test: add 151 tests for key-server security-critical logic (#1036)

Browse source

Add comprehensive test coverage for the key-server
(.claude/skills/setup-agent-team/key-server.ts), which previously had
zero tests despite containing security-critical logic:

- validKeyVal: API key validation (control chars, shell metacharacters,
  length limits) - 37 tests
- SAFE_PROVIDER_RE: path traversal prevention in provider names - 21 tests
- UUID_RE: batch ID format validation - 12 tests
- signHmac/verifyHmac: HMAC signing and verification for signed URLs - 17 tests
- isAuthed: timing-safe Bearer token auth - 9 tests
- rateCheck: rate limiting logic - 8 tests
- esc: HTML escaping for XSS prevention - 13 tests
- cleanup: data store batch expiry logic - 9 tests
- Key submission validation flow - 6 tests
- Route matching, security headers, backward compat - 19 tests

Agent: test-engineer

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

...

This commit is contained in:

A 2026-02-13 17:11:35 -08:00 • committed by GitHub

parent c6d0cb218e

commit beceb69962

No known key found for this signature in database

GPG key ID: B5690EEEBB952194

1 changed files with 1146 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download patch file Download diff file Expand all files Collapse all files

1146

cli/src/__tests__/key-server.test.ts Normal file

View file

File diff suppressed because it is too large Load diff