{
  "context": "Evaluates use of nock's header handling to enforce auth requirements and shape reply headers for the mocked profile service described in the spec.",
  "type": "weighted_checklist",
  "checklist": [
    {
      "name": "GET header match",
      "description": "Uses nock(baseUrl) with reqheaders or matchHeader to require both Bearer Authorization and Accept: application/json on the GET /profile mock, returning 401 when missing.",
      "max_score": 20
    },
    {
      "name": "Spoof blocked",
      "description": "Applies badheaders (or an equivalent scoped matcher) to reject any request carrying X-Spoof before other mocks are consumed, returning the 403 stub.",
      "max_score": 20
    },
    {
      "name": "Basic auth update",
      "description": "Configures the POST /profile mock with basicAuth so only valid credentials succeed and missing auth triggers the 401 path.",
      "max_score": 20
    },
    {
      "name": "Default reply headers",
      "description": "Sets defaultReplyHeaders to emit X-Env: test and Cache-Control: no-store on every mocked response instead of repeating headers per interceptor.",
      "max_score": 15
    },
    {
      "name": "Auto date and length",
      "description": "Calls replyDate and replyContentLength so Date and Content-Length are automatically added and sized for each mock body.",
      "max_score": 15
    },
    {
      "name": "Trace echo header",
      "description": "Uses a reply callback to echo any X-Trace-Id request header back in the response headers for the POST /profile mock.",
      "max_score": 10
    }
  ]
}