fix(crypt): address AX import and test review

Co-Authored-By: Virgil <virgil@lethean.io>
2026-03-26 11:30:06 +00:00 · 2026-03-26 11:30:06 +00:00 · 814ef96624
commit 814ef96624
parent 12281f9e76
10 changed files with 33 additions and 28 deletions
--- a/auth/auth_test.go
+++ b/auth/auth_test.go
@ -621,7 +621,8 @@ func TestConcurrentSessionCreation_Good(t *testing.T) {
 	}
 }

-// TestSessionTokenUniqueness_Good generates 1000 tokens and verifies no collisions.
+// TestSessionTokenUniqueness_Good generates 1000 session tokens and verifies
+// no collisions without paying the full login hash-verification cost each time.
 func TestSessionTokenUniqueness_Good(t *testing.T) {
 	a, _ := newTestAuth()

@ -633,7 +634,7 @@ func TestSessionTokenUniqueness_Good(t *testing.T) {
 	tokens := make(map[string]bool, n)

 	for i := range n {
-		session, err := a.Login(userID, "pass")
+		session, err := a.createSession(userID)
 		require.NoError(t, err)
 		require.NotNil(t, session)

--- a/auth/session_store_sqlite.go
+++ b/auth/session_store_sqlite.go
@ -6,12 +6,12 @@ import (
 	"sync"
 	"time"

-	"forge.lthn.ai/core/go-store"
+	"dappco.re/go/core/store"
 )

 const sessionGroup = "sessions"

-// SQLiteSessionStore is a SessionStore backed by go-store (SQLite KV).
+// SQLiteSessionStore is a SessionStore backed by core/store (SQLite KV).
 // A mutex serialises all operations because SQLite is single-writer.
 type SQLiteSessionStore struct {
 	mu    sync.Mutex
--- a/cmd/testcmd/output_test.go
+++ b/cmd/testcmd/output_test.go
@ -6,19 +6,19 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestShortenPackageName(t *testing.T) {
+func TestShortenPackageName_Good(t *testing.T) {
 	assert.Equal(t, "pkg/foo", shortenPackageName("dappco.re/go/core/pkg/foo"))
-	assert.Equal(t, "cli-php", shortenPackageName("forge.lthn.ai/core/cli-php"))
+	assert.Equal(t, "cli-php", shortenPackageName("example.com/org/cli-php"))
 	assert.Equal(t, "bar", shortenPackageName("github.com/other/bar"))
 }

-func TestFormatCoverageTest(t *testing.T) {
+func TestFormatCoverage_Good(t *testing.T) {
 	assert.Contains(t, formatCoverage(85.0), "85.0%")
 	assert.Contains(t, formatCoverage(65.0), "65.0%")
 	assert.Contains(t, formatCoverage(25.0), "25.0%")
 }

-func TestParseTestOutput(t *testing.T) {
+func TestParseTestOutput_Good(t *testing.T) {
 	output := `ok  	dappco.re/go/core/pkg/foo	0.100s	coverage: 50.0% of statements
 FAIL	dappco.re/go/core/pkg/bar
 ?   	dappco.re/go/core/pkg/baz	[no test files]
@ -33,7 +33,7 @@ FAIL	dappco.re/go/core/pkg/bar
 	assert.Equal(t, 50.0, results.packages[0].coverage)
 }

-func TestPrintCoverageSummarySafe(t *testing.T) {
+func TestPrintCoverageSummary_Good_LongPackageNames(t *testing.T) {
 	// This tests the bug fix for long package names causing negative Repeat count
 	results := testResults{
 		packages: []packageCoverage{
--- a/crypt/chachapoly/chachapoly_test.go
+++ b/crypt/chachapoly/chachapoly_test.go
@ -15,7 +15,7 @@ func (r *mockReader) Read(p []byte) (n int, err error) {
 	return 0, errors.New("read error")
 }

-func TestEncryptDecrypt(t *testing.T) {
+func TestEncryptDecrypt_Good(t *testing.T) {
 	key := make([]byte, 32)
 	for i := range key {
 		key[i] = 1
@ -31,14 +31,14 @@ func TestEncryptDecrypt(t *testing.T) {
 	assert.Equal(t, plaintext, decrypted)
 }

-func TestEncryptInvalidKeySize(t *testing.T) {
+func TestEncrypt_Bad_InvalidKeySize(t *testing.T) {
 	key := make([]byte, 16) // Wrong size
 	plaintext := []byte("test")
 	_, err := Encrypt(plaintext, key)
 	assert.Error(t, err)
 }

