+
CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
377+
PATH: `${decoyShimDir}${delimiter}${globalShimDir}${delimiter}${process.env.PATH ?? ""}`,
378+
USERPROFILE: fixtureRoot,
379+
HOME: fixtureRoot,
380+
});
381+
expect(result.status).toBe(0);
382+
expect(readFileSync(join(globalShimDir, "codex.bat"), "utf8")).toContain(
383+
"codex-multi-auth windows shim guardian v1",
384+
);
385+
expect(() =>
386+
readFileSync(join(decoyShimDir, "codex.bat"), "utf8"),
387+
).toThrow();
388+
},
389+
);
392390

393391
it("honors bypass for auth commands and forwards to the real CLI", () => {
394392
const fixtureRoot = createWrapperFixture();
@@ -511,7 +509,7 @@ describe("codex bin wrapper", () => {
511509
}
512510
return {
513511
kind: "non-auth-forward" as const,
514-
promise: runWrapperAsync(fixtureRoot, ["--version"], {
512+
promise: runWrapperAsync(fixtureRoot, ["exec", "status"], {
515513
CODEX_MULTI_AUTH_REAL_CODEX_BIN: fakeBin,
516514
}),
517515
};
@@ -535,7 +533,10 @@ describe("codex bin wrapper", () => {
535533
continue;
536534
}
537535
expect(results[i].status).toBe(0);
538-
expect(output).toContain("FORWARDED:--version");
536+
expect(output).toContain("FORWARDED:exec status");
537+
expect(output.match(/cli_auth_credentials_store=/g) ?? []).toHaveLength(
538+
1,
539+
);
539540
}
540541
});
541542
});

0 commit comments

Comments
 (0)