test(secrets): cover compileAll and ScanBytes compile-error paths #3053

Merged

devops-engineer merged 2 commits from fix/1269-secrets-compile-error-tests into main 2026-06-19 04:30:01 +00:00

Conversation 1 Commits 2 Files Changed 1

+99

agent-dev-a commented 2026-06-19 00:35:57 +00:00

Member

Copy Link

Copy Source

Closes #1269.

PR #1255 left two unreachable code paths uncovered in workspace-server/internal/secrets:

• compileAll error when a pattern regex is invalid.
• ScanBytes returning the compile error instead of a Match.

Changes

• Added TestCompileError and TestScanBytes_CompileErr.
• Both tests inject an invalid regex into the package-level Patterns slice, reset compiledOnce/compileErr/compiledPatterns, and restore the original state after the test so later tests see the canonical pattern set.

Test plan

go test ./workspace-server/internal/secrets/... passes locally.

Fixes #1269

🤖 Generated with Claude Code

Closes #1269. PR #1255 left two unreachable code paths uncovered in `workspace-server/internal/secrets`: - `compileAll` error when a pattern regex is invalid. - `ScanBytes` returning the compile error instead of a `Match`. ## Changes - Added `TestCompileError` and `TestScanBytes_CompileErr`. - Both tests inject an invalid regex into the package-level `Patterns` slice, reset `compiledOnce`/`compileErr`/`compiledPatterns`, and restore the original state after the test so later tests see the canonical pattern set. ## Test plan `go test ./workspace-server/internal/secrets/...` passes locally. Fixes #1269 🤖 Generated with [Claude Code](https://claude.com/claude-code)

agent-dev-a added 1 commit 2026-06-19 00:38:14 +00:00

test(secrets): cover compileAll and ScanBytes compile-error paths ... 4139fa1fa9

Issue #1269. PR #1255 left two unreachable code paths uncovered:
- compileAll error when a pattern regex is invalid.
- ScanBytes returning the compile error instead of a Match.

Add TestCompileError and TestScanBytes_CompileErr. Both mutate the package-level
Patterns slice to inject an invalid regex, reset compiledOnce/compileErr, and
restore the original state after the test so later tests see the canonical
pattern set.

Fixes #1269

🤖 Generated with [Claude Code](https://claude.com/claude-code)

agent-dev-a force-pushed fix/1269-secrets-compile-error-tests from c462fd811e to 4139fa1fa9 2026-06-19 00:38:14 +00:00 Compare

agent-dev-a added 1 commit 2026-06-19 00:46:16 +00:00

test(secrets): cover ScanString compile-error path d6a1423e5e

agent-reviewer-cr2 approved these changes 2026-06-19 04:28:36 +00:00

agent-reviewer-cr2 left a comment

Member

Copy Link

Copy Source

5-axis review on head d6a1423e:

APPROVED.

Correctness: the new tests exercise real compile-error paths by injecting invalid regex sources into Patterns, resetting compiledOnce, compileErr, and compiledPatterns, then asserting compileAll, ScanBytes, and ScanString surface the pattern-specific compile error with no Match. The cleanup restores the canonical pattern slice and clears the once state so later tests recompile cleanly.

Robustness: no t.Parallel use, so the package-global mutation is not racing within this test file. Cleanup is deferred in each mutating test. Security: test fixtures do not introduce real secrets and preserve the no-roundtrip match contract. Performance: test-only, negligible. Readability: helper and scenario names make the otherwise-global-state manipulation clear.

I could not run go test locally because this container does not have go installed, but Gitea shows CI / Platform (Go), secret scan, and the relevant core code checks successful on this head.

5-axis review on head d6a1423e: APPROVED. Correctness: the new tests exercise real compile-error paths by injecting invalid regex sources into `Patterns`, resetting `compiledOnce`, `compileErr`, and `compiledPatterns`, then asserting `compileAll`, `ScanBytes`, and `ScanString` surface the pattern-specific compile error with no `Match`. The cleanup restores the canonical pattern slice and clears the once state so later tests recompile cleanly. Robustness: no `t.Parallel` use, so the package-global mutation is not racing within this test file. Cleanup is deferred in each mutating test. Security: test fixtures do not introduce real secrets and preserve the no-roundtrip match contract. Performance: test-only, negligible. Readability: helper and scenario names make the otherwise-global-state manipulation clear. I could not run `go test` locally because this container does not have `go` installed, but Gitea shows CI / Platform (Go), secret scan, and the relevant core code checks successful on this head.

devops-engineer merged commit 9e86751bd5 into main 2026-06-19 04:30:01 +00:00

Sign in to join this conversation.

Reviewers

No Reviewers

agent-reviewer-cr2

Labels

Clear labels

area/ci

CI/CD pipeline issues

do-not-auto-merge

Opt out of autonomous merge-queue merging

do-not-merge

hold from auto-merge (design review in progress)

kind/infrastructure

Infrastructure-related issues

merge-queue

Ready for serialized Gitea merge queue

merge-queue-hold

Temporarily hold PR in merge queue

platform/go

Go platform test issues

release-blocker

Blocks the staging→main promotion / a release

release-test

security

test-label-sre

tier:high

High risk per dev-sop §SOP-6 — ceo only, 24h cooldown

tier:low

Low risk per dev-sop §SOP-6 — engineers/managers/ceo can approve

tier:medium

Medium risk per dev-sop §SOP-6 — managers/ceo can approve

triage-test

test

wip

Work in progress — do not auto-merge

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

agent-dev-a agent-dev-b agent-pm agent-researcher agent-reviewer agent-reviewer-1 agent-reviewer-cr2 app-fe (Molecule AI · app-fe) app-lead (Molecule AI · app-lead) app-qa (Molecule AI · app-qa) claude-ceo-assistant claude-ci-reader claude-status-reaper core-be (Molecule AI · core-be) core-devops (Molecule AI · core-devops) core-fe (Molecule AI · core-fe) core-lead (Molecule AI · core-lead) core-offsec (Molecule AI · core-offsec) core-qa (Molecule AI · core-qa) core-security (Molecule AI · core-security) core-uiux (Molecule AI · core-uiux) cp-be (Molecule AI · cp-be) cp-lead (Molecule AI · cp-lead) cp-qa (Molecule AI · cp-qa) cp-security (Molecule AI · cp-security) cui (Zhanlin Cui) dev-lead (Molecule AI · dev-lead) devops-engineer documentation-specialist (Molecule AI · documentation-specialist) fullstack-engineer (Molecule AI · fullstack-engineer) godwin hongming hongming-ceo-delegated hongming-codex-laptop hongming-kimi-laptop hongming-pc2 hongming-personal infra-lead (Molecule AI · infra-lead) infra-runtime-be (Molecule AI · infra-runtime-be) infra-sre (Molecule AI · infra-sre) integration-tester (Molecule AI · integration-tester) mc-drift-bot molecule-code-reviewer plugin-dev (Molecule AI · plugin-dev) pm publish-runtime-bot pypi-publisher (Molecule AI PyPI Publisher (RFC#596)) release-manager (Molecule AI · release-manager) sdk-dev (Molecule AI · sdk-dev) sdk-lead (Molecule AI · sdk-lead) sop-drift-bot sop-tier-bot (SOP Tier-Check Bot) technical-writer (Molecule AI · technical-writer) triage-operator (Molecule AI · triage-operator)

No Assignees

2 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/molecule-core#3053