Address remaining code review issues

Co-authored-by: bbockelm <1093447+bbockelm@users.noreply.github.com>

Author: Copilot

src/scitokens_internal.h

@@ -134,7 +134,6 @@ class MonitoringStats {
   public:
     static MonitoringStats &instance();
 
-    void record_validation_start(const std::string &issuer);
     void record_validation_success(const std::string &issuer,
                                     uint64_t duration_ns);
     void record_validation_failure(const std::string &issuer,
@@ -156,7 +155,7 @@ class MonitoringStats {
 
     mutable std::mutex m_mutex;
     std::unordered_map<std::string, IssuerStats> m_issuer_stats;
-    std::unordered_map<std::string, std::atomic<uint64_t>> m_failed_issuer_lookups;
+    std::unordered_map<std::string, uint64_t> m_failed_issuer_lookups;
 
     std::string sanitize_issuer_for_json(const std::string &issuer) const;
     void prune_failed_issuers();
@@ -472,7 +471,7 @@ class Validator {
     }
 
     void verify(const SciToken &scitoken, time_t expiry_time) {
-        std::string issuer;
+        std::string issuer = "";
         auto start_time = std::chrono::steady_clock::now();
         bool has_issuer = false;
 
@@ -514,7 +513,7 @@ class Validator {
     }
 
     void verify(const jwt::decoded_jwt<jwt::traits::kazuho_picojson> &jwt) {
-        std::string issuer;
+        std::string issuer = "";
         auto start_time = std::chrono::steady_clock::now();
         bool has_issuer = false;
 

src/scitokens_monitoring.cpp

@@ -16,11 +16,6 @@ MonitoringStats &MonitoringStats::instance() {
     return instance;
 }
 
-void MonitoringStats::record_validation_start(const std::string &issuer) {
-    // This is a no-op for now, but could be used for tracking in-progress
-    // validations
-}
-
 void MonitoringStats::record_validation_success(const std::string &issuer,
                                                  uint64_t duration_ns) {
     std::lock_guard<std::mutex> lock(m_mutex);
@@ -80,7 +75,7 @@ void MonitoringStats::prune_failed_issuers() {
     // Find the minimum count
     uint64_t min_count = UINT64_MAX;
     for (const auto &entry : m_failed_issuer_lookups) {
-        uint64_t count = entry.second.load();
+        uint64_t count = entry.second;
         if (count < min_count) {
             min_count = count;
         }
@@ -89,7 +84,7 @@ void MonitoringStats::prune_failed_issuers() {
     // Remove all entries with the minimum count
     for (auto it = m_failed_issuer_lookups.begin();
          it != m_failed_issuer_lookups.end();) {
-        if (it->second.load() == min_count) {
+        if (it->second == min_count) {
             it = m_failed_issuer_lookups.erase(it);
         } else {
             ++it;
@@ -142,7 +137,7 @@ std::string MonitoringStats::get_json() const {
             std::string sanitized_issuer =
                 sanitize_issuer_for_json(entry.first);
             failed_obj[sanitized_issuer] =
-                picojson::value(static_cast<double>(entry.second.load()));
+                picojson::value(static_cast<double>(entry.second));
         }
         root["failed_issuer_lookups"] = picojson::value(failed_obj);
     }

src/test_monitoring_comprehensive.cpp

@@ -25,6 +25,9 @@ void print_monitoring_stats(const std::string &label) {
 int main() {
     char *err_msg = nullptr;
 
+    // Test constants
+    const int DDOS_TEST_COUNT = 150; // Test beyond MAX_FAILED_ISSUERS limit
+    
     // Reset monitoring stats at start
     scitoken_reset_monitoring_stats(&err_msg);
 
@@ -71,7 +74,7 @@ int main() {
 
     // Try to create many tokens with different invalid issuers
     // The monitoring system should limit tracking to MAX_FAILED_ISSUERS (100)
-    for (int i = 0; i < 150; i++) {
+    for (int i = 0; i < DDOS_TEST_COUNT; i++) {
         // These are malformed tokens that will fail early
         std::string fake_token = "invalid.token." + std::to_string(i);
         SciToken temp_token = nullptr;