Skip to content

docs(mutmut): document why the mutation gate covers only retry.py#107

Merged
brownjuly2003-code merged 1 commit into
mainfrom
docs/mutation-gate-duckdb-limitation
Jun 29, 2026
Merged

docs(mutmut): document why the mutation gate covers only retry.py#107
brownjuly2003-code merged 1 commit into
mainfrom
docs/mutation-gate-duckdb-limitation

Conversation

@brownjuly2003-code

Copy link
Copy Markdown
Owner

What

Document why the mutation-testing gate only mutates sdk/agentflow/retry.py, despite [tool.mutmut] declaring 7 security-critical serving modules as targets.

Why

tests/unit/test_mutmut_policy.py enforces that 7 security-critical modules (sql_guard, auth manager/key_rotation, masking, rate_limiter, nl_queries, sql_builder) are declared mutation targets. But the CI gate (scripts/mutation_report.py) drives mutation from its own MODULE_TARGETS, which contains only retry.py. The declared serving modules are never mutated — and cannot be: they all transitively import duckdb, and duckdb's compiled subpackage _duckdb._sqltypes fails to import inside mutmut's mutants/ workspace ('_duckdb' is not a package), crashing the run with every mutant left not checked.

Reproduced in a Linux container (python:3.11), so this is a mutmut × duckdb harness limitation, not platform-specific. retry.py works precisely because it is duckdb-free; duckdb itself imports fine under normal pytest (the full suite passes) — only mutmut's workspace breaks it.

Without this note, the policy test reads as if the security modules are mutation-covered when they are not (false assurance).

Change

Comments only, at the three places a reader meets the claim — pyproject.toml [tool.mutmut], the runner's MODULE_TARGETS, and test_mutmut_policy.py. No logic change.

Verification

  • ruff check + ruff format --check: clean
  • pytest tests/unit/test_mutmut_policy.py tests/unit/test_mutation_report.py: 5 passed

Follow-up (not in this PR)

Extending the gate to serving modules needs isolated mutant execution (subprocess/spawn) or a different mutation tool (e.g. cosmic-ray / mutatest) — a separate, CI-affecting decision.

🤖 Generated with Claude Code

The [tool.mutmut] policy declares 7 security-critical serving modules as
mutation targets (enforced by test_mutmut_policy.py), but the CI gate
(scripts/mutation_report.py) mutates only the duckdb-free retry.py. Those
serving modules transitively import duckdb, whose compiled subpackage
(_duckdb._sqltypes) fails to import inside mutmut's mutants/ workspace and
crashes the run with every mutant left "not checked" -- reproduced in a Linux
container, so it is a mutmut x duckdb harness limitation, not platform-specific.

Make this gap explicit at the three places a reader meets it (the pyproject
policy list, the runner's MODULE_TARGETS, and the policy test) so declared
coverage is not mistaken for live mutation coverage. Comments only; no logic
change. Extending the gate to serving modules needs isolated mutant execution
(subprocess/spawn) or a different mutation tool.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

DORA Metrics

  • Window: last 30 days
  • Branch: main
  • Deployment frequency: 163 total / 38.03 per week
  • Lead time for changes: avg 0.27h / median 0.0h
  • Change failure rate: 57.67% (94/163)
  • MTTR: 0.23h across 4 incident(s)

@brownjuly2003-code brownjuly2003-code enabled auto-merge (squash) June 29, 2026 15:16
@brownjuly2003-code brownjuly2003-code merged commit 4b32828 into main Jun 29, 2026
20 checks passed
@brownjuly2003-code brownjuly2003-code deleted the docs/mutation-gate-duckdb-limitation branch June 29, 2026 15:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants