- Create branch
feature/api-key-hardening - Update src/middleware/auth.ts: Implement timing-safe comparison using crypto.timingSafeEqual
- Update src/tests/auth.test.ts: Add tests for dynamic resolver with loadApiKeys()
- Fixed test compilation errors and header array handling
- Tests pass for auth middleware (15/15), timing-safe impl verified
- Document API_KEYS env var in docs/security-checklist-backend.md
- Add/update securityScheme in docs/openapi.yaml for x-api-key
- Run full
npm test --coverage - Run
npm run build - Commit changes
- Check/install GitHub CLI (
gh), create PR
Current progress: Core hardening complete, tests green. Adding docs.