Skip to content

test(token): cover negative_value JWT variants and isolation invariants#737

Merged
EffortlessSteven merged 2 commits into
mainfrom
claude/cover-token-negative-variants
May 16, 2026
Merged

test(token): cover negative_value JWT variants and isolation invariants#737
EffortlessSteven merged 2 commits into
mainfrom
claude/cover-token-negative-variants

Conversation

@EffortlessSteven

Copy link
Copy Markdown
Member

Summary

Adds 11 focused integration tests in
crates/uselesskey-token/tests/negative_value_variants.rs that close gaps in
TokenFixture::negative_value coverage.

Previously tests/negative_fixtures.rs exercised only 5 of the 12
NegativeToken variants at the public-fixture layer:

  • covered: ExpiredClaims, BadIssuer, BadAudience, MalformedBearer,
    NearMissApiKey
  • only covered via the internal generate_negative_token helper:
    MalformedJwtSegmentCount, BadBase64UrlSegment, InvalidJwtHeaderShape,
    MissingAlg, AlgNone, MismatchedKid, NotYetValidClaims

Gaps closed

  • All 7 previously-uncovered JWT variants are now exercised through the
    public TokenFixture::negative_value surface, validating shape and key
    payload/header fields that match what a downstream JWT validator would
    reject on.
  • Per-variant cross-factory determinism: same seed yields the same
    negative value across separate Factory instances for every JWT
    variant.
  • Cache-by-identity isolation: calling negative_value for any variant
    does not perturb the cached positive token value.
  • Debug redaction: Debug does not leak either the positive or the
    cached negative value.
  • Distinctness: the 7 JWT negative variants yield mutually distinct
    outputs and each differs from the positive token.

Notes

  • Tests use Factory::deterministic_from_str for reproducibility.
  • Tests use uselesskey_test_support::{ensure, ensure_eq, require_some, require_ok}
    plus explicit match instead of .unwrap() / .expect() so no new
    no-panic-family debt is introduced (cargo xtask check-no-panic-family
    flags no new sites in this file).
  • The only non-test code change is adding uselesskey-test-support to
    [dev-dependencies].

Test plan

  • cargo test -p uselesskey-token --test negative_value_variants (11 passed)
  • cargo test -p uselesskey-token (full crate, all passed including
    doctests and inline tests)
  • cargo clippy -p uselesskey-token --all-targets -- -D warnings (clean)
  • cargo xtask check-no-panic-family does not flag the new file

https://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM


Generated by Claude Code

Adds 11 integration tests in
`crates/uselesskey-token/tests/negative_value_variants.rs` that close gaps
in `TokenFixture::negative_value` coverage. Previously
`negative_fixtures.rs` exercised only 5 of the 12 `NegativeToken` variants
at the public-fixture layer; the JWT-shaped variants were only tested via
the internal `generate_negative_token` helper.

New coverage:

- All 7 previously untested JWT variants via the public `negative_value`
  surface: `MalformedJwtSegmentCount`, `BadBase64UrlSegment`,
  `InvalidJwtHeaderShape`, `MissingAlg`, `AlgNone`, `MismatchedKid`,
  `NotYetValidClaims`.
- Per-variant cross-factory determinism: same seed yields the same
  negative value across separate `Factory` instances for every JWT
  variant.
- Isolation: calling `negative_value` for any variant does not perturb
  the positive token value (cache-by-identity invariant).
- Debug redaction: `Debug` does not leak either the positive or the
  cached negative value.
- Distinctness: the 7 JWT negative variants yield mutually distinct
  outputs and each differs from the positive token.

Tests use `Factory::deterministic_from_str` and
`uselesskey_test_support::{ensure, ensure_eq, require_some, require_ok}`
plus explicit `match` patterns instead of `.unwrap()` / `.expect()` so no
new no-panic-family debt is introduced. The only non-test change is
adding `uselesskey-test-support` to `[dev-dependencies]`.

https://claude.ai/code/session_0116SGvHnLaoXXd6wz2U9SvM
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented May 16, 2026

Copy link
Copy Markdown

Warning

Rate limit exceeded

@EffortlessSteven has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 32 minutes and 50 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 29159614-5c4f-4d55-8c24-bf3c51dc8b81

📥 Commits

Reviewing files that changed from the base of the PR and between ac9aba2 and ee3d581.

⛔ Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
📒 Files selected for processing (2)
  • crates/uselesskey-token/Cargo.toml
  • crates/uselesskey-token/tests/negative_value_variants.rs
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch claude/cover-token-negative-variants

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@EffortlessSteven EffortlessSteven marked this pull request as ready for review May 16, 2026 09:40
@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@chatgpt-codex-connector

Copy link
Copy Markdown

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, add credits to your account and enable them for code reviews in your settings.

@EffortlessSteven EffortlessSteven merged commit 8c8493f into main May 16, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants