llm-ingestion-pipeline-secu.../tests
Kjell Tore Guttormsen a44cf3c7b7 test(showcase): end-to-end multi-vuln pipeline + adversarial/FP corpora (recall)
Module 11's final deliverable (BRIEF §9, PLAN §132), built last. Exercises the
full public toolkit as a consumer would compose it — the _ingest helper doubles
as the README worked example.

- test_showcase: ONE poisoned artifact planting a vulnerability per detection
  channel — 5 invisible carriers (zero-width/BIDI/unicode-tag/html-comment/
  data-uri), injection across raw + homoglyph + rot13 + whole-string-base64
  (decode-and-rescan) channels with DISTINCT lexicon ids so dedup won't merge
  them, plus a credential the mock transform leaks into its output (LLM02). All
  10 planted labels caught; disposition FAIL_SECURE; egress evidence never
  carries the secret value; a clean document + clean transform WARNs (no FP).
- test_corpus: adversarial recall == 100% over the planted classes (a silent
  drop is a regression), and a false-positive corpus of attack-resembling legit
  content (injection vocabulary, secret-shaped placeholders/varrefs, high-entropy
  checksums) that disposes WARN under a trusted source — most producing NO
  finding (the suppression rules hold). One MEDIUM homoglyph case proves hard-fail
  is an explicit opt-in: same finding WARNs trusted, QUARANTINEs under upload.

Secret fixtures assembled from fragments (gitleaks-safe); every payload verified
against the real detectors before assertion. 12 new tests; 201 green total.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HyRCQMocjZ6SmSQ6JidJ2k
2026-07-04 23:34:51 +02:00
..
test_contract.py feat(contract): tool-less + credential-allowlist + env-scoping quarantine asserters (TDD) [skip-docs] 2026-07-04 20:44:20 +02:00
test_corpus.py test(showcase): end-to-end multi-vuln pipeline + adversarial/FP corpora (recall) 2026-07-04 23:34:51 +02:00
test_disposition.py feat(disposition): source-trust + provenance gate — WARN|QUARANTINE|FAIL_SECURE, compound + fail-closed (TDD) [skip-docs] 2026-07-04 20:34:32 +02:00
test_entropy.py feat(entropy): high-entropy/encoded-blob detection with decode-and-rescan (TDD) 2026-07-04 09:43:24 +02:00
test_fence.py feat(fence): randomized unspoofable delimiter + attacker marker-strip (TDD) [skip-docs] 2026-07-04 18:23:35 +02:00
test_grounding.py feat(grounding): SourceGroundingCheck protocol + pass-through default — the semantic-poisoning seam (TDD) [skip-docs] 2026-07-04 22:44:41 +02:00
test_lexicon.py feat(lexicon): JSON injection lexicon + variant-set scan (TDD) [skip-docs] 2026-07-04 17:20:21 +02:00
test_neutralize.py feat(neutralize): opt-in pure defang of active-content output (TDD) [skip-docs] 2026-07-04 18:55:12 +02:00
test_output.py feat(output): report-only OUTPUT gate — compose + secret egress (TDD) [skip-docs] 2026-07-04 20:18:46 +02:00
test_report.py feat: scaffold package + report and sanitize modules (TDD) 2026-07-04 09:24:20 +02:00
test_sanitize.py feat: scaffold package + report and sanitize modules (TDD) 2026-07-04 09:24:20 +02:00
test_showcase.py test(showcase): end-to-end multi-vuln pipeline + adversarial/FP corpora (recall) 2026-07-04 23:34:51 +02:00
test_wiring.py feat(wiring): §6 bookends (prepare_input/screen_output) + full public API + README v0.1 (TDD) 2026-07-04 23:34:28 +02:00