test: tighten shared auth and identity coverage

src/shared/assistant-identity-values.test.ts

@@ -5,6 +5,7 @@ describe("shared/assistant-identity-values", () => {
   it("returns undefined for missing or blank values", () => {
     expect(coerceIdentityValue(undefined, 10)).toBeUndefined();
     expect(coerceIdentityValue("   ", 10)).toBeUndefined();
+    expect(coerceIdentityValue(42 as unknown as string, 10)).toBeUndefined();
   });
 
   it("trims values and preserves strings within the limit", () => {
@@ -14,4 +15,8 @@ describe("shared/assistant-identity-values", () => {
   it("truncates overlong trimmed values at the exact limit", () => {
     expect(coerceIdentityValue("  OpenClaw Assistant  ", 8)).toBe("OpenClaw");
   });
+
+  it("returns an empty string when truncating to a zero-length limit", () => {
+    expect(coerceIdentityValue("  OpenClaw  ", 0)).toBe("");
+  });
 });

src/shared/device-auth.test.ts

@@ -5,6 +5,7 @@ describe("shared/device-auth", () => {
   it("trims device auth roles without further rewriting", () => {
     expect(normalizeDeviceAuthRole(" operator ")).toBe("operator");
     expect(normalizeDeviceAuthRole("")).toBe("");
+    expect(normalizeDeviceAuthRole("  NODE.Admin  ")).toBe("NODE.Admin");
   });
 
   it("dedupes, trims, sorts, and filters auth scopes", () => {
@@ -12,5 +13,11 @@ describe("shared/device-auth", () => {
       normalizeDeviceAuthScopes([" node.invoke ", "operator.read", "", "node.invoke", "a.scope"]),
     ).toEqual(["a.scope", "node.invoke", "operator.read"]);
     expect(normalizeDeviceAuthScopes(undefined)).toEqual([]);
+    expect(normalizeDeviceAuthScopes(["   ", "\t", "\n"])).toEqual([]);
+    expect(normalizeDeviceAuthScopes(["z.scope", "A.scope", "m.scope"])).toEqual([
+      "A.scope",
+      "m.scope",
+      "z.scope",
+    ]);
   });
 });