unbound-cli 1.4.0 → 1.6.2

package/test/no-ai-guard.test.js

@@ -0,0 +1,363 @@
+const { test, beforeEach, after } = require('node:test');
+const assert = require('node:assert/strict');
+const { Command } = require('commander');
+
+// Integration tests for the --no-ai steering guard (WEB-4887, layers 1+2+3).
+// Invokes `unbound policy tool create-terminal` / `create-mcp` against a fresh
+// Command instance with src/api.js and src/config.js stubbed. We never hit the
+// network and never read/write user config.
+//
+// Harness mirrors test/policy-ai-assist.test.js (loadFreshModules, buildHarness,
+// per-test process.exitCode reset). See PLAN risk R7.
+
+function loadFreshModules() {
+  // Drop the module cache so each test gets a clean module-level
+  // `_privilegesCache` in policy-ai-assist and a clean stub surface.
+  for (const m of [
+    '../src/commands/policy',
+    '../src/lib/no-ai-guard',
+    '../src/lib/policy-ai-assist',
+    '../src/api',
+    '../src/config',
+    '../src/output',
+  ]) {
+    delete require.cache[require.resolve(m)];
+  }
+  const api = require('../src/api');
+  const config = require('../src/config');
+  const output = require('../src/output');
+  return { api, config, output };
+}
+
+function buildHarness({
+  privilegesResponse = { is_admin: true, is_manager: false, is_member: false },
+  assistResponse = null,
+  assistMcpResponse = null,
+  createResponse = { id: 1, name: 'ok' },
+} = {}) {
+  const { api, config, output } = loadFreshModules();
+
+  config.isLoggedIn = () => true;
+  config.getApiKey = () => 'fake-key';
+  config.getBaseUrl = () => 'https://b.acme';
+
+  const calls = { posts: [], gets: [] };
+  api.get = async (path, opts) => {
+    calls.gets.push({ path, opts });
+    if (path === '/api/v1/users/privileges/') return privilegesResponse;
+    throw new Error(`unexpected GET ${path}`);
+  };
+  api.post = async (path, opts) => {
+    calls.posts.push({ path, body: opts && opts.body });
+    if (path === '/api/v1/command-policies/assist/') return assistResponse;
+    if (path === '/api/v1/command-policies/assist-mcp/') return assistMcpResponse;
+    if (path === '/api/v1/command-policies/') return createResponse;
+    throw new Error(`unexpected POST ${path}`);
+  };
+
+  const captured = { success: [], error: [], warn: [], info: [], stdout: [] };
+  output.success = (m) => captured.success.push(m);
+  output.error = (m) => captured.error.push(m);
+  output.warn = (m) => captured.warn.push(m);
+  output.info = (m) => captured.info.push(m);
+  const origLog = console.log;
+  console.log = (m) => captured.stdout.push(String(m || ''));
+  const restoreLog = () => { console.log = origLog; };
+
+  return { api, config, output, calls, captured, restoreLog };
+}
+
+async function runArgv(argv) {
+  const { register } = require('../src/commands/policy');
+  const program = new Command();
+  program.exitOverride();
+  register(program);
+  await program.parseAsync(['node', 'unbound', ...argv]);
+}
+
+// Save+restore the two env vars the guard reads. Always set them to a known
+// state on entry (undefined unless explicitly overridden) so a stale value from
+// a previous test or the ambient shell cannot leak into this test.
+function withEnv(overrides, fn) {
+  const keys = ['CLAUDECODE', 'UNBOUND_ALLOW_NO_AI_UNDER_CLAUDE'];
+  const saved = {};
+  for (const k of keys) {
+    saved[k] = process.env[k];
+    if (Object.prototype.hasOwnProperty.call(overrides, k)) {
+      if (overrides[k] === undefined) delete process.env[k];
+      else process.env[k] = overrides[k];
+    } else {
+      delete process.env[k];
+    }
+  }
+  return Promise.resolve()
+    .then(fn)
+    .finally(() => {
+      for (const k of keys) {
+        if (saved[k] === undefined) delete process.env[k];
+        else process.env[k] = saved[k];
+      }
+    });
+}
+
+beforeEach(() => {
+  process.exitCode = 0;
+});
+
+// Several tests intentionally set process.exitCode to non-zero values to
+// observe the CLI's exit-code routing. Reset it at the end so node:test does
+// not interpret the file itself as having failed.
