Skip to content

Commit 30eaf9d

Browse files
efijefij
committed
Stabilize smoke coverage fixtures
1 parent 17d5f0d commit 30eaf9d

1 file changed

Lines changed: 19 additions & 12 deletions

File tree

tests/smoke.sh

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ assert_contains() {
3535
local needle="${2:-}"
3636
if [[ "$haystack" != *"$needle"* ]]; then
3737
printf 'assertion failed: expected output to contain: %s\n' "$needle" >&2
38+
printf 'actual output:\n%s\n' "$haystack" >&2
3839
exit 1
3940
fi
4041
}
@@ -643,21 +644,27 @@ assert_contains "$review_list" '"surface":'
643644
review_safe="$(run_capture false env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'docs/maintenance-notes.md note expected docs-only update' --profile strict --json)"
644645
assert_contains "$review_safe" '"allowed": true'
645646

646-
artifact_prompt="$(run_capture true env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'security-report.json {\"summary\":\"pending\"}' --profile strict --json || true)"
647+
artifact_home="$TMP_BASE/artifact-home"
648+
rm -rf "$artifact_home"
649+
mkdir -p "$artifact_home"
650+
artifact_prompt="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'security-report.json {"summary":"pending"}' --profile strict --json || true)"
647651
assert_contains "$artifact_prompt" '"module": "artifact-source-review-guard"'
648-
run_capture false env RUNWALL_HOME="$memory_home" ./bin/runwall artifacts trust "$(pwd)/security-report.json" >/dev/null
649-
artifact_drift="$(run_capture true env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'security-report.json {\"summary\":\"changed\"}' --profile strict --json || true)"
652+
run_capture false env RUNWALL_HOME="$artifact_home" ./bin/runwall artifacts trust "$(pwd)/security-report.json" >/dev/null
653+
artifact_drift="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'security-report.json {"summary":"changed"}' --profile strict --json || true)"
650654
assert_contains "$artifact_drift" '"module": "artifact-drift-guard"'
651-
artifact_sarif="$(run_capture true env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'scan.sarif {\"runs\":[{\"results\":[{\"level\":\"none\"}]}]}' --profile strict --json || true)"
655+
artifact_sarif_prompt="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'scan.sarif {"runs":[{"results":[{"level":"warning"}]}]}' --profile strict --json || true)"
656+
assert_contains "$artifact_sarif_prompt" '"module": "artifact-source-review-guard"'
657+
run_capture false env RUNWALL_HOME="$artifact_home" ./bin/runwall artifacts trust "$(pwd)/scan.sarif" >/dev/null
658+
artifact_sarif="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'scan.sarif {"runs":[{"results":[{"level":"none"}]}]}' --profile strict --json || true)"
652659
assert_contains "$artifact_sarif" '"module": "sarif-finding-suppression-guard"'
653-
artifact_secret="$(run_capture true env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'audit-report.json {\"token\":\"ghp_abcdefghijklmnopqrstuvwxyz123456\"}' --profile strict --json || true)"
660+
artifact_secret="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'audit-report.json {"token":"ghp_abcdefghijklmnopqrstuvwxyz123456"}' --profile strict --json || true)"
654661
assert_contains "$artifact_secret" '"module": "audit-report-secret-redaction-bypass-guard"'
655-
run_capture false env RUNWALL_HOME="$memory_home" ./bin/runwall artifacts quarantine "$(pwd)/security-report.json" >/dev/null
656-
artifact_quarantine="$(run_capture true env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Read 'security-report.json' --profile strict --json || true)"
662+
run_capture false env RUNWALL_HOME="$artifact_home" ./bin/runwall artifacts quarantine "$(pwd)/security-report.json" >/dev/null
663+
artifact_quarantine="$(run_capture true env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Read 'security-report.json' --profile strict --json || true)"
657664
assert_contains "$artifact_quarantine" '"module": "artifact-quarantine-bypass-guard"'
658-
artifact_list="$(run_capture false env RUNWALL_HOME="$memory_home" ./bin/runwall artifacts list --json)"
665+
artifact_list="$(run_capture false env RUNWALL_HOME="$artifact_home" ./bin/runwall artifacts list --json)"
659666
assert_contains "$artifact_list" '"artifacts":'
660-
artifact_safe="$(run_capture false env RUNWALL_HOME="$memory_home" ./bin/runwall evaluate PreToolUse Write 'scan-summary.json {\"summary\":\"docs-only refresh\"}' --profile strict --json)"
667+
artifact_safe="$(run_capture false env RUNWALL_HOME="$artifact_home" ./bin/runwall evaluate PreToolUse Write 'notes.json {"summary":"docs-only refresh"}' --profile strict --json)"
661668
assert_contains "$artifact_safe" '"allowed": true'
662669

663670
apps_home="$TMP_BASE/apps-home"
@@ -844,15 +851,15 @@ rm -rf "$destructive_tier_two_home"
844851
mkdir -p "$destructive_tier_two_home"
845852
destructive_tier_two_db="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "psql -c 'DELETE FROM users'" --profile strict --json || true)"
846853
assert_contains "$destructive_tier_two_db" '"module": "database-bulk-delete-guard"'
847-
destructive_tier_two_cloud="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash 'aws s3 rb s3://demo-bucket --force' --profile strict --json || true)"
854+
destructive_tier_two_cloud="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "$aws_cmd s3 rb s3://demo-bucket --force" --profile strict --json || true)"
848855
assert_contains "$destructive_tier_two_cloud" '"module": "cloud-resource-destroy-guard"'
849-
destructive_tier_two_key="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash 'aws kms schedule-key-deletion --key-id demo --pending-window-in-days 7' --profile strict --json || true)"
856+
destructive_tier_two_key="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "$aws_cmd kms schedule-key-deletion --key-id demo --pending-window-in-days 7" --profile strict --json || true)"
850857
assert_contains "$destructive_tier_two_key" '"module": "key-destroy-guard"'
851858
destructive_tier_two_encrypt="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "openssl enc -aes-256-cbc -in $destructive_release_stub -out $destructive_release_stub.enc" --profile strict --json || true)"
852859
assert_contains "$destructive_tier_two_encrypt" '"module": "ransomware-intent-guard"'
853860
destructive_tier_two_link="$(run_capture true env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "ln -s /tmp/elsewhere $destructive_release_stub" --profile strict --json || true)"
854861
assert_contains "$destructive_tier_two_link" '"module": "indirection-swap-guard"'
855-
destructive_tier_two_balanced="$(run_capture false env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash 'aws kms schedule-key-deletion --key-id demo --pending-window-in-days 7' --profile balanced --json)"
862+
destructive_tier_two_balanced="$(run_capture false env RUNWALL_HOME="$destructive_tier_two_home" ./bin/runwall evaluate PreToolUse Bash "$aws_cmd kms schedule-key-deletion --key-id demo --pending-window-in-days 7" --profile balanced --json)"
856863
assert_contains "$destructive_tier_two_balanced" '"allowed": true'
857864
assert_not_contains "$destructive_tier_two_balanced" '"module": "key-destroy-guard"'
858865

0 commit comments

Comments
 (0)