From a939b11165689655202fa21b8ead930c0197ce1b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Feb 2026 04:15:40 +0000 Subject: [PATCH 1/2] Initial plan From 94709c9f133da9bf2631fa6c435de36ba4af139a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Feb 2026 04:17:58 +0000 Subject: [PATCH 2/2] test(auth): fix review comments in jwt.test.ts Co-authored-by: Psyborgs-git <49641518+Psyborgs-git@users.noreply.github.com> --- packages/auth/src/jwt.test.ts | 41 ++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/packages/auth/src/jwt.test.ts b/packages/auth/src/jwt.test.ts index 847d1fd..8929bcb 100644 --- a/packages/auth/src/jwt.test.ts +++ b/packages/auth/src/jwt.test.ts @@ -1,4 +1,7 @@ -import { describe, it, expect, beforeEach, vi, type Mock } from 'vitest'; +/** + * Tests for @orch/auth/jwt — JwtValidator unit tests + */ +import { describe, it, expect, beforeEach, vi } from 'vitest'; import { JwtValidator } from './jwt.js'; import { JwtProviderManager } from './jwt-provider.js'; import { OrchestratorError, ErrorCode } from '@orch/shared'; @@ -82,28 +85,32 @@ describe('JwtValidator', () => { it('should throw TOKEN_INVALID if issuer is missing in token', async () => { vi.mocked(jose.decodeJwt).mockReturnValue({}); // No iss - await expect(validator.validate(validToken)).rejects.toThrow(OrchestratorError); - await expect(validator.validate(validToken)).rejects.toThrow('JWT missing required "iss" claim'); - + let error: any; try { await validator.validate(validToken); } catch (err: any) { - expect(err.code).toBe(ErrorCode.TOKEN_INVALID); + error = err; } + + expect(error).toBeInstanceOf(OrchestratorError); + expect(error.message).toContain('JWT missing required "iss" claim'); + expect(error.code).toBe(ErrorCode.TOKEN_INVALID); }); it('should throw AUTH_FAILED if provider is not found', async () => { vi.mocked(jose.decodeJwt).mockReturnValue({ iss: 'unknown-issuer' }); vi.mocked(mockProviderManager.findByIssuer).mockReturnValue(undefined); - await expect(validator.validate(validToken)).rejects.toThrow(OrchestratorError); - await expect(validator.validate(validToken)).rejects.toThrow('is not a registered provider'); - + let error: any; try { await validator.validate(validToken); } catch (err: any) { - expect(err.code).toBe(ErrorCode.AUTH_FAILED); + error = err; } + + expect(error).toBeInstanceOf(OrchestratorError); + expect(error.message).toContain('is not a registered provider'); + expect(error.code).toBe(ErrorCode.AUTH_FAILED); }); it('should cache JWKS for the same issuer', async () => { @@ -197,13 +204,13 @@ describe('JwtValidator', () => { }); it('should rethrow OrchestratorError if thrown inside try block', async () => { - // Force decodeJwt to throw OrchestratorError (e.g. somehow) - // Or easier: make jwtVerify throw one - const orchError = new OrchestratorError(ErrorCode.INTERNAL_ERROR, 'Internal error'); - vi.mocked(jose.decodeJwt).mockReturnValue({ iss: mockProvider.issuer }); - vi.mocked(mockProviderManager.findByIssuer).mockReturnValue(mockProvider); - vi.mocked(jose.jwtVerify).mockRejectedValue(orchError); - - await expect(validator.validate(validToken)).rejects.toThrow(orchError); + // Force decodeJwt to throw OrchestratorError (e.g. somehow) + // Or easier: make jwtVerify throw one + const orchError = new OrchestratorError(ErrorCode.INTERNAL_ERROR, 'Internal error'); + vi.mocked(jose.decodeJwt).mockReturnValue({ iss: mockProvider.issuer }); + vi.mocked(mockProviderManager.findByIssuer).mockReturnValue(mockProvider); + vi.mocked(jose.jwtVerify).mockRejectedValue(orchError); + + await expect(validator.validate(validToken)).rejects.toThrow(orchError); }); });