From 7de4a307da4f5aa2cd64eaa0026e5a6ad8bcdd8b Mon Sep 17 00:00:00 2001 From: squid-protocol Date: Mon, 11 May 2026 09:12:51 -0400 Subject: [PATCH 1/4] test(guardrails): expand test suite to 45 invariants covering AI AppSec and Mega Log parsing This commit locks down the AI guardrail modules and the high-speed log scanner with pure mathematical assertions: - AI AppSec Sensor: Proves deterministic detection of weaponized RCE funnels, God-Mode agents, and exfiltration vectors. - Dev Agent Firewall: Validates context window shredding limits, hallucination zones, and mandatory HITL triggers. - Mega Log Parser: Asserts binary stream extraction, strict IR JSON schema enforcement, and telemetry aggregation. - Test Suite Milestone: Enterprise coverage successfully expanded from 33 to 45 passing tests. --- tests/test_ai_appsec_sensor.py | 107 ++++++++++++++++++++++ tests/test_dev_agent_firewall.py | 139 +++++++++++++++++++++++++++++ tests/test_terabyte_log_scanner.py | 128 ++++++++++++++++++++++++++ 3 files changed, 374 insertions(+) create mode 100644 tests/test_ai_appsec_sensor.py create mode 100644 tests/test_dev_agent_firewall.py create mode 100644 tests/test_terabyte_log_scanner.py diff --git a/tests/test_ai_appsec_sensor.py b/tests/test_ai_appsec_sensor.py new file mode 100644 index 00000000..1ac8d4f3 --- /dev/null +++ b/tests/test_ai_appsec_sensor.py @@ -0,0 +1,107 @@ +import pytest + +# IMPORTANT: Adjust this path to match exactly where your file is located +from gitgalaxy.tools.ai_guardrails.ai_appsec_sensor import AIAppSecSensor + +# ============================================================================== +# TEST 1: The RCE Funnel (Weaponized Prompt Injection) +# ============================================================================== +def test_rce_funnel_detection(): + """ + Proves that an LLM directly wired to OS execution (eval/subprocess) + and exposed via a public API correctly triggers the RCE Funnel alert. + """ + sensor = AIAppSecSensor() + + mock_files = [{ + "telemetry": { + "llm_api": 1, # ☢️ AI is present + "arch_api": 1, # ☢️ Exposed to the public internet + "sec_danger": 1, # ☢️ Contains eval() or subprocess execution + "safety_density": 0.9 + } + }] + + result = sensor.hunt_threats(mock_files) + appsec_report = result[0]["telemetry"]["ai_appsec"] + + assert appsec_report["is_rce_funnel"] is True, "Failed to detect the RCE Funnel!" + assert any("RCE Funnel" in warning for warning in appsec_report["critical_warnings"]) + +# ============================================================================== +# TEST 2: The God-Mode Agent (Autonomous Data Corruption) +# ============================================================================== +def test_god_mode_agent_detection(): + """ + Proves that an AI agent given autonomous tools, write-access to complex + databases, and low defensive programming density triggers the God-Mode alert. + """ + sensor = AIAppSecSensor() + + mock_files = [{ + "max_db_complexity": 3, # ☢️ Heavy database write access + "telemetry": { + "ai_tools": 1, # ☢️ Agentic tool calling enabled + "safety_density": 0.2 # ☢️ Dangerously low defensive programming + } + }] + + result = sensor.hunt_threats(mock_files) + appsec_report = result[0]["telemetry"]["ai_appsec"] + + assert appsec_report["over_permissioned_agent"] is True, "Failed to detect the God-Mode Agent!" + assert any("God-Mode Agent" in warning for warning in appsec_report["critical_warnings"]) + +# ============================================================================== +# TEST 3: The Exfiltration Vector (Unsandboxed Sockets) +# ============================================================================== +def test_exfiltration_vector_detection(): + """ + Proves that an LLM with access to both raw network sockets and hardcoded + environment secrets triggers the Exfiltration Vector alert. + """ + sensor = AIAppSecSensor() + + mock_files = [{ + "telemetry": { + "llm_api": 1, # ☢️ AI is present + "arch_io": 1, # ☢️ Can make outbound network requests + "sec_secrets": 1 # ☢️ Has access to AWS keys/passwords + } + }] + + result = sensor.hunt_threats(mock_files) + appsec_report = result[0]["telemetry"]["ai_appsec"] + + assert appsec_report["agentic_exfiltration_risk"] is True, "Failed to detect the Exfiltration Vector!" + assert any("Exfiltration Vector" in warning for warning in appsec_report["critical_warnings"]) + +# ============================================================================== +# TEST 4: The Clean Baseline (False-Positive Guard) +# ============================================================================== +def