import { describe, it, expect } from 'vitest';
import { buildChildEnv } from '../../lib/ai/claude_cli.js';

describe('buildChildEnv (Q4 — claude child env allow-list)', () => {
  const parent = {
    PATH: '/usr/bin', HOME: '/root', LANG: 'C.UTF-8', TERM: 'xterm',
    CLAUDE_EXE: '/usr/bin/claude', CLAUDE_CONFIG_DIR: '/cfg',
    OWNER_TOKEN: 'secret-owner', DATABASE_URL: 'postgres://void:pw@db/void',
    KARAKEEP_API_TOKEN: 'kk', ANTHROPIC_API_KEY: 'sk-ant', ANTHROPIC_AUTH_TOKEN: 'tok',
    VOID_TOOL_REGISTRY: 'security'
  };

  it('passes through benign system + CLAUDE_* vars', () => {
    const env = buildChildEnv(parent);
    expect(env.PATH).toBe('/usr/bin');
    expect(env.LANG).toBe('C.UTF-8');
    expect(env.TERM).toBe('xterm');
    expect(env.CLAUDE_EXE).toBe('/usr/bin/claude');
    expect(env.CLAUDE_CONFIG_DIR).toBe('/cfg');
  });

  it('NEVER leaks app secrets or API keys into the child', () => {
    const env = buildChildEnv(parent);
    expect(env.OWNER_TOKEN).toBeUndefined();
    expect(env.DATABASE_URL).toBeUndefined();
    expect(env.KARAKEEP_API_TOKEN).toBeUndefined();
    expect(env.ANTHROPIC_API_KEY).toBeUndefined();
    expect(env.ANTHROPIC_AUTH_TOKEN).toBeUndefined();
    expect(env.VOID_TOOL_REGISTRY).toBeUndefined();
  });

  it('uses the home override for HOME when given', () => {
    expect(buildChildEnv(parent, '/var/lib/void').HOME).toBe('/var/lib/void');
    expect(buildChildEnv(parent).HOME).toBe('/root');
  });
});