-func TestDecryptWithWrongKey(t *testing.T) {
+func TestDecrypt_Bad_WrongKey(t *testing.T) {
 	key1 := make([]byte, 32)
 	key2 := make([]byte, 32)
 	key2[0] = 1 // Different key
@ -51,7 +51,7 @@ func TestDecryptWithWrongKey(t *testing.T) {
 	assert.Error(t, err) // Should fail authentication
 }

-func TestDecryptTamperedCiphertext(t *testing.T) {
+func TestDecrypt_Bad_TamperedCiphertext(t *testing.T) {
 	key := make([]byte, 32)
 	plaintext := []byte("secret")
 	ciphertext, err := Encrypt(plaintext, key)
@ -64,7 +64,7 @@ func TestDecryptTamperedCiphertext(t *testing.T) {
 	assert.Error(t, err)
 }

-func TestEncryptEmptyPlaintext(t *testing.T) {
+func TestEncrypt_Good_EmptyPlaintext(t *testing.T) {
 	key := make([]byte, 32)
 	plaintext := []byte("")
 	ciphertext, err := Encrypt(plaintext, key)
@ -76,7 +76,7 @@ func TestEncryptEmptyPlaintext(t *testing.T) {
 	assert.Equal(t, plaintext, decrypted)
 }

-func TestDecryptShortCiphertext(t *testing.T) {
+func TestDecrypt_Bad_ShortCiphertext(t *testing.T) {
 	key := make([]byte, 32)
 	shortCiphertext := []byte("short")

@ -85,7 +85,7 @@ func TestDecryptShortCiphertext(t *testing.T) {
 	assert.Contains(t, err.Error(), "too short")
 }

-func TestCiphertextDiffersFromPlaintext(t *testing.T) {
+func TestCiphertextDiffersFromPlaintext_Good(t *testing.T) {
 	key := make([]byte, 32)
 	plaintext := []byte("Hello, world!")
 	ciphertext, err := Encrypt(plaintext, key)
@ -93,7 +93,7 @@ func TestCiphertextDiffersFromPlaintext(t *testing.T) {
 	assert.NotEqual(t, plaintext, ciphertext)
 }

-func TestEncryptNonceError(t *testing.T) {
+func TestEncrypt_Bad_NonceError(t *testing.T) {
 	key := make([]byte, 32)
 	plaintext := []byte("test")

@ -106,7 +106,7 @@ func TestEncryptNonceError(t *testing.T) {
 	assert.Error(t, err)
 }

-func TestDecryptInvalidKeySize(t *testing.T) {
+func TestDecrypt_Bad_InvalidKeySize(t *testing.T) {
 	key := make([]byte, 16) // Wrong size
 	ciphertext := []byte("test")
 	_, err := Decrypt(ciphertext, key)
--- a/crypt/lthn/lthn_test.go
+++ b/crypt/lthn/lthn_test.go
@ -7,14 +7,18 @@ import (
 	"github.com/stretchr/testify/assert"
 )

-func TestHash(t *testing.T) {
+func TestHash_Good(t *testing.T) {
 	hash := Hash("hello")
 	assert.NotEmpty(t, hash)
 }

-func TestVerify(t *testing.T) {
+func TestVerify_Good(t *testing.T) {
 	hash := Hash("hello")
 	assert.True(t, Verify("hello", hash))
+}
+
+func TestVerify_Bad(t *testing.T) {
+	hash := Hash("hello")
 	assert.False(t, Verify("world", hash))
 }

@ -50,7 +54,7 @@ func TestCreateSalt_Ugly(t *testing.T) {

 var testKeyMapMu sync.Mutex

-func TestSetKeyMap(t *testing.T) {
+func TestSetKeyMap_Good(t *testing.T) {
 	testKeyMapMu.Lock()
 	originalKeyMap := GetKeyMap()
 	t.Cleanup(func() {
--- a/crypt/openpgp/service_test.go
+++ b/crypt/openpgp/service_test.go
@ -9,7 +9,7 @@ import (
 	"github.com/stretchr/testify/require"
 )

-func TestCreateKeyPair(t *testing.T) {
+func TestCreateKeyPair_Good(t *testing.T) {
 	c := framework.New()
 	s := &Service{core: c}

@ -19,7 +19,7 @@ func TestCreateKeyPair(t *testing.T) {
 	assert.Contains(t, privKey, "-----BEGIN PGP PRIVATE KEY BLOCK-----")
 }

-func TestEncryptDecrypt(t *testing.T) {
+func TestEncryptDecrypt_Good(t *testing.T) {
 	c := framework.New()
 	s := &Service{core: c}