test_safe_baseline(): + """ + Proves that a properly sandboxed AI integration (e.g., an LLM script with + no network execution, no eval(), and high safety density) passes cleanly. + """ + sensor = AIAppSecSensor() + + mock_files = [{ + "max_db_complexity": 0, + "telemetry": { + "llm_api": 1, # ✅ AI is present + "arch_api": 0, # ✅ Not exposed to the public + "sec_danger": 0, # ✅ No eval/subprocess + "sec_secrets": 0, # ✅ No secrets exposed + "safety_density": 0.95 # ✅ High defensive try/catch density + } + }] + + result = sensor.hunt_threats(mock_files) + appsec_report = result[0]["telemetry"]["ai_appsec"] + + # Assert absolutely NO flags were triggered + assert appsec_report["is_rce_funnel"] is False + assert appsec_report["over_permissioned_agent"] is False + assert appsec_report["agentic_exfiltration_risk"] is False + assert len(appsec_report["critical_warnings"]) == 0, "False positive triggered on a safe file!" \ No newline at end of file diff --git a/tests/test_dev_agent_firewall.py b/tests/test_dev_agent_firewall.py new file mode 100644 index 00000000..57e9e045 --- /dev/null +++ b/tests/test_dev_agent_firewall.py @@ -0,0 +1,139 @@ +import pytest + +# IMPORTANT: Adjust this path to match exactly where your file is located +from gitgalaxy.tools.ai_guardrails.dev_agent_firewall import DevAgentFirewall + +# ============================================================================== +# TEST 1: The Context Window Shredder (Black Hole Detection) +# ============================================================================== +def test_black_hole_detection(): + """ + Proves that files exceeding 8k tokens with O(N^3) or worse complexity + are correctly flagged as Context Window Shredders. + """ + firewall = DevAgentFirewall() + + mock_files = [{ + "token_mass": 8500, # ☢️ Exceeds 8k limit + "max_big_o": 3, # ☢️ High algorithmic complexity + "telemetry": {}, + "risk_vector": [] + }] + + result = firewall.evaluate_ecosystem(mock_files) + guardrails = result[0]["telemetry"]["ai_guardrails"] + + assert guardrails["is_agentic_black_hole"] is True, "Failed to detect the Agentic Black Hole!" + assert any("Black Hole detected" in warning for warning in guardrails["warnings"]) + +# ============================================================================== +# TEST 2: The HITL Mandate (Blast Radius + Risk Debt) +# ============================================================================== +def test_hitl_mandate_detection(): + """ + Proves that high PageRank (blast radius) combined with severe risk debt + mandates a Human-in-the-Loop constraint. + """ + firewall = DevAgentFirewall() + + mock_files = [{ + "token_mass": 1000, + "max_big_o": 1, + "risk_vector": [100, 50, 60], # ☢️ Sum = 210 (> 200 threshold) + "telemetry": { + "network_metrics": { + "normalized_blast_radius": 1.5 # ☢️ > 1.0 threshold + } + } + }] + + result = firewall.evaluate_ecosystem(mock_files) + guardrails = result[0]["telemetry"]["ai_guardrails"] + + assert guardrails["requires_hitl"] is True, "Failed to enforce the HITL Mandate!" + assert any("Human-in-the-Loop required" in warning for warning in guardrails["warnings"]) + +# ============================================================================== +# TEST 3: The Hallucination Zone (Metaprogramming + Low Docs) +# ============================================================================== +def test_hallucination_zone_detection(): + """ + Proves that high dynamic execution (heat triggers) and poor documentation + triggers the Hallucination Zone warning. + """ + firewall = DevAgentFirewall() + + mock_files = [{ + "telemetry": { + "heat_triggers": 3, # ☢️ > 2 dynamic execution triggers + "doc_density": 0.15 # ☢️ < 0.20 density + } + }] + + result = firewall.evaluate_ecosystem(mock_files) + guardrails = result[0]["telemetry"]["ai_guardrails"] + + assert guardrails["hallucination_zone"] is True, "Failed to detect the Hallucination Zone!" + assert any("Hallucination Zone" in warning for warning in guardrails["warnings"]) + +# ============================================================================== +# TEST 4: The Silent Mutation Risk (Flux + Blast + No Tests) +# ============================================================================== +def test_silent_mutation_risk_detection(): + """ + Proves that files with high state flux, high inbound dependencies, and + zero test coverage are flagged as a Silent Mutation Risk. + """ + firewall = DevAgentFirewall() + + mock_files = [{ + "telemetry": { + "state_flux": 55, # ☢️ > 50 flux + "has_tests": False, # ☢️ Zero test coverage + "network_metrics": { + "in_degree": 6 # ☢️ > 5 dependencies rely on this + } + } + }] + + result = firewall.evaluate_ecosystem(mock_files) + guardrails = result[0]["telemetry"]["ai_guardrails"] + + assert guardrails.get("silent_mutation_risk") is True, "Failed to detect Silent Mutation Risk!" + assert any("Silent Mutation Risk" in warning for warning in guardrails["warnings"]) + +# ============================================================================== +# TEST 5: The Clean Baseline (False-Positive Guard) +# ============================================================================== +def test_safe_agentic_baseline(): + """ + Proves that a well-documented, well-tested, simple file passes the firewall + without triggering any agentic guardrails. + """ + firewall = DevAgentFirewall() + + mock_files = [{ + "token_mass": 2000, # ✅ Safe size + "max_big_o": 1, # ✅ Simple O(N) logic + "risk_vector": [10, 5], # ✅ Low risk debt (15) + "telemetry": { + "heat_triggers": 0, # ✅ No dynamic execution + "doc_density": 0.85, # ✅ Highly documented + "state_flux": 10, # ✅ Low flux + "has_tests": True, # ✅ Safely tested + "network_metrics": { + "normalized_blast_radius": 0.5, # ✅ Low blast radius + "in_degree": 1 # ✅ Low dependencies + } + } + }] + + result = firewall.evaluate_ecosystem(mock_files) + guardrails = result[0]["telemetry"]["ai_guardrails"] + + # Assert absolutely NO flags were triggered + assert guardrails["is_agentic_black_hole"] is False + assert guardrails["requires_hitl"] is False + assert guardrails["hallucination_zone"] is False + assert guardrails.get("silent_mutation_risk", False) is False + assert len(guardrails["warnings"]) == 0, "False positive triggered on a safe file!" \ No newline at end of file diff --git a/tests/test_terabyte_log_scanner.py b/tests/test_terabyte_log_scanner.py new file mode 100644 index 00000000..93119012 --- /dev/null +++ b/tests/test_terabyte_log_scanner.py @@ -0,0 +1,128 @@ +import pytest +import sys +import json +from pathlib import Path +from unittest.mock import patch + +# IMPORTANT: Adjust this path to match exactly where your file is located +import gitgalaxy.tools.terabyte_log_scanning.terabyte_log_scanner as scanner_module + +# ============================================================================== +# TEST 1: The IR State Handshake & Binary Extraction +# ============================================================================== +def test_scanner_json_handshake_and_extraction(tmp_path): + """ + Proves that the engine correctly parses the IR state JSON, extracts the targets, + scans a binary log stream, and safely extracts only the matching lines to disk. + """ + # 1. Setup the physical mock workspace + work_dir = tmp_path / "scanner_workspace" + work_dir.mkdir() + + # A) The Mock IR State (GitGalaxy Standard Schema) + ir_state = { + "analysis": { + "known_programs": ["PGM_ALPHA", "PGM_BETA"] + } + } + state_file = work_dir / "ir_state.json" + state_file.write_text(json.dumps(ir_state), encoding="utf-8") + + # B) The Mock Terabyte Log (Mix of noise and target hits) + target_log = work_dir / "mainframe_dump.log" + target_log.write_text( + "2026-05-11 09:15 [INFO] System boot sequence initialized\n" + "2026-05-11 09:20 [EXEC] PGM_ALPHA executed successfully\n" + "2026-05-11 09:25 [WARN] Unrelated process memory spike\n" + "2026-05-11 10:00 [EXEC] PGM_BETA encountered warning 04\n" + "2026-05-11 10:05 [EXEC] PGM_ALPHA restarted\n", + encoding="utf-8" + ) + + # 2. Execute the Engine + test_args = ["terabyte_log_scanner.py", str(target_log), "--input_state", str(state_file)] + + with patch.object(sys, 'argv', test_args): + # We don't trap SystemExit here because a successful run should exit normally (no sys.exit call) + scanner_module.main() + + # 3. The Invariant Assertions + # A) Verify the filtered results log + results_file = work_dir / "mainframe_dump_results.txt" + assert results_file.exists(), "Scanner failed to create the results output file!" + + results_content = results_file.read_text(encoding="utf-8") + + assert "PGM_ALPHA executed successfully" in results_content + assert "PGM_BETA encountered warning 04" in results_content + assert "System boot sequence initialized" not in results_content, "Noise slipped through the binary filter!" + + # B) Verify the Telemetry Sidecar + sidecar_file = work_dir / "dynamic_telemetry.json" + assert sidecar_file.exists(), "Scanner failed to generate the JSON sidecar!" + + telemetry = json.loads(sidecar_file.read_text(encoding="utf-8")) + counts = telemetry.get("execution_counts", {}) + + # PGM_ALPHA appeared twice, PGM_BETA appeared once + assert counts.get("PGM_ALPHA") == 2, "Mathematical aggregation failed for PGM_ALPHA!" + assert counts.get("PGM_BETA") == 1, "Mathematical aggregation failed for PGM_BETA!" + +# ============================================================================== +# TEST 2: The Schema Guard (Invalid JSON Rejection) +# ============================================================================== +def test_scanner_invalid_json_schema(tmp_path): + """ + Proves that if a malformed or incorrect JSON schema is provided, the + scanner aggressively aborts to prevent silent failures down the pipeline. + """ + work_dir = tmp_path / "schema_repo" + work_dir.mkdir() + + # Create a JSON file missing the required 'analysis' -> 'known_programs' path + bad_state_file = work_dir / "bad_state.json" + bad_state_file.write_text(json.dumps({"wrong_root": []}), encoding="utf-8") + + dummy_log = work_dir / "dummy.log" + dummy_log.write_text("empty", encoding="utf-8") + + test_args = ["terabyte_log_scanner.py", str(dummy_log), "--input_state", str(bad_state_file)] + + with patch.object(sys, 'argv', test_args): + with pytest.raises(SystemExit) as exc: + scanner_module.main() + + # The engine must throw a fatal error (exit code 1) on schema mismatch + assert exc.value.code == 1, "Scanner failed to block an invalid JSON schema!" + +# ============================================================================== +# TEST 3: The Manual CLI Override (-k Flag) +# ============================================================================== +def test_scanner_manual_keyword_override(tmp_path): + """ + Proves that the scanner can bypass the JSON input state and process + raw CLI keyword arguments correctly. + """ + work_dir = tmp_path / "cli_repo" + work_dir.mkdir() + + target_log = work_dir / "app.log" + target_log.write_text( + "Line 1: ERROR 500\n" + "Line 2: SUCCESS 200\n" + "Line 3: ERROR 404\n", + encoding="utf-8" + ) + + # Use -k ERROR to hunt for errors + test_args = ["terabyte_log_scanner.py", str(target_log), "-k", "ERROR"] + + with patch.object(sys, 'argv', test_args): + scanner_module.main() + + results_file = work_dir / "app_results.txt" + content = results_file.read_text(encoding="utf-8") + + assert "ERROR 500" in content + assert "ERROR 404" in content + assert "SUCCESS 200" not in content, "Manual keyword override failed to filter!" \ No newline at end of file From 0d667c2ae62f047e78ed54f94abfcb14b2b8fff8 Mon Sep 17 00:00:00 2001 From: Joe Esquibel Date: Mon, 11 May 2026 09:15:53 -0400 Subject: [PATCH 2/4] Potential fix for pull request finding 'CodeQL / Unused import' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- tests/test_ai_appsec_sensor.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/test_ai_appsec_sensor.py b/tests/test_ai_appsec_sensor.py index 1ac8d4f3..15798d44 100644 --- a/tests/test_ai_appsec_sensor.py +++ b/tests/test_ai_appsec_sensor.py @@ -1,5 +1,3 @@ -import pytest - # IMPORTANT: Adjust this path to match exactly where your file is located from gitgalaxy.tools.ai_guardrails.ai_appsec_sensor import AIAppSecSensor From 47201e5d354a7bbd778fc68a0217646a120f9e69 Mon Sep 17 00:00:00 2001 From: Joe Esquibel Date: Mon, 11 May 2026 09:16:07 -0400 Subject: [PATCH 3/4] Potential fix for pull request finding 'CodeQL / Unused import' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- tests/test_dev_agent_firewall.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/test_dev_agent_firewall.py b/tests/test_dev_agent_firewall.py index 57e9e045..30bc5665 100644 --- a/tests/test_dev_agent_firewall.py +++ b/tests/test_dev_agent_firewall.py @@ -1,5 +1,3 @@ -import pytest - # IMPORTANT: Adjust this path to match exactly where your file is located from gitgalaxy.tools.ai_guardrails.dev_agent_firewall import DevAgentFirewall From eed10004d0fb8349352e972080ff1f460766768c Mon Sep 17 00:00:00 2001 From: Joe Esquibel Date: Mon, 11 May 2026 09:16:16 -0400 Subject: [PATCH 4/4] Potential fix for pull request finding 'CodeQL / Unused import' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- tests/test_terabyte_log_scanner.py | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test_terabyte_log_scanner.py b/tests/test_terabyte_log_scanner.py index 93119012..160f27a5 100644 --- a/tests/test_terabyte_log_scanner.py +++ b/tests/test_terabyte_log_scanner.py @@ -1,7 +1,6 @@ import pytest import sys import json -from pathlib import Path from unittest.mock import patch # IMPORTANT: Adjust this path to match exactly where your file is located