From 643ce63d90e253df91994d4bde07b8348ac800b8 Mon Sep 17 00:00:00 2001 From: CoderDeltaLAN Date: Mon, 15 Jun 2026 02:45:21 +0100 Subject: [PATCH] test: cover governance findings across CLI formats --- tests/test_cli.py | 133 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) diff --git a/tests/test_cli.py b/tests/test_cli.py index 3cc88c1..0353160 100644 --- a/tests/test_cli.py +++ b/tests/test_cli.py @@ -502,6 +502,26 @@ def test_check_json_reports_empty_findings_for_clean_fixture(self) -> None: self.assertEqual(payload["findings"], []) + def test_check_console_reports_review_ci_bypass_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main(["check", str(FIXTURE_ROOT / "risky-instructions")]) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("Found 1 supported instruction file(s):", text) + self.assertIn("Findings:", text) + self.assertIn("AIRK-GOV003 [warning] AGENTS.md:7", text) + self.assertIn("AIRK-GOV003 [warning] AGENTS.md:8", text) + self.assertIn("AIRK-GOV003 [warning] AGENTS.md:10", text) + self.assertIn( + "Instruction file appears to encourage bypassing review, CI, or safe integration boundaries.", + text, + ) + + def test_check_json_reports_review_ci_bypass_findings(self) -> None: output = io.StringIO() @@ -533,6 +553,33 @@ def test_check_json_reports_review_ci_bypass_findings(self) -> None: ) + def test_check_markdown_reports_review_ci_bypass_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main( + [ + "check", + str(FIXTURE_ROOT / "risky-instructions"), + "--format", + "markdown", + ] + ) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("- Findings: 3", text) + self.assertIn("## Findings", text) + self.assertIn("| AIRK-GOV003 | warning | AGENTS.md:7 |", text) + self.assertIn("| AIRK-GOV003 | warning | AGENTS.md:8 |", text) + self.assertIn("| AIRK-GOV003 | warning | AGENTS.md:10 |", text) + self.assertIn( + "Instruction file appears to encourage bypassing review, CI, or safe integration boundaries.", + text, + ) + + def test_check_console_reports_unsafe_command_execution_findings(self) -> None: output = io.StringIO() @@ -660,6 +707,24 @@ def test_check_markdown_reports_runtime_network_llm_findings(self) -> None: ) + def test_check_console_reports_missing_secret_boundary_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main(["check", str(FIXTURE_ROOT / "missing-secret-boundary")]) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("Found 1 supported instruction file(s):", text) + self.assertIn("Findings:", text) + self.assertIn("AIRK-GOV002 [warning] AGENTS.md", text) + self.assertIn( + "Instruction file may lack an explicit secret-handling boundary.", + text, + ) + + def test_check_json_reports_missing_secret_boundary_findings(self) -> None: output = io.StringIO() @@ -685,6 +750,49 @@ def test_check_json_reports_missing_secret_boundary_findings(self) -> None: self.assertNotIn("line", payload["findings"][0]) + def test_check_markdown_reports_missing_secret_boundary_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main( + [ + "check", + str(FIXTURE_ROOT / "missing-secret-boundary"), + "--format", + "markdown", + ] + ) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("- Findings: 1", text) + self.assertIn("## Findings", text) + self.assertIn("| AIRK-GOV002 | warning | AGENTS.md |", text) + self.assertIn( + "Instruction file may lack an explicit secret-handling boundary.", + text, + ) + + + def test_check_console_reports_missing_authority_scope_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main(["check", str(FIXTURE_ROOT / "missing-authority-scope")]) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("Found 1 supported instruction file(s):", text) + self.assertIn("Findings:", text) + self.assertIn("AIRK-GOV001 [warning] AGENTS.md", text) + self.assertIn( + "Instruction file may lack clear scope or authority.", + text, + ) + + def test_check_json_reports_missing_authority_scope_findings(self) -> None: output = io.StringIO() @@ -709,6 +817,31 @@ def test_check_json_reports_missing_authority_scope_findings(self) -> None: self.assertEqual(payload["findings"][0]["path"], "AGENTS.md") self.assertNotIn("line", payload["findings"][0]) + def test_check_markdown_reports_missing_authority_scope_findings(self) -> None: + output = io.StringIO() + + with redirect_stdout(output): + exit_code = main( + [ + "check", + str(FIXTURE_ROOT / "missing-authority-scope"), + "--format", + "markdown", + ] + ) + + text = output.getvalue() + + self.assertEqual(exit_code, 0) + self.assertIn("- Findings: 1", text) + self.assertIn("## Findings", text) + self.assertIn("| AIRK-GOV001 | warning | AGENTS.md |", text) + self.assertIn( + "Instruction file may lack clear scope or authority.", + text, + ) + + if __name__ == "__main__":