test: keybind parsing & credential multi-field stripping#492
Closed
anandgupta42 wants to merge 1 commit intomainfrom
Closed
test: keybind parsing & credential multi-field stripping#492anandgupta42 wants to merge 1 commit intomainfrom
anandgupta42 wants to merge 1 commit intomainfrom
Conversation
Add unit tests for the completely untested Keybind module (parse, match, toString, fromParsedKey) which gates all TUI keyboard interactions, and extend credential store tests to cover simultaneous multi-field sensitive data stripping plus Docker containerToConfig conditional field omission. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> https://claude.ai/code/session_01Lui6DcLFYL75nCttunEPpH
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
|
| GitGuardian id | GitGuardian status | Secret | Commit | Filename | |
|---|---|---|---|---|---|
| 29254673 | Triggered | Generic Password | 690303f | packages/opencode/test/altimate/connections.test.ts | View secret |
| 29254674 | Triggered | Generic Password | 690303f | packages/opencode/test/altimate/connections.test.ts | View secret |
🛠 Guidelines to remediate hardcoded secrets
- Understand the implications of revoking this secret by investigating where it is used in your code.
- Replace and store your secrets safely. Learn here the best practices.
- Revoke and rotate these secrets.
- If possible, rewrite git history. Rewriting git history is not a trivial act. You might completely break other contributing developers' workflow and you risk accidentally deleting legitimate data.
To avoid such incidents in the future consider
- following these best practices for managing and storing secrets including API keys and other credentials
- install secret detection on pre-commit to catch secret before it leaves your machine and ease remediation.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
📝 WalkthroughWalkthroughComprehensive test coverage added for two utility modules: credential storage security (verifying removal of sensitive fields from connection configs) and keyboard binding parsing/matching functionality. No production code or public API changes. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Suggested labels
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (2)
packages/opencode/test/util/keybind.test.ts (1)
214-232: Optional: extract small test fixtures to reduce repeated object literals.Line 216, Line 222, and Line 228 repeat the same parsed-key shape; a tiny factory would make updates safer and cleaner.
♻️ Suggested refactor
+const parsedKey = (overrides: Partial<{ name: string; ctrl: boolean; meta: boolean; shift: boolean; super: boolean }> = {}) => ({ + name: "a", + ctrl: false, + meta: false, + shift: false, + super: false, + ...overrides, +}) + describe("Keybind.fromParsedKey", () => { test("normalizes space to 'space'", () => { - const parsed = { name: " ", ctrl: false, meta: false, shift: false, super: false } + const parsed = parsedKey({ name: " " }) const result = Keybind.fromParsedKey(parsed as any) expect(result.name).toBe("space") }) test("sets leader flag when passed", () => { - const parsed = { name: "a", ctrl: false, meta: false, shift: false, super: false } + const parsed = parsedKey() const result = Keybind.fromParsedKey(parsed as any, true) expect(result.leader).toBe(true) }) test("defaults leader to false", () => { - const parsed = { name: "a", ctrl: false, meta: false, shift: false, super: false } + const parsed = parsedKey() const result = Keybind.fromParsedKey(parsed as any) expect(result.leader).toBe(false) }) })🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/opencode/test/util/keybind.test.ts` around lines 214 - 232, Tests for Keybind.fromParsedKey repeat the same parsed-key object literal; create a small test fixture factory (e.g., makeParsedKey or parsedKeyFixture) used across the three tests to produce the parsed object with defaults and an overridable name or leader flag, then replace the repeated literals in the Keybind.fromParsedKey tests with calls to that factory to reduce duplication and make future changes safer.packages/opencode/test/altimate/connections.test.ts (1)
131-131: Test name overstates coverage scope.Line 131 says “all sensitive fields,” but this test validates a subset. Please rename to reflect “all provided sensitive fields” (or expand coverage) to avoid false confidence.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/opencode/test/altimate/connections.test.ts` at line 131, Rename the Jest test whose title is "saveConnection strips all sensitive fields from complex config" to accurately state it only checks the provided subset (e.g., "saveConnection strips all provided sensitive fields from complex config") or expand the test body to assert removal of every known sensitive key; locate the test by the test(...) call at the top of the block and update the string title (or add assertions for additional sensitive keys) so the name no longer overstates coverage.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/opencode/test/altimate/connections.test.ts`:
- Around line 326-329: The test currently checks optional fields with
expect(config.user).toBeUndefined(), which still passes if the keys exist but
are set to undefined; change the assertions to assert key omission directly by
replacing those checks with property-absence assertions (e.g., use
expect(config).not.toHaveProperty('user'),
expect(config).not.toHaveProperty('password'), and
expect(config).not.toHaveProperty('database')) so the test fails if the keys are
present even with undefined values.
