Review and improve test suite to minimize real-world gaps#9
Review and improve test suite to minimize real-world gaps#9poseidonchan merged 2 commits intomasterfrom
Conversation
- Remove 1 trivial test (negative PