From 46dff29e02d05ab9bc313c2b5c60480cc676c234 Mon Sep 17 00:00:00 2001
From: Peter Steinberger <steipete@gmail.com>
Date: Sun, 10 May 2026 00:09:43 +0100
Subject: [PATCH] test: assert e2e auth profiles use sqlite

---
 .../e2e/lib/codex-on-demand/assertions.mjs    | 39 ++++++++++++++-----
 .../npm-onboard-channel-agent/assertions.mjs  | 26 ++++++++++---
 2 files changed, 50 insertions(+), 15 deletions(-)

diff --git a/scripts/e2e/lib/codex-on-demand/assertions.mjs b/scripts/e2e/lib/codex-on-demand/assertions.mjs
index 16c39f5795e..92d022703de 100644
--- a/scripts/e2e/lib/codex-on-demand/assertions.mjs
+++ b/scripts/e2e/lib/codex-on-demand/assertions.mjs
@@ -1,5 +1,7 @@
 import fs from "node:fs";
 import path from "node:path";
+import { DatabaseSync } from "node:sqlite";
+import { readInstalledPluginRecords } from "../installed-plugin-index.mjs";
 
 const readJson = (file) => JSON.parse(fs.readFileSync(file, "utf8"));
 
@@ -28,12 +30,6 @@ function assertPathInside(parentPath, childPath, label) {
   }
 }
 
-function installRecords() {
-  const indexPath = path.join(stateDir(), "plugins", "installs.json");
-  const index = fs.existsSync(indexPath) ? readJson(indexPath) : {};
-  return index.installRecords || index.records || cfg.plugins?.installs || {};
-}
-
 function findPackageJson(packageName, roots) {
   const packagePath = packageName.startsWith("@")
     ? path.join(...packageName.split("/"), "package.json")
@@ -42,9 +38,27 @@ function findPackageJson(packageName, roots) {
   return candidates.find((candidate) => fs.existsSync(candidate));
 }
 
+function stateDatabasePath() {
+  return path.join(stateDir(), "state", "openclaw.sqlite");
+}
+
+function readOpenClawStateKvJson(scope, key) {
+  const dbPath = stateDatabasePath();
+  if (!fs.existsSync(dbPath)) {
+    throw new Error(`missing OpenClaw state database: ${dbPath}`);
+  }
+  const db = new DatabaseSync(dbPath, { readOnly: true });
+  try {
+    const row = db.prepare("SELECT value_json FROM kv WHERE scope = ? AND key = ?").get(scope, key);
+    return typeof row?.value_json === "string" ? JSON.parse(row.value_json) : undefined;
+  } finally {
+    db.close();
+  }
+}
+
 const cfg = readJson(configPath());
 const inspect = readJson("/tmp/openclaw-codex-inspect.json");
-const records = installRecords();
+const records = readInstalledPluginRecords();
 const codexRecord = records.codex || inspect.install;
 if (!codexRecord) {
   throw new Error(`missing codex install record: ${JSON.stringify(records)}`);
@@ -107,11 +121,16 @@ if (providerRuntime && providerRuntime !== "codex") {
   throw new Error(`unexpected OpenAI provider runtime: ${providerRuntime}`);
 }
 
-const authPath = path.join(stateDir(), "agents", "main", "agent", "auth-profiles.json");
-const authRaw = fs.readFileSync(authPath, "utf8");
-if (!authRaw.includes("OPENAI_API_KEY")) {
+const authAgentDir = path.join(stateDir(), "agents", "main", "agent");
+const authStore = readOpenClawStateKvJson("auth-profiles", authAgentDir);
+const authRaw = JSON.stringify(authStore ?? {});
+if (!authStore || !authRaw.includes("OPENAI_API_KEY")) {
   throw new Error("auth profile did not persist OPENAI_API_KEY env ref");
 }
 if (authRaw.includes("sk-openclaw-codex-on-demand-e2e")) {
   throw new Error("auth profile persisted the raw OpenAI test key");
 }
+const authPath = path.join(authAgentDir, "auth-profiles.json");
+if (fs.existsSync(authPath)) {
+  throw new Error(`auth profile should be SQLite-backed, found legacy file: ${authPath}`);
+}
diff --git a/scripts/e2e/lib/npm-onboard-channel-agent/assertions.mjs b/scripts/e2e/lib/npm-onboard-channel-agent/assertions.mjs
index b321f0c13c5..4e204f257d8 100644
--- a/scripts/e2e/lib/npm-onboard-channel-agent/assertions.mjs
+++ b/scripts/e2e/lib/npm-onboard-channel-agent/assertions.mjs
@@ -1,9 +1,24 @@
 import fs from "node:fs";
 import path from "node:path";
+import { DatabaseSync } from "node:sqlite";
 
 const command = process.argv[2];
 const readJson = (file) => JSON.parse(fs.readFileSync(file, "utf8"));
 
+function readOpenClawStateKvJson(stateDir, scope, key) {
+  const dbPath = path.join(stateDir, "state", "openclaw.sqlite");
+  if (!fs.existsSync(dbPath)) {
+    throw new Error(`missing OpenClaw state database: ${dbPath}`);
+  }
+  const db = new DatabaseSync(dbPath, { readOnly: true });
+  try {
+    const row = db.prepare("SELECT value_json FROM kv WHERE scope = ? AND key = ?").get(scope, key);
+    return typeof row?.value_json === "string" ? JSON.parse(row.value_json) : undefined;
+  } finally {
+    db.close();
+  }
+}
+
 function assertOnboardState() {
   const home = process.argv[3];
   const stateDir = path.join(home, ".openclaw");
@@ -17,16 +32,17 @@ function assertOnboardState() {
   if (!fs.existsSync(agentDir)) {
     throw new Error("onboard did not create main agent dir");
   }
-  if (!fs.existsSync(authPath)) {
-    throw new Error("onboard did not create auth-profiles.json");
-  }
-  const authRaw = fs.readFileSync(authPath, "utf8");
-  if (!authRaw.includes("OPENAI_API_KEY")) {
+  const authStore = readOpenClawStateKvJson(stateDir, "auth-profiles", agentDir);
+  const authRaw = JSON.stringify(authStore ?? {});
+  if (!authStore || !authRaw.includes("OPENAI_API_KEY")) {
     throw new Error("auth profile did not persist OPENAI_API_KEY env ref");
   }
   if (authRaw.includes("sk-openclaw-npm-onboard-e2e")) {
     throw new Error("auth profile persisted the raw OpenAI test key");
   }
+  if (fs.existsSync(authPath)) {
+    throw new Error(`auth profile should be SQLite-backed, found legacy file: ${authPath}`);
+  }
 }
 
 function configureMockModel() {