fischer-agentkit/tests
chiguyong 698a8fafba fix(review): U7 refresh token hash verification on whoami
The whoami route accepted rotated/old refresh tokens for cold-start
because it only checked session revocation status, not the token hash.
Now when token_type == "refresh", the route computes hash_token(token)
and compares it with the session's stored refresh_token_hash using
hmac.compare_digest (constant-time). Mismatch returns 401.

- Add SessionService.get_stored_refresh_hash(session_id) helper
- Add hash verification in whoami route (R9)
- Add TestWhoamiTokenHash with 5 integration tests
2026-06-22 16:55:20 +08:00
..
e2e fix(routing): U1-U6 路由优化 + 修复方案 + 代码审查修复 2026-06-20 19:31:49 +08:00
integration fix(review): U7 refresh token hash verification on whoami 2026-06-22 16:55:20 +08:00
unit fix(review): U6 frontend field alignment + CLI top-users field fix 2026-06-22 16:28:44 +08:00
__init__.py feat: initial fischer-agentkit package with unified agent architecture 2026-06-04 22:24:06 +08:00
conftest.py fix: comprehensive code review fixes + WS test stability 2026-06-15 08:17:34 +08:00
test_routing_chain.py feat: accumulated frontend enhancements, docs, and static assets 2026-06-14 16:35:01 +08:00