open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

feat(config-audit): recalibrate TOK severities for tokens/turn (v5 F7) [skip-docs]

Browse source 
- Pattern A (cache-breaking volatile top): medium → high
- Pattern B (redundant permissions): low → medium
- Pattern C (deep @import chain): medium → low
- Add calibration_note evidence on every TOK finding
- Table-driven severity tests (identify by title, IDs are sequential)

563 → 569 tests, all green. Doc sweep deferred to Session 5 (Step 28).
This commit is contained in:
Kjell Tore Guttormsen 2026-05-01 06:47:32 +02:00
commit 58d6b5b9ea
2 changed files with 50 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

32
plugins/config-audit/tests/scanners/token-hotspots.test.mjs
View file

@ -57,9 +57,9 @@ describe('TOK scanner — opus-47/cache-breaking', () => {
assert.ok(f, 'expected a CA-TOK-001 finding for cache-breaking fixture');
});
it('CA-TOK-001 severity is medium or low', () => {
it('CA-TOK-001 severity is high (v5 F7 recalibration)', () => {
const f = result.findings.find(x => x.id === 'CA-TOK-001');
assert.ok(['medium', 'low'].includes(f.severity), `unexpected severity ${f.severity}`);
assert.equal(f.severity, 'high', `expected high after F7, got ${f.severity}`);
});
});
@ -188,3 +188,31 @@ describe('TOK scanner — hotspots contract', () => {
`expected ≤10 hotspots, got ${result.hotspots.length}`);
});
});
describe('TOK scanner — F7 severity recalibration (v5)', () => {
// Findings identified by title pattern, not finding ID — TOK IDs are
// sequential per scan run, not semantic per pattern (output.mjs:31).
const SEVERITY_TABLE = [
{ fixture: 'opus-47/cache-breaking', pattern: 'A', titleMatch: /cache-breaking volatile/i, expected: 'high' },
{ fixture: 'opus-47/redundant-tools', pattern: 'B', titleMatch: /redundant permission/i, expected: 'medium' },
{ fixture: 'opus-47/deep-imports', pattern: 'C', titleMatch: /deep @import chain/i, expected: 'low' },
];
for (const { fixture, pattern, titleMatch, expected } of SEVERITY_TABLE) {
it(`Pattern ${pattern} (${fixture}) has severity ${expected}`, async () => {
const result = await runScanner(fixture);
const f = result.findings.find(x => titleMatch.test(x.title || ''));
assert.ok(f, `expected a finding matching ${titleMatch} in ${fixture}; got: ${result.findings.map(x => x.title).join(' | ')}`);
assert.equal(f.severity, expected, `expected ${expected}, got ${f.severity}`);
});
it(`Pattern ${pattern} (${fixture}) carries calibration_note evidence`, async () => {
const result = await runScanner(fixture);
const f = result.findings.find(x => titleMatch.test(x.title || ''));
assert.ok(f, `expected a finding matching ${titleMatch} in ${fixture}`);
const evidence = String(f.evidence || '');
assert.ok(/severity reflects estimated tokens\/turn/i.test(evidence),
`expected calibration_note phrase in evidence, got: ${evidence}`);
});
}
});