test(auth): cover key normalization

src/agents/minimax-vlm.normalizes-api-key.test.ts

@@ -0,0 +1,39 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+describe("minimaxUnderstandImage apiKey normalization", () => {
+  const priorFetch = global.fetch;
+
+  afterEach(() => {
+    // @ts-expect-error restore
+    global.fetch = priorFetch;
+    vi.restoreAllMocks();
+  });
+
+  it("strips embedded CR/LF before sending Authorization header", async () => {
+    const fetchSpy = vi.fn(async (_input: RequestInfo | URL, init?: RequestInit) => {
+      const auth = (init?.headers as Record<string, string> | undefined)?.Authorization;
+      expect(auth).toBe("Bearer minimax-test-key");
+
+      return new Response(
+        JSON.stringify({
+          base_resp: { status_code: 0, status_msg: "ok" },
+          content: "ok",
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+    });
+    // @ts-expect-error mock fetch
+    global.fetch = fetchSpy;
+
+    const { minimaxUnderstandImage } = await import("./minimax-vlm.js");
+    const text = await minimaxUnderstandImage({
+      apiKey: "minimax-test-\r\nkey",
+      prompt: "hi",
+      imageDataUrl: "data:image/png;base64,AAAA",
+      apiHost: "https://api.minimax.io",
+    });
+
+    expect(text).toBe("ok");
+    expect(fetchSpy).toHaveBeenCalled();
+  });
+});

src/agents/tools/web-fetch.firecrawl-api-key-normalization.test.ts

@@ -0,0 +1,62 @@
+import { afterEach, describe, expect, it, vi } from "vitest";
+
+vi.mock("../../infra/net/fetch-guard.js", () => {
+  return {
+    fetchWithSsrFGuard: vi.fn(async () => {
+      throw new Error("network down");
+    }),
+  };
+});
+
+describe("web_fetch firecrawl apiKey normalization", () => {
+  const priorFetch = global.fetch;
+
+  afterEach(() => {
+    // @ts-expect-error restore
+    global.fetch = priorFetch;
+    vi.restoreAllMocks();
+  });
+
+  it("strips embedded CR/LF before sending Authorization header", async () => {
+    const fetchSpy = vi.fn(async (input: RequestInfo | URL, init?: RequestInit) => {
+      const url = typeof input === "string" ? input : input instanceof URL ? input.toString() : "";
+      expect(url).toContain("/v2/scrape");
+
+      const auth = (init?.headers as Record<string, string> | undefined)?.Authorization;
+      expect(auth).toBe("Bearer firecrawl-test-key");
+
+      return new Response(
+        JSON.stringify({
+          success: true,
+          data: { markdown: "ok", metadata: { title: "t" } },
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } },
+      );
+    });
+
+    // @ts-expect-error mock fetch
+    global.fetch = fetchSpy;
+
+    const { createWebFetchTool } = await import("./web-tools.js");
+    const tool = createWebFetchTool({
+      config: {
+        tools: {
+          web: {
+            fetch: {
+              cacheTtlMinutes: 0,
+              firecrawl: { apiKey: "firecrawl-test-\r\nkey" },
+              readability: false,
+            },
+          },
+        },
+      },
+    });
+
+    const result = await tool?.execute?.("call", {
+      url: "https://example.com",
+      extractMode: "text",
+    });
+    expect(result?.details).toMatchObject({ extractor: "firecrawl" });
+    expect(fetchSpy).toHaveBeenCalled();
+  });
+});