From f36fb55ebea4ae1c058f1501e109e72aa7a2d3f2 Mon Sep 17 00:00:00 2001
From: Alan Wizemann <alan@wizemann.com>
Date: Mon, 20 Apr 2026 15:45:29 -0700
Subject: [PATCH] test(ssh): regression tests for ControlPath socket-limit
 invariants
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two tests pinning the invariants that were violated / introduced
by the #19 / PR #20 fix:

- controlDirPathFitsMacOSSocketLimit: asserts dir + '/' + 64-char
  %C hash + NUL <= 104 bytes. Would have caught the original
  Caches-based path landing at 105 bytes for users with longer
  $HOME strings.

- controlDirPathIsPerUser: asserts the path includes the current
  uid, pinning the per-user-isolation invariant against any future
  refactor that drops it (since /tmp is shared across all local
  users).

scarfTests was a stub before this — these are the suite's first
real tests.
---
 scarf/scarfTests/scarfTests.swift | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/scarf/scarfTests/scarfTests.swift b/scarf/scarfTests/scarfTests.swift
index c8429aa..b013021 100644
--- a/scarf/scarfTests/scarfTests.swift
+++ b/scarf/scarfTests/scarfTests.swift
@@ -6,12 +6,33 @@
 //
 
 import Testing
+import Darwin
 @testable import scarf
 
-struct scarfTests {
+@Suite struct ControlPathTests {
 
-    @Test func example() async throws {
-        // Write your test here and use APIs like `#expect(...)` to check expected conditions.
+    /// macOS' `sun_path` is 104 bytes including the NUL terminator. OpenSSH's
+    /// `%C` token expands to a 64-char SHA1 hex digest. The full bound socket
+    /// path is `<controlDir>/<%C>`, so the worst case is
+    /// `controlDir.utf8.count + 1 (separator) + 64 (hash) + 1 (NUL)`.
+    ///
+    /// This test pins the invariant violated by the original Caches-based
+    /// path that triggered issue #19 — any future change to `controlDirPath`
+    /// that drifts back over the limit will fail here instead of silently
+    /// breaking remote SSH for users with long `$HOME` strings.
+    @Test func controlDirPathFitsMacOSSocketLimit() {
+        let dir = SSHTransport.controlDirPath()
+        let worstCase = dir.utf8.count + 1 + 64 + 1
+        #expect(worstCase <= 104,
+                "ControlPath worst case is \(worstCase) bytes for dir '\(dir)'; macOS sun_path limit is 104")
     }
 
+    /// `/tmp` is shared across all users on a Mac. The per-uid suffix is what
+    /// keeps two local users' control sockets from colliding — guard against
+    /// a refactor that drops it.
+    @Test func controlDirPathIsPerUser() {
+        let dir = SSHTransport.controlDirPath()
+        #expect(dir.contains("\(getuid())"),
+                "ControlPath '\(dir)' must include the current uid for per-user isolation")
+    }
 }