llm-ingestion-pipeline-secu.../tests
Kjell Tore Guttormsen f4e89d2885 feat(egress): decode-rescan feeds base64 plaintext to secret-egress (review MINOR)
Output gate step 3 now runs scan_secret_egress over every decoded base64
blob's plaintext, not only scan_lexicon. A base64-wrapped credential that
formerly vanished (decode fed the lexicon, which has no secret patterns)
now surfaces as decoded:egress:* carrying the blob offset. Evidence stays
length-only, so the decoded finding never leaks the secret value.

Hex-wrapped secrets remain a documented honest-limit (entropy exposes
decoded plaintext for base64 only). README honest-limits + CLAUDE.md
Kontekst updated; 3 tests added (347 passed, was 344).
2026-07-15 07:11:29 +02:00
..
inbox_frontend.py feat(okf): scan reserved index.md/log.md in mode-b import, not path-reject (review MAJOR #2) 2026-07-15 06:43:50 +02:00
test_active_content.py feat(guard): active-content detector wired into the output gate (review MAJOR #1) 2026-07-15 06:11:33 +02:00
test_contract.py fix(security): harden 5 adversarial-review findings (M1/M2/M3 + m4/m6) via TDD 2026-07-05 10:45:05 +02:00
test_corpus.py test(showcase): end-to-end multi-vuln pipeline + adversarial/FP corpora (recall) 2026-07-04 23:34:51 +02:00
test_disposition.py fix(security): harden 5 adversarial-review findings (M1/M2/M3 + m4/m6) via TDD 2026-07-05 10:45:05 +02:00
test_entropy.py fix(security): harden 5 adversarial-review findings (M1/M2/M3 + m4/m6) via TDD 2026-07-05 10:45:05 +02:00
test_fence.py feat(fence): randomized unspoofable delimiter + attacker marker-strip (TDD) [skip-docs] 2026-07-04 18:23:35 +02:00
test_grounding.py feat(grounding): SourceGroundingCheck protocol + pass-through default — the semantic-poisoning seam (TDD) [skip-docs] 2026-07-04 22:44:41 +02:00
test_lexicon.py feat(lexicon): JSON injection lexicon + variant-set scan (TDD) [skip-docs] 2026-07-04 17:20:21 +02:00
test_neutralize.py feat(neutralize): opt-in pure defang of active-content output (TDD) [skip-docs] 2026-07-04 18:55:12 +02:00
test_okf.py feat(okf): scan reserved index.md/log.md in mode-b import, not path-reject (review MAJOR #2) 2026-07-15 06:43:50 +02:00
test_okf_inbox_uploads.py feat(inbox): .xlsx extraction — formula gate, hidden sheets, cell comments (stage 2h) 2026-07-07 07:41:00 +02:00
test_okf_showcase.py feat(okf): scan reserved index.md/log.md in mode-b import, not path-reject (review MAJOR #2) 2026-07-15 06:43:50 +02:00
test_output.py feat(egress): decode-rescan feeds base64 plaintext to secret-egress (review MINOR) 2026-07-15 07:11:29 +02:00
test_report.py feat: scaffold package + report and sanitize modules (TDD) 2026-07-04 09:24:20 +02:00
test_sanitize.py feat: scaffold package + report and sanitize modules (TDD) 2026-07-04 09:24:20 +02:00
test_showcase.py feat(guard): active-content detector wired into the output gate (review MAJOR #1) 2026-07-15 06:11:33 +02:00
test_wiring.py feat(wiring): §6 bookends (prepare_input/screen_output) + full public API + README v0.1 (TDD) 2026-07-04 23:34:28 +02:00