def0c6fb1d
Rewrites 7 skipped integration tests to work with client-side credential generation: - TestScopedAccess_agent_sees_only_scoped_entries - TestScopedAccess_agent_forbidden_on_unscoped - TestScopedAccess_all_access_sees_everything - TestScopedAccess_agent_cannot_manage_agents - TestScopedAccess_agent_cannot_create_system_types (renamed from _modify_scopes) - TestScopedAccess_agent_entries_invisible - TestKeyLeak_agent_credential_is_opaque Adds MintCredential/ParseCredential test helpers to lib/cvt.go for creating type 0x01 client credential tokens in tests. These simulate the client-side credential generation that normally happens in browser/CLI. Adds test helper methods to integration_test.go: - reqAgent(): sends requests with CVT wire token authentication - mintWireToken(): creates type 0x00 wire tokens for agent auth Security boundaries tested: - Agents with limited scope cannot access owner-only entries - Agents with all_access can see all entries - Agents cannot manage other agents (create/list) - Agents cannot create system-type entries (agent, scope) - Server responses never contain raw L2/L3 key material Fixes #14 |
||
|---|---|---|
| .. | ||
| handlers.go | ||
| importer-mappings.json | ||
| integration_test.go | ||
| mappings.go | ||
| middleware.go | ||
| middleware_test.go | ||
| replication.go | ||
| routes.go | ||
| routes_commercial.go | ||
| routes_community.go | ||