From 3d53b99b0ea8540677326b9393ba6eb1f8079a88 Mon Sep 17 00:00:00 2001
From: David Gageot <david.gageot@docker.com>
Date: Fri, 10 Apr 2026 10:16:49 +0200
Subject: [PATCH] fix: use in-memory store in keyring tests to avoid macOS
 keychain permission dialog

Assisted-By: docker-agent
---
 pkg/tools/mcp/tokenstore_keyring_test.go | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/pkg/tools/mcp/tokenstore_keyring_test.go b/pkg/tools/mcp/tokenstore_keyring_test.go
index 8a96eae5c..b5bea70ba 100644
--- a/pkg/tools/mcp/tokenstore_keyring_test.go
+++ b/pkg/tools/mcp/tokenstore_keyring_test.go
@@ -7,10 +7,9 @@ import (
 )
 
 func TestKeyringTokenStore_RoundTrip(t *testing.T) {
-	// Use in-memory fallback for CI environments without a keyring.
-	// The KeyringTokenStore constructor already falls back to InMemoryTokenStore,
-	// so this test validates the interface contract regardless of backend.
-	store := NewKeyringTokenStore()
+	// Use in-memory store to avoid triggering macOS keychain permission dialogs
+	// or failing in CI environments without a keyring.
+	store := NewInMemoryTokenStore()
 
 	resourceURL := "https://example.com/mcp"
 
@@ -82,7 +81,7 @@ func TestKeyringTokenStore_JSONRoundTrip(t *testing.T) {
 }
 
 func TestKeyringTokenStore_RemoveNonExistent(t *testing.T) {
-	store := NewKeyringTokenStore()
+	store := NewInMemoryTokenStore()
 	// Should not error when removing a non-existent token
 	if err := store.RemoveToken("https://nonexistent.example.com"); err != nil {
 		t.Fatalf("RemoveToken for non-existent key should not error: %v", err)