CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-17 07:10:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

test: make redaction/taxonomy tests union-aware for cso + document-release carves

Browse Source 
The cso carve moved Secrets Archaeology (prefixes, lib/redact-patterns.ts
pointer, git-history scan) into sections/audit-phases.md, and the
document-release carve moved the Step 9 PR-body redaction scan into
sections/release-body.md. Three content-presence tests asserted that content
in the skeleton SKILL.md/.md.tmpl; they now read the skeleton+sections union
(same fix as cso-preserved + parity).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
Garry Tan
2026-06-07 18:13:01 -07:00
parent 97c11e6cf4
commit 0ecb8c9cd7
3 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test/cso-spec-taxonomy-alignment.test.ts
+14 -1
View File
@@ -14,7 +14,20 @@ import { HOST_PATHS } from "../scripts/resolvers/types";
import { PATTERNS } from "../lib/redact-patterns";
const ROOT = path.resolve(import.meta.dir, "..");
const CSO = fs.readFileSync(path.join(ROOT, "cso", "SKILL.md"), "utf-8");
// cso is carved (skeleton + sections/audit-phases.md). The Secrets Archaeology
// prose + secret prefixes moved into the section; check the union so relocated
// content still counts.
function unionSkill(skill: string): string {
let t = fs.readFileSync(path.join(ROOT, skill, "SKILL.md"), "utf-8");
const dir = path.join(ROOT, skill, "sections");
if (fs.existsSync(dir)) {
for (const f of fs.readdirSync(dir).sort()) {
if (f.endsWith(".md") && !f.endsWith(".md.tmpl")) t += "\n" + fs.readFileSync(path.join(dir, f), "utf-8");
}
}
return t;
}
const CSO = unionSkill("cso");
const ctx = { skillName: "cso", tmplPath: "", host: "claude" as const, paths: HOST_PATHS["claude"] };
describe("cso/spec taxonomy alignment", () => {
test/document-skills-redaction.test.ts
+15 -1
View File
@@ -6,7 +6,21 @@ import * as fs from "fs";
import * as path from "path";
const ROOT = path.resolve(import.meta.dir, "..");
const RELEASE = fs.readFileSync(path.join(ROOT, "document-release", "SKILL.md.tmpl"), "utf-8");
// document-release is carved (skeleton + sections/release-body.md). Step 9
// (commit + PR-body redaction scan) moved into the section template; check the
// union of SKILL.md.tmpl + sections/*.md.tmpl so the scan-before-edit ordering
// still verifies. document-generate is NOT carved (plain .md.tmpl).
function unionTmpl(skill: string): string {
let t = fs.readFileSync(path.join(ROOT, skill, "SKILL.md.tmpl"), "utf-8");
const dir = path.join(ROOT, skill, "sections");
if (fs.existsSync(dir)) {
for (const f of fs.readdirSync(dir).sort()) {
if (f.endsWith(".md.tmpl")) t += "\n" + fs.readFileSync(path.join(dir, f), "utf-8");
}
}
return t;
}
const RELEASE = unionTmpl("document-release");
const GENERATE = fs.readFileSync(path.join(ROOT, "document-generate", "SKILL.md.tmpl"), "utf-8");
describe("/document-release redaction", () => {
test/spec-template-invariants.test.ts
+10 -1
View File
@@ -111,7 +111,16 @@ describe('/spec quality gate fallback', () => {
describe('/spec fail-closed redaction (shared engine)', () => {
test('the full taxonomy (with secret prefixes) lives in the generated /cso doc', () => {
const cso = fs.readFileSync(path.join(ROOT, 'cso', 'SKILL.md'), 'utf-8');
// cso is carved — the Secrets Archaeology prose + prefixes moved into
// sections/audit-phases.md; read the skeleton+sections union.
const csoDir = path.join(ROOT, 'cso');
let cso = fs.readFileSync(path.join(csoDir, 'SKILL.md'), 'utf-8');
const secDir = path.join(csoDir, 'sections');
if (fs.existsSync(secDir)) {
for (const f of fs.readdirSync(secDir).sort()) {
if (f.endsWith('.md') && !f.endsWith('.md.tmpl')) cso += '\n' + fs.readFileSync(path.join(secDir, f), 'utf-8');
}
}
expect(cso).toContain('AKIA');
expect(cso).toMatch(/ghp_|gho_|ghs_/);
expect(cso).toContain('sk-ant-');