1 files changed, 28 insertions, 0 deletions

diff --git a/tst/validate_identifier.test.ts b/tst/validate_identifier.test.ts
new file mode 100644
index 0000000..de5ac5e
--- /dev/null
+++ b/tst/validate_identifier.test.ts
@@ -0,0 +1,28 @@
+import { validateIdentifier, validateExecutionEntries } from '../lib/index';
+
+describe('process/validate_identifier', () => {
+    test('validateIdentifier accepts safe tokens', () => {
+        expect(validateIdentifier('abcDEF_0123-:.?/&= ')).toBe(true);
+        expect(validateIdentifier('path/to/file.txt')).toBe(true);
+    });
+
+    test('validateIdentifier rejects path traversal', () => {
+        expect(validateIdentifier('../etc/passwd')).toBe(false);
+        expect(validateIdentifier('ok..not')).toBe(false);
+    });
+
+    test('validateIdentifier rejects unsafe characters', () => {
+        expect(validateIdentifier('rm -rf /;')).toBe(false);
+        expect(validateIdentifier('$HOME')).toBe(false);
+    });
+
+    test('validateExecutionEntries returns right for safe env entries', () => {
+        const res = validateExecutionEntries({ FOO: 'bar', HELLO: 'world-123' });
+        expect(res.right().get()).toEqual({ FOO: 'bar', HELLO: 'world-123' });
+    });
+
+    test('validateExecutionEntries returns invalid entries', () => {
+        const res = validateExecutionEntries({ OK: 'good', BAD: '../nope' });
+        expect(res.left().get()).toEqual([['BAD', '../nope']]);
+    });
+});