github
diff --git a/‎.github/workflows/daily-performance-summary.lock.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/daily-performance-summary.lock.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/test-python-safe-input.lock.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/test-python-safe-input.lock.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎pkg/workflow/js/generate_safe_inputs_config.cjs‎
Lines changed: 3 additions & 2 deletions b/‎pkg/workflow/js/generate_safe_inputs_config.cjs‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎pkg/workflow/js/generate_safe_inputs_config.test.cjs‎
Lines changed: 1 addition & 1 deletion b/‎pkg/workflow/js/generate_safe_inputs_config.test.cjs‎
Lines changed: 1 addition & 1 deletion
@@ -10,8 +10,9 @@
  */
 function generateSafeInputsConfig({ core, crypto }) {
   // Generate a secure random API key for the MCP server
-  // Using 32 bytes gives us 256 bits of entropy
-  const apiKeyBuffer = crypto.randomBytes(32);
+  // Using 33 bytes gives us 264 bits of entropy and ensures at least 40 characters
+  // after base64 encoding and removing special characters
+  const apiKeyBuffer = crypto.randomBytes(33);
   const apiKey = apiKeyBuffer.toString("base64").replace(/[/+=]/g, "");
 
   // Choose a port for the HTTP server (default 3000)
 
@@ -52,7 +52,7 @@ describe("generateSafeInputsConfig", () => {
   it("should generate API keys with sufficient length", () => {
     const result = generateSafeInputsConfig({ core: mockCore, crypto });
 
-    // 32 bytes of random data, base64 encoded without special chars
+    // 33 bytes of random data, base64 encoded without special chars
     // should give us at least 40 characters
     expect(result.apiKey.length).toBeGreaterThanOrEqual(40);
   });