Skip to content

Add API tests for proxy scope enforcement #2

Description

@Emart29

api/routers/proxy.py enforces scoped tokens (an agent scoped to one service/action shouldn't be able to call another), but api/tests/ only has test_agents.py, test_logs.py, and test_tokens.py — there's no test_proxy.py. This enforcement is the core security guarantee and should be covered.

Task

  • Add api/tests/test_proxy.py with tests that:
    • an in-scope action is allowed,
    • an out-of-scope action is rejected (403),
    • an expired/revoked token is rejected.
  • Follow the fixtures/patterns in the existing api/tests/.

Acceptance criteria

  • Tests pass, and flipping the scope check off makes the deny cases fail.

Mentor available — comment to claim and I'll point you at the proxy validation path.


New here? See CONTRIBUTING.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions