fix(typecheck): type cache-busted credential tests

[chioarub]

Part of #1486.

Summary

• Replace scattered cache-busted dynamic imports in credential tests with typed local import helpers.
• Keep Bun's per-test query-string module isolation while preserving each module's real export types.
• Avoid TypeScript's stale process.env narrowing in GitHub Models credential assertions without weakening the runtime checks.

Validation

• bun test src/utils/codexCredentials.test.ts src/services/api/providerConfig.codexSecureStorage.test.ts src/services/api/providerConfig.runtimeCodexCredentials.test.ts src/utils/githubModelsCredentials.test.ts src/utils/githubModelsCredentials.hydrate.test.ts src/utils/githubModelsCredentials.refresh.test.ts (33 pass)
• env -u OPENAI_API_KEY -u OPENAI_BASE_URL -u OPENAI_MODEL -u CLAUDE_CODE_USE_OPENAI -u CLAUDE_CODE_USE_GEMINI -u CLAUDE_CODE_USE_MISTRAL -u CLAUDE_CODE_USE_GITHUB -u CLAUDE_CODE_USE_BEDROCK -u CLAUDE_CODE_USE_VERTEX -u CLAUDE_CODE_USE_FOUNDRY -u GEMINI_API_KEY -u GOOGLE_API_KEY -u GITHUB_TOKEN -u GH_TOKEN -u ANTHROPIC_MODEL -u ANTHROPIC_SMALL_FAST_MODEL bun run check (3433 pass)
• bun run test:provider (650 pass)
• env -u OPENAI_API_KEY -u OPENAI_BASE_URL -u OPENAI_MODEL -u CLAUDE_CODE_USE_OPENAI -u CLAUDE_CODE_USE_GEMINI -u CLAUDE_CODE_USE_MISTRAL -u CLAUDE_CODE_USE_GITHUB -u CLAUDE_CODE_USE_BEDROCK -u CLAUDE_CODE_USE_VERTEX -u CLAUDE_CODE_USE_FOUNDRY -u GEMINI_API_KEY -u GOOGLE_API_KEY -u GITHUB_TOKEN -u GH_TOKEN -u ANTHROPIC_MODEL -u ANTHROPIC_SMALL_FAST_MODEL npm run test:provider-recommendation (79 pass)
• bun install --cwd web --frozen-lockfile && bun run web:typecheck
• bun run typecheck still exits 2 on the repo-wide baseline, but reports no diagnostics for the changed credential test files after this change.
• git diff --check

Summary by CodeRabbit

• Tests
  • Refactored test utilities across credential-related test suites to improve consistency and maintainability in test infrastructure.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 9b932932-d72b-4b36-a329-a8069a770201

📥 Commits

Reviewing files that changed from the base of the PR and between e357d59 and 87f83b4.

📒 Files selected for processing (6)

• src/services/api/providerConfig.codexSecureStorage.test.ts
• src/services/api/providerConfig.runtimeCodexCredentials.test.ts
• src/utils/codexCredentials.test.ts
• src/utils/githubModelsCredentials.hydrate.test.ts
• src/utils/githubModelsCredentials.refresh.test.ts
• src/utils/githubModelsCredentials.test.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: smoke-and-tests

🧰 Additional context used

📓 Path-based instructions (3)

**/*

⚙️ CodeRabbit configuration file

**/*: Apply the OpenClaude maintainer review rubric from AGENTS.md. Review the current diff, not stale discussion context. Separate real blockers from suggestions. Do not request changes for vague style churn. Treat approval as merge-ready from CodeRabbit's side, pending required human review and GitHub Checks. If checks are failing or unavailable, say so clearly instead of implying the PR is fully ready.

Files:

• src/utils/githubModelsCredentials.hydrate.test.ts
• src/utils/githubModelsCredentials.refresh.test.ts
• src/services/api/providerConfig.codexSecureStorage.test.ts
• src/services/api/providerConfig.runtimeCodexCredentials.test.ts
• src/utils/codexCredentials.test.ts
• src/utils/githubModelsCredentials.test.ts

{src/**/*.test.ts,src/**/*.test.tsx,tests/**,scripts/**/*.test.ts,vscode-extension/**/*.test.js}

⚙️ CodeRabbit configuration file

{src/**/*.test.ts,src/**/*.test.tsx,tests/**,scripts/**/*.test.ts,vscode-extension/**/*.test.js}: Review tests for meaningful coverage of the changed behavior, isolation of global/env/config state, async cleanup, fake timers, provider profile leaks, and Windows-compatible assumptions. Block when risky runtime changes lack focused regression coverage or tests assert implementation details while missing the user-visible behavior.

