fix: Go 1.25 upgrade, codebase audit fixes, MCP server tests

Upgrade from Go 1.22 to 1.25 (minimum for MCP SDK, actively supported). CI updated to match. Codebase audit fixes: - Local CA parseIP() now uses net.ParseIP — IP SANs no longer silently dropped - Nil pointer guards in agent.go GetWorkWithTargets for target/cert enrichment - MCP CreateCertificateInput marks owner_id/team_id as required - NGINX connector uses CombinedOutput() — captures diagnostic output on failure - Jobs handler validates JSON decode on rejection body — returns 400 on malformed - CRL/OCSP handlers propagate requestID for error tracing MCP server tests (26 tests): - client_test.go: HTTP client coverage (GET/POST/PUT/DELETE, auth, 204, errors, binary) - tools_test.go: tool registration, pagination, end-to-end flows with mock API Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-12 05:18:52 +00:00 · 2026-03-23 17:36:25 -04:00
parent 7c8d4d29ff
commit d460950cce
10 changed files with 742 additions and 27 deletions
@@ -31,8 +31,8 @@ type CreateCertificateInput struct {
 	CommonName      string            `json:"common_name" jsonschema:"Certificate common name (e.g. api.example.com)"`
 	SANs            []string          `json:"sans,omitempty" jsonschema:"Subject Alternative Names"`
 	Environment     string            `json:"environment,omitempty" jsonschema:"Environment (e.g. production, staging)"`
-	OwnerID         string            `json:"owner_id,omitempty" jsonschema:"Owner ID"`
-	TeamID          string            `json:"team_id,omitempty" jsonschema:"Team ID"`
+	OwnerID         string            `json:"owner_id" jsonschema:"Owner ID (required)"`
+	TeamID          string            `json:"team_id" jsonschema:"Team ID (required)"`
 	IssuerID        string            `json:"issuer_id" jsonschema:"Issuer connector ID"`
 	TargetIDs       []string          `json:"target_ids,omitempty" jsonschema:"Deployment target IDs"`
 	RenewalPolicyID string            `json:"renewal_policy_id,omitempty" jsonschema:"Renewal policy ID"`