Skip to content

fix(itest): egress verifier survives release-bundle --dir; distinguish "can't run" from "leak"#332

Merged
VijitSingh97 merged 3 commits into
developfrom
claude/inspiring-ishizaka-b886af
Jul 2, 2026
Merged

fix(itest): egress verifier survives release-bundle --dir; distinguish "can't run" from "leak"#332
VijitSingh97 merged 3 commits into
developfrom
claude/inspiring-ishizaka-b886af

Conversation

@VijitSingh97

Copy link
Copy Markdown
Collaborator

Problem

tests/integration/run.sh assert_egress_posture() shells out to bench-verify-egress.sh via a repo-relative path through rx. In local mode rx runs the snippet from the stack --dir. When --dir points at a release bundle (no tests/ tree — e.g. a deployed /srv/code/pithead-v1.1.0), the script isn't found, so the output lacks the [verify-egress] OK marker and the assertion reports a false "clearnet egress leak" that's really just script-not-found.

This bit the real v1.1.0 release-deploy verification (41/42 — the 1 fail was this artifact; egress was actually clean).

Fix

  1. Absolute path. Resolve the verifier off run.sh's own $HERE in local mode (driver == box), so it runs regardless of what --dir is. SSH mode keeps the remote-relative path — $HERE is a driver path, meaningless on the remote (which is a full checkout anyway).
  2. Distinguish "can't run" from "leak". New pure egress_verdict() classifier → ok | leak | inconclusive. Output with neither the OK marker nor a LEAK/ line means the verifier never produced a verdict → loud INCONCLUSIVE failure with captured stderr, not a silent egress FAIL. A privacy check that can't run must not look identical to a detected leak. (Kept as a hard it_fail, not a soft skip — a privacy gate that can't run shouldn't pass green.)

Test

Extended selftest.sh with 4 asserts pinning the three verdicts apart (ok / leak / inconclusive from script-not-found and empty output). selftest: 101 passed, 0 failed.

🤖 Generated with Claude Code

VijitSingh97 and others added 3 commits July 2, 2026 08:37
…h "can't run" from "leak" (#274)

assert_egress_posture shelled out to bench-verify-egress.sh via a repo-relative
path. When the stack --dir is a release bundle (no tests/ tree, e.g. a deployed
/srv/code/pithead-v1.1.0), the script isn't found, so the output lacked the OK
marker and the assertion reported a false "clearnet egress leak" — really just
script-not-found. This bit the real v1.1.0 release-deploy verification (41/42).

- Resolve the verifier by absolute path off run.sh's $HERE in local mode (driver
  == box), so it runs regardless of what --dir points at. SSH mode keeps the
  remote-relative path ($HERE is a driver path, meaningless on the remote).
- New pure egress_verdict() classifier: ok | leak | inconclusive. Output with
  neither the OK marker nor a leak line = verifier never produced a verdict →
  loud INCONCLUSIVE failure with captured stderr, not a silent egress FAIL. A
  privacy check that can't run must not look identical to a detected leak.
- selftest: 4 asserts pinning the three verdicts apart.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…nment)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@VijitSingh97 VijitSingh97 merged commit 24fedea into develop Jul 2, 2026
16 checks passed
@VijitSingh97 VijitSingh97 deleted the claude/inspiring-ishizaka-b886af branch July 2, 2026 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant