|
|
6b8bccfb8d
|
clients/ruby: apply audit findings (b1d6e3f -> new)
- S1: Client#inspect redacts @token (default ruby inspect walks ivars);
to_s aliased and pretty_print overridden so PP doesn't bypass it.
- S2: AppToken#inspect/#to_s/#pretty_print redact :token member; nil
token still rendered as token=nil for list-row clarity.
- S3: validate token name vs [a-z0-9_-]+ in revoke_token and create_token;
drops URI.encode_www_form_component path-encoding dependency.
- C1: upload_timeout_secs parameter on upload_file (default 60), decoupled
from default_timeout/http_timeout_margin so big uploads aren't capped
by the run-subprocess timeout.
- Q6: clearer multipart filename escape via gsub block form.
- C7: dropped unused @uri ivar.
- A3: YARD note clarifying http_client: bypasses base_url host/port
routing.
Test gaps closed: Client/AppToken inspect+pp redaction, AppToken nil-token
inspect, revoke_token name validation (path traversal, uppercase, empty,
valid), create_token name validation, upload_timeout_secs independence
from default_timeout (incl. default==60), Array-form ip_cidrs round-trip,
non-JSON 5xx error body kept as String, empty 200 body raises Error.
35 runs / 104 assertions / 0 failures.
Audit: memory/clawdforge-audits/ruby-b1d6e3f.md
|
2026-04-28 23:07:49 -07:00 |
|