+after(() => {
+  process.exitCode = 0;
+});
+
+// T1 — Layer 1, create-terminal: no --prompt + no --no-ai → exit 2, AI steering message.
+test('T1: create-terminal without --prompt and without --no-ai exits 2 with AI-assist steering message', async () => {
+  const h = buildHarness();
+  await withEnv({}, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-terminal']);
+      assert.equal(process.exitCode, 2);
+      const errs = h.captured.error.join('\n');
+      assert.ok(errs.includes('AI-assisted'), `expected "AI-assisted" in error: ${errs}`);
+      assert.ok(errs.includes('Retry with'), `expected "Retry with" in error: ${errs}`);
+      assert.ok(errs.includes('--prompt'), `expected "--prompt" in error: ${errs}`);
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T2 — Layer 1, create-mcp: same shape as T1, scoped to create-mcp.
+test('T2: create-mcp without --prompt and without --no-ai exits 2 with AI-assist steering message', async () => {
+  const h = buildHarness();
+  await withEnv({}, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-mcp']);
+      assert.equal(process.exitCode, 2);
+      const errs = h.captured.error.join('\n');
+      assert.ok(errs.includes('AI-assisted'), `expected "AI-assisted" in error: ${errs}`);
+      assert.ok(errs.includes('Retry with'), `expected "Retry with" in error: ${errs}`);
+      assert.ok(errs.includes('--prompt'), `expected "--prompt" in error: ${errs}`);
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T3 — Layer 1 happy path, create-terminal: --no-ai + raw flags → create POST fires.
+test('T3: create-terminal --no-ai with required raw flags POSTs to /command-policies/ with exit 0', async () => {
+  const h = buildHarness();
+  await withEnv({}, async () => {
+    try {
+      await runArgv([
+        'policy', 'tool', 'create-terminal',
+        '--no-ai',
+        '--name', 'X',
+        '--command-family', 'git',
+        '--field', 'command=git push*',
+        '--action', 'AUDIT',
+      ]);
+      assert.equal(process.exitCode || 0, 0);
+      assert.ok(
+        h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'),
+        `expected create POST, got: ${JSON.stringify(h.calls.posts)}`
+      );
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T4 — Layer 1 happy path, create-mcp.
+test('T4: create-mcp --no-ai with required raw flags POSTs to /command-policies/ with exit 0', async () => {
+  const h = buildHarness();
+  await withEnv({}, async () => {
+    try {
+      await runArgv([
+        'policy', 'tool', 'create-mcp',
+        '--no-ai',
+        '--name', 'X',
+        '--mcp-server', 'linear',
+        '--mcp-action-type', 'read',
+        '--action', 'AUDIT',
+      ]);
+      assert.equal(process.exitCode || 0, 0);
+      assert.ok(
+        h.calls.posts.some((c) => c.path === '/api/v1/command-policies/'),
+        `expected create POST, got: ${JSON.stringify(h.calls.posts)}`
+      );
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T5 — Mutex (layer 1): --prompt + --no-ai exits 2 with "not both" wording.
+test('T5: create-terminal --prompt + --no-ai exits 2 with "not both" wording and no network call', async () => {
+  const h = buildHarness();
+  await withEnv({}, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-terminal', '--prompt', 'block rm -rf', '--no-ai']);
+      assert.equal(process.exitCode, 2);
+      const errs = h.captured.error.join('\n');
+      assert.ok(errs.includes('not both'), `expected "not both" in error: ${errs}`);
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T6 — Layer 2: --no-ai under CLAUDECODE=1 without escape hatch → exit 2.