--- a/go.mod
+++ b/go.mod
@ -7,8 +7,8 @@ require (
 	dappco.re/go/core/i18n v0.2.0
 	dappco.re/go/core/io v0.2.0
 	dappco.re/go/core/log v0.1.0
+	dappco.re/go/core/store v0.2.0
 	forge.lthn.ai/core/cli v0.3.7
-	forge.lthn.ai/core/go-store v0.1.10
 	github.com/ProtonMail/go-crypto v1.4.0
 	github.com/stretchr/testify v1.11.1
 	golang.org/x/crypto v0.49.0
--- a/go.sum
+++ b/go.sum
@ -6,6 +6,8 @@ dappco.re/go/core/io v0.2.0 h1:zuudgIiTsQQ5ipVt97saWdGLROovbEB/zdVyy9/l+I4=
 dappco.re/go/core/io v0.2.0/go.mod h1:1QnQV6X9LNgFKfm8SkOtR9LLaj3bDcsOIeJOOyjbL5E=
 dappco.re/go/core/log v0.1.0 h1:pa71Vq2TD2aoEUQWFKwNcaJ3GBY8HbaNGqtE688Unyc=
 dappco.re/go/core/log v0.1.0/go.mod h1:Nkqb8gsXhZAO8VLpx7B8i1iAmohhzqA20b9Zr8VUcJs=
+dappco.re/go/core/store v0.2.0 h1:MH3R9m3mdr5T3lMWi37ryvTrXzF4xLBTYBGyNZF0p3I=
+dappco.re/go/core/store v0.2.0/go.mod h1:QQGJiruayjna3nywbf0N2gcO502q/oEkPoSpBpSKbLM=
 forge.lthn.ai/core/cli v0.3.7 h1:1GrbaGg0wDGHr6+klSbbGyN/9sSbHvFbdySJznymhwg=
 forge.lthn.ai/core/cli v0.3.7/go.mod h1:DBUppJkA9P45ZFGgI2B8VXw1rAZxamHoI/KG7fRvTNs=
 forge.lthn.ai/core/go v0.3.2 h1:VB9pW6ggqBhe438cjfE2iSI5Lg+62MmRbaOFglZM+nQ=
@ -16,8 +18,6 @@ forge.lthn.ai/core/go-inference v0.1.7 h1:9Dy6v03jX5ZRH3n5iTzlYyGtucuBIgSe+S7GWv
 forge.lthn.ai/core/go-inference v0.1.7/go.mod h1:jfWz+IJX55wAH98+ic6FEqqGB6/P31CHlg7VY7pxREw=
 forge.lthn.ai/core/go-log v0.0.4 h1:KTuCEPgFmuM8KJfnyQ8vPOU1Jg654W74h8IJvfQMfv0=
 forge.lthn.ai/core/go-log v0.0.4/go.mod h1:r14MXKOD3LF/sI8XUJQhRk/SZHBE7jAFVuCfgkXoZPw=
-forge.lthn.ai/core/go-store v0.1.10 h1:JLyf8xMR3V6PfBAW1kv6SJeHsYY93LacEBpTFW657qE=
-forge.lthn.ai/core/go-store v0.1.10/go.mod h1:VNnHh94TMD3+L+sSgvxn0GHtDKhJR8FD6JiuIuRtjuk=
 github.com/ProtonMail/go-crypto v1.4.0 h1:Zq/pbM3F5DFgJiMouxEdSVY44MVoQNEKp5d5QxIQceQ=
 github.com/ProtonMail/go-crypto v1.4.0/go.mod h1:e1OaTyu5SYVrO9gKOEhTc+5UcXtTUa+P3uLudwcgPqo=
 github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
--- a/trust/policy_test.go
+++ b/trust/policy_test.go
@ -261,7 +261,7 @@ func TestEvaluate_Good_Tier3IgnoresRepoScope(t *testing.T) {

 // --- Default rate limits ---

-func TestDefaultRateLimit(t *testing.T) {
+func TestDefaultRateLimit_Good(t *testing.T) {
 	assert.Equal(t, 10, defaultRateLimit(TierUntrusted))
 	assert.Equal(t, 60, defaultRateLimit(TierVerified))
 	assert.Equal(t, 0, defaultRateLimit(TierFull))
--- a/trust/trust_test.go
+++ b/trust/trust_test.go
@ -169,7 +169,7 @@ func TestRegistryListSeq_Good(t *testing.T) {

 // --- Agent ---

-func TestAgentTokenExpiry(t *testing.T) {
+func TestAgentTokenExpiry_Good(t *testing.T) {
 	agent := Agent{
 		Name:           "Test",
 		Tier:           TierVerified,