aaronrene / knowtation public
flow-muse-commit-pilot-security.test.mjs
40 lines 1.6 KB
Raw
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge Human 11 hours ago
1 /**
2 * Security — pilot projections resist injection and leak scans (7A-14).
3 */
4
5 import { describe, it } from 'node:test';
6 import assert from 'node:assert/strict';
7 import { readFileSync } from 'node:fs';
8 import { join } from 'node:path';
9 import { fileURLToPath } from 'node:url';
10
11 import {
12 assertNoSecretLeakageInProjection,
13 MUSE_COMMIT_PILOT_EVIDENCE_REL,
14 } from '../lib/flow/muse-commit-pilot-evidence.mjs';
15
16 const REPO_ROOT = join(fileURLToPath(new URL('.', import.meta.url)), '..');
17 const WS = join(REPO_ROOT, MUSE_COMMIT_PILOT_EVIDENCE_REL, 'pilot-workspace');
18
19 describe('flow-muse-commit-pilot (security, 7A-14)', () => {
20 it('pilot projections escape angle brackets in step instructions', () => {
21 const runbook = readFileSync(join(WS, 'overseer.AGENTS.md'), 'utf8');
22 assert.match(runbook, /muse -C .*<abs path>/);
23 assert.doesNotMatch(runbook, /muse -C <abs path>/);
24 });
25
26 it('no credential patterns in any committed pilot-workspace byte', () => {
27 for (const name of ['overseer.AGENTS.md', 'overseer.cursor.mdc']) {
28 const content = readFileSync(join(WS, name), 'utf8');
29 const check = assertNoSecretLeakageInProjection(content);
30 assert.equal(check.ok, true, check.ok ? '' : check.matches?.join('; '));
31 }
32 });
33
34 it('hand-edited artifact is not byte-equal to canonical (drift input)', () => {
35 const art = join(REPO_ROOT, MUSE_COMMIT_PILOT_EVIDENCE_REL, 'artifacts');
36 const canonical = readFileSync(join(art, 'overseer.AGENTS.v0.2.0.md'), 'utf8');
37 const handedited = readFileSync(join(art, 'overseer.AGENTS.handedited.md'), 'utf8');
38 assert.notEqual(handedited, canonical);
39 });
40 });
File History 1 commit
sha256:8915fe406161f95c1681f9469375e7bae5b28c884f00bedbdef65e4b0cd0738d docs(flow): commit FLOW-V0-SPEC.md hygiene for 7A-INT merge Human 11 hours ago