+test('T6: create-terminal --no-ai under CLAUDECODE=1 exits 2 with human-only wording and no network call', async () => {
+  const h = buildHarness();
+  await withEnv({ CLAUDECODE: '1' }, async () => {
+    try {
+      await runArgv([
+        'policy', 'tool', 'create-terminal',
+        '--no-ai',
+        '--name', 'X',
+        '--command-family', 'git',
+        '--field', 'command=git push*',
+        '--action', 'AUDIT',
+      ]);
+      assert.equal(process.exitCode, 2);
+      const errs = h.captured.error.join('\n');
+      assert.ok(errs.includes('CLAUDECODE=1'), `expected "CLAUDECODE=1" in error: ${errs}`);
+      assert.ok(
+        errs.includes('intended for interactive humans'),
+        `expected "intended for interactive humans" in error: ${errs}`
+      );
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T7 — Layer 2 escape hatch: with UNBOUND_ALLOW_NO_AI_UNDER_CLAUDE=1, layer 2 is
+// bypassed and the existing flag-path then errors out on missing --name.
+test('T7: --no-ai under CLAUDECODE=1 + UNBOUND_ALLOW_NO_AI_UNDER_CLAUDE=1 bypasses layer 2 and falls through to flag-path required-field error', async () => {
+  const h = buildHarness();
+  await withEnv({ CLAUDECODE: '1', UNBOUND_ALLOW_NO_AI_UNDER_CLAUDE: '1' }, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-terminal', '--no-ai']);
+      assert.equal(process.exitCode, 1, 'flag-path required-field error must use exit 1, not the guard exit 2');
+      const errs = h.captured.error.join('\n');
+      assert.ok(errs.includes('--name is required'), `expected "--name is required" in error: ${errs}`);
+      assert.equal(h.calls.posts.length, 0, 'no network call should have fired');
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T8 — Layer 2 does not interfere with --prompt under CLAUDECODE=1.
+test('T8: create-terminal --prompt under CLAUDECODE=1 routes to the assist endpoint', async () => {
+  const h = buildHarness({
+    assistResponse: {
+      success: true,
+      form_updates: {
+        command_family: 'filesystem',
+        selected_field: 'command',
+        field_value: 'rm -rf*',
+        action: 'AUDIT',
+        name: 'X',
+      },
+      explanation: 'ok',
+    },
+  });
+  await withEnv({ CLAUDECODE: '1' }, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-terminal', '--prompt', 'block rm -rf', '--yes']);
+      assert.ok(
+        h.calls.posts.some((c) => c.path === '/api/v1/command-policies/assist/'),
+        `expected assist POST, got: ${JSON.stringify(h.calls.posts.map((c) => c.path))}`
+      );
+    } finally {
+      h.restoreLog();
+    }
+  });
+});
+
+// T9 — Layer 3: create-terminal --help banner appears before "Usage:".
+test('T9: create-terminal --help renders AI-ASSISTED banner before "Usage:"', async () => {
+  const h = buildHarness();
+  let captured = '';
+  const origWrite = process.stdout.write.bind(process.stdout);
+  process.stdout.write = (s) => { captured += s; return true; };
+  try {
+    await withEnv({}, async () => {
+      try {
+        await runArgv(['policy', 'tool', 'create-terminal', '--help']);
+      } catch (err) {
+        // commander.exitOverride() throws on --help with code 'commander.helpDisplayed'.
+        if (err && err.code && err.code !== 'commander.helpDisplayed') throw err;
+      }
+    });
+  } finally {
+    process.stdout.write = origWrite;
+    h.restoreLog();
+  }
+  const bannerIdx = captured.indexOf('AI-ASSISTED (preferred):');
+  const usageIdx = captured.indexOf('Usage:');
+  assert.notEqual(bannerIdx, -1, `expected "AI-ASSISTED (preferred):" banner in help output: ${captured}`);
+  assert.notEqual(usageIdx, -1, `expected "Usage:" in help output: ${captured}`);
+  assert.ok(bannerIdx < usageIdx, `banner (idx ${bannerIdx}) should precede Usage (idx ${usageIdx})`);
+});
+
+// T10 — Layer 3: create-mcp --help banner appears before "Usage:".
