CalvinBackup/gstack
1
0
Fork 0
mirror of https://github.com/garrytan/gstack.git synced 2026-06-23 18:20:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
7bae40c40deed364cfe9c10a0041920daaf537f9
gstack/test/cso-spec-taxonomy-alignment.test.ts
T
Garry Tan 7bae40c40d feat(spec,cso): wire shared redaction — semantic pass + scan-at-sink + taxonomy 
/spec Phase 4.5 rewrite:
- Phase 4.5a: in-conversation semantic content review (named-criticism,
  customer complaints, unannounced strategy, NDA, codename bleed). Injection-
  hardened (a body containing the SEMANTIC_REVIEW marker forces flagged).
  Content-free audit trail to ~/.gstack/security/semantic-reviews.jsonl.
- Phase 4.5b: replaces the inline 7-regex prose with the shared gstack-redact
  scan-at-sink (exact-byte temp file). Three enforcement points: pre-codex,
  pre-issue (files via --body-file from the scanned file), pre-archive (D2:
  sanitized body to the archive). --no-gate skips codex score only; redaction
  always runs, no flag disables it.

/cso: renders the full generated taxonomy table as its canonical pattern catalog
(shared source), keeps its git-history archaeology (different use case).

lib/redact-audit-log.ts: 0600 append-only semantic-review trail (no body text).
Resolver gains compact-table + brief-block variants so /spec references the
catalog instead of inlining it (stays under the v1.47 size budget).

Tests: extended spec invariants (semantic pass, scan-at-sink, no-promotion),
audit-log, cso/spec alignment. All green; spec 1.050× / cso 1.046× baseline.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 07:20:18 -07:00

37 lines
1.5 KiB
TypeScript
Raw Blame History

/**
* Cross-skill taxonomy alignment. /cso renders the full generated taxonomy table;
* /spec references it without inlining. Both derive from lib/redact-patterns via
* the shared resolver, so a manual edit to the wrong place is caught here.
*/
import { describe, test, expect } from "bun:test";
import * as fs from "fs";
import * as path from "path";
import { generateRedactTaxonomyTable } from "../scripts/resolvers/redact-doc";
import { HOST_PATHS } from "../scripts/resolvers/types";
import { PATTERNS } from "../lib/redact-patterns";
const ROOT = path.resolve(import.meta.dir, "..");
const CSO = fs.readFileSync(path.join(ROOT, "cso", "SKILL.md"), "utf-8");
const ctx = { skillName: "cso", tmplPath: "", host: "claude" as const, paths: HOST_PATHS["claude"] };
describe("cso/spec taxonomy alignment", () => {
test("cso renders the full generated taxonomy table verbatim", () => {
const table = generateRedactTaxonomyTable(ctx);
// A couple of representative lines from the generated table must appear in /cso.
const line = table.split("\n").find((l) => l.includes("`aws.access_key`"));
expect(line).toBeTruthy();
expect(CSO).toContain(line!);
});
test("cso lists every HIGH + MEDIUM + LOW pattern id (full table, no drift)", () => {
for (const p of PATTERNS) {
expect(CSO).toContain(`\`${p.id}\``);
}
});
test("cso keeps its git-history archaeology (different use case, not replaced)", () => {
expect(CSO).toContain("git log -p --all");
expect(CSO).toContain("Secrets Archaeology");
});
});
Reference in New Issue View Git Blame Copy Permalink