Problem
The permission prompt system (from #3818) has test gaps identified by rule review:
-
Sanitization boundary tests: MAX_MESSAGE_LEN (2048), MAX_LABEL_LEN (64), and MAX_LABELS (10) truncation limits are enforced in production but not tested at the boundary (message with exactly 2049 chars, label with 65 chars, 11 labels).
-
HTTP handler error path tests: The permission_respond handler has 4 error paths (missing Origin -> 403, untrusted Origin -> 403, expired nonce -> 404, invalid index -> 400) that are not tested at the handler level. The underlying is_trusted_origin function IS unit-tested, but the full HTTP request/response cycle is not.
-
is_trusted_origin edge case: "http://localhost" (no port) is not tested despite being handled by the code.
Proposed Fix
Add tests using axum's Router + tower::ServiceExt::oneshot for handler-level testing:
let app = Router::new()
.merge(permission_prompts::routes())
.layer(Extension(pending_prompts));
let response = app.oneshot(
Request::builder()
.method("POST")
.uri("/permission/fake-nonce/respond")
.header("content-type", "application/json")
.header("origin", "http://evil.com")
.body(Body::from(r#"{"index": 0}"#))
.unwrap()
).await.unwrap();
assert_eq!(response.status(), StatusCode::FORBIDDEN);Context
Rule review warnings from #3818, acknowledged with /ack to avoid blocking the security-critical sandbox fix.
[AI-assisted - Claude]
Problem
The permission prompt system (from #3818) has test gaps identified by rule review:
Sanitization boundary tests:
MAX_MESSAGE_LEN(2048),MAX_LABEL_LEN(64), andMAX_LABELS(10) truncation limits are enforced in production but not tested at the boundary (message with exactly 2049 chars, label with 65 chars, 11 labels).HTTP handler error path tests: The
permission_respondhandler has 4 error paths (missing Origin -> 403, untrusted Origin -> 403, expired nonce -> 404, invalid index -> 400) that are not tested at the handler level. The underlyingis_trusted_originfunction IS unit-tested, but the full HTTP request/response cycle is not.is_trusted_originedge case:"http://localhost"(no port) is not tested despite being handled by the code.Proposed Fix
Add tests using axum's
Router+tower::ServiceExt::oneshotfor handler-level testing:Context
Rule review warnings from #3818, acknowledged with
/ackto avoid blocking the security-critical sandbox fix.[AI-assisted - Claude]