fix: update security test expectations for enhanced validation messages

- Update flexible-instance-security.test.ts to match new specific error messages
- Update flexible-instance-security-advanced.test.ts for enhanced validation
- Improve security by removing sensitive data from validation error messages
- All 37 security tests now passing

Fixes CI test failures after validation enhancement

🤖 Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

src/types/instance-context.ts

@@ -101,10 +101,10 @@ export function validateInstanceContext(context: InstanceContext): {
       try {
         const parsed = new URL(context.n8nApiUrl);
         if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
-          errors.push(`Invalid n8nApiUrl: ${context.n8nApiUrl} - URL must use HTTP or HTTPS protocol, got ${parsed.protocol}`);
+          errors.push(`Invalid n8nApiUrl: URL must use HTTP or HTTPS protocol, got ${parsed.protocol}`);
         }
       } catch {
-        errors.push(`Invalid n8nApiUrl: ${context.n8nApiUrl} - URL format is malformed or incomplete`);
+        errors.push(`Invalid n8nApiUrl: URL format is malformed or incomplete`);
       }
     }
   }

tests/unit/flexible-instance-security-advanced.test.ts

@@ -48,7 +48,7 @@ describe('Advanced Security and Error Handling Tests', () => {
 
       // URL should be invalid due to special characters
       expect(validation.valid).toBe(false);
-      expect(validation.errors).toContain('Invalid n8nApiUrl format');
+      expect(validation.errors?.some(error => error.startsWith('Invalid n8nApiUrl:'))).toBe(true);
     });
 
     it('should handle XSS attempts in context fields', () => {
@@ -304,7 +304,7 @@ describe('Advanced Security and Error Handling Tests', () => {
       const validation = validateInstanceContext(sensitiveContext);
 
       expect(validation.valid).toBe(false);
-      expect(validation.errors).toContain('Invalid n8nApiUrl format');
+      expect(validation.errors?.some(error => error.startsWith('Invalid n8nApiUrl:'))).toBe(true);
 
       // Should not contain the actual invalid URL
       const errorData = JSON.stringify(validation);

tests/unit/flexible-instance-security.test.ts

@@ -50,7 +50,7 @@ describe('Flexible Instance Security', () => {
           };
           const validation = validateInstanceContext(context);
           expect(validation.valid).toBe(false);
-          expect(validation.errors).toContain('Invalid n8nApiUrl format');
+          expect(validation.errors?.some(error => error.startsWith('Invalid n8nApiUrl:'))).toBe(true);
         });
       });
     });
@@ -91,7 +91,7 @@ describe('Flexible Instance Security', () => {
           };
           const validation = validateInstanceContext(context);
           expect(validation.valid).toBe(false);
-          expect(validation.errors).toContain('Invalid n8nApiKey format');
+          expect(validation.errors?.some(error => error.startsWith('Invalid n8nApiKey:'))).toBe(true);
         });
       });
     });
@@ -108,7 +108,7 @@ describe('Flexible Instance Security', () => {
           };
           const validation = validateInstanceContext(context);
           expect(validation.valid).toBe(false);
-          expect(validation.errors).toContain('n8nApiTimeout must be a positive number');
+          expect(validation.errors?.some(error => error.includes('Must be positive (greater than 0)'))).toBe(true);
         });
 
         // NaN and Infinity are handled differently
@@ -141,7 +141,7 @@ describe('Flexible Instance Security', () => {
           };
           const validation = validateInstanceContext(context);
           expect(validation.valid).toBe(false);
-          expect(validation.errors).toContain('n8nApiMaxRetries must be a non-negative number');
+          expect(validation.errors?.some(error => error.includes('Must be non-negative (0 or greater)'))).toBe(true);
         });
 
         // Valid retries (including 0)