Conversation
… provenance audit
…va/Python/PHP/Ruby adapters
…ERB / Twig / Thymeleaf / Handlebars adapters
elicpeter
added
bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This pull request significantly enhances the project's continuous integration (CI) and corpus management workflows. It introduces a dedicated dynamic verification workflow, refines and expands the test matrix in CI, and adds automated processes for auditing and promoting fuzz-discovered corpus candidates. These improvements increase test reliability, ensure cross-platform correctness, and automate important safety checks for corpus data.
CI and Testing Workflow Improvements:
.github/workflows/dynamic.ymlworkflow to run the dynamic test suite across three environments: Linux (process-only), Linux (with Docker), and macOS, ensuring the dynamic harness pipeline is robust across supported platforms.ci.yml) to split Rust stable tests into process-only and Docker-backed jobs, and added explicit steps for interpreter and language image availability checks. Also introduced a positive control job for dynamic sandbox escape tests. [1] [2].config/nextest.tomlto serialize specific timing-sensitive tests into their own group, improving reliability of tests that are sensitive to resource contention.Corpus Management and Audit Automation:
corpus_promote.yml) that automatically proposes pull requests to promote new fuzz-discovered corpus candidates, including a hard gate marker-collision audit and detailed reviewer checklists.corpus-marker-auditjob that audits for marker collisions, runs corpus unit tests, and checks Python/Rust payload table sync, preventing cross-cap oracle collisions and ensuring data integrity.These changes collectively improve test coverage, reliability, and the safety of corpus updates by automating critical checks and expanding the CI matrix.
Related issues
Closes #72
Checklist
cargo test --bin nyxpassescargo clippy --all -- -D warningsis cleancargo fmt -- --checkpassesCHANGELOG.mdunder## [Unreleased]docs/,README.md,CONTRIBUTING.md)