diff --git a/src/infra/exec-approvals.socket-defaults.test.ts b/src/infra/exec-approvals.socket-defaults.test.ts
deleted file mode 100644
index b1f33ea9843..00000000000
--- a/src/infra/exec-approvals.socket-defaults.test.ts
+++ /dev/null
@@ -1,32 +0,0 @@
-import { describe, expect, it } from "vitest";
-import { mergeExecApprovalsSocketDefaults, normalizeExecApprovals } from "./exec-approvals.js";
-
-describe("mergeExecApprovalsSocketDefaults", () => {
-  it("prefers normalized socket, then current, then default path", () => {
-    const normalized = normalizeExecApprovals({
-      version: 1,
-      agents: {},
-      socket: { path: "/tmp/a.sock", token: "a" },
-    });
-    const current = normalizeExecApprovals({
-      version: 1,
-      agents: {},
-      socket: { path: "/tmp/b.sock", token: "b" },
-    });
-    const merged = mergeExecApprovalsSocketDefaults({ normalized, current });
-    expect(merged.socket?.path).toBe("/tmp/a.sock");
-    expect(merged.socket?.token).toBe("a");
-  });
-
-  it("falls back to current token when missing in normalized", () => {
-    const normalized = normalizeExecApprovals({ version: 1, agents: {} });
-    const current = normalizeExecApprovals({
-      version: 1,
-      agents: {},
-      socket: { path: "/tmp/b.sock", token: "b" },
-    });
-    const merged = mergeExecApprovalsSocketDefaults({ normalized, current });
-    expect(merged.socket?.path).toBeTruthy();
-    expect(merged.socket?.token).toBe("b");
-  });
-});
diff --git a/src/infra/exec-approvals.test.ts b/src/infra/exec-approvals.test.ts
index 8251b6ca99f..ee3a4f822f6 100644
--- a/src/infra/exec-approvals.test.ts
+++ b/src/infra/exec-approvals.test.ts
@@ -11,6 +11,7 @@ import {
   isSafeBinUsage,
   matchAllowlist,
   maxAsk,
+  mergeExecApprovalsSocketDefaults,
   minSecurity,
   normalizeExecApprovals,
   normalizeSafeBins,
@@ -79,6 +80,36 @@ describe("exec approvals allowlist matching", () => {
   });
 });
 
+describe("mergeExecApprovalsSocketDefaults", () => {
+  it("prefers normalized socket, then current, then default path", () => {
+    const normalized = normalizeExecApprovals({
+      version: 1,
+      agents: {},
+      socket: { path: "/tmp/a.sock", token: "a" },
+    });
+    const current = normalizeExecApprovals({
+      version: 1,
+      agents: {},
+      socket: { path: "/tmp/b.sock", token: "b" },
+    });
+    const merged = mergeExecApprovalsSocketDefaults({ normalized, current });
+    expect(merged.socket?.path).toBe("/tmp/a.sock");
+    expect(merged.socket?.token).toBe("a");
+  });
+
+  it("falls back to current token when missing in normalized", () => {
+    const normalized = normalizeExecApprovals({ version: 1, agents: {} });
+    const current = normalizeExecApprovals({
+      version: 1,
+      agents: {},
+      socket: { path: "/tmp/b.sock", token: "b" },
+    });
+    const merged = mergeExecApprovalsSocketDefaults({ normalized, current });
+    expect(merged.socket?.path).toBeTruthy();
+    expect(merged.socket?.token).toBe("b");
+  });
+});
+
 describe("exec approvals safe shell command builder", () => {
   it("quotes only safeBins segments (leaves other segments untouched)", () => {
     if (process.platform === "win32") {