From 78be5dbf44e6fd70cfaad89f9fa44c3ab600cd9e Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 16 May 2026 21:09:04 +0000
Subject: [PATCH 1/3] =?UTF-8?q?=F0=9F=A7=AA=20Add=20tests=20for=20Unmarsha?=
 =?UTF-8?q?lPrivateKey?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds tests for UnmarshalPrivateKey in internal/identity/identity.go that checks correct mapping of data to and from private keys when marshaling and unmarshaling. Tests for missing or incorrect passphrase.

This commit has been created by an automated coding assistant, with human supervision.
# 🧪 Testing Improvement Task

You are a testing-focused agent. Your mission is to analyze and implement a testing improvement that will increase the reliability and coverage of the codebase.

## Task Details

**File:** `internal/identity/identity.go:144`
**Issue:** Missing test for UnmarshalPrivateKey in internal/identity/identity.go

**Language:** go

**Current Code:**
```go

	return pem.EncodeToMemory(block), nil
}

// UnmarshalPrivateKey imports a private key from PEM format.
func UnmarshalPrivateKey(data []byte, passphrase string) (crypto.PrivateKey, error) {
	block, _ := pem.Decode(data)
	if block == nil {
		return nil, fmt.Errorf("failed to decode PEM block")
	}

	der := block.Bytes
	if x509.IsEncryptedPEMBlock(block) {
		var err error
		der, err = x509.DecryptPEMBlock(block, []byte(passphrase))
```

**Rationale:** Function UnmarshalPrivateKey seems straightforward to test.

## Your Process

### 1. 🔍 UNDERSTAND - Analyze the Testing Gap
* Review the code that needs testing
* Understand what functionality should be tested
* Identify edge cases and error conditions

### 2. 📋 PLAN - Design the Test Strategy
Before writing tests, plan your approach:
* What test framework is used in this project?
* What existing test patterns should you follow?
* What scenarios need to be covered?

### 3. 🔧 IMPLEMENT - Write Effective Tests
* Write clear, focused test cases
* Follow existing testing patterns and conventions
* Cover happy paths, edge cases, and error conditions
* Use appropriate mocks and test doubles
* Ensure tests are deterministic and not flaky

### 4. ✅ VERIFY - Validate the Tests
- Run the new tests to ensure they pass
- Run the full test suite to ensure no regressions
- Verify the tests actually catch bugs (try breaking the code to confirm the test fails)

### 5. 📝 DOCUMENT - Explain the Testing Improvement
Create a PR with:
- Title: "🧪 [testing improvement description]"
- Description with:
  * 🎯 **What:** The testing gap addressed
  * 📊 **Coverage:** What scenarios are now tested
  * ✨ **Result:** The improvement in test coverage

Remember: Good tests are the safety net that allows confident refactoring. Write tests that catch real bugs.

Co-authored-by: filmil <246576+filmil@users.noreply.github.com>
---
 internal/identity/BUILD.bazel      |  8 +++-
 internal/identity/identity_test.go | 59 ++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/internal/identity/BUILD.bazel b/internal/identity/BUILD.bazel
index f9625fc..918cd53 100644
--- a/internal/identity/BUILD.bazel
+++ b/internal/identity/BUILD.bazel
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 
-load("@rules_go//go:def.bzl", "go_library")
+load("@rules_go//go:def.bzl", "go_library", "go_test")
 
