test(api-keys): cover create/list/delete lifecycle and prefix match#87
Merged
mikewheeleer merged 1 commit intoJun 24, 2026
Merged
Conversation
Jagadeeshftw
force-pushed
the
test/api-keys-35-lifecycle
branch
from
a4224ef to
49d4a0a
Compare
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Jagadeeshftw
force-pushed
the
test/api-keys-35-lifecycle
branch
from
49d4a0a to
6f66c35
Compare
Contributor
|
solid lifecycle coverage for the api-keys. merging 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds
src/__tests__/apiKeys.test.ts, covering the full lifecycle of the API-key endpoints with no production code changes.keystartingsrk_and the echoedlabel; validates the 1–64 char label boundary (empty and 65-char rejected with 400invalid_request+requestId; 64-char accepted).prefix,label,createdAt; asserts no item exposes akeyfield and the raw key string never appears in the response body.not_found.Closes #83
Test output
Security notes
Asserts the raw secret key is never returned by the list endpoint (only the 8-char prefix), guarding against credential leakage in API responses.