salvacybersec/keyhunter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4628ccfe909053284629952b89c93d6cd402c954
keyhunter/.planning/phases/03-tier-3-9-providers/03-08-SUMMARY.md
salvacybersec a639cdea02 docs(03-08): complete Tier 3-9 guardrail tests plan
2026-04-05 14:46:35 +03:00

93 lines
4.1 KiB
Markdown
Raw Blame History

---
phase: 03-tier-3-9-providers
plan: 08
subsystem: providers
tags: [tests, guardrail, tier3, tier4, tier5, tier6, tier7, tier8, tier9]
requirements: [PROV-03, PROV-04, PROV-05, PROV-06, PROV-07, PROV-08, PROV-09]
dependency-graph:
requires:
- "03-01..03-07 (all 82 Tier 3-9 provider YAML files embedded and loading)"
- "pkg/providers/tier12_test.go (pattern + inherited TestAllPatternsCompile / TestAllProvidersHaveKeywords)"
provides:
- "Regression net locking registry at 108 providers"
- "Drift detection for any rename, removal, or miscount across Tier 3-9"
affects:
- "All future phases that modify pkg/providers/definitions/*.yaml"
tech-stack:
added: []
patterns:
- "Table-driven guardrail tests (per-tier count + per-tier name slice)"
- "Inherited cross-tier invariants via existing TestAllPatternsCompile / TestAllProvidersHaveKeywords"
key-files:
created:
- pkg/providers/tier39_test.go
modified: []
decisions:
- "Single guardrail file for Tier 3-9 (mirrors tier12_test.go) — simpler than one file per tier"
- "Reuse existing TestAllPatternsCompile and TestAllProvidersHaveKeywords rather than duplicating — they already iterate reg.List() and cover every loaded provider"
- "Per-tier Count tests kept separate (not table-driven) to produce clear per-tier failure messages in CI"
metrics:
duration: "~2 min"
completed: "2026-04-05"
tasks: 1
files_created: 1
files_modified: 0
---
# Phase 03 Plan 08: Tier 3-9 Guardrail Tests Summary
Added `pkg/providers/tier39_test.go` — a guardrail test file that locks the provider registry at exactly 108 entries (26 Tier 1-2 + 82 Tier 3-9), enforces per-tier counts, and pins every Tier 3-9 provider name so future edits cannot silently drop or rename providers without a CI failure.
## What Was Built
`pkg/providers/tier39_test.go` mirrors the `tier12_test.go` pattern and contains 11 test functions:
- `TestTier3Count` .. `TestTier9Count` — seven per-tier assertions against `reg.Stats().ByTier[N]` (T3=12, T4=16, T5=11, T6=15, T7=10, T8=10, T9=8)
- `TestTotalProviderCount` — asserts `reg.Stats().Total == 108`
- `TestTier39ProviderNames` — table-driven; for each of 82 names in `expectedTier3`..`expectedTier9`, calls `reg.Get(name)` and verifies the returned `Provider.Tier` matches the expected tier
Regex compilation (RE2) and keyword presence (≥1 per provider, required for the Aho-Corasick pre-filter) are already exercised globally by the pre-existing `TestAllPatternsCompile` and `TestAllProvidersHaveKeywords` in `tier12_test.go`, which iterate `reg.List()` and therefore automatically cover every newly added Tier 3-9 provider. No duplication needed.
## Verification
```
go test ./pkg/providers/... -count=1 -v -run 'TestTier[3-9]|TestTotalProviderCount|TestTier39ProviderNames|TestAllPatternsCompile|TestAllProvidersHaveKeywords'
```
All 11 Tier 3-9 tests plus the two inherited invariant tests pass. Full repo regression:
```
go test ./... -count=1
ok github.com/salvacybersec/keyhunter/pkg/engine 0.248s
ok github.com/salvacybersec/keyhunter/pkg/providers 0.934s
ok github.com/salvacybersec/keyhunter/pkg/storage 0.117s
```
Phase 1/2 guardrails (`TestTier1Count`, `TestTier2Count`, `TestTier1ProviderNames`, `TestTier2ProviderNames`) still green — no regression.
## Deviations from Plan
None — plan executed exactly as written.
## Requirements Satisfied
- **PROV-03** Tier 3 Specialized providers (12) — locked
- **PROV-04** Tier 4 Chinese/Regional providers (16) — locked
- **PROV-05** Tier 5 Infrastructure/Gateway providers (11) — locked
- **PROV-06** Tier 6 Emerging/Niche providers (15) — locked
- **PROV-07** Tier 7 Code/Dev Tools providers (10) — locked
- **PROV-08** Tier 8 Self-Hosted providers (10) — locked
- **PROV-09** Tier 9 Enterprise providers (8) — locked
## Commits
- `1aea496` test(03-08): add Tier 3-9 guardrail tests locking 108 total providers
## Known Stubs
None.
## Self-Check: PASSED
- `pkg/providers/tier39_test.go` — FOUND
- Commit `1aea496` — FOUND in git log
- `go test ./... -count=1` — all packages green
- 11 test functions in tier39_test.go (≥9 required) — verified
Reference in New Issue View Git Blame Copy Permalink