 go_library(
     name = "identity",
@@ -12,3 +12,9 @@ go_library(
         "@org_golang_google_protobuf//reflect/protoreflect",
     ],
 )
+
+go_test(
+    name = "identity_test",
+    srcs = ["identity_test.go"],
+    embed = [":identity"],
+)
diff --git a/internal/identity/identity_test.go b/internal/identity/identity_test.go
index 21dee9a..98f9ef1 100644
--- a/internal/identity/identity_test.go
+++ b/internal/identity/identity_test.go
@@ -27,3 +27,62 @@ func TestGenerate(t *testing.T) {
 		t.Error("Generate() returned identity with nil private key")
 	}
 }
+
+func TestUnmarshalPrivateKey(t *testing.T) {
+	shortName := "test-agent"
+	ident, err := Generate(shortName)
+	if err != nil {
+		t.Fatalf("Generate() failed: %v", err)
+	}
+
+	t.Run("unencrypted", func(t *testing.T) {
+		pemBytes, err := MarshalPrivateKey(ident.PrivateKey, "")
+		if err != nil {
+			t.Fatalf("MarshalPrivateKey() failed: %v", err)
+		}
+
+		key, err := UnmarshalPrivateKey(pemBytes, "")
+		if err != nil {
+			t.Fatalf("UnmarshalPrivateKey() failed: %v", err)
+		}
+		if key == nil {
+			t.Error("UnmarshalPrivateKey() returned nil key")
+		}
+	})
+
+	t.Run("encrypted", func(t *testing.T) {
+		passphrase := "secret123"
+		pemBytes, err := MarshalPrivateKey(ident.PrivateKey, passphrase)
+		if err != nil {
+			t.Fatalf("MarshalPrivateKey() failed: %v", err)
+		}
+
+		key, err := UnmarshalPrivateKey(pemBytes, passphrase)
+		if err != nil {
+			t.Fatalf("UnmarshalPrivateKey() failed: %v", err)
+		}
+		if key == nil {
+			t.Error("UnmarshalPrivateKey() returned nil key")
+		}
+	})
+
+	t.Run("encrypted with wrong passphrase", func(t *testing.T) {
+		passphrase := "secret123"
+		pemBytes, err := MarshalPrivateKey(ident.PrivateKey, passphrase)
+		if err != nil {
+			t.Fatalf("MarshalPrivateKey() failed: %v", err)
+		}
+
+		_, err = UnmarshalPrivateKey(pemBytes, "wrongpassword")
+		if err == nil {
+			t.Error("UnmarshalPrivateKey() succeeded with wrong passphrase, expected error")
+		}
+	})
+
+	t.Run("invalid PEM", func(t *testing.T) {
+		_, err := UnmarshalPrivateKey([]byte("not a real pem"), "")
+		if err == nil {
+			t.Error("UnmarshalPrivateKey() succeeded with invalid PEM, expected error")
+		}
+	})
+}

From d31f49496a0d968564c511435fc980f59645aa2c Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Wed, 20 May 2026 04:08:42 +0000
Subject: [PATCH 2/3] =?UTF-8?q?=F0=9F=A7=AA=20Add=20tests=20for=20Unmarsha?=
 =?UTF-8?q?lPrivateKey?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds tests for UnmarshalPrivateKey in internal/identity/identity.go that checks correct mapping of data to and from private keys when marshaling and unmarshaling. Tests for missing or incorrect passphrase.

This commit has been created by an automated coding assistant, with human supervision.
# 🧪 Testing Improvement Task

You are a testing-focused agent. Your mission is to analyze and implement a testing improvement that will increase the reliability and coverage of the codebase.

## Task Details

**File:** `internal/identity/identity.go:144`
**Issue:** Missing test for UnmarshalPrivateKey in internal/identity/identity.go

**Language:** go

**Current Code:**
```go

	return pem.EncodeToMemory(block), nil
}

// UnmarshalPrivateKey imports a private key from PEM format.
func UnmarshalPrivateKey(data []byte, passphrase string) (crypto.PrivateKey, error) {
	block, _ := pem.Decode(data)
	if block == nil {
		return nil, fmt.Errorf("failed to decode PEM block")
	}

	der := block.Bytes
	if x509.IsEncryptedPEMBlock(block) {
		var err error
		der, err = x509.DecryptPEMBlock(block, []byte(passphrase))
```

**Rationale:** Function UnmarshalPrivateKey seems straightforward to test.

## Your Process

### 1. 🔍 UNDERSTAND - Analyze the Testing Gap
* Review the code that needs testing
* Understand what functionality should be tested
* Identify edge cases and error conditions

### 2. 📋 PLAN - Design the Test Strategy
Before writing tests, plan your approach:
* What test framework is used in this project?
* What existing test patterns should you follow?
* What scenarios need to be covered?

### 3. 🔧 IMPLEMENT - Write Effective Tests
* Write clear, focused test cases
* Follow existing testing patterns and conventions
* Cover happy paths, edge cases, and error conditions
* Use appropriate mocks and test doubles
* Ensure tests are deterministic and not flaky

### 4. ✅ VERIFY - Validate the Tests
- Run the new tests to ensure they pass
- Run the full test suite to ensure no regressions
- Verify the tests actually catch bugs (try breaking the code to confirm the test fails)

### 5. 📝 DOCUMENT - Explain the Testing Improvement
Create a PR with:
- Title: "🧪 [testing improvement description]"
- Description with:
  * 🎯 **What:** The testing gap addressed
  * 📊 **Coverage:** What scenarios are now tested
  * ✨ **Result:** The improvement in test coverage

Remember: Good tests are the safety net that allows confident refactoring. Write tests that catch real bugs.