---
Nitpick comments:
In `@packages/opencode/test/altimate/connections.test.ts`:
- Line 131: Rename the Jest test whose title is "saveConnection strips all
sensitive fields from complex config" to accurately state it only checks the
provided subset (e.g., "saveConnection strips all provided sensitive fields from
complex config") or expand the test body to assert removal of every known
sensitive key; locate the test by the test(...) call at the top of the block and
update the string title (or add assertions for additional sensitive keys) so the
name no longer overstates coverage.
In `@packages/opencode/test/util/keybind.test.ts`:
- Around line 214-232: Tests for Keybind.fromParsedKey repeat the same
parsed-key object literal; create a small test fixture factory (e.g.,
makeParsedKey or parsedKeyFixture) used across the three tests to produce the
parsed object with defaults and an overridable name or leader flag, then replace
the repeated literals in the Keybind.fromParsedKey tests with calls to that
factory to reduce duplication and make future changes safer.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository UI
Review profile: CHILL
Plan: Pro
Run ID: c1fe9997-0186-4d8c-b784-30b940668f6d
📒 Files selected for processing (2)
packages/opencode/test/altimate/connections.test.tspackages/opencode/test/util/keybind.test.ts
Comment on lines
+326
to
+329
| // Optional fields should not be set when undefined | ||
| expect(config.user).toBeUndefined() | ||
| expect(config.password).toBeUndefined() | ||
| expect(config.database).toBeUndefined() |
There was a problem hiding this comment.
Assert key omission explicitly, not just undefined.
Lines 327-329 currently pass even if keys exist with undefined values. Since the behavior under test is omission, assert key absence directly.
Proposed test assertion fix
- expect(config.user).toBeUndefined()
- expect(config.password).toBeUndefined()
- expect(config.database).toBeUndefined()
+ expect("user" in config).toBe(false)
+ expect("password" in config).toBe(false)
+ expect("database" in config).toBe(false)📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
Suggested change
| // Optional fields should not be set when undefined | |
| expect(config.user).toBeUndefined() | |
| expect(config.password).toBeUndefined() | |
| expect(config.database).toBeUndefined() | |
| // Optional fields should not be set when undefined | |
| expect("user" in config).toBe(false) | |
| expect("password" in config).toBe(false) | |
| expect("database" in config).toBe(false) |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/opencode/test/altimate/connections.test.ts` around lines 326 - 329,
The test currently checks optional fields with
expect(config.user).toBeUndefined(), which still passes if the keys exist but
are set to undefined; change the assertions to assert key omission directly by
replacing those checks with property-absence assertions (e.g., use
expect(config).not.toHaveProperty('user'),
expect(config).not.toHaveProperty('password'), and
expect(config).not.toHaveProperty('database')) so the test fails if the keys are
present even with undefined values.
anandgupta42
added a commit
that referenced
this pull request
Mar 27, 2026
Consolidates tests from PRs #440, #441, #479, #483, #484, #485, #490, #491, #492, #495, #496. Deduplicates overlapping MongoDB normalize tests (3 PRs → 1), `keybind` tests (2 PRs → 1), and `connections.test.ts` additions (4 PRs → 1 merged file). New test files: - `sql-analyze-tool.test.ts` — `SqlAnalyzeTool` formatting (6 tests) - `sql-analyze-format.test.ts` — `sql.analyze` success semantics + dispatcher (5 tests) - `builtin-commands.test.ts` — altimate builtin command registration (10 tests) - `hints-discover-mcps.test.ts` — `Command.hints()` + discover-and-add-mcps (11 tests) - `fingerprint-detect.test.ts` — file-based project detection rules (11 tests) - `dbt-lineage-helpers.test.ts` — dbt lineage helper functions (13 tests) - `registry-env-loading.test.ts` — `ALTIMATE_CODE_CONN_*` env var loading (8 tests) - `warehouse-telemetry.test.ts` — MongoDB auth detection telemetry (4 tests) - `bus-event.test.ts` — bus event registry payloads (5 tests) - `git.test.ts` — git utility functions (5 tests) - `keybind.test.ts` — keybind parsing, matching, `fromParsedKey` (22 tests) Merged into existing files: - `connections.test.ts` — `loadFromEnv` (5), `detectAuthMethod` (14), credential stripping (1), `containerToConfig` (1), dbt profiles edge cases (3) - `driver-normalize.test.ts` — MongoDB alias resolution (13 tests) Fixes: - `fixture.ts` — disable `commit.gpgsign` in test tmpdir to prevent CI failures - `hints-discover-mcps.test.ts` — corrected sort order expectation - `registry-env-loading.test.ts` — fixed flaky assertion that assumed isolated env Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3 tasks