+test('T10: create-mcp --help renders AI-ASSISTED banner before "Usage:"', async () => {
+  const h = buildHarness();
+  let captured = '';
+  const origWrite = process.stdout.write.bind(process.stdout);
+  process.stdout.write = (s) => { captured += s; return true; };
+  try {
+    await withEnv({}, async () => {
+      try {
+        await runArgv(['policy', 'tool', 'create-mcp', '--help']);
+      } catch (err) {
+        if (err && err.code && err.code !== 'commander.helpDisplayed') throw err;
+      }
+    });
+  } finally {
+    process.stdout.write = origWrite;
+    h.restoreLog();
+  }
+  const bannerIdx = captured.indexOf('AI-ASSISTED (preferred):');
+  const usageIdx = captured.indexOf('Usage:');
+  assert.notEqual(bannerIdx, -1, `expected "AI-ASSISTED (preferred):" banner in help output: ${captured}`);
+  assert.notEqual(usageIdx, -1, `expected "Usage:" in help output: ${captured}`);
+  assert.ok(bannerIdx < usageIdx, `banner (idx ${bannerIdx}) should precede Usage (idx ${usageIdx})`);
+});
+
+// T11 — Regression smoke: existing --prompt happy path still reaches assist endpoint.
+test('T11: create-terminal --prompt without CLAUDECODE still routes to the assist endpoint (Phase-1 regression)', async () => {
+  const h = buildHarness({
+    assistResponse: {
+      success: true,
+      form_updates: {
+        command_family: 'git',
+        selected_field: 'command',
+        field_value: 'npm install*',
+        action: 'AUDIT',
+        name: 'X',
+      },
+      explanation: 'ok',
+    },
+  });
+  await withEnv({}, async () => {
+    try {
+      await runArgv(['policy', 'tool', 'create-terminal', '--prompt', 'audit npm installs', '--yes']);
+      assert.ok(
+        h.calls.posts.some((c) => c.path === '/api/v1/command-policies/assist/'),
+        `expected assist POST, got: ${JSON.stringify(h.calls.posts.map((c) => c.path))}`
+      );
+    } finally {
+      h.restoreLog();
+    }
+  });
+});

package/test/setup-args.test.js

@@ -1,6 +1,9 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
-const { buildScriptArgs, scriptSupportsBackfill, resolveSetupAllTools } = require('../src/commands/setup');
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { buildScriptArgs, scriptSupportsBackfill, resolveSetupAllTools, clearUnboundEnvsEverywhere, NUKE_ENV_VARS } = require('../src/commands/setup');
 
 // shellEscape single-quotes every value, so a real key surfaces as
 // --api-key '<key>' at the head of the argv tail.
@@ -147,3 +150,72 @@ test('resolveSetupAllTools(true): clear-all covers every tool incl. gateway mode
     assert.ok(tools.includes(t), `clear-all missing install-bundle tool ${t}`);
   }
 });
+
+// WEB-4886: nuke must strip stale UNBOUND_* / ANTHROPIC_BASE_URL lines from
+// EVERY candidate rc file, not just the one the python --clear script reaches.
+// Skip on Windows (rc-file sweep is POSIX-only; the registry path runs `reg`).
+if (process.platform !== 'win32') {
+  test('clearUnboundEnvsEverywhere: removes Unbound exports from every candidate rc, preserves other lines', () => {
+    const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'unbound-nuke-'));
+    const origHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      // .bashrc and .zshrc are in the candidate list on both darwin and linux,
+      // so the test is hermetic across CI (linux) and dev (darwin).
