mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-07-10 22:33:48 +02:00
2.0 KiB
2.0 KiB
Testing Guide
Testing CyberStrikeAI means more than running Go tests. Agent, MCP, HITL, C2, WebShell, and frontend streaming all have different failure modes.
Commands
go test ./internal/...
go test ./cmd/...
go build -o cyberstrike-ai ./cmd/server
Run focused packages when working locally:
go test ./internal/multiagent
go test ./internal/handler
go test ./internal/security
Test Pyramid
| Layer | Goal | Example |
|---|---|---|
| Unit | pure logic | expressions, chunking, sanitization |
| Handler | HTTP behavior | validation, auth, status codes |
| Integration | module cooperation | external MCP, KB indexing, HITL |
| Smoke | user path | login, chat, tools, settings |
| Authorized lab | high-risk features | C2, WebShell, terminal |
Do not use end-to-end manual testing as a substitute for unit tests, or unit tests as a substitute for high-risk lab validation.
Regression Focus
Expand testing when changing:
internal/handler/config.go: model, KB, MCP, C2, robot apply paths;internal/multiagent/: streaming, tool calls, summarization, retry, HITL;internal/security/: auth, shell, timeout, no-output;internal/database/: old data compatibility;web/static/js/chat.js: chat, process details, attack chain, groups.
Test Data
Avoid real customer data. Prepare:
- small Markdown KB sample;
- fake local MCP server;
- controlled local HTTP target;
- harmless WebShell simulator;
- temporary SQLite DB.
Failure Cases
Cover:
- model API 401/429/500;
- MCP startup failure;
- tool timeout;
- HITL rejection;
- interrupted KB indexing;
- unwritable database;
- WebShell non-200 response;
- C2 disabled endpoint access.
Source Anchors
Existing tests live across:
internal/handler/*_test.gointernal/multiagent/*_test.gointernal/workflow/*_test.gointernal/knowledge/*_test.gointernal/security/*_test.gointernal/mcp/*_test.gointernal/c2/*_test.go