Skip to content

feat(conformance): strict route detection via SUPPORTED list#696

Merged
vieiralucas merged 2 commits intomainfrom
worktree-apigwv2-strict-classifier
Apr 23, 2026
Merged

feat(conformance): strict route detection via SUPPORTED list#696
vieiralucas merged 2 commits intomainfrom
worktree-apigwv2-strict-classifier

Conversation

@vieiralucas
Copy link
Copy Markdown
Member

@vieiralucas vieiralucas commented Apr 23, 2026
edited by cubic-dev-ai Bot
Loading

Summary

The lenient `2xx-4xx = Pass` rule in the conformance classifier was hiding real implementation gaps: fakecloud's various "I didn't route this" responses (generic NotFoundException, APIGWv2's execute-api fallback, Lambda's UnknownOperationException, etc.) all looked like successful AWS-shaped errors from the probe's point of view. Result: conformance reported 100% per service while several services ship only a fraction of their Smithy op surface.

This PR cross-references every Smithy operation against the service's own `fn supported_actions()` list (the same source-of-truth used by the Level-2 audit) and classifies out-of-list ops as NotImplemented without even sending a probe. No service implementations change — the classifier just stops lying.

Honest baseline

```
total: 42,889 / 59,954 (71.5%)

100% services (11): bedrock, bedrock-runtime, cognito-idp, dynamodb,
events, kinesis, kms, logs, scheduler,
secretsmanager, ssm
partial services (12):
apigateway 28 / 103 (27%)
cloudformation 8 / 90 ( 9%)
elasticache 44 / 75 (59%)
iam 130 / 176 (74%)
lambda 13 / 85 (15%)
rds 23 / 163 (14%)
s3 74 / 107 (69%)
ses 97 / 110 (88%)
sns 34 / 42 (81%)
sqs 20 / 23 (87%)
states 14 / 37 (38%)
sts 8 / 11 (73%)
```

Additional belt-and-suspenders

Added `UnknownOperationException`, `Unknown path:`, and `Unknown operation:` to the NotImplemented response-body patterns in `classify_response` so any Smithy service not yet wired into audit still degrades gracefully.

Test plan

  • `cargo test -p fakecloud-conformance --lib` — 44/44 pass
  • `cargo run -p fakecloud-conformance -- check` — baseline green at new honest numbers
  • `cargo clippy --workspace --all-targets -- -D warnings`
  • `cargo fmt --check`

Follow-up work (not in this PR) is closing the 529-op gap across the 12 partial services. Handed off to a separate agent session.

Summary by cubic

Make conformance strict by checking each Smithy operation against the service’s supported_actions() list, so unrouted paths no longer count as passes. Added unit tests for the new NotImplemented patterns; honest coverage is now 42,889/59,954 (71.5%) with no service code changes.

  • New Features
    • Cross-reference operations with each service’s supported_actions(); out-of-list ops are NotImplemented without a probe.
    • Union SUPPORTED lists via audit tags for shared crates (e.g., bedrock and bedrock-runtime).
    • Broaden classify_response patterns to treat UnknownOperationException, Unknown path:, and Unknown operation: as NotImplemented.
    • Add unit tests for these patterns and a negative case to keep ResourceNotFoundException classified as Pass.

Written for commit d47e3d9. Summary will update on new commits.

@vieiralucas
feat(conformance): strict route detection via SUPPORTED list
9f2205c 
The lenient 2xx-4xx = Pass rule was treating every unrouted fakecloud
response (generic NotFoundException, "Stage not found" from APIGWv2's
execute-api fallback, Lambda's UnknownOperationException, etc.) as a
routed success. Result: conformance reported 100% per service while
several services implement a small fraction of their Smithy surface.

Cross-reference Smithy operations against each fakecloud service's own
`fn supported_actions()` list (the same source-of-truth used by the
Level-2 audit). Operations not in SUPPORTED are classified as
NotImplemented without a network probe — saves the round-trip and,
more importantly, gives an honest per-service coverage number.

Also widen the classifier's NotImplemented response-body patterns with
`UnknownOperationException`, `Unknown path:`, and `Unknown operation:`
as belt-and-suspenders for any service the audit mapping doesn't
cover yet.

Baseline refresh: 59,954/59,954 (100%) -> 42,889/59,954 (71.5%). The
new numbers reflect reality: 11 of 23 services are at 100%, the rest
have real implementation gaps that were previously masked. Per-service
breakdown is in conformance-baseline.json.

No service implementations changed. This commit only tightens the
conformance classifier so it stops lying about coverage.
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 23, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

cubic-dev-ai[bot]
cubic-dev-ai Bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@vieiralucas
test(conformance): cover new classify_response patterns
d47e3d9 
Codecov patch check on PR #696 dropped because the three new
NotImplemented response-body patterns (UnknownOperationException,
Unknown path:, Unknown operation:) added to classify_response had no
direct unit test — they were exercised only through the full conformance
run. Add four unit tests that exercise each new pattern plus one
negative case (ResourceNotFoundException must still classify as Pass).
@vieiralucas vieiralucas merged commit 7880021 into main Apr 23, 2026
48 checks passed
@vieiralucas vieiralucas deleted the worktree-apigwv2-strict-classifier branch April 23, 2026 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@vieiralucas