[test-improver] Improve tests for auth package (GenerateRandomAPIKey)

[github-actions]

Test Improvements: apikey_test.go

File Analyzed

• Test File: internal/auth/apikey_test.go
• Package: internal/auth
• Lines of Code: 25 → 71

Improvements Made

1. Better Testing Patterns

• ✅ Added descriptive TestFunctionName_Scenario naming for each new test function
• ✅ Each test exercises a distinct property of GenerateRandomAPIKey, following the single-responsibility principle
• ✅ Better error messages with context (include the actual key value on failure)

2. Increased Coverage

The two uncovered branches in GenerateRandomAPIKey require crypto/rand to fail at the OS level, which cannot be triggered in unit tests without OS-level fault injection. However, the new tests add meaningful quality verification:

• ✅ TestGenerateRandomAPIKey_IsValidHex — decodes the returned key with encoding/hex to confirm it is valid hex and resolves to exactly 32 bytes
• ✅ TestGenerateRandomAPIKey_IsLowercaseHex — uses a regex to confirm output uses only [0-9a-f] (lowercase), matching hex.EncodeToString output
• ✅ TestGenerateRandomAPIKey_Uniqueness — verifies uniqueness across 20 consecutive calls (up from 2), catching any regression in entropy usage
• ✅ TestGenerateRandomAPIKey_LengthConsistency — confirms every call returns exactly 64 characters, not just the first one

3. Cleaner & More Stable Tests

• ✅ Replaced single monolithic test with focused, independently named test functions for easier failure diagnosis
• ✅ Added require.NoError guards before each assertion so failures abort early with a clear message

Test Execution

All tests pass:

=== RUN   TestGenerateRandomAPIKey
--- PASS: TestGenerateRandomAPIKey (0.00s)
=== RUN   TestGenerateRandomAPIKey_IsValidHex
--- PASS: TestGenerateRandomAPIKey_IsValidHex (0.00s)
=== RUN   TestGenerateRandomAPIKey_IsLowercaseHex
--- PASS: TestGenerateRandomAPIKey_IsLowercaseHex (0.00s)
=== RUN   TestGenerateRandomAPIKey_Uniqueness
--- PASS: TestGenerateRandomAPIKey_Uniqueness (0.00s)
=== RUN   TestGenerateRandomAPIKey_LengthConsistency
--- PASS: TestGenerateRandomAPIKey_LengthConsistency (0.00s)
PASS
ok  	github.com/github/gh-aw-mcpg/internal/auth	0.005s

Why These Changes?

apikey_test.go was selected because it had a single test function that verified only surface-level properties (non-empty, length 64, two unique calls). GenerateRandomAPIKey is a security-critical function (spec §7.3) — the gateway uses it to auto-generate API keys on startup — so stronger assertions about encoding format, character set, and entropy uniqueness add meaningful confidence that the function behaves correctly.

---

Generated by Test Improver Workflow
Focuses on better patterns, increased coverage, and more stable tests

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• invalidhostthatdoesnotexist12345.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "invalidhostthatdoesnotexist12345.com"

See Network Configuration for more information.

Generated by Test Improver · ● 1.6M · ◷