Files
CyberStrikeAI/docs/en-US/testing.md
T
2026-07-07 14:04:18 +08:00

2.0 KiB

Testing Guide

中文

Testing CyberStrikeAI means more than running Go tests. Agent, MCP, HITL, C2, WebShell, and frontend streaming all have different failure modes.

Commands

go test ./internal/...
go test ./cmd/...
go build -o cyberstrike-ai ./cmd/server

Run focused packages when working locally:

go test ./internal/multiagent
go test ./internal/handler
go test ./internal/security

Test Pyramid

Layer Goal Example
Unit pure logic expressions, chunking, sanitization
Handler HTTP behavior validation, auth, status codes
Integration module cooperation external MCP, KB indexing, HITL
Smoke user path login, chat, tools, settings
Authorized lab high-risk features C2, WebShell, terminal

Do not use end-to-end manual testing as a substitute for unit tests, or unit tests as a substitute for high-risk lab validation.

Regression Focus

Expand testing when changing:

  • internal/handler/config.go: model, KB, MCP, C2, robot apply paths;
  • internal/multiagent/: streaming, tool calls, summarization, retry, HITL;
  • internal/security/: auth, shell, timeout, no-output;
  • internal/database/: old data compatibility;
  • web/static/js/chat.js: chat, process details, attack chain, groups.

Test Data

Avoid real customer data. Prepare:

  • small Markdown KB sample;
  • fake local MCP server;
  • controlled local HTTP target;
  • harmless WebShell simulator;
  • temporary SQLite DB.

Failure Cases

Cover:

  • model API 401/429/500;
  • MCP startup failure;
  • tool timeout;
  • HITL rejection;
  • interrupted KB indexing;
  • unwritable database;
  • WebShell non-200 response;
  • C2 disabled endpoint access.

Source Anchors

Existing tests live across:

  • internal/handler/*_test.go
  • internal/multiagent/*_test.go
  • internal/workflow/*_test.go
  • internal/knowledge/*_test.go
  • internal/security/*_test.go
  • internal/mcp/*_test.go
  • internal/c2/*_test.go