Skip to content

feat: Add contract tests for client-side secure mode hash (h query param)#358

Open
joker23 wants to merge 2 commits into
v2from
skz/sdk-2512/secure-mode-client-side
Open

feat: Add contract tests for client-side secure mode hash (h query param)#358
joker23 wants to merge 2 commits into
v2from
skz/sdk-2512/secure-mode-client-side

Conversation

@joker23

@joker23 joker23 commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Adds streaming and polling contract tests verifying that client-side SDKs
include the h query parameter when a secure mode hash is configured, and
omit it when no hash is configured. Tests gate on the existing
secure-mode-hash capability alongside the implicit client-side requirement.

Adds Hash o.Maybe[string] to SDKConfigClientSideParams so the harness can
pass a hash value through the test protocol to client-side SDK test services.


Note

Low Risk
Test harness and documentation changes only; no production SDK runtime behavior in this repo.

Overview
Adds client-side contract coverage for secure mode: when clientSide.hash is set, streaming and polling connections must send it as the h query parameter; when unset, h must not appear. Tests run only for services with the existing secure-mode-hash capability.

The harness now exposes hash on SDKConfigClientSideParams and documents it in the service spec. A MapHasKey matcher supports asserting that a query param key is absent. The new suite is registered under the client-side test entry point.

Reviewed by Cursor Bugbot for commit 056e28f. Bugbot is set up for automated code reviews on this repo. Configure here.

…ram)

Adds streaming and polling contract tests verifying that client-side SDKs
include the h query parameter when a secure mode hash is configured, and
omit it when no hash is configured. Tests gate on the existing
secure-mode-hash capability alongside the implicit client-side requirement.

Adds Hash o.Maybe[string] to SDKConfigClientSideParams so the harness can
pass a hash value through the test protocol to client-side SDK test services.
@joker23 joker23 force-pushed the skz/sdk-2512/secure-mode-client-side branch from cbdf3c2 to c7b8d98 Compare June 12, 2026 19:37
@joker23

joker23 commented Jun 12, 2026

Copy link
Copy Markdown
Contributor Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit c7b8d98. Configure here.

// m.AllOf() is used as "match any value" since this matchers library has no Anything() function.
m.In(t).For("h query parameter").Assert(request.URL.RawQuery,
UniqueQueryParameters().Should(m.Not(m.MapIncluding(m.KV("h", m.AllOf())))))
})

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Streaming tests skip JS polling

Medium Severity

The streaming secure-mode hash cases only assert h on the streaming mock endpoint, but JS client SDKs in streaming mode also issue an initial polling request via CommonStreamingTests.setupDataSources. The service spec requires h on both streaming and polling requests when hash is set, so a JS SDK could omit or mis-set h on that bootstrap poll and still pass these tests.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit c7b8d98. Configure here.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this would break other client side sdks that do not have this. I think the polling tests would cover this gap.

@joker23 joker23 marked this pull request as ready for review June 12, 2026 19:44
@joker23 joker23 requested a review from a team as a code owner June 12, 2026 19:44

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant