[test-improver] Improve tests for auth package (GenerateRandomAPIKey)

[github-actions]

Test Improvements: apikey_test.go

File Analyzed

• Test File: internal/auth/apikey_test.go
• Package: internal/auth
• Lines of Code: 25 → 71

Improvements Made

1. Better Testing Patterns

• ✅ Added descriptive TestFunctionName_Scenario naming for each new test function
• ✅ Each test exercises a distinct property of GenerateRandomAPIKey, following the single-responsibility principle
• ✅ Better error messages with context (include the actual key value on failure)

2. Increased Coverage

The two uncovered branches in GenerateRandomAPIKey require crypto/rand to fail at the OS level, which cannot be triggered in unit tests without OS-level fault injection. However, the new tests add meaningful quality verification:

• ✅ TestGenerateRandomAPIKey_IsValidHex — decodes the returned key with encoding/hex to confirm it is valid hex and resolves to exactly 32 bytes
• ✅ TestGenerateRandomAPIKey_IsLowercaseHex — uses a regex to confirm output uses only [0-9a-f] (lowercase), matching hex.EncodeToString output
• ✅ TestGenerateRandomAPIKey_Uniqueness — verifies uniqueness across 20 consecutive calls (up from 2), catching any regression in entropy usage
• ✅ TestGenerateRandomAPIKey_LengthConsistency — confirms every call returns exactly 64 characters, not just the first one

3. Cleaner & More Stable Tests

• ✅ Replaced single monolithic test with focused, independently named test functions for easier failure diagnosis
• ✅ Added require.NoError guards before each assertion so failures abort early with a clear message

Test Execution

All tests pass:

=== RUN   TestGenerateRandomAPIKey
--- PASS: TestGenerateRandomAPIKey (0.00s)
=== RUN   TestGenerateRandomAPIKey_IsValidHex
--- PASS: TestGenerateRandomAPIKey_IsValidHex (0.00s)
=== RUN   TestGenerateRandomAPIKey_IsLowercaseHex
--- PASS: TestGenerateRandomAPIKey_IsLowercaseHex (0.00s)
=== RUN   TestGenerateRandomAPIKey_Uniqueness
--- PASS: TestGenerateRandomAPIKey_Uniqueness (0.00s)
=== RUN   TestGenerateRandomAPIKey_LengthConsistency
--- PASS: TestGenerateRandomAPIKey_LengthConsistency (0.00s)
PASS
ok  	github.com/github/gh-aw-mcpg/internal/auth	0.005s

Why These Changes?

apikey_test.go was selected because it had a single test function that verified only surface-level properties (non-empty, length 64, two unique calls). GenerateRandomAPIKey is a security-critical function (spec §7.3) — the gateway uses it to auto-generate API keys on startup — so stronger assertions about encoding format, character set, and entropy uniqueness add meaningful confidence that the function behaves correctly.

---

Generated by Test Improver Workflow
Focuses on better patterns, increased coverage, and more stable tests

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• invalidhostthatdoesnotexist12345.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "invalidhostthatdoesnotexist12345.com"

See Network Configuration for more information.

Generated by Test Improver · ● 1.6M · ◷

[Copilot]

Pull request overview

This PR strengthens unit tests for internal/auth.GenerateRandomAPIKey by splitting the existing test into multiple focused test cases that validate encoding, character set, length consistency, and repeated-call uniqueness.

Changes:

• Added new tests to validate hex decoding to 32 bytes and enforce lowercase [0-9a-f] output.
• Expanded uniqueness checks across multiple generations and added length consistency assertions across repeated calls.

Show a summary per file

File	Description
internal/auth/apikey_test.go	Adds focused tests for API key hex validity, lowercase format, repeated-call uniqueness, and length consistency.

Copilot's findings

Tip

Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

• Files reviewed: 1/1 changed files
• Comments generated: 2