Skip to content

feat(panicbot): teach translator about panic-attack v2.5.5 test_context#252

Merged
hyperpolymath merged 1 commit into
mainfrom
feat/panicbot-v2.5.5-context
Jun 2, 2026
Merged

feat(panicbot): teach translator about panic-attack v2.5.5 test_context#252
hyperpolymath merged 1 commit into
mainfrom
feat/panicbot-v2.5.5-context

Conversation

@hyperpolymath
Copy link
Copy Markdown
Owner

@hyperpolymath hyperpolymath commented Jun 2, 2026

Summary

panic-attack v2.5.5 (#102 + #110, merged earlier 2026-06-02) added a test_context field to AssailReport.weak_points. This PR wires panicbot's translator to consume it.

Behaviour

suppressed test_context Outcome
true (any) Drop (existing behaviour)
false "test_only" Drop (new — defensive)
false "doc" Drop (new — defensive)
false "production" Route to fleet (existing)
false null (pre-v2.5.5 report) Route to fleet (backward compat)

Why defensive

panic-attack's apply_v255_context_suppression already sets suppressed: true for TestOnly/Doc findings. The defensive double-check ensures that:

  1. If a future panic-attack release decides to preserve suppressed: false while still classifying as TestOnly (e.g. to surface them in audit-trail mode), the fleet doesn't inadvertently start chasing test-code findings.
  2. If a TestOnly finding slips through some other code path, this is the safety net.

Backward compatibility

#[serde(default)] on the new field — old panic-attack reports without the field deserialise cleanly to None and route as production. No fleet ops disruption when scanning against older panic-attack installs.

Verification

  • cargo build --release: clean
  • cargo test --release --lib: 42 pass / 0 fail (37 baseline + 5 new tests covering all combinations)

Forward compat

When panic-attack surfaces ffi_kind / jit_context in JSON (currently only test_context is on WeakPoint itself; the other two are classifier-only), follow the same pattern:

  • Add Option<String> field on scanner's WeakPoint
  • Add #[serde(default)]
  • Translator decisions keyed on the value

Refs

  • panic-attack#102 (test_context foundation)
  • panic-attack#110 (analyzer wire-up — sets the field)
  • panic-attack#112 (docs closeout — documents the cross-repo wiring need)

@hyperpolymath
feat(panicbot): teach translator about panic-attack v2.5.5 test_context
76a0217 
panic-attack v2.5.5 (#102 + #110, merged 2026-06-02) added a
test_context field to AssailReport.weak_points. Possible values:
"production" / "test_only" / "doc" / null (pre-v2.5.5 reports).

This PR wires panicbot to consume the field:

  scanner.rs:
    - WeakPoint gains `test_context: Option<String>` with
      `#[serde(default)]`. JSON without the field deserialises with
      None — fully backward compatible with pre-v2.5.5 panic-attack.

  translator.rs translate_all:
    - After the existing suppressed-drop, also drop findings whose
      test_context is "test_only" or "doc". This is DEFENSIVE:
      panic-attack's apply_v255_context_suppression typically sets
      suppressed=true for these already, but a future scanner version
      that preserves suppressed=false while classifying TestOnly should
      still not have those findings reach the fleet. Test code is not
      fleet-actionable.
    - Production / None pass through normally.

  5 new translator unit tests:
    * test_only drops even when suppressed=false
    * doc drops even when suppressed=false
    * production keeps
    * None (pre-v2.5.5) keeps (treated as production)
    * suppressed=true drops regardless of test_context

  All 11 existing WeakPoint construction sites in panicbot updated
  with `test_context: None` defaults for the new field.

Backward compat: panic-attack reports lacking test_context (older
panic-attack versions) deserialise cleanly via #[serde(default)] and
route through the production path.

Forward compat: when panic-attack adds the other v2.5.5 sidecars
(ffi_kind / jit_context) to AssailReport JSON, follow the same
pattern — Option<String> field with serde(default), then translator
decisions keyed on the value.

42 lib tests pass (37 baseline + 5 new test_context tests).
@hyperpolymath hyperpolymath enabled auto-merge (squash) June 2, 2026 18:08
@hyperpolymath hyperpolymath merged commit 7f2e05d into main Jun 2, 2026
13 of 22 checks passed
@hyperpolymath hyperpolymath deleted the feat/panicbot-v2.5.5-context branch June 2, 2026 18:12
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 2, 2026

🔍 Hypatia Security Scan

Findings: 98 issues detected

Severity Count
🔴 Critical 6
🟠 High 11
🟡 Medium 81

⚠️ Action Required: Critical security issues found!

View findings 
[
  {
    "reason": "Action perpolymath/standards/.github/workflows/governance-reusable.yml@main\n needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in boj-build.yml",
    "type": "missing_timeout_minutes",
    "file": "boj-build.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in casket-pages.yml",
    "type": "missing_timeout_minutes",
    "file": "casket-pages.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in codeql.yml",
    "type": "missing_timeout_minutes",
    "file": "codeql.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Issue in dogfood-gate.yml",
    "type": "missing_timeout_minutes",
    "file": "dogfood-gate.yml",
    "action": "flag",
    "rule_module": "workflow_audit",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hyperpolymath