Skip to content

test(qa): add contention and secret-detection coverage with CI gates#34

Closed
Haserjian wants to merge 3 commits intomainfrom
test/qa-contention-secret-ci
Closed

test(qa): add contention and secret-detection coverage with CI gates#34
Haserjian wants to merge 3 commits intomainfrom
test/qa-contention-secret-ci

Conversation

@Haserjian
Copy link
Owner

@Haserjian Haserjian commented Mar 16, 2026

Summary

  • Add multi-agent contention simulation tests: same-file claim race, port double-claim, steal-against-fresh-holder, heavy concurrent weave append (50 writers / 16 threads)
  • Add secret-detection fixture corpus (6 specimens covering all 7 default private patterns) with parameterized regression tests
  • Add content_scan_exempt_globs to classifier policy so synthetic test fixtures don't self-block the PR public-private guard
  • Wire new QA slices into three CI workflows: PR gates, nightly simulations, release checks

Split from #33 to isolate QA work from the proof-posture bridge feature.

Commits

Commit What
73329e8 QA slice: test_contention.py, test_secret_detection.py, 6 fixture files, 3 workflow YAMLs
762fd24 Classifier exemption: content_scan_exempt_globs in public_private.py + policy.json
9b23ec7 Regression test locking the exemption behavior

Test plan

  • 320 tests passing locally (319 existing + 1 new), 1 pre-existing skip
  • Contention tests: 4/4 passing (S1, S2, S4, S11)
  • Secret detection tests: 11/11 passing
  • Exemption regression test: 1/1 passing
  • Existing public-private tests: 8/8 passing (no regressions)
  • Diff against main contains only QA files (14 files, +515/-1)
  • CI workflows fire correctly on this PR

🤖 Generated with Claude Code

Timothy Haserjian and others added 3 commits March 16, 2026 00:26
@claude
test(qa): add contention and secret-detection coverage with CI gates
73329e8 
Add multi-agent contention simulation tests (same-file claim race,
port double-claim, steal-against-fresh-holder, heavy concurrent weave
append) and secret-detection corpus tests (6 fixture specimens covering
all 7 default private patterns plus clean control). Wire both into
PR, nightly, and release CI workflows.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix(classify): exempt synthetic test fixtures from content scanning
762fd24 
Add content_scan_exempt_globs to classifier policy and set
tests/fixtures/secrets/** as exempt. Prevents the PR public-private
guard from self-blocking on the intentional secret specimens added
in the previous commit.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
test(classify): add regression test for content_scan_exempt_globs
9b23ec7 
Locks the exemption behavior: a file with secret content under an
exempt glob is classified PUBLIC, not PRIVATE. Prevents the guard
fix from regressing silently.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings March 16, 2026 07:26
@Haserjian Haserjian mentioned this pull request Mar 16, 2026
Closed
7 tasks
Copilot AI reviewed Mar 16, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds QA test coverage for multi-agent contention scenarios and secret-detection classification, along with a content_scan_exempt_globs policy option to prevent test fixture files from triggering the public-private content scanner. Three CI workflow files are added to run these tests on PRs, nightly, and releases.

Changes:

  • New contention tests (claim races, steal guards, concurrent weave append) and secret-detection regression tests
  • content_scan_exempt_globs policy support in classify_path() to skip content scanning for matching paths
  • Three new GitHub Actions workflows for PR gates, nightly simulations, and release checks

Reviewed changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated no comments.

Show a summary per file
File Description
tests/test_contention.py Multi-agent contention simulation tests
tests/test_secret_detection.py Parameterized secret-detection regression tests
tests/test_public_private.py Regression test for content_scan_exempt_globs
src/agentmesh/public_private.py Adds content_scan_exempt_globs policy support
.agentmesh/policy.json Exempts test fixture secrets from content scanning
tests/fixtures/secrets/* 6 fixture files for secret-detection tests
.github/workflows/*.yml 3 CI workflow files

You can also share your feedback on Copilot code review. Take the survey.

@Haserjian Haserjian mentioned this pull request Mar 16, 2026
Merged
9 tasks
@Haserjian
Copy link
Owner Author

Haserjian commented Mar 16, 2026

Superseded by #35 — adds Signed-off-by trailers and widens classifier exemption to cover inline-pattern test files.

@Haserjian Haserjian closed this Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Haserjian