open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions
ktg-plugin-marketplace/plugins/config-audit/tests/scenarios/03-cnf-conflict.json
Kjell Tore Guttormsen 8b146bf489 feat(humanizer): scenario read-test corpus + runner (SC-4) [skip-docs] 
Step 9 of v5.1.0 humanizer Wave 4. Adds tests/scenario-read-test.mjs
runner, tests/scenario-read-test.test.mjs wrapper, and 5 scenario
fixtures in tests/scenarios/ that feed deterministic raw findings
through humanizeFinding and assert the humanized
title/description/recommendation match brief-owner-approved regex
patterns encoding the ground-truth what/why/whatNext answers.

Corpus selection (per brief criteria):

- 01-tok-cascade.json - TOK/CPS category (token efficiency)
- 02-cps-volatile.json - TOK/CPS category (cache prefix stability)
- 03-cnf-conflict.json - CNF category (conflicts)
- 04-gap-no-claude-md.json - GAP category (feature gap)
- 05-set-invalid-json.json - SET category, AND its v5.0.0 title +
  description carry tier1 'invalid' (the brief criterion 'one finding
  whose v5.0.0 description uses a forbidden word').

Runner mechanics:

- Loads scenarios matching ^\\d{2}-[a-z0-9-]+\\.json$ in sorted order.
- Calls humanizeFinding(scannerInput) and matches each humanized field
  against its declared pattern (case-insensitive regex).
- Verifies humanizer-added structural fields (userImpactCategory,
  userActionLanguage, relevanceContext) are non-empty strings.
- Per session decision (1a) acceptance is deterministic regex matching
  without a runtime human approval gate.

Wrapper adds 3 tests: scenario-match (binds runner to node --test),
category-coverage (TOK/CPS, CNF, GAP, SET all present), and
tier1-presence (at least one v5.0.0 title or description contains a
tier1 forbidden word).

Tests: 736 to 739 (+3 SC-4 tests). Full suite passes.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 18:16:23 +02:00

29 lines
1.4 KiB
JSON
Raw Blame History

{
"_meta": {
"comment": "Scenario 03: CNF allow/deny conflict. Covers the conflicts category. v5.0.0 title contains tier3 'allow/deny' — humanizer rewrites with non-jargon language."
},
"findingId": "CA-CNF-001",
"scannerInput": {
"id": "CA-CNF-001",
"scanner": "CNF",
"severity": "high",
"title": "Permission allow/deny conflict",
"description": "Tool 'Bash(git:*)' appears in both allow and deny lists at .claude/settings.json.",
"file": ".claude/settings.json",
"line": null,
"evidence": "tool=Bash(git:*); allow=true; deny=true",
"recommendation": "Remove the tool from either the allow or deny list to make the intent unambiguous.",
"category": null,
"autoFixable": false
},
"expectedHumanized": {
"titlePattern": "let-in and shut-out by your permissions",
"descriptionPattern": "deny.*priority over an .*allow|looks like the tool is approved",
"recommendationPattern": "Remove either the .*allow.* or the .*deny"
},
"groundTruth": {
"what": "A tool you have configured is both let-in and shut-out by your permission rules.",
"why": "A `deny` entry takes priority over an `allow`, so the `allow` does nothing — but the configuration looks like the tool is approved, which can mislead readers of the file.",
"whatNext": "Remove either the `allow` or the `deny` entry so the intent is unambiguous."
}
}
Reference in a new issue View git blame Copy permalink