- SSRF: test local transport rejection, allowlist enforcement, private/loopback/
link-local IP blocking, allowlist with port, public host permitted without list
- GET /preview: happy path, invalid scheme, local transport rejection
- Tier 2 LRU: eviction at capacity, LRU promotion, cache miss
- git: heads/<branch> ref form (was only tested via HEAD/tag/hash)
- clear_caches fixture now also resets _allowed_hosts between tests
103 → 118 passing tests.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- ifcurl/auth.py: token config (~/.config/ifcurl/tokens.json),
get_token_for_host(), inject_token() for HTTPS URL credential injection
- ifcurl/git.py: thread token= through fetch_ifc/fetch_ifc_bytes/_open_remote;
authenticated fetch uses 'git fetch <auth_url> +refs/*:refs/*' so the
token is never written to on-disk git config
- ifcurl/service.py: optional token field in PreviewRequest; request token
takes precedence over config-file token; get_token_for_host imported at
module level for clean monkeypatching in tests
- tests
Generated with the assistance of an AI coding tool.