+      const bashrc = path.join(tmp, '.bashrc');
+      const zshrc = path.join(tmp, '.zshrc');
+      fs.writeFileSync(bashrc, [
+        '# user content',
+        'export UNBOUND_CURSOR_API_KEY="old"',
+        'export PATH=/usr/local/bin:$PATH',
+        'export UNBOUND_CLAUDE_API_KEY=abc',
+        '',
+      ].join('\n'));
+      fs.writeFileSync(zshrc, [
+        'export ANTHROPIC_BASE_URL="https://gateway.example"',
+        'alias ll="ls -la"',
+        '',
+      ].join('\n'));
+
+      const cleared = clearUnboundEnvsEverywhere();
+      assert.ok(cleared.length > 0, `expected something cleared, got ${JSON.stringify(cleared)}`);
+
+      const bNow = fs.readFileSync(bashrc, 'utf8');
+      assert.ok(!bNow.includes('UNBOUND_CURSOR_API_KEY'), bNow);
+      assert.ok(!bNow.includes('UNBOUND_CLAUDE_API_KEY'), bNow);
+      assert.ok(bNow.includes('# user content'), bNow);
+      assert.ok(bNow.includes('export PATH=/usr/local/bin:$PATH'), bNow);
+
+      const zNow = fs.readFileSync(zshrc, 'utf8');
+      assert.ok(!zNow.includes('ANTHROPIC_BASE_URL'), zNow);
+      assert.ok(zNow.includes('alias ll="ls -la"'), zNow);
+    } finally {
+      if (origHome === undefined) delete process.env.HOME;
+      else process.env.HOME = origHome;
+      fs.rmSync(tmp, { recursive: true, force: true });
+    }
+  });
+
+  test('clearUnboundEnvsEverywhere: leaves OPENAI_API_KEY alone (out of sweep scope)', () => {
+    const tmp = fs.mkdtempSync(path.join(os.tmpdir(), 'unbound-nuke-'));
+    const origHome = process.env.HOME;
+    process.env.HOME = tmp;
+    try {
+      const rc = path.join(tmp, '.zshrc');
+      fs.writeFileSync(rc, 'export OPENAI_API_KEY="user-owned"\n');
+      clearUnboundEnvsEverywhere();
+      assert.ok(fs.readFileSync(rc, 'utf8').includes('OPENAI_API_KEY'));
+    } finally {
+      if (origHome === undefined) delete process.env.HOME;
+      else process.env.HOME = origHome;
+      fs.rmSync(tmp, { recursive: true, force: true });
+    }
+  });
+
+  test('NUKE_ENV_VARS covers every UNBOUND_* env var named in the variant set + ANTHROPIC_BASE_URL', () => {
+    for (const name of ['UNBOUND_API_KEY', 'UNBOUND_CLAUDE_API_KEY', 'UNBOUND_CODEX_API_KEY',
+                        'UNBOUND_COPILOT_API_KEY', 'UNBOUND_CURSOR_API_KEY', 'ANTHROPIC_BASE_URL']) {
+      assert.ok(NUKE_ENV_VARS.includes(name), `missing: ${name}`);
+    }
+  });
+}

package/test/tool-health.test.js

@@ -208,3 +208,114 @@ test('only four tools are reported (Gemini CLI is omitted)', () => {
     assert.deepEqual(new Set(keys), new Set(['cursor', 'claude-code', 'codex', 'copilot']));
   });
 });
+
+test('detectTools: cursor MDM binary (unbound-hook in hooks.json, binary installed) → managed-by-mdm', () => {
+  withHome((tmp, th) => {
+    const mdmDir = path.join(tmp, 'mdm', 'Cursor');
+    const fakeBin = path.join(tmp, 'opt', 'unbound-hook');
+    writeFile(path.join(mdmDir, 'hooks.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: '/opt/unbound/current/unbound-hook/unbound-hook hook cursor PreToolUse' }] },
+    }));
+    writeFile(fakeBin, '');
+    const t = th.detectTools({ apiKey: 'k', _mdmDirs: { cursor: mdmDir }, _binaryPath: fakeBin }).find((x) => x.family === 'cursor');
+    assert.equal(t.status, 'managed-by-mdm');
+    assert.equal(t.scope, 'mdm');
+  });
+});
+
+test('detectTools: cursor MDM binary (unbound-hook in hooks.json, binary MISSING) → tampered', () => {
+  withHome((tmp, th) => {
+    const mdmDir = path.join(tmp, 'mdm', 'Cursor');
+    writeFile(path.join(mdmDir, 'hooks.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: '/opt/unbound/current/unbound-hook/unbound-hook hook cursor PreToolUse' }] },
+    }));
+    const t = th.detectTools({
+      apiKey: 'k', _mdmDirs: { cursor: mdmDir },
+      _binaryPath: path.join(tmp, 'no-such-binary'),
+    }).find((x) => x.family === 'cursor');
+    assert.equal(t.status, 'tampered');
