Add determinism tests for verdict artifact generation and update SHA256 sums script

- Implemented comprehensive tests for verdict artifact generation to ensure deterministic outputs across various scenarios, including identical inputs, parallel execution, and change ordering. - Created helper methods for generating sample verdict inputs and computing canonical hashes. - Added tests to validate the stability of canonical hashes, proof spine ordering, and summary statistics. - Introduced a new PowerShell script to update SHA256 sums for files, ensuring accurate hash generation and file integrity checks.
2025-12-24 02:17:34 +02:00
parent e59921374e
commit 7503c19b8f
390 changed files with 37389 additions and 5380 deletions
--- a/src/Cli/__Tests/StellaOps.Cli.Tests/CryptoCommandTests.cs
+++ b/src/Cli/__Tests/StellaOps.Cli.Tests/CryptoCommandTests.cs
@@ -3,9 +3,10 @@
 // Task: T11 - Integration tests for crypto commands

 using System.CommandLine;
-using System.CommandLine.IO;
 using System.CommandLine.Parsing;
 using Microsoft.Extensions.DependencyInjection;
+using Spectre.Console;
+using Spectre.Console.Testing;
 using Xunit;
 using StellaOps.Cli.Commands;
 using StellaOps.Cryptography;
@@ -119,11 +120,21 @@ public class CryptoCommandTests

        // Act
        var console = new TestConsole();
-        var exitCode = await command.InvokeAsync("sign --input /nonexistent/file.txt", console);
+        var originalConsole = AnsiConsole.Console;
+        int exitCode;
+        try
+        {
+            AnsiConsole.Console = console;
+            exitCode = await command.Parse("sign --input /nonexistent/file.txt").InvokeAsync(cancellationToken);
+        }
+        finally
+        {
+            AnsiConsole.Console = originalConsole;
+        }

        // Assert
        Assert.NotEqual(0, exitCode);
-        var output = console.Error.ToString() ?? "";
+        var output = console.Output.ToString();
        Assert.Contains("not found", output, StringComparison.OrdinalIgnoreCase);
    }

@@ -143,11 +154,21 @@ public class CryptoCommandTests

        // Act
        var console = new TestConsole();
-        var exitCode = await command.InvokeAsync("profiles", console);
+        var originalConsole = AnsiConsole.Console;
+        int exitCode;
+        try
+        {
+            AnsiConsole.Console = console;
+            exitCode = await command.Parse("profiles").InvokeAsync(cancellationToken);
+        }
+        finally
+        {
+            AnsiConsole.Console = originalConsole;
+        }

        // Assert
        Assert.NotEqual(0, exitCode);
-        var output = console.Out.ToString() ?? "";
+        var output = console.Output.ToString();
        Assert.Contains("No crypto providers available", output, StringComparison.OrdinalIgnoreCase);
    }

@@ -167,11 +188,21 @@ public class CryptoCommandTests

        // Act
        var console = new TestConsole();
-        var exitCode = await command.InvokeAsync("profiles", console);
+        var originalConsole = AnsiConsole.Console;
+        int exitCode;
+        try
+        {
+            AnsiConsole.Console = console;
+            exitCode = await command.Parse("profiles").InvokeAsync(cancellationToken);
+        }
+        finally
+        {
+            AnsiConsole.Console = originalConsole;
+        }

        // Assert
        Assert.Equal(0, exitCode);
-        var output = console.Out.ToString() ?? "";
+        var output = console.Output.ToString();
        Assert.Contains("StubCryptoProvider", output);
    }

@@ -210,24 +241,18 @@ public class CryptoCommandTests
    {
        public string Name => "StubCryptoProvider";

-        public Task<byte[]> SignAsync(byte[] data, CryptoKeyReference keyRef, string algorithmId, CancellationToken ct = default)
-        {
-            return Task.FromResult(new byte[] { 0x01, 0x02, 0x03, 0x04 });
-        }
+        public bool Supports(CryptoCapability capability, string algorithmId) => true;

-        public Task<bool> VerifyAsync(byte[] data, byte[] signature, CryptoKeyReference keyRef, string algorithmId, CancellationToken ct = default)
-        {
-            return Task.FromResult(true);
-        }
+        public IPasswordHasher GetPasswordHasher(string algorithmId) => throw new NotSupportedException();

-        public Task<byte[]> EncryptAsync(byte[] data, CryptoKeyReference keyRef, string algorithmId, CancellationToken ct = default)
-        {
-            throw new NotImplementedException();
-        }
+        public ICryptoHasher GetHasher(string algorithmId) => throw new NotSupportedException();

-        public Task<byte[]> DecryptAsync(byte[] data, CryptoKeyReference keyRef, string algorithmId, CancellationToken ct = default)
-        {
-            throw new NotImplementedException();
-        }
+        public ICryptoSigner GetSigner(string algorithmId, CryptoKeyReference keyReference) => throw new NotSupportedException();
+
+        public void UpsertSigningKey(CryptoSigningKey signingKey) => throw new NotSupportedException();
+
+        public bool RemoveSigningKey(string keyId) => false;
+
+        public IReadOnlyCollection<CryptoSigningKey> GetSigningKeys() => Array.Empty<CryptoSigningKey>();
    }
 }