keyhunter/.planning/phases/03-tier-3-9-providers/03-08-SUMMARY.md

phase, plan, subsystem, tags, requirements, dependency-graph, tech-stack, key-files, decisions, metrics

phase	plan	subsystem	tags	requirements	dependency-graph	tech-stack	key-files	decisions	metrics
03-tier-3-9-providers	08	providers	tests guardrail tier3 tier4 tier5 tier6 tier7 tier8 tier9	PROV-03 PROV-04 PROV-05 PROV-06 PROV-07 PROV-08 PROV-09	requires provides affects 03-01..03-07 (all 82 Tier 3-9 provider YAML files embedded and loading) pkg/providers/tier12_test.go (pattern + inherited TestAllPatternsCompile / TestAllProvidersHaveKeywords) Regression net locking registry at 108 providers Drift detection for any rename, removal, or miscount across Tier 3-9 All future phases that modify pkg/providers/definitions/*.yaml	added patterns Table-driven guardrail tests (per-tier count + per-tier name slice) Inherited cross-tier invariants via existing TestAllPatternsCompile / TestAllProvidersHaveKeywords	created modified pkg/providers/tier39_test.go	Single guardrail file for Tier 3-9 (mirrors tier12_test.go) — simpler than one file per tier Reuse existing TestAllPatternsCompile and TestAllProvidersHaveKeywords rather than duplicating — they already iterate reg.List() and cover every loaded provider Per-tier Count tests kept separate (not table-driven) to produce clear per-tier failure messages in CI	duration completed tasks files_created files_modified ~2 min 2026-04-05 1 1 0

Phase 03 Plan 08: Tier 3-9 Guardrail Tests Summary

Added pkg/providers/tier39_test.go — a guardrail test file that locks the provider registry at exactly 108 entries (26 Tier 1-2 + 82 Tier 3-9), enforces per-tier counts, and pins every Tier 3-9 provider name so future edits cannot silently drop or rename providers without a CI failure.

What Was Built

pkg/providers/tier39_test.go mirrors the tier12_test.go pattern and contains 11 test functions:

• TestTier3Count .. TestTier9Count — seven per-tier assertions against reg.Stats().ByTier[N] (T3=12, T4=16, T5=11, T6=15, T7=10, T8=10, T9=8)
• TestTotalProviderCount — asserts reg.Stats().Total == 108
• TestTier39ProviderNames — table-driven; for each of 82 names in expectedTier3..expectedTier9, calls reg.Get(name) and verifies the returned Provider.Tier matches the expected tier

Regex compilation (RE2) and keyword presence (≥1 per provider, required for the Aho-Corasick pre-filter) are already exercised globally by the pre-existing TestAllPatternsCompile and TestAllProvidersHaveKeywords in tier12_test.go, which iterate reg.List() and therefore automatically cover every newly added Tier 3-9 provider. No duplication needed.

Verification

go test ./pkg/providers/... -count=1 -v -run 'TestTier[3-9]|TestTotalProviderCount|TestTier39ProviderNames|TestAllPatternsCompile|TestAllProvidersHaveKeywords'

All 11 Tier 3-9 tests plus the two inherited invariant tests pass. Full repo regression:

go test ./... -count=1
ok  github.com/salvacybersec/keyhunter/pkg/engine    0.248s
ok  github.com/salvacybersec/keyhunter/pkg/providers 0.934s
ok  github.com/salvacybersec/keyhunter/pkg/storage   0.117s

Phase 1/2 guardrails (TestTier1Count, TestTier2Count, TestTier1ProviderNames, TestTier2ProviderNames) still green — no regression.

Deviations from Plan

None — plan executed exactly as written.

Requirements Satisfied

• PROV-03 Tier 3 Specialized providers (12) — locked
• PROV-04 Tier 4 Chinese/Regional providers (16) — locked
• PROV-05 Tier 5 Infrastructure/Gateway providers (11) — locked
• PROV-06 Tier 6 Emerging/Niche providers (15) — locked
• PROV-07 Tier 7 Code/Dev Tools providers (10) — locked
• PROV-08 Tier 8 Self-Hosted providers (10) — locked
• PROV-09 Tier 9 Enterprise providers (8) — locked

Commits

• 1aea496 test(03-08): add Tier 3-9 guardrail tests locking 108 total providers

Known Stubs

None.

Self-Check: PASSED

• pkg/providers/tier39_test.go — FOUND
• Commit 1aea496 — FOUND in git log
• go test ./... -count=1 — all packages green
• 11 test functions in tier39_test.go (≥9 required) — verified