+    assert.equal(t.scope, 'mdm');
+  });
+});
+
+test('detectTools: claude-code MDM binary (unbound-hook in managed-settings.json, binary installed) → managed-by-mdm', () => {
+  withHome((tmp, th) => {
+    const mdmDir = path.join(tmp, 'mdm', 'ClaudeCode');
+    const fakeBin = path.join(tmp, 'opt', 'unbound-hook');
+    writeFile(path.join(mdmDir, 'managed-settings.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: '/opt/unbound/current/unbound-hook/unbound-hook hook claude-code PreToolUse' }] },
+    }));
+    writeFile(fakeBin, '');
+    const t = th.detectTools({ apiKey: 'k', _mdmDirs: { 'claude-code': mdmDir }, _binaryPath: fakeBin }).find((x) => x.family === 'claude-code');
+    assert.equal(t.status, 'managed-by-mdm');
+    assert.equal(t.scope, 'mdm');
+  });
+});
+
+test('detectTools: copilot user binary (unbound-hook in ~/.copilot/hooks/unbound.json, binary installed) → healthy', () => {
+  withHome((tmp, th) => {
+    const fakeBin = path.join(tmp, 'opt', 'unbound-hook');
+    writeFile(path.join(tmp, '.copilot', 'hooks', 'unbound.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: '/opt/unbound/current/unbound-hook/unbound-hook hook copilot PreToolUse' }] },
+    }));
+    writeFile(fakeBin, '');
+    process.env.UNBOUND_COPILOT_API_KEY = 'k';
+    try {
+      const t = th.detectTools({ apiKey: 'k', _binaryPath: fakeBin }).find((x) => x.family === 'copilot');
+      assert.equal(t.status, 'healthy');
+    } finally {
+      delete process.env.UNBOUND_COPILOT_API_KEY;
+    }
+  });
+});
+
+test('detectTools: copilot user binary (unbound-hook in unbound.json, binary MISSING) → tampered', () => {
+  withHome((tmp, th) => {
+    writeFile(path.join(tmp, '.copilot', 'hooks', 'unbound.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: '/opt/unbound/current/unbound-hook/unbound-hook hook copilot PreToolUse' }] },
+    }));
+    process.env.UNBOUND_COPILOT_API_KEY = 'k';
+    try {
+      const t = th.detectTools({ apiKey: 'k', _binaryPath: path.join(tmp, 'no-such-binary') }).find((x) => x.family === 'copilot');
+      assert.equal(t.status, 'tampered');
+    } finally {
+      delete process.env.UNBOUND_COPILOT_API_KEY;
+    }
+  });
+});
+
+test('detectTools: codex binary regression (wrapper at ~/.codex/hooks/unbound.py, hooks.json refs wrapper, config.toml flag, env) → healthy', () => {
+  withHome((tmp, th) => {
+    const wrapper = path.join(tmp, '.codex', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.codex', 'hooks.json'), JSON.stringify({
+      hooks: { PreToolUse: [{ command: wrapper }] },
+    }));
+    writeFile(wrapper, '#!/bin/sh\nexec /opt/unbound/current/unbound-hook/unbound-hook hook codex "$@"\n');
+    writeFile(path.join(tmp, '.codex', 'config.toml'), 'codex_hooks = true\n');
+    process.env.UNBOUND_CODEX_API_KEY = 'k';
+    try {
+      const t = th.detectTools({ apiKey: 'k' }).find((x) => x.family === 'codex');
+      assert.equal(t.status, 'healthy');
+    } finally {
+      delete process.env.UNBOUND_CODEX_API_KEY;
+    }
+  });
+});
+
+test('detectTools: envCheck rc-file fallback (process.env stale, shell rc holds expected value) → healthy', () => {
+  withHome((tmp, th) => {
+    const script = path.join(tmp, '.cursor', 'hooks', 'unbound.py');
+    writeFile(path.join(tmp, '.cursor', 'hooks.json'), JSON.stringify({ hooks: { PreToolUse: [{ command: script }] } }));
+    writeFile(script, '# unbound');
+    // rcFiles() lists different files per platform (zprofile on darwin,
+    // zshrc/bashrc/profile on linux). Write to .bashrc — both lists include it.
+    writeFile(path.join(tmp, '.bashrc'), 'export UNBOUND_CURSOR_API_KEY="fresh-key"\n');
+    process.env.UNBOUND_CURSOR_API_KEY = 'stale-key';
+    try {
+      const t = th.detectTools({ apiKey: 'fresh-key' }).find((x) => x.key === 'cursor');
+      assert.equal(t.status, 'healthy');
+    } finally {
+      delete process.env.UNBOUND_CURSOR_API_KEY;
+    }
+  });
+});