From ec1df267118101bcaaac128c57c677d5c0c1c463 Mon Sep 17 00:00:00 2001
From: "github-actions[bot]"
 <41898282+github-actions[bot]@users.noreply.github.com>
Date: Sun, 7 Jun 2026 13:18:36 +0000
Subject: [PATCH] test: strengthen weak assertions in safe_outputs analyzer
 tests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In aggregate_detection_gate_rejects_all_proposals:
- Add summary assertions (proposed_count, not_processed_count,
  executed_count, rejected_by_execution_count) — the primary metric
  for detection-gate rejection (not_processed_count) was completely
  unchecked.
- Add finding.category and finding.title assertions — only severity
  was checked before, meaning a regression in the finding content
  would have passed silently.

In mixed_execution_outcomes_are_rolled_up:
- Add rollup.total_rejected assertion — the field was computed but
  never asserted, leaving its correctness untested.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 src/audit/analyzers/safe_outputs.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/audit/analyzers/safe_outputs.rs b/src/audit/analyzers/safe_outputs.rs
index e33085f8..d52a0017 100644
--- a/src/audit/analyzers/safe_outputs.rs
+++ b/src/audit/analyzers/safe_outputs.rs
@@ -777,6 +777,15 @@ mod tests {
             .await
             .expect("analyze gate-rejected safe outputs");
 
+        let summary = analysis.summary.expect("summary");
+        assert_eq!(summary.proposed_count, 2);
+        assert_eq!(
+            summary.not_processed_count, 2,
+            "all proposals must be counted as not_processed when the gate fires"
+        );
+        assert_eq!(summary.executed_count, 0);
+        assert_eq!(summary.rejected_by_execution_count, 0);
+
         let execution = analysis.execution.expect("execution");
         assert_eq!(execution.items.len(), 2);
         assert!(execution.items.iter().all(|item| {
@@ -791,6 +800,11 @@ mod tests {
 
         assert_eq!(analysis.findings.len(), 1);
         assert_eq!(analysis.findings[0].severity, Severity::High);
+        assert_eq!(analysis.findings[0].category, "safe_outputs");
+        assert_eq!(
+            analysis.findings[0].title,
+            "Detection rejected 2 safe output(s)"
+        );
     }
 
     #[tokio::test]
@@ -849,6 +863,7 @@ mod tests {
         );
 
         let rollup = analysis.rollup.expect("rollup");
+        assert_eq!(rollup.total_rejected, 2);
         assert_eq!(rollup.by_reason.get("permission denied"), Some(&1));
         assert_eq!(rollup.by_reason.get("skipped"), Some(&1));
     }