stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 3 Releases Wiki Activity
Files
0987cd6ac81edc2540d8abce362e822e2f0ecef3
git.stella-ops.org/bench/reachability-benchmark/baselines/semgrep/README.md
StellaOps Bot c11d87d252
Some checks failed
AOC Guard CI / aoc-guard (push) Has been cancelled
Details
AOC Guard CI / aoc-verify (push) Has been cancelled
Details
Docs CI / lint-and-preview (push) Has been cancelled
Details
Mirror Thin Bundle Sign & Verify / mirror-sign (push) Has been cancelled
Details
Concelier Attestation Tests / attestation-tests (push) Has been cancelled
Details
Export Center CI / export-ci (push) Has been cancelled
Details
feat: Add tests for RichGraphPublisher and RichGraphWriter 
- Implement unit tests for RichGraphPublisher to verify graph publishing to CAS.
- Implement unit tests for RichGraphWriter to ensure correct writing of canonical graphs and metadata.

feat: Implement AOC Guard validation logic

- Add AOC Guard validation logic to enforce document structure and field constraints.
- Introduce violation codes for various validation errors.
- Implement tests for AOC Guard to validate expected behavior.

feat: Create Console Status API client and service

- Implement ConsoleStatusClient for fetching console status and streaming run events.
- Create ConsoleStatusService to manage console status polling and event subscriptions.
- Add tests for ConsoleStatusClient to verify API interactions.

feat: Develop Console Status component

- Create ConsoleStatusComponent for displaying console status and run events.
- Implement UI for showing status metrics and handling user interactions.
- Add styles for console status display.

test: Add tests for Console Status store

- Implement tests for ConsoleStatusStore to verify event handling and state management.
2025-12-01 07:34:50 +02:00

29 lines
1.0 KiB
Markdown
Raw Blame History

# Semgrep baseline
Deterministic baseline runner that executes Semgrep against a single benchmark case and emits a submission payload in the benchmark schema.
## Usage
```bash
# Run for one case
SEMGREP_SEND_TELEMETRY=0 SEMGREP_ENABLE_VERSION_CHECK=0 \
baselines/semgrep/run_case.sh cases/js/unsafe-eval /tmp/semgrep-out
# Run for all cases under a root
SEMGREP_SEND_TELEMETRY=0 SEMGREP_ENABLE_VERSION_CHECK=0 \
baselines/semgrep/run_all.sh cases /tmp/semgrep-all
```
Outputs:
- Per-case: `<out>/submission.json`
- All cases: `<out>/submission.json` (merged, deterministic ordering)
## Requirements
- Semgrep CLI available on PATH. Tested with `semgrep >= 1.72`. Telemetry/version checks must be disabled for offline/deterministic runs.
- Python 3.11+ for normalization script.
## Determinism posture
- Telemetry/version checks disabled by default via env (see scripts).
- Stable ordering of cases and sinks.
- No network access.
- If Semgrep is missing, runner still produces a valid submission marking all sinks as `unreachable`, preserving schema validity.
Reference in New Issue View Git Blame Copy Permalink