diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000000..c34a9bd7b1f
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,24 @@
+name: ci
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  tests:
+    name: Tests
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.25.1"
+
+      - name: print go version
+        run: |
+          go test -cover ./...
+          exit 0
diff --git a/README.md b/README.md
index c2bec0368b7..8e9ae5414db 100644
--- a/README.md
+++ b/README.md
@@ -21,3 +21,5 @@ go build -o notely && ./notely
 *This starts the server in non-database mode.* It will serve a simple webpage at `http://localhost:8080`.
 
 You do *not* need to set up a database or any interactivity on the webpage yet. Instructions for that will come later in the course!
+
+NN's version of Boot.dev's Notely app.
diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go
new file mode 100644
index 00000000000..2ea638d00d3
--- /dev/null
+++ b/internal/auth/auth_test.go
@@ -0,0 +1,77 @@
+package auth
+
+import (
+	"errors"
+	"net/http"
+	"testing"
+)
+
+func TestGetAPIKey(t *testing.T) {
+	tests := []struct {
+		name          string
+		headers       http.Header
+		expectedKey   string
+		expectedError error
+	}{
+		{
+			name: "valid API key with correct format",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey my-secret-api-key-12345"},
+			},
+			expectedKey:   "my-secret-api-key-12345",
+			expectedError: nil,
+		},
+		{
+			name:          "missing Authorization header",
+			headers:       http.Header{},
+			expectedKey:   "",
+			expectedError: ErrNoAuthHeaderIncluded,
+		},
+		{
+			name: "malformed Authorization header - wrong scheme",
+			headers: http.Header{
+				"Authorization": []string{"Bearer my-token"},
+			},
+			expectedKey:   "",
+			expectedError: errors.New("malformed authorization header"),
+		},
+		{
+			name: "malformed Authorization header - only ApiKey without value",
+			headers: http.Header{
+				"Authorization": []string{"ApiKey"},
+			},
+			expectedKey:   "",
+			expectedError: errors.New("malformed authorization header"),
+		},
+		{
+			name: "empty Authorization header value",
+			headers: http.Header{
+				"Authorization": []string{""},
+			},
+			expectedKey:   "",
+			expectedError: ErrNoAuthHeaderIncluded,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			apiKey, err := GetAPIKey(tt.headers)
+
+			// Check the API key
+			if apiKey != tt.expectedKey {
+				t.Errorf("GetAPIKey() apiKey = %v, want %v", apiKey, tt.expectedKey)
+			}
+
+			// Check the error
+			if tt.expectedError != nil && err == nil {
+				t.Errorf("GetAPIKey() error = nil, want %v", tt.expectedError)
+			}
+			if tt.expectedError == nil && err != nil {
+				t.Errorf("GetAPIKey() error = %v, want nil", err)
+			}
+			if tt.expectedError != nil && err != nil && err.Error() != tt.expectedError.Error() {
+				t.Errorf("GetAPIKey() error = %v, want %v", err, tt.expectedError)
+			}
+		})
+	}
+}