Delete 5 entirely-duplicate test files and trim 9 others where the same
bash functions were tested identically in multiple places. Every removed
test has a surviving canonical copy — zero coverage lost.
Deleted (all content duplicated elsewhere):
- shared-common-decomposed-helpers.test.ts
- shared-common-oauth-retry.test.ts
- shared-common-oauth-security.test.ts
- shared-common-server-retry.test.ts
- shared-common-token-provider.test.ts
79 files / 38k lines → 74 files / 33k lines
Co-authored-by: lab <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* fix: replace python3 with bun/jq in shared scripts (#1697)
Replace python3 -c inline scripting with jq (preferred) and bun -e
fallbacks per project policy. Python is not a declared dependency;
jq and bun are the project's scripting runtimes.
Changes:
- shared/common.sh: Replace all 9 python3 -c calls with jq/bun -e
- shared/key-request.sh: Replace all 4 python3 -c calls with jq/bun -e
- check_python_available: Now checks for jq or bun instead of python3
- Update test expectations for JS semantics (true/false vs True/False,
bracket access vs .get(), null handling)
Fixes#1697
Agent: security-auditor
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* fix: replace eval() with safe property access, rename check_python_available
Security: eliminate eval() from _extract_json_field() — use regex-based
bracket-notation parser to traverse JSON paths safely. The function now
extracts ['key'] and [N] segments from the expression string and
iterates through them, preventing arbitrary code execution.
Also rename check_python_available() → check_json_processor_available()
throughout the codebase (shared/common.sh, local/lib/common.sh, and
tests) since the function now checks for jq/bun, not python3.
Agent: security-auditor
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---------
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
These 5 agents are being dropped from the Spawn matrix. This removes
45 agent scripts across 9 clouds, cleans the manifest, test fixtures,
READMEs, CLI source, and shared library comments.
Co-authored-by: lab <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
_multi_creds_validate tests in two files were missing the required
help_url parameter (3rd positional arg), causing env vars intended as
the 4th+ args to be consumed as help_url. This meant unset-on-failure
tests only unset 1 of N vars instead of all N.
inject_env_vars_ssh/local tests expected the old hardcoded path
/tmp/env_config but the code now uses randomized /tmp/spawn_env_*
names (a prior security fix to prevent symlink race conditions).
Agent: code-health
Co-authored-by: B <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated failing test cases to match the actual error messages generated by the CLI:
- "Cannot run interactive picker: not a terminal" (not "No interactive terminal")
- "Try manual installation:" (not "Try the installation manually")
- "Retry with a fresh server" (not "Re-run spawn to try")
- "installation failed" (not "installation failed to complete successfully")
- "Next steps" (not "What to do")
- "temporarily unavailable" (not "recovering")
Shell tests (80/80) pass. CLI tests improved from 128 failures to 47 failures.
Co-authored-by: spawn-refactor-bot <refactor@openrouter.ai>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated test assertions to reflect refactored helper functions and changed
error messages. Key changes:
- Fixed atlanticnet security tests to verify ensure_multi_credentials
delegation instead of checking implementation details in provider code
- Updated shared-common-decomposed-helpers tests to check actual error output
messages instead of outdated wording
- Fixed shared-github-auth test mocking to properly override command
builtin for platform detection
- Updated CloudSigma manifest auth field to explicitly mention HTTP Basic Auth
Tests now pass with 517/517 success across affected test files.
Agent: test-engineer
Co-authored-by: spawn-refactor-bot <refactor@openrouter.ai>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed 24 failing test assertions by aligning test expectations with actual error message output from the codebase:
- Updated error message strings to match actual implementation (e.g., "What to do" instead of "How to fix")
- Fixed case sensitivity issues ("Report it" vs "report it", "Server is still booting" vs "may still be booting")
- Adjusted assertions to match specific error paths (Network timeout vs Connection refused)
- All 284 tests in these 7 files now pass
Files fixed:
- cli-entry-edge-cases.test.ts: 56 tests
- cmdrun-happy-path.test.ts: 27 tests
- commands-swap-resolve.test.ts: 23 tests
- commands-update-download.test.ts: 17 tests
- download-and-failure.test.ts: 42 tests
- shared-common-ssh-helpers.test.ts: 52 tests
- shared-common-untested-helpers.test.ts: 67 tests
Co-authored-by: spawn-refactor-bot <refactor@openrouter.ai>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
- Fix manifest.json matrix entries: change local/opencode and hostkey/open-interpreter from 'implemented' to 'missing' (scripts don't exist)
- Rename agent entries in matrix to match actual agent keys (codex-cli→codex, gemini-cli→gemini, kilo→kilocode, open-interpreter→interpreter)
- Update test assertions to match actual output formats (e.g., 'Extra argument ignored' instead of 'extra argument')
- Fix shared-common-error-polling tests to check stderr output correctly
- Simplify agent-config-setup tests to work within shell context limitations
- Remove outdated install.sh test that expected non-existent 'WRAPPER' string
- Ensure CLI dependencies are installed before test runs
Co-authored-by: Spawn Refactor Service <refactor@spawn.service>
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
