CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-21 09:10:11 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
02f848dde463e4dabed0025d50fcd27e1bd73464
gstack/test/cso-spec-taxonomy-alignment.test.ts
T
Garry Tan 02f848dde4 feat(redact): semantic-pass eval + CLAUDE.md docs + size/parity baselines 
- test/redact-semantic-pass.eval.ts: periodic-tier paid eval (EVALS=1) with 10
  should-flag / should-clean fixtures + an injection-resistance case, the only
  way to detect semantic-pass model drift.
- CLAUDE.md: "Redaction guard" section — engine/CLI/hook locations, the
  guardrail-not-enforcement framing, scan-at-sink, no-tier-promotion, the
  tool-attributed-fence convention, the config keys, and the audit log.
- /cso uses the compact (HIGH-tier) taxonomy table so it fits under BOTH the
  v1.47 and the older v1.44.1 parity ceilings; full MEDIUM/LOW lives in
  lib/redact-patterns.ts. Alignment test asserts the HIGH-tier contract.
- Refresh the ship golden baselines (claude/codex/factory) for the PR-body
  redaction wiring.

Full free suite green (incl. skill-size-budget + parity 10/10).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 07:40:12 -07:00

37 lines
1.6 KiB
TypeScript
Raw Blame History

/**
* Cross-skill taxonomy alignment. /cso renders the full generated taxonomy table;
* /spec references it without inlining. Both derive from lib/redact-patterns via
* the shared resolver, so a manual edit to the wrong place is caught here.
*/
import { describe, test, expect } from "bun:test";
import * as fs from "fs";
import * as path from "path";
import { generateRedactTaxonomyTable } from "../scripts/resolvers/redact-doc";
import { HOST_PATHS } from "../scripts/resolvers/types";
import { PATTERNS } from "../lib/redact-patterns";
const ROOT = path.resolve(import.meta.dir, "..");
const CSO = fs.readFileSync(path.join(ROOT, "cso", "SKILL.md"), "utf-8");
const ctx = { skillName: "cso", tmplPath: "", host: "claude" as const, paths: HOST_PATHS["claude"] };
describe("cso/spec taxonomy alignment", () => {
test("cso renders the full generated taxonomy table verbatim", () => {
const table = generateRedactTaxonomyTable(ctx);
// A couple of representative lines from the generated table must appear in /cso.
const line = table.split("\n").find((l) => l.includes("`aws.access_key`"));
expect(line).toBeTruthy();
expect(CSO).toContain(line!);
});
test("cso lists every HIGH-tier credential id (the archaeology contract, no drift)", () => {
for (const p of PATTERNS.filter((x) => x.tier === "HIGH")) {
expect(CSO).toContain(`\`${p.id}\``);
}
});
test("cso keeps its git-history archaeology (different use case, not replaced)", () => {
expect(CSO).toContain("git log -p --all");
expect(CSO).toContain("Secrets Archaeology");
});
});
Reference in New Issue View Git Blame Copy Permalink