jedarden/pdftract
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
pdftract/crates
History
jedarden 3fa783f628 test(pdftract-5m3hp): implement TH-03 MCP no-auth bind security tests 
Add comprehensive security test suite for TH-03 (plan line 874) verifying
MCP server requires authentication on non-loopback binds.

Test coverage:
- IPv4/IPv6 all-addresses bind requires token (exit 78)
- Loopback addresses (127.0.0.1, ::1, localhost) exempt from auth
- Token auth via PDFTRACT_MCP_TOKEN env var and --auth-token-file
- Atomic failure verification (no listener during failure window)
- Exit code specificity (EX_CONFIG=78, not just any non-zero)
- Parallel bind attempts all fail securely

File: crates/pdftract-core/tests/TH-03-mcp-no-auth.rs (529 lines, 11 tests)

Verification note: notes/pdftract-5m3hp.md

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-24 18:43:52 -04:00
..
pdftract-cer-diff docs(pdftract-aawrz): add LICENSE-MIT and LICENSE-APACHE files 2026-05-23 10:36:28 -04:00
pdftract-cli feat(pdftract-5pbkp): implement inspect subcommand with clap parsing and axum server 2026-05-24 17:13:05 -04:00
pdftract-core test(pdftract-5m3hp): implement TH-03 MCP no-auth bind security tests 2026-05-24 18:43:52 -04:00
pdftract-libpdftract feat(pdftract-3s2i): implement Phase 5.5.2 validation filter 2026-05-24 04:57:17 -04:00
pdftract-py feat(pdftract-2nu0s): implement Python SDK contract conformance 2026-05-24 08:55:11 -04:00