Skip to content

test(token): add mutant_killers and extra_coverage for derivation pins#733

Merged
EffortlessSteven merged 1 commit into
mainfrom
claude/coverage-token-mutant-killers-E47b2
May 16, 2026
Merged

test(token): add mutant_killers and extra_coverage for derivation pins#733
EffortlessSteven merged 1 commit into
mainfrom
claude/coverage-token-mutant-killers-E47b2

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

uselesskey-token was the only crypto-fixture crate without a tests/mutant_killers.rs or a <crate>_extra_coverage.rs file. Both pinning patterns are well-established across the workspace (rsa/ecdsa/ed25519/pgp ship mutant_killers.rs; hmac/ed25519/entropy/jwk ship *_extra_coverage.rs), and the derivation-critical surface of TokenSpec and TokenFixture was not pinned anywhere.

This PR closes that gap. Tests only — no production code changes.

tests/mutant_killers.rs

Pins values that participate in cache identity and deterministic derivation:

  • TokenSpec constructor variants (api_key/bearer/oauth_access_token → correct enum)
  • kind_name() exact strings
  • stable_bytes() exact byte arrays ([0,0,0,1]/[0,0,0,2]/[0,0,0,3])
  • authorization_scheme() exact strings

A silent change to any of these would invalidate every cached and deterministic token fixture downstream without warning. The byte-exact pin matches uselesskey-pgp/tests/mutant_killers.rs::stable_bytes_exact so the policy is uniform.

tests/token_extra_coverage.rs

Pins the rest of the token public surface that was either doctest-only or had partial coverage:

  • DOMAIN_TOKEN_FIXTURE value ("uselesskey:token:fixture")
  • TokenFixture::spec() / label() accessors (previously only exercised via doctests)
  • authorization_header() for ApiKey and OAuth (the inline test only covers bearer)
  • Negative-variant cache uniqueness (4 different NegativeToken arms produce distinct values, and none equal the positive fixture)
  • Negative-variant intra-fixture caching (same variant → same cached value)
  • Clone preserves label/spec/value

Returns TestResult<()> and routes assertions through uselesskey-test-support's ensure!/ensure_eq!/require_ok helpers so this PR adds zero new panic-family debt.

Test plan

  • cargo test -p uselesskey-token --test mutant_killers --test token_extra_coverage — all 12 new tests pass
  • cargo clippy -p uselesskey-token --all-targets -- -D warnings clean
  • cargo fmt -p uselesskey-token clean
  • cargo xtask check-no-panic-family reports the same 3 pre-existing x509 debt sites — no new debt from this PR
  • CI green on PR

Generated by Claude Code

Pin the derivation-critical surface of `uselesskey-token` so a silent change
trips a test instead of silently re-keying every cached and deterministic
token fixture downstream:

- `tests/mutant_killers.rs`: matches the existing pattern in `uselesskey-rsa`,
  `uselesskey-ecdsa`, `uselesskey-ed25519`, and `uselesskey-pgp`. Pins
  `TokenSpec` constructor variants, `kind_name`, `stable_bytes`, and
  `authorization_scheme` to exact values.
- `tests/token_extra_coverage.rs`: matches the existing pattern in
  `uselesskey-hmac`, `uselesskey-ed25519`, `uselesskey-entropy`, and
  `uselesskey-jwk`. Pins `DOMAIN_TOKEN_FIXTURE`, `TokenFixture::spec()` /
  `label()` accessors (previously only doctested), `authorization_header()`
  for the `ApiKey` and `OAuth` schemes (the inline `bearer` test was the
  only one before), negative-variant cache uniqueness across `NegativeToken`
  arms, and `Clone` preserves label/spec/value.

Adds `uselesskey-test-support` as a dev-dep so `token_extra_coverage` can
return `TestResult<()>` and avoid panic-family debt. `cargo xtask
check-no-panic-family` reports the same 3 pre-existing x509 sites with no
new debt from this PR.
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 16, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 13 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: aae49fce-7644-4b78-bd61-4db52aa02bc5

📥 Commits

Reviewing files that changed from the base of the PR and between ac9aba2 and f50945d.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (3)
  • crates/uselesskey-token/Cargo.toml
  • crates/uselesskey-token/tests/mutant_killers.rs
  • crates/uselesskey-token/tests/token_extra_coverage.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/coverage-token-mutant-killers-E47b2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@EffortlessSteven EffortlessSteven marked this pull request as ready for review May 16, 2026 08:47
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@EffortlessSteven EffortlessSteven merged commit 4ec8404 into main May 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants