Skip to content
Testbed Paper-Faithful CI Gates

Testbed Paper-Faithful CI Gates #1153

Sign in to view logs

Testbed Paper-Faithful CI Gates

Testbed Paper-Faithful CI Gates #1153

Workflow file for this run

.github/workflows/testbed-paper-faithful.yml at bb1b7aa
name: Testbed Paper-Faithful CI Gates
on:
push:
branches: [ main, paper-faithful-implementation ]
pull_request:
branches: [ main, paper-faithful-implementation ]
schedule:
# Run synthetic probe every minute during CI hours
- cron: '*/1 9-17 * * 1-5' # Every minute, 9 AM - 5 PM, Mon-Fri
env:
NODE_VERSION: '18'
PF_ENFORCE: 'true'
PF_SYNTHETIC_PROBE: 'true'
jobs:
# Job 1: Synthetic Probe Validation
synthetic-probe:
name: Synthetic Probe - Cert/Policy/Receipt Validation
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run synthetic probe validation
run: |
cd testbed
npx ts-node tools/synthetic-probe.ts --validate-ci
- name: Check probe results
run: |
cd testbed
npx ts-node tools/synthetic-probe.ts --status
- name: Upload probe artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: synthetic-probe-results
path: testbed/probe-results/
retention-days: 7
# Job 2: Decision Path Flow Validation
decision-path-flow:
name: Decision Path Flow - End-to-End Validation
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run decision path flow tests
run: |
cd testbed/runtime/gateway
npm run test:decision-path
- name: Validate flow phases
run: |
cd testbed
npx ts-node tools/validate-decision-path.ts
- name: Upload flow validation artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: decision-path-validation
path: testbed/flow-validation/
retention-days: 7
# Job 3: Non-Interference (MonNI) Validation
non-interference:
name: Non-Interference (MonNI) - Bridge Validation
runs-on: ubuntu-latest
timeout-minutes: 8
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run MonNI validation tests
run: |
cd testbed/runtime/gateway
npm run test:monni
- name: Validate NI bridge
run: |
cd testbed
npx ts-node tools/validate-ni-bridge.ts
- name: Upload NI validation artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: ni-validation
path: testbed/ni-validation/
retention-days: 7
# Job 4: Egress Certificate Validation
egress-certificates:
name: Egress Certificates - PII/Secret Detection
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/egress-firewall
npm ci
- name: Run egress certificate tests
run: |
cd testbed/runtime/egress-firewall
npm run test:certificates
- name: Validate PII detection
run: |
cd testbed
npx ts-node tools/validate-pii-detection.ts
- name: Upload egress validation artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: egress-validation
path: testbed/egress-validation/
retention-days: 7
# Job 5: Access Receipt Validation
access-receipts:
name: Access Receipts - Signature/Expiry Validation
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/retrieval-gateway
npm ci
- name: Run receipt validation tests
run: |
cd testbed/runtime/retrieval-gateway
npm run test:receipts
- name: Validate receipt signatures
run: |
cd testbed
npx ts-node tools/validate-receipt-signatures.ts
- name: Upload receipt validation artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: receipt-validation
path: testbed/receipt-validation/
retention-days: 7
# Job 6: Policy Kernel Validation
policy-kernel:
name: Policy Kernel - Validation & Replan Logic
runs-on: ubuntu-latest
timeout-minutes: 8
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/policy-kernel
npm ci
- name: Run kernel validation tests
run: |
cd testbed/runtime/policy-kernel
npm run test:validation
- name: Test replan logic
run: |
cd testbed
npx ts-node tools/test-replan-logic.ts
- name: Upload kernel validation artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: kernel-validation
path: testbed/kernel-validation/
retention-days: 7
# Job 7: Tool Broker Mediation
tool-broker:
name: Tool Broker - Mediation & Capability Checks
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run tool broker tests
run: |
cd testbed/runtime/gateway
npm run test:tool-broker
- name: Test mediation logic
run: |
cd testbed
npx ts-node tools/test-mediation.ts
- name: Upload tool broker artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: tool-broker-validation
path: testbed/tool-broker-validation/
retention-days: 7
# Job 8: Safety Case Generation
safety-case:
name: Safety Case - Evidence & Verdict Validation
runs-on: ubuntu-latest
timeout-minutes: 6
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run safety case tests
run: |
cd testbed/runtime/gateway
npm run test:safety-case
- name: Validate evidence chain
run: |
cd testbed
npx ts-node tools/validate-evidence-chain.ts
- name: Upload safety case artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: safety-case-validation
path: testbed/safety-case-validation/
retention-days: 7
# Job 9: End-to-End Integration Test
integration-test:
name: End-to-End Integration - Complete Flow
runs-on: ubuntu-latest
timeout-minutes: 15
needs: [synthetic-probe, decision-path-flow, non-interference, egress-certificates, access-receipts, policy-kernel, tool-broker, safety-case]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install all dependencies
run: |
cd testbed/runtime/gateway && npm ci
cd ../policy-kernel && npm ci
cd ../egress-firewall && npm ci
cd ../retrieval-gateway && npm ci
- name: Run integration tests
run: |
cd testbed
npx ts-node tools/run-integration-test.ts
- name: Validate complete flow
run: |
cd testbed
npx ts-node tools/validate-complete-flow.ts
- name: Generate test report
run: |
cd testbed
npx ts-node tools/generate-test-report.ts
- name: Upload integration artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: integration-test-results
path: testbed/integration-results/
retention-days: 7
# Job 10: Performance & SLO Validation
performance-slo:
name: Performance & SLO - Latency & Throughput
runs-on: ubuntu-latest
timeout-minutes: 10
needs: [integration-test]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run performance tests
run: |
cd testbed
npx ts-node tools/run-performance-tests.ts
- name: Validate SLO compliance
run: |
cd testbed
npx ts-node tools/validate-slo-compliance.ts
- name: Upload performance artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: performance-results
path: testbed/performance-results/
retention-days: 7
# Job 11: Security & Compliance Check
security-compliance:
name: Security & Compliance - Final Validation
runs-on: ubuntu-latest
timeout-minutes: 8
needs: [performance-slo]
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Install dependencies
run: |
cd testbed/runtime/gateway
npm ci
- name: Run security tests
run: |
cd testbed
npx ts-node tools/run-security-tests.ts
- name: Validate compliance
run: |
cd testbed
npx ts-node tools/validate-compliance.ts
- name: Generate compliance report
run: |
cd testbed
npx ts-node tools/generate-compliance-report.ts
- name: Upload security artifacts
uses: actions/upload-artifact@v4
if: always()
with:
name: security-compliance-results
path: testbed/security-compliance/
retention-days: 7
# Job 12: Final Summary & Notifications
summary:
name: Final Summary & Notifications
runs-on: ubuntu-latest
needs: [security-compliance]
if: always()
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: ${{ env.NODE_VERSION }}
cache: 'npm'
- name: Generate final summary
run: |
cd testbed
npx ts-node tools/generate-final-summary.ts
- name: Upload final summary
uses: actions/upload-artifact@v4
if: always()
with:
name: final-summary
path: testbed/final-summary/
retention-days: 30
- name: Notify on failure
if: failure()
run: |
echo "Paper-faithful CI gates failed. Check the workflow for details."
# Add notification logic here (Slack, email, etc.)
- name: Notify on success
if: success()
run: |
echo "Paper-faithful CI gates passed successfully!"
# Add success notification logic here