Skip to content

ci: build the enclave contract + run auth vectors and provider tests#5

Merged
FiscalMindset merged 1 commit into
mainfrom
feat/ci-contract-tests
Jul 1, 2026
Merged

ci: build the enclave contract + run auth vectors and provider tests#5
FiscalMindset merged 1 commit into
mainfrom
feat/ci-contract-tests

Conversation

@FiscalMindset

@FiscalMindset FiscalMindset commented Jul 1, 2026

Copy link
Copy Markdown
Owner

What & why

Fixes #4 from my improvement list. CI ran only the mock TS battery — a regression in the enclave crypto (SigV4/Basic) or provider routing wouldn't be caught. This adds that coverage.

Changes

  • New contract CI job: installs Rust + wasm32-wasip2, runs the in-enclave auth vector tests (contract/auth-tests), and builds the enclave wasm — on every push/PR. So the byte-exact AWS SigV4 vectors and the Basic/base64 tests now gate merges.
  • New scripts/test-providers.ts (npm run test:providers): 34 pure-function assertions over the provider registry — routing + upstream, longest-prefix (/aws/s3/ beats /aws/), per-provider secret name + auth scheme, required headers (GitHub User-Agent, Anthropic version, Stripe version), Gemini's x-goog-api-key sentinel, unmapped → null (no generic catch-all), and amzDate format. Wired into the existing job.

Proof (local)

cargo test --manifest-path contract/auth-tests/Cargo.toml   → 4 passed; 0 failed
cargo build --manifest-path contract/Cargo.toml --target wasm32-wasip2 --release → ok
npm run test:providers                                      → ✅ all provider tests passed (34/34)

Notes

  • No secrets; the contract job needs no credentials (pure build + unit tests).

Summary by cubic

Extend CI to build the enclave contract and run in-enclave auth vectors plus provider registry tests. This prevents regressions in SigV4/Basic crypto and provider routing before merge.

  • New Features
    • New contract CI job: installs Rust + wasm32-wasip2, runs contract/auth-tests (SigV4/Basic vectors), and builds the enclave wasm on every push/PR.
    • Added provider registry unit tests (scripts/test-providers.ts, npm run test:providers) with 34 assertions for routing (longest-prefix), auth schemes, required headers, Gemini x-goog-api-key, AWS SigV4, amzDate, and unmapped → null; wired into CI.

Written for commit 39e13f8. Summary will update on new commits.

Review in cubic

CI covered only the mock TS battery, so a regression in the enclave crypto or
provider routing wouldn't be caught. Add coverage:

- new `contract` job: install Rust + wasm32-wasip2, run the SigV4/Basic vector
  tests (contract/auth-tests), and build the enclave wasm — every push/PR.
- new scripts/test-providers.ts (npm run test:providers): 34 pure-function
  assertions over the provider registry (routing, longest-prefix, per-provider
  secret + auth scheme + required headers, Gemini's x-goog-api-key, unmapped ->
  null). Wired into the existing CI job.

All green locally: cargo test 4/4, wasm build ok, provider tests 34/34.
@gitar-bot

gitar-bot Bot commented Jul 1, 2026

Copy link
Copy Markdown
Code Review ✅ Approved

Integrates enclave contract builds and auth vector testing into CI, alongside a new provider routing test suite covering 34 assertion cases. No issues found.

Options

Auto-apply is off → Gitar will not commit updates to this branch.
Display: compact → Showing less information.

Comment with these commands to change:

Auto-apply Compact
gitar auto-apply:on         
gitar display:verbose         

Was this helpful? React with 👍 / 👎 | Gitar

@FiscalMindset FiscalMindset merged commit eee8de3 into main Jul 1, 2026
4 checks passed
@FiscalMindset FiscalMindset deleted the feat/ci-contract-tests branch July 1, 2026 16:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants