From be1b73182cdca9c2331e2113bd1a08b977181974 Mon Sep 17 00:00:00 2001
From: Gustavo Madeira Santana <gumadeiras@gmail.com>
Date: Thu, 19 Feb 2026 02:28:20 -0500
Subject: [PATCH] test(gateway): assert none mode is authoritative with token

---
 src/gateway/auth.test.ts | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/gateway/auth.test.ts b/src/gateway/auth.test.ts
index 3c6c0c743d6..acc761ea881 100644
--- a/src/gateway/auth.test.ts
+++ b/src/gateway/auth.test.ts
@@ -130,6 +130,25 @@ describe("gateway auth", () => {
     expect(res.method).toBe("none");
   });
 
+  it("keeps none mode authoritative even when token is present", async () => {
+    const auth = resolveGatewayAuth({
+      authConfig: { mode: "none", token: "configured-token" },
+      env: {} as NodeJS.ProcessEnv,
+    });
+    expect(auth).toMatchObject({
+      mode: "none",
+      modeSource: "config",
+      token: "configured-token",
+    });
+
+    const res = await authorizeGatewayConnect({
+      auth,
+      connectAuth: null,
+    });
+    expect(res.ok).toBe(true);
+    expect(res.method).toBe("none");
+  });
+
   it("reports missing and mismatched password reasons", async () => {
     const missing = await authorizeGatewayConnect({
       auth: { mode: "password", password: "secret", allowTailscale: false },