{
  "tests": [
    {
      "test": "Parse Bearer token from Authorization header",
      "passed": true,
      "result": true
    },
    {
      "test": "Reject missing Authorization with 401",
      "passed": true,
      "result": true
    },
    {
      "test": "Reject invalid token format with 401",
      "passed": true,
      "result": true
    },
    {
      "test": "Cookie parsing",
      "passed": true,
      "result": true
    },
    {
      "test": "HMAC-based token verification",
      "passed": true,
      "result": true
    },
    {
      "test": "Constant-time token comparison",
      "passed": true,
      "result": true
    }
  ],
  "passed": true,
  "category": "auth",
  "executionTime": 37
}