mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-10 14:28:43 +02:00
Add files via upload
This commit is contained in:
@@ -0,0 +1,78 @@
|
||||
# Testing Guide
|
||||
|
||||
[中文](../zh-CN/testing.md)
|
||||
|
||||
Testing CyberStrikeAI means more than running Go tests. Agent, MCP, HITL, C2, WebShell, and frontend streaming all have different failure modes.
|
||||
|
||||
## Commands
|
||||
|
||||
```bash
|
||||
go test ./internal/...
|
||||
go test ./cmd/...
|
||||
go build -o cyberstrike-ai ./cmd/server
|
||||
```
|
||||
|
||||
Run focused packages when working locally:
|
||||
|
||||
```bash
|
||||
go test ./internal/multiagent
|
||||
go test ./internal/handler
|
||||
go test ./internal/security
|
||||
```
|
||||
|
||||
## Test Pyramid
|
||||
|
||||
| Layer | Goal | Example |
|
||||
| --- | --- | --- |
|
||||
| Unit | pure logic | expressions, chunking, sanitization |
|
||||
| Handler | HTTP behavior | validation, auth, status codes |
|
||||
| Integration | module cooperation | external MCP, KB indexing, HITL |
|
||||
| Smoke | user path | login, chat, tools, settings |
|
||||
| Authorized lab | high-risk features | C2, WebShell, terminal |
|
||||
|
||||
Do not use end-to-end manual testing as a substitute for unit tests, or unit tests as a substitute for high-risk lab validation.
|
||||
|
||||
## Regression Focus
|
||||
|
||||
Expand testing when changing:
|
||||
|
||||
- `internal/handler/config.go`: model, KB, MCP, C2, robot apply paths;
|
||||
- `internal/multiagent/`: streaming, tool calls, summarization, retry, HITL;
|
||||
- `internal/security/`: auth, shell, timeout, no-output;
|
||||
- `internal/database/`: old data compatibility;
|
||||
- `web/static/js/chat.js`: chat, process details, attack chain, groups.
|
||||
|
||||
## Test Data
|
||||
|
||||
Avoid real customer data. Prepare:
|
||||
|
||||
- small Markdown KB sample;
|
||||
- fake local MCP server;
|
||||
- controlled local HTTP target;
|
||||
- harmless WebShell simulator;
|
||||
- temporary SQLite DB.
|
||||
|
||||
## Failure Cases
|
||||
|
||||
Cover:
|
||||
|
||||
- model API 401/429/500;
|
||||
- MCP startup failure;
|
||||
- tool timeout;
|
||||
- HITL rejection;
|
||||
- interrupted KB indexing;
|
||||
- unwritable database;
|
||||
- WebShell non-200 response;
|
||||
- C2 disabled endpoint access.
|
||||
|
||||
## Source Anchors
|
||||
|
||||
Existing tests live across:
|
||||
|
||||
- `internal/handler/*_test.go`
|
||||
- `internal/multiagent/*_test.go`
|
||||
- `internal/workflow/*_test.go`
|
||||
- `internal/knowledge/*_test.go`
|
||||
- `internal/security/*_test.go`
|
||||
- `internal/mcp/*_test.go`
|
||||
- `internal/c2/*_test.go`
|
||||
Reference in New Issue
Block a user