test: add tests for custom headers parsing and injection

- config_test.go: 6 test cases covering empty, single, multiple,
  whitespace-trimmed, colon-in-value, and malformed header pairs
- client_test.go: 3 test cases verifying custom headers are sent
  on requests, and that nil/empty header maps are handled safely
- Add doc comments to NewClientWithHeaders, setHeaders, and
  CustomHeaders field

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: issmirnov

internal/client/client_test.go

@@ -1258,3 +1258,65 @@ func TestDoRequest_RetryOn429(t *testing.T) {
 	assert.Equal(t, 2, attempts)
 	assert.Contains(t, string(result), "success")
 }
+
+func TestNewClientWithHeaders_SetsCustomHeaders(t *testing.T) {
+	customHeaders := map[string]string{
+		"CF-Access-Client-Id":     "test-id.access",
+		"CF-Access-Client-Secret": "test-secret",
+	}
+
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Verify standard headers are present
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+		assert.Equal(t, "test-api-key", r.Header.Get("SIGNOZ-API-KEY"))
+
+		// Verify custom headers are injected
+		assert.Equal(t, "test-id.access", r.Header.Get("CF-Access-Client-Id"))
+		assert.Equal(t, "test-secret", r.Header.Get("CF-Access-Client-Secret"))
+
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(`{"status":"success","data":[]}`))
+	}))
+	defer server.Close()
+
+	logger, _ := zap.NewDevelopment()
+	client := NewClientWithHeaders(logger, server.URL, "test-api-key", "SIGNOZ-API-KEY", customHeaders)
+
+	_, err := client.ListAlerts(context.Background(), types.ListAlertsParams{})
+	assert.NoError(t, err)
+}
+
+func TestNewClientWithHeaders_NilHeaders(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		// Standard headers should still be set when custom headers map is nil
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+		assert.Equal(t, "test-api-key", r.Header.Get("SIGNOZ-API-KEY"))
+
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(`{"status":"success","data":[]}`))
+	}))
+	defer server.Close()
+
+	logger, _ := zap.NewDevelopment()
+	client := NewClientWithHeaders(logger, server.URL, "test-api-key", "SIGNOZ-API-KEY", nil)
+
+	_, err := client.ListAlerts(context.Background(), types.ListAlertsParams{})
+	assert.NoError(t, err)
+}
+
+func TestNewClientWithHeaders_EmptyHeaders(t *testing.T) {
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, "application/json", r.Header.Get("Content-Type"))
+		assert.Equal(t, "test-api-key", r.Header.Get("SIGNOZ-API-KEY"))
+
+		w.WriteHeader(http.StatusOK)
+		_, _ = w.Write([]byte(`{"status":"success","data":[]}`))
+	}))
+	defer server.Close()
+
+	logger, _ := zap.NewDevelopment()
+	client := NewClientWithHeaders(logger, server.URL, "test-api-key", "SIGNOZ-API-KEY", map[string]string{})
+
+	_, err := client.ListAlerts(context.Background(), types.ListAlertsParams{})
+	assert.NoError(t, err)
+}

internal/config/config_test.go

@@ -0,0 +1,81 @@
+package config
+
+import (
+	"os"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestLoadConfig_CustomHeaders(t *testing.T) {
+	tests := []struct {
+		name            string
+		envValue        string
+		expectedHeaders map[string]string
+	}{
+		{
+			name:            "empty env var produces empty map",
+			envValue:        "",
+			expectedHeaders: map[string]string{},
+		},
+		{
+			name:     "single header pair",
+			envValue: "X-Custom-Auth:my-token",
+			expectedHeaders: map[string]string{
+				"X-Custom-Auth": "my-token",
+			},
+		},
+		{
+			name:     "multiple header pairs",
+			envValue: "CF-Access-Client-Id:abc123.access,CF-Access-Client-Secret:secret456",
+			expectedHeaders: map[string]string{
+				"CF-Access-Client-Id":     "abc123.access",
+				"CF-Access-Client-Secret": "secret456",
+			},
+		},
+		{
+			name:     "whitespace is trimmed",
+			envValue: " Key1 : Value1 , Key2 : Value2 ",
+			expectedHeaders: map[string]string{
+				"Key1": "Value1",
+				"Key2": "Value2",
+			},
+		},
+		{
+			name:     "value containing colon is preserved",
+			envValue: "Authorization:Bearer my-jwt-token:with:colons",
+			expectedHeaders: map[string]string{
+				"Authorization": "Bearer my-jwt-token:with:colons",
+			},
+		},
+		{
+			name:            "malformed entry without colon is skipped",
+			envValue:        "ValidKey:ValidValue,MalformedEntry",
+			expectedHeaders: map[string]string{
+				"ValidKey": "ValidValue",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Set required env vars so LoadConfig doesn't fail
+			os.Setenv("SIGNOZ_URL", "http://localhost:8080")
+			os.Setenv("SIGNOZ_API_KEY", "test-key")
+			defer os.Unsetenv("SIGNOZ_URL")
+			defer os.Unsetenv("SIGNOZ_API_KEY")
+
+			if tt.envValue != "" {
+				os.Setenv("SIGNOZ_CUSTOM_HEADERS", tt.envValue)
+				defer os.Unsetenv("SIGNOZ_CUSTOM_HEADERS")
+			} else {
+				os.Unsetenv("SIGNOZ_CUSTOM_HEADERS")
+			}
+
+			cfg, err := LoadConfig()
+			require.NoError(t, err)
+			assert.Equal(t, tt.expectedHeaders, cfg.CustomHeaders)
+		})
+	}
+}