feat(xtest): Enables pqc test suite in ci

[dmihalcik-virtru]

Summary by CodeRabbit

• Bug Fixes

  • Improved handling and clearer reporting for unsupported cryptographic algorithms during key creation, avoiding misleading failures.

• Tests

  • Added post-quantum cryptography validation to the test suite and CI.
  • Broadened test expectations to accept additional aggregated error types in tamper-detection tests.

[gemini-code-assist]

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

[coderabbitai]

Warning

Rate limit exceeded

@dmihalcik-virtru has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 56 minutes and 43 seconds before requesting another review.

To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f576b6c3-9559-4788-b8b2-871627c7aaf9

📥 Commits

Reviewing files that changed from the base of the PR and between 0402f48 and 2da9837.

📒 Files selected for processing (1)

• xtest/otdfctl.py

📝 Walkthrough

Walkthrough

Adds an InvalidAlgorithm exception and handling, updates key fixture to skip tests when unsupported algorithms are encountered, broadens an error match in a tamper test, and adds test_pqc.py to the xtest CI workflow in both standard and focused runs. (≤50 words)

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/xtest.yml	Appended test_pqc.py to the pytest invocation in both the "all standard xtests" (FOCUS_SDK == 'all') and focused SDK paths.
CLI / Exception xtest/otdfctl.py	Added class InvalidAlgorithm(Exception) and updated kas_registry_create_key parsing to raise InvalidAlgorithm when the CLI returns "Invalid key parameters: invalid algorithm".
Fixture Handling xtest/fixtures/keys.py	Imported InvalidAlgorithm and changed _get_or_create_key to catch InvalidAlgorithm; if required_features is non-empty the fixture calls pytest.skip, otherwise the exception propagates.
Test Assertion Update xtest/test_tdfs.py	Expanded accepted error pattern for the malicious KAO tamper test to include AggregateError in decrypt expectation handling.

Sequence Diagram(s)

(omitted — changes are small and do not introduce complex multi-component sequential flows)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore(xtest): Deduplicates fixture code with shared helpers #426: Related managed-key creation and platform-feature gating changes; likely overlaps with the fixture/key creation adjustments in this PR.

Suggested reviewers

• pflynn-virtru

Poem

🐰
Quantum threads in carrot rows,
New exceptions help code compose,
If algorithms leap and fall,
Tests skip softly, not a brawl,
CI hops forward — all aglow.

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title claims to enable a PQC test suite in CI, but the actual changes add test_pqc.py to the workflow and modify error handling in key creation fixtures—not enabling a new test suite.	Revise the title to accurately reflect the changes, such as 'feat(xtest): Add test_pqc.py to workflow and improve key creation error handling' or similar.
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DSPX-3086-enable-pqc-suite

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 56 minutes and 43 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

X-Test Failure Report

❌ js-main
❌ go-main
❌ js-v0.14.0
❌ go-v0.14.0
❌ java-main
❌ java-v0.14.0

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@xtest/fixtures/keys.py`:
- Around line 56-66: The helper currently swallows all InvalidAlgorithm
exceptions around otdfctl.kas_registry_create_key which can hide real failures;
update the except InvalidAlgorithm block so it only calls pytest.skip for
algorithms that are feature-gated (e.g., check against your PQC_ALGORITHMS list
or use an existing is_feature_gated_algorithm(algorithm) helper), and for any
other algorithm re-raise the exception (use raise). Modify the except block in
the code around kas_registry_create_key in keys.py to perform that conditional
skip vs re-raise logic.

In `@xtest/otdfctl.py`:
- Around line 43-47: Run the code formatter to fix formatting issues flagged by
ruff: run "ruff format xtest/otdfctl.py" (or your project's formatter command)
and commit the updated file; ensure that the class InvalidAlgorithm and
surrounding whitespace/indentation are normalized by the formatter so "ruff
format --check" passes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 67e97349-5d9c-40e2-b202-618849aa20bc

📥 Commits

Reviewing files that changed from the base of the PR and between ea2976e and 91a3bb1.

📒 Files selected for processing (3)

• .github/workflows/xtest.yml
• xtest/fixtures/keys.py
• xtest/otdfctl.py

[github-actions]

X-Test Failure Report

❌ go-v0.14.0
❌ js-v0.14.0
❌ js-main
❌ java-v0.14.0
❌ java-main
❌ go-main

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

X-Test Failure Report

[github-actions]

X-Test Results

✅ js-v0.14.0
✅ go-v0.14.0
✅ go-main
✅ js-main
✅ java-v0.14.0
✅ java-main