Contributor
Author
|
Consolidated into #498. Tests deduplicated and merged into a single PR. |
anandgupta42
added a commit
that referenced
this pull request
Mar 27, 2026
* test: consolidate 11 test PRs into single suite — 305 new tests Consolidates tests from PRs #440, #441, #479, #483, #484, #485, #490, #491, #492, #495, #496. Deduplicates overlapping MongoDB normalize tests (3 PRs → 1), `keybind` tests (2 PRs → 1), and `connections.test.ts` additions (4 PRs → 1 merged file). New test files: - `sql-analyze-tool.test.ts` — `SqlAnalyzeTool` formatting (6 tests) - `sql-analyze-format.test.ts` — `sql.analyze` success semantics + dispatcher (5 tests) - `builtin-commands.test.ts` — altimate builtin command registration (10 tests) - `hints-discover-mcps.test.ts` — `Command.hints()` + discover-and-add-mcps (11 tests) - `fingerprint-detect.test.ts` — file-based project detection rules (11 tests) - `dbt-lineage-helpers.test.ts` — dbt lineage helper functions (13 tests) - `registry-env-loading.test.ts` — `ALTIMATE_CODE_CONN_*` env var loading (8 tests) - `warehouse-telemetry.test.ts` — MongoDB auth detection telemetry (4 tests) - `bus-event.test.ts` — bus event registry payloads (5 tests) - `git.test.ts` — git utility functions (5 tests) - `keybind.test.ts` — keybind parsing, matching, `fromParsedKey` (22 tests) Merged into existing files: - `connections.test.ts` — `loadFromEnv` (5), `detectAuthMethod` (14), credential stripping (1), `containerToConfig` (1), dbt profiles edge cases (3) - `driver-normalize.test.ts` — MongoDB alias resolution (13 tests) Fixes: - `fixture.ts` — disable `commit.gpgsign` in test tmpdir to prevent CI failures - `hints-discover-mcps.test.ts` — corrected sort order expectation - `registry-env-loading.test.ts` — fixed flaky assertion that assumed isolated env Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address CodeRabbit review comments - `bus-event.test.ts`: move `BusEvent.define` into tests instead of module scope - `builtin-commands.test.ts`: fix misleading "lexicographic" → "numeric" sort label - `git.test.ts`: use `tmpdir({ git: true })` fixture instead of manual `git init` - `registry-env-loading.test.ts`: remove unused `fs`, `os`, `path` imports Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Adds targeted unit tests for two untested areas discovered during automated test discovery, plus extends an existing test suite.
1.
Keybind—src/util/keybind.ts(22 new tests)This module is the TUI's entire keyboard shortcut system — parsing key strings like
"ctrl+shift+a", matching parsed keys against each other, and formatting them for display. It had zero tests. A regression here silently breaks all keyboard shortcuts in the primary user interface.New coverage includes:
parse(): simple keys, modifier combinations (ctrl/alt/meta/option/shift/super),<leader>prefix, comma-separated multi-bindings,esc→escapenormalization,"none"sentinelmatch(): identical key matching,undefinedfirst-arg guard,superfield normalization (missing →false), modifier mismatch rejectiontoString(): modifier ordering (ctrl+alt+super+shift), leader prefix formatting,delete→delmapping, undefined inputfromParsedKey(): space normalization to"space", leader flag propagation, default leader=false2.
CredentialStore.saveConnectionmulti-field stripping —src/altimate/native/connections/credential-store.ts(1 new test)Existing tests verified single-field stripping (password alone, private_key alone, OAuth alone). But real Snowflake configs have 7+ simultaneous sensitive fields (password, private_key, private_key_passphrase, token, oauth_client_secret, ssh_password, connection_string). If the iteration logic has a bug (early return, skipped field), credentials could leak to the config JSON file. The new test exercises the full multi-field path and verifies warning count matches.
3.
containerToConfigconditional field omission —src/altimate/native/connections/docker-discovery.ts(1 new test)The
containerToConfigfunction converts auto-discovered Docker containers toConnectionConfig. When optional fields (user, password, database) areundefined, they must not appear in the output config. The existing Docker discovery test only checked "returns empty when dockerode not installed". The new test verifies the conditional field omission behavior that users hit when Docker containers lack explicit credentials.Type of change
Issue for this PR
N/A — proactive test coverage from automated test discovery
How did you verify your code works?
Checklist
https://claude.ai/code/session_01Lui6DcLFYL75nCttunEPpH
Summary by CodeRabbit