Skip to content

[codex] Fix KernelSME empty gated update#1864

Merged
FlorianPfaff merged 3 commits intomainfrom
codex/fix-kernel-sme-empty-gating
Apr 25, 2026
Merged

[codex] Fix KernelSME empty gated update#1864
FlorianPfaff merged 3 commits intomainfrom
codex/fix-kernel-sme-empty-gating

Conversation

@FlorianPfaff
Copy link
Copy Markdown
Owner

@FlorianPfaff FlorianPfaff commented Apr 25, 2026

Summary

  • Treat an empty Kernel SME measurement set after gating as a no-op posterior update.
  • Preserve state and covariance when all measurements are rejected by gating.
  • Add a regression test covering the all-measurements-rejected path.

Root Cause

KernelSMEFilter.update_linear filtered measurements during gating, then unconditionally called gen_test_points. If gating rejected every measurement, gen_test_points attempted vstack([]) and failed.

Validation

  • Not run locally; this Codex workspace is read-only.
  • Added test_gating_rejecting_all_measurements_keeps_prior to cover the previously failing path.

@FlorianPfaff FlorianPfaff marked this pull request as ready for review April 25, 2026 09:29
@FlorianPfaff FlorianPfaff enabled auto-merge (squash) April 25, 2026 09:30
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 25, 2026

MegaLinter analysis: Success

Descriptor Linter Files Fixed Errors Warnings Elapsed time
✅ COPYPASTE jscpd yes no no 18.36s
✅ JSON prettier 2 0 0 0 0.42s
✅ JSON v8r 2 0 0 2.9s
✅ MARKDOWN markdownlint 2 0 0 0 0.7s
✅ MARKDOWN markdown-table-formatter 2 0 0 0 0.21s
✅ PYTHON bandit 382 0 0 5.66s
✅ PYTHON black 382 1 0 0 8.65s
✅ PYTHON flake8 382 0 0 3.22s
✅ PYTHON isort 382 1 0 0 0.73s
✅ PYTHON mypy 382 0 0 5.07s
✅ PYTHON pylint 382 0 0 117.41s
✅ PYTHON ruff 382 1 0 0 0.07s
✅ REPOSITORY checkov yes no no 22.33s
✅ REPOSITORY gitleaks yes no no 10.31s
✅ REPOSITORY git_diff yes no no 0.06s
✅ REPOSITORY secretlint yes no no 7.15s
✅ REPOSITORY syft yes no no 3.54s
✅ REPOSITORY trivy-sbom yes no no 2.26s
✅ REPOSITORY trufflehog yes no no 20.34s
✅ YAML prettier 4 0 0 0 0.48s
✅ YAML v8r 4 0 0 4.71s
✅ YAML yamllint 4 0 0 0.42s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

  • Documentation: Custom Flavors
  • Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_RUFF,COPYPASTE_JSCPD,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

@FlorianPfaff FlorianPfaff merged commit 33b7fa3 into main Apr 25, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@FlorianPfaff