fix(auth): trim env var tokens + hardening tests#9
Merged
lostmygithubaccount merged 1 commit intomainfrom Apr 4, 2026
Merged
Conversation
Env var tokens were used verbatim — trailing newlines or spaces (common with `export TOKEN=$(cat file)`) would cause silent auth failures. Now trimmed consistently with the CLI --token path. Also adds 12 new unit tests covering: env var trimming, empty token rejection, debug redaction, extract_str helper, null field handling, response status boundaries, and percent-encoding edge cases. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
lostmygithubaccount
added a commit
that referenced
this pull request
Apr 13, 2026
Patch bump from 0.2.1 -> 0.2.2 via `bin/bump-version --patch`. Regenerates Cargo.lock, crates/dkdc-md-cli-py/Cargo.lock, and uv.lock. ## Highlights Fifteen commits merged since v0.2.1 (2026-03-22). Biggest items are auth hardening, Python binding test coverage, and CI/release pipeline stabilization after the transfer to the `dkdc-io` org. ## Fixes / hardening - `fix(auth): trim whitespace from env var tokens and add hardening tests` (#9) - `fix(ci): add local PyPI publish step` (#6) - `fix: add contents:read to release-rust publish job permissions` (#5) - `fix: add checkout ref to release workflows + remove target cache` (#2) - `fix: use dkdc.io email for dkdc-io org` (#4) ## Refactors / tests - `refactor(client): extract API paths and use typed HTTP headers` (#11) - `refactor(client): extract constants and clean up patterns` (#10) - `test(py): add Python binding tests` (#13) ## Chores / infra - `chore(ci): migrate to org reusable workflows` (#7) - `chore: fix CLAUDE.md symlink to AGENTS.md` (#7) - `chore: update repo references after transfer to dkdc-io` (#1) - `chore: update dependencies` (#12) - `docs: fix token resolution order and remove stale script reference` (#8) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Merged
2 tasks
lostmygithubaccount
added a commit
that referenced
this pull request
Apr 13, 2026
Patch bump from 0.2.1 -> 0.2.2 via `bin/bump-version --patch`. Regenerates Cargo.lock, crates/dkdc-md-cli-py/Cargo.lock, and uv.lock. ## Highlights Fifteen commits merged since v0.2.1 (2026-03-22). Biggest items are auth hardening, Python binding test coverage, and CI/release pipeline stabilization after the transfer to the `dkdc-io` org. ## Fixes / hardening - `fix(auth): trim whitespace from env var tokens and add hardening tests` (#9) - `fix(ci): add local PyPI publish step` (#6) - `fix: add contents:read to release-rust publish job permissions` (#5) - `fix: add checkout ref to release workflows + remove target cache` (#2) - `fix: use dkdc.io email for dkdc-io org` (#4) ## Refactors / tests - `refactor(client): extract API paths and use typed HTTP headers` (#11) - `refactor(client): extract constants and clean up patterns` (#10) - `test(py): add Python binding tests` (#13) ## Chores / infra - `chore(ci): migrate to org reusable workflows` (#7) - `chore: fix CLAUDE.md symlink to AGENTS.md` (#7) - `chore: update repo references after transfer to dkdc-io` (#1) - `chore: update dependencies` (#12) - `docs: fix token resolution order and remove stale script reference` (#8) Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
MOTHERDUCK_TOKEN, etc.) are now trimmed of whitespace before use — trailing newlines or spaces (common withexport TOKEN=$(cat file)) previously caused silent auth failuresextract_strhelper, null fields, response status boundaries, and percent-encoding edge cases (55 total)🤖 Generated with Claude Code