Files:

• src/utils/githubModelsCredentials.hydrate.test.ts
• src/utils/githubModelsCredentials.refresh.test.ts
• src/services/api/providerConfig.codexSecureStorage.test.ts
• src/services/api/providerConfig.runtimeCodexCredentials.test.ts
• src/utils/codexCredentials.test.ts
• src/utils/githubModelsCredentials.test.ts

{src/services/api/**,src/integrations/**,src/utils/model/**,src/utils/provider*.ts,src/commands/provider/**}

⚙️ CodeRabbit configuration file

{src/services/api/**,src/integrations/**,src/utils/model/**,src/utils/provider*.ts,src/commands/provider/**}: Review provider routing, model selection, env precedence, auth/token handling, OpenAI-compatible shims, retries, proxy behavior, and outbound HTTP behavior with high scrutiny. Block on silent default changes, hidden fallback expansion, credential reuse mistakes, hardcoded provider assumptions, or new network reach that is not intentional and documented.

Files:

• src/services/api/providerConfig.codexSecureStorage.test.ts
• src/services/api/providerConfig.runtimeCodexCredentials.test.ts

🔇 Additional comments (6)

src/services/api/providerConfig.codexSecureStorage.test.ts (1)

9-17: LGTM!

Also applies to: 48-49, 68-69, 89-90, 128-129, 154-155, 192-193, 230-232

src/services/api/providerConfig.runtimeCodexCredentials.test.ts (1)

12-20: LGTM!

Also applies to: 112-114

src/utils/codexCredentials.test.ts (1)

11-19: LGTM!

Also applies to: 98-99, 134-135, 198-199, 256-258, 299-300, 351-354, 388-389, 483-483, 543-543, 629-629, 724-725, 765-766, 803-803, 846-847, 889-890, 945-946

src/utils/githubModelsCredentials.hydrate.test.ts (1)

12-25: LGTM!

Also applies to: 70-74, 90-94

src/utils/githubModelsCredentials.refresh.test.ts (1)

14-16: LGTM!

Also applies to: 88-89, 136-138

src/utils/githubModelsCredentials.test.ts (1)

9-18: LGTM!

Also applies to: 38-39, 48-49, 58-59

---

📝 Walkthrough

Walkthrough

Test files across provider config, codex credentials, and GitHub models credentials utilities are refactored to centralize cache-busting module imports using local helper functions. Inline dynamic import() statements and direct process.env.* access are replaced with consistent utility functions that encapsulate the cache-busting logic.

Changes

Test Infrastructure Refactoring

Layer / File(s)	Summary
Provider config test cache-busting helpers src/services/api/providerConfig.codexSecureStorage.test.ts, src/services/api/providerConfig.runtimeCodexCredentials.test.ts	Both test files introduce importFreshProviderConfig(cacheKey) helper and refactor all test cases to call it instead of using inline dynamic imports with cache-busting query strings. The helper abstracts the ./providerConfig.js?${cacheKey} import pattern.
CodexCredentials test cache-busting helper src/utils/codexCredentials.test.ts	Introduces importFreshCodexCredentials(cacheKey) helper and refactors ~15 test cases across save, refresh, and clear credential flows to use the centralized import helper instead of inline cache-busting imports.
GithubModelsCredentials test helpers src/utils/githubModelsCredentials.hydrate.test.ts, src/utils/githubModelsCredentials.refresh.test.ts, src/utils/githubModelsCredentials.test.ts	Three test files introduce importFreshGithubModelsCredentials(cacheKey) and environment variable accessors (getEnvValue(), getGithubTokenEnv()). All affected test assertions are refactored to use these helpers for consistent, centralized environment variable and module reload access patterns.

Estimated Code Review Effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested Reviewers

• jatmn
• kevincodex1

🚥 Pre-merge checks | ✅ 4 | ❌ 3

❌ Failed checks (1 warning, 2 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Risk Surface Disclosed	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No Hidden Policy Change	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: refactoring cache-busted credential test imports with proper TypeScript typing.
Description check	✅ Passed	The description covers what changed (cache-busted import refactoring), why (type safety), and provides comprehensive test validation results.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jatmn]

Thanks for the contribution. I do not see any actionable issues from my review.

@kevincodex1

[kevincodex1]

LGTM