feat(xtest): DSPX-2971?? Adds variant specifiers to sdk selection#441
feat(xtest): DSPX-2971?? Adds variant specifiers to sdk selection#441dmihalcik-virtru wants to merge 6 commits intomainfrom
Conversation
dmihalcik-virtru
commented
Apr 29, 2026
dmihalcik-virtru
commented
- feat(xtest): add X-Wing hybrid PQ/T KEM (ML-KEM-768 + X25519) test support
- feat(xtest): add PQC variant build and test infrastructure
- feat(otdf-local): auto-generate temp keys for platform variants
- fix swapped config filenames
- fix(otdf-local): route status output to stderr so eval $(otdf-local env) works cleanly
- adds configure options to otdf-local
- removed duplicate code
- fixup add secp+mlkem
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces support for Hybrid Post-Quantum/Traditional (HPQT) KEMs, specifically X-Wing, across the local development environment and integration tests. Key enhancements include a new configure command in otdf-local for managing feature flags, automated Keycloak TLS certificate generation, and a mechanism to build and test Go SDK variants against specific platform modules using go.work. The test suite is expanded with a PQC test matrix script and roundtrip tests for X-Wing. Review feedback suggests updating unreleased Go version defaults in the SDK installer, catching more specific exceptions during key generation, and improving the portability of the test matrix script by removing hardcoded directory paths.
| go_version = "1.25.0" | ||
| toolchain = "go1.25.8" |
There was a problem hiding this comment.
The default go_version "1.25.0" and toolchain "go1.25.8" refer to an unreleased version of Go. This could lead to build failures if the platform's go.work file doesn't exist and these defaults are used. Consider updating these to a currently stable and released Go version, or implement a more robust way to determine a safe default.
| go_version = "1.25.0" | |
| toolchain = "go1.25.8" | |
| go_version = "1.22.0" | |
| toolchain = "go1.22.5" |
| ) | ||
| if generated: | ||
| print_success("Generated missing temporary keys") | ||
| except Exception as e: |
There was a problem hiding this comment.
Catching a broad Exception can hide unexpected issues and make debugging harder. It's generally better to catch more specific exceptions (e.g., subprocess.CalledProcessError, FileNotFoundError, etc.) that you anticipate might occur during key generation. If you must catch Exception, consider logging the full traceback for better diagnostics.
| "${PQC_GEMINI_DIR:-$HOME/Documents/GitHub/post-quantum-hybrid-gemini-2026-03-dm/platform}" | ||
| "${PQC_ENHANCED_DIR:-$HOME/Documents/GitHub/post-quantum-enhanced-2026-03-dm/platform}" | ||
| "${PQC_CODEX_DIR:-$HOME/Documents/GitHub/post-quantum-hybrid-codex-2026-03-dm/platform}" |
There was a problem hiding this comment.
The default paths for PLATFORM_DIRS are hardcoded to specific directories within $HOME/Documents/GitHub/. While environment variables allow overriding, these defaults make the script less portable for other developers or CI/CD environments that might not have the same directory structure. Consider using more generic relative paths or providing clearer instructions on how to configure these paths for different setups.
X-Test Results✅ java-v0.14.0 |
When using OTDF_LOCAL_PLATFORM_DIR to point at a fresh platform checkout (e.g. PQC variant branches), the required KAS and Keycloak TLS keys may not exist yet. This adds automatic key generation during `otdf-local up` so variant backends work out of the box. KAS keys are per-variant (in platform_dir), while Keycloak CA/TLS keys are shared in xtest/tmp/keys/ and passed via KEYS_DIR env var to docker compose. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…nv) works cleanly All diagnostic/status console output now goes to stderr. Machine-readable data (JSON output, shell export lines) goes to stdout. Adds print_json() helper using a stdout Console for use in env and ls --json commands. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Support building and testing multiple post-quantum platform variants side by side. This enables comparing different X-Wing implementations (e.g., from separate branches) by building variant-specific otdfctl binaries and switching the platform backend at runtime. - otdf-sdk-mgr: add `install variant` command that generates per-variant go.work files and builds otdfctl against a platform variant's modules - otdf-local: enable OTDF_LOCAL_PLATFORM_DIR env var to override the auto-discovered platform directory - Go SDK Makefile: add `build-variant` target using GOWORK env var - xtest: extend --sdks to accept sdk:version qualifiers (e.g., go:gemini) for filtering specific SDK versions during test runs Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
dmihalcik-virtru
force-pushed
the
DSPX-2791-run-matrix
branch
from
5958b3f to
be139e4
Compare
X-Test Failure Report |
|
X-Test Results✅ go-v0.14.0 |
1 participant