Co-authored-by: filmil <246576+filmil@users.noreply.github.com>
---
 internal/identity/identity_test.go | 59 ++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

diff --git a/internal/identity/identity_test.go b/internal/identity/identity_test.go
index 98f9ef1..076db06 100644
--- a/internal/identity/identity_test.go
+++ b/internal/identity/identity_test.go
@@ -28,6 +28,65 @@ func TestGenerate(t *testing.T) {
 	}
 }
 
+func TestMarshalUnmarshalCertificate(t *testing.T) {
+	shortName := "test-agent-cert"
+	ident, err := Generate(shortName)
+	if err != nil {
+		t.Fatalf("Generate() failed: %v", err)
+	}
+
+	pemData := MarshalCertificate(ident.Certificate)
+	if len(pemData) == 0 {
+		t.Fatal("MarshalCertificate() returned empty byte slice")
+	}
+
+	cert, err := UnmarshalCertificate(pemData)
+	if err != nil {
+		t.Fatalf("UnmarshalCertificate() failed: %v", err)
+	}
+
+	if cert == nil {
+		t.Fatal("UnmarshalCertificate() returned nil certificate")
+	}
+
+	if cert.Subject.CommonName != shortName {
+		t.Errorf("UnmarshalCertificate() returned certificate with CommonName %q, want %q", cert.Subject.CommonName, shortName)
+	}
+}
+
+func TestUnmarshalCertificate_Errors(t *testing.T) {
+	tests := []struct {
+		name    string
+		pemData []byte
+	}{
+		{
+			name:    "empty input",
+			pemData: []byte(""),
+		},
+		{
+			name:    "invalid PEM data",
+			pemData: []byte("NOT A PEM"),
+		},
+		{
+			name:    "corrupted certificate bytes",
+			pemData: []byte("-----BEGIN CERTIFICATE-----\nYXNkZg==\n-----END CERTIFICATE-----"),
+		},
+		{
+			name:    "incorrect PEM block type",
+			pemData: []byte("-----BEGIN PRIVATE KEY-----\nYXNkZg==\n-----END PRIVATE KEY-----"),
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			_, err := UnmarshalCertificate(tt.pemData)
+			if err == nil {
+				t.Error("UnmarshalCertificate() expected error, got nil")
+			}
+		})
+	}
+}
+
 func TestUnmarshalPrivateKey(t *testing.T) {
 	shortName := "test-agent"
 	ident, err := Generate(shortName)

From d589246a3563256758df5d05605534b4eb5341b2 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Thu, 21 May 2026 02:29:15 +0000
Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=A7=AA=20Add=20tests=20for=20Unmarsha?=
 =?UTF-8?q?lPrivateKey?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds tests for UnmarshalPrivateKey in internal/identity/identity.go that checks correct mapping of data to and from private keys when marshaling and unmarshaling. Tests for missing or incorrect passphrase.

This commit has been created by an automated coding assistant, with human supervision.
# 🧪 Testing Improvement Task

You are a testing-focused agent. Your mission is to analyze and implement a testing improvement that will increase the reliability and coverage of the codebase.

## Task Details

**File:** `internal/identity/identity.go:144`
**Issue:** Missing test for UnmarshalPrivateKey in internal/identity/identity.go

**Language:** go

**Current Code:**
```go

	return pem.EncodeToMemory(block), nil
}

// UnmarshalPrivateKey imports a private key from PEM format.
func UnmarshalPrivateKey(data []byte, passphrase string) (crypto.PrivateKey, error) {
	block, _ := pem.Decode(data)
	if block == nil {
		return nil, fmt.Errorf("failed to decode PEM block")
	}

	der := block.Bytes
	if x509.IsEncryptedPEMBlock(block) {
		var err error
		der, err = x509.DecryptPEMBlock(block, []byte(passphrase))
```

**Rationale:** Function UnmarshalPrivateKey seems straightforward to test.

## Your Process

### 1. 🔍 UNDERSTAND - Analyze the Testing Gap
* Review the code that needs testing
* Understand what functionality should be tested
* Identify edge cases and error conditions

### 2. 📋 PLAN - Design the Test Strategy
Before writing tests, plan your approach:
* What test framework is used in this project?
* What existing test patterns should you follow?
* What scenarios need to be covered?

### 3. 🔧 IMPLEMENT - Write Effective Tests
* Write clear, focused test cases
* Follow existing testing patterns and conventions
* Cover happy paths, edge cases, and error conditions
* Use appropriate mocks and test doubles
* Ensure tests are deterministic and not flaky

### 4. ✅ VERIFY - Validate the Tests
- Run the new tests to ensure they pass
- Run the full test suite to ensure no regressions
- Verify the tests actually catch bugs (try breaking the code to confirm the test fails)

### 5. 📝 DOCUMENT - Explain the Testing Improvement
Create a PR with:
- Title: "🧪 [testing improvement description]"
- Description with:
  * 🎯 **What:** The testing gap addressed
  * 📊 **Coverage:** What scenarios are now tested
  * ✨ **Result:** The improvement in test coverage

Remember: Good tests are the safety net that allows confident refactoring. Write tests that catch real bugs.

Co-authored-by: filmil <246576+filmil@users.noreply.github.com>