test: scope sandbox audit home env

src/security/audit-sandbox-docker-config.test.ts

@@ -3,6 +3,7 @@ import os from "node:os";
 import path from "node:path";
 import { afterEach, describe, expect, it, vi } from "vitest";
 import type { OpenClawConfig } from "../config/config.js";
+import { withEnvAsync } from "../test-utils/env.js";
 import {
   collectSandboxDangerousConfigFindings,
   collectSandboxDockerNoopFindings,
@@ -44,12 +45,8 @@ describe("security audit sandbox docker config", () => {
 
   it("evaluates sandbox docker config findings", async () => {
     const isolatedHome = path.join(os.tmpdir(), "openclaw-security-audit-home");
-    const previousHome = process.env.HOME;
-    const previousUserProfile = process.env.USERPROFILE;
-    process.env.HOME = isolatedHome;
-    process.env.USERPROFILE = isolatedHome;
     vi.spyOn(os, "homedir").mockReturnValue(isolatedHome);
-    try {
+    await withEnvAsync({ HOME: isolatedHome, USERPROFILE: isolatedHome }, async () => {
       const cases = [
         {
           name: "mode off with docker config only",
@@ -191,17 +188,6 @@ describe("security audit sandbox docker config", () => {
           });
         }),
       );
-    } finally {
-      if (previousHome === undefined) {
-        delete process.env.HOME;
-      } else {
-        process.env.HOME = previousHome;
-      }
-      if (previousUserProfile === undefined) {
-        delete process.env.USERPROFILE;
-      } else {
-        process.env.USERPROFILE = previousUserProfile;
-      }
-    }
+    });
   });
 });