Skip to content

test(webhook): cover all profiles for near-miss, raw payloads, hmac key boundaries#696

Merged
EffortlessSteven merged 1 commit into
mainfrom
claude/cov-webhook-profiles
May 16, 2026
Merged

test(webhook): cover all profiles for near-miss, raw payloads, hmac key boundaries#696
EffortlessSteven merged 1 commit into
mainfrom
claude/cov-webhook-profiles

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

Closes coverage gaps in uselesskey-webhook where existing tests only exercised one profile (typically Stripe) of a multi-profile code path. No production code changes.

Gaps closed

Area What was missing New test
WebhookProfile::stable_tag Internal tag function never asserted directly per variant webhook_profile_stable_tag_is_unique_per_variant
WebhookPayloadSpec::Raw end-to-end canonical_payload's Raw arm only checked via stable_bytes, never as a generated fixture raw_payload_spec_is_returned_verbatim, raw_payload_distinct_strings_yield_distinct_cache_identities
near_miss_stale_timestamp for GitHub & Slack Only Stripe was tested stale_timestamp_near_miss_works_for_all_profiles
near_miss_wrong_secret for GitHub & Slack Only Stripe was tested wrong_secret_near_miss_works_for_github_and_slack
near_miss_tampered_payload for GitHub & Slack Only Stripe was tested tampered_payload_near_miss_works_for_github_and_slack
hmac_sha256_hex long-key branch 20-byte (RFC 4231) and 64-byte (block boundary) keys covered, but the >64-byte hashed-first branch was unexercised hmac_sha256_long_key_is_hashed_first (RFC 4231 vector 4)
hmac_sha256_hex short-key zero-pad branch Compared against an explicitly zero-padded 64-byte key for cross-validation hmac_sha256_short_key_is_zero_padded
Debug redaction across profiles Slack-only; GitHub/Stripe untested debug_redacts_secret_for_all_profiles
Debug redaction for all near-miss scenarios Only WrongSecret covered debug_redacts_secret_for_all_near_miss_scenarios

10 new tests, all using Factory::deterministic_from_str to avoid .unwrap() debt. No new no-panic-family debt.

Test plan

  • cargo test -p uselesskey-webhook --lib — 22/22 pass (10 new + 12 existing)
  • cargo clippy -p uselesskey-webhook --tests --all-features -- -D warnings
  • cargo xtask check-no-panic-family — only the pre-existing xtask/src/user_path_smoke.rs:126 debt remains
  • cargo fmt --check -p uselesskey-webhook

https://claude.ai/code/session_01R9SN1o9XoVTaVxj9w4VMzD


Generated by Claude Code

…ey boundaries

Adds 10 inline tests to `uselesskey-webhook` that close coverage gaps
across previously single-profile-only paths:

- `WebhookProfile::stable_tag` for every variant
- Raw payload spec returned verbatim and producing a distinct cache identity
- `near_miss_stale_timestamp` / `near_miss_wrong_secret` /
  `near_miss_tampered_payload` validated against GitHub and Slack (Stripe
  was already covered)
- `hmac_sha256_hex` long-key (>64-byte) hashed-first branch (RFC 4231
  vector 4) and short-key (<64-byte) zero-padding branch
- `Debug` impls verified to redact the secret for all profiles and all
  near-miss scenarios

No production code changes. All tests use `Factory::deterministic_from_str`
so the no-panic-family check stays at zero new debt.

https://claude.ai/code/session_01R9SN1o9XoVTaVxj9w4VMzD
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 16, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 24 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 0e1e631e-b18f-40d9-9833-07be43e2a24a

📥 Commits

Reviewing files that changed from the base of the PR and between fad488d and 9ee0c58.

📒 Files selected for processing (1)
  • crates/uselesskey-webhook/src/lib.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/cov-webhook-profiles

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@EffortlessSteven EffortlessSteven marked this pull request as ready for review May 16, 2026 02:40
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@EffortlessSteven EffortlessSteven merged commit eefcd21 into main May 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants