fix: drift tests, type guards, and R4/R5 audit fixes#28
Merged
Conversation
…onfigs 6 of 61 drift detection tests failed because enforce() with HARD level threw GovernanceHardError on the first gate violation, killing the process before subsequent checks or informational messages could execute. C++ fix: defer basic metric (functions/loc/exports/structs) enforcement in checkDriftDetection() until after all checks run and deleted function/ export names print. All violation summaries now appear before the first GovernanceHardError throws, giving users the complete regression picture. Test fixes: T37/T41/T44 configs now properly isolate the gate under test by disabling earlier gates (max_*_loss: 1.0, check_body_hash: false, check_complexity: false). L-1 fix: drift test failures now count in run-all-tests.sh CI totals (was masked with commented-out FAILED_TESTS line). Result: 61/61 drift tests pass, 396/396 full suite, 738/738 security checks. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ce_config.cpp Every .get<bool/int/double/size_t>() now has a preceding .is_<type>() guard, preventing nlohmann::json::type_error crashes from malformed govern.json values (e.g., "timeout": "sixty" instead of int). Breakdown: 208 bool, 148 int, 61 double, 5 size_t calls guarded. Total: 507 .get<T>() calls, 512 .is_<type>() guards (was 85/310). Config fuzz test: 100/100 pass, 0 crashes. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
NAAb Governance Report
All governance checks passed! Generated by NAAb Governance Engine v4.0 |
Was returning empty vector (stub). Now queries loader->searchBlocks() for "adapter" and "convert" keywords, filters through isAdapter(), and deduplicates. Returns empty gracefully when loader is null or no blocks.db exists. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.is_<type>()guards to all 422 unguarded.get<T>()calls ingovernance_config.cpp. Preventsnlohmann::json::type_errorcrashes from malformed govern.json. Total: 507 calls now guarded (was 85).Test plan
bash tests/governance/test_drift_detection.sh— 61/61 pass (was 55/61)bash tests/security/test_govern_json_fuzz.sh— 100/100, 0 crashesbash tests/security/test_error_msg_leaks.sh— 738/738, 0 failuresbash run-all-tests.sh— 396/396 accounted, 0 unexpected failures🤖 Generated with Claude Code