fix(tests): mock keychain in TestReadClaudeCodeCredentials to prevent credential leakage

Tests in TestReadClaudeCodeCredentials were not mocking _read_claude_code_credentials_from_keychain, which was added after the tests were written. On macOS machines with real Claude Code credentials stored in the Keychain, the function returns live credentials instead of the test fixtures, causing assertions to fail and leaking real tokens in test output. Add an autouse fixture that stubs the keychain reader to None so all tests in the class exercise only the file-based credential path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-29 06:31:32 +00:00 · 2026-05-15 13:45:07 +05:30 · 2026-05-15 13:45:07 +05:30 · a52f014a8c
commit a52f014a8c
parent 7a7e78a360
1 changed files with 7 additions and 0 deletions
--- a/tests/agent/test_anthropic_adapter.py
+++ b/tests/agent/test_anthropic_adapter.py
@ -157,6 +157,13 @@ class TestBuildAnthropicClient:


 class TestReadClaudeCodeCredentials:
+    @pytest.fixture(autouse=True)
+    def no_keychain(self, monkeypatch):
+        monkeypatch.setattr(
+            "agent.anthropic_adapter._read_claude_code_credentials_from_keychain",
+            lambda: None,
+        )
+
    def test_reads_valid_credentials(self, tmp_path, monkeypatch):
        cred_file = tmp_path / ".claude" / ".credentials.json"
        cred_file.parent.mkdir(parents=True)