certctl

mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 16:31:33 +00:00

Files

T

shankar0123 0ab6bc4a73 feat(ci): item-1 complete-path config-coverage guard (PARTIAL — sandbox could not verify Go test)

Shell guard verified working in sandbox:
  - Green on clean repo: 'OK — every CERTCTL_* env var (194) has at least
    one non-config-package consumer.'
  - Red on injected orphan: '::error::Orphan env vars — defined in
    config.go but no consumer found outside internal/config/' with three
    remediation paths listed.

Go test internal/config/coverage_test.go written but NOT verified —
sandbox Go 1.25.9 < go.mod's 1.25.10 requirement; toolchain
auto-download fails (disk full). Operator must run `make verify` from
workstation before merge.

Allowlist scaffold at scripts/ci-guards/complete-path-config-coverage-exceptions.yaml.
Every entry requires name + justification + expires fields; expired
entries fail the guard.

Catches the lying-field bug class — env var defined in config.go that no
business-logic code reads. The 2026-04-29 SCEP MustStaple Phase 5.6 gap
(domain field shipped, service layer never read profile.MustStaple) is
the canonical case this guard would have caught at commit time.

Audit-Closes: post-v2.1.0-anti-rot/item-1

2026-05-12 14:02:04 +00:00

config_est_profiles_test.go

feat(est): per-profile dispatch — multi-profile env-var family + back-compat shim

2026-04-29 22:17:52 +00:00

config_fuzz_test.go

Bundle O (Coverage Audit Closure): test hygiene + FSM coverage tables — M-004 + M-005 + M-006 closed

2026-04-27 18:06:06 +00:00

config_l004_rotation_test.go

Bundle G: Final audit closure — L-004 + D-003/4/5/7 closed; 54/55 + 7/7

2026-04-27 02:27:44 +00:00

config_scep_profiles_test.go

feat(scep): per-issuer SCEP profiles — multi-endpoint dispatch