mirror of
https://github.com/shankar0123/certctl.git
synced 2026-06-07 16:11:29 +00:00
shankar0123
e3a9317693
internal/ciparity/ — new stdlib-only package with four tests: 1. TestSurfaceParity_MCPToolCatalogue (HARD GATE): - Every MCP tool name conforms to certctl_<word>(_<word>)* - No duplicate names across the five tools*.go files - Total tools ≥ mcpBaselineFloor (150; current count 155) Catches accidental tool deletions + naming-convention drift. 2. TestSurfaceParity_CLICommandCatalogue (INFORMATIONAL): Walks cmd/cli/main.go's switch-case dispatcher. Logs the 31 distinct verbs. Per frozen decision 0.9, warn-only until the CLI surface stabilizes. 3. TestSurfaceParity_OpenAPI_MCPHeuristicCoverage (INFORMATIONAL): Reports the fraction of OpenAPI ops whose path tokens overlap with MCP tool name tokens. Trend metric; current coverage 92%. 4. TestSurfaceParity_Summary (INFORMATIONAL): One-glance count of router routes / OpenAPI ops / MCP tools / CLI verbs. Easy eyeball for a PR reviewer. Verified in sandbox: - gofmt clean - go vet clean - go test -short -count=1: all four PASS in 0.017s Stdlib-only by design — the tests read source files with os.ReadFile + regexp + go/ast. Keeps the test runnable without pulling in the rest of the codebase's transitive deps; fast self-contained signal. Router ↔ OpenAPI parity (TestRouter_OpenAPIParity) stays in internal/api/router/openapi_parity_test.go where it already lives. This bundle does not duplicate it. Allowlist scaffold at scripts/ci-guards/surface-parity-mcp-exemptions.yaml for the day TestSurfaceParity_OpenAPI_MCP* is promoted from informational to hard gate. Audit-Closes: post-v2.1.0-anti-rot/item-2
35 lines
1.2 KiB
YAML
35 lines
1.2 KiB
YAML
# scripts/ci-guards/surface-parity-mcp-exemptions.yaml
|
|
#
|
|
# Allowlist for OpenAPI operations that are intentionally NOT mirrored
|
|
# in the MCP tool catalogue. Consumed by
|
|
# internal/api/router/surface_parity_test.go::TestSurfaceParity_*.
|
|
#
|
|
# The current MCP parity tests are informational (per frozen decision
|
|
# 0.9). This file exists so when those tests are promoted to hard
|
|
# gates, the carve-outs are already documented and the promotion is
|
|
# mechanical.
|
|
#
|
|
# Each entry shape:
|
|
#
|
|
# - operation: "METHOD /api/v1/path"
|
|
# justification: "one-line reason this is legitimately HTTP-only"
|
|
# expires: "YYYY-MM-DD" # required; 90-day default
|
|
#
|
|
# Categories of legitimate carve-outs (DO add these when the test is
|
|
# promoted to fail-on-miss):
|
|
#
|
|
# - ACME wire protocol (RFC 8555 + RFC 9773 ARI)
|
|
# - SCEP wire protocol (RFC 8894)
|
|
# - EST wire protocol (RFC 7030)
|
|
# - OCSP responder
|
|
# - CRL distribution
|
|
# - Healthcheck / readiness / version endpoints
|
|
# - OIDC callback / back-channel-logout
|
|
# - SPA fallback for the embedded web UI
|
|
#
|
|
# DO NOT add entries here to silence the test on an oversight. If an
|
|
# operation should have an MCP tool and doesn't, that's the bug — add
|
|
# the tool.
|
|
|
|
exceptions: []
|