ci: build the enclave contract + run auth vectors and provider tests#5
Merged
Conversation
CI covered only the mock TS battery, so a regression in the enclave crypto or provider routing wouldn't be caught. Add coverage: - new `contract` job: install Rust + wasm32-wasip2, run the SigV4/Basic vector tests (contract/auth-tests), and build the enclave wasm — every push/PR. - new scripts/test-providers.ts (npm run test:providers): 34 pure-function assertions over the provider registry (routing, longest-prefix, per-provider secret + auth scheme + required headers, Gemini's x-goog-api-key, unmapped -> null). Wired into the existing CI job. All green locally: cargo test 4/4, wasm build ok, provider tests 34/34.
Code Review ✅ ApprovedIntegrates enclave contract builds and auth vector testing into CI, alongside a new provider routing test suite covering 34 assertion cases. No issues found. OptionsAuto-apply is off → Gitar will not commit updates to this branch. Comment with these commands to change:
Was this helpful? React with 👍 / 👎 | Gitar |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Fixes #4 from my improvement list. CI ran only the mock TS battery — a regression in the enclave crypto (SigV4/Basic) or provider routing wouldn't be caught. This adds that coverage.
Changes
contractCI job: installs Rust +wasm32-wasip2, runs the in-enclave auth vector tests (contract/auth-tests), and builds the enclave wasm — on every push/PR. So the byte-exact AWS SigV4 vectors and the Basic/base64 tests now gate merges.scripts/test-providers.ts(npm run test:providers): 34 pure-function assertions over the provider registry — routing + upstream, longest-prefix (/aws/s3/beats/aws/), per-provider secret name + auth scheme, required headers (GitHub User-Agent, Anthropic version, Stripe version), Gemini'sx-goog-api-keysentinel, unmapped →null(no generic catch-all), andamzDateformat. Wired into the existing job.Proof (local)
Notes
Summary by cubic
Extend CI to build the enclave contract and run in-enclave auth vectors plus provider registry tests. This prevents regressions in SigV4/Basic crypto and provider routing before merge.
contractCI job: installs Rust +wasm32-wasip2, runscontract/auth-tests(SigV4/Basic vectors), and builds the enclave wasm on every push/PR.scripts/test-providers.ts,npm run test:providers) with 34 assertions for routing (longest-prefix), auth schemes, required headers, Geminix-goog-api-key, AWS SigV4,amzDate, and unmapped →null; wired into CI.Written for commit 39e13f8. Summary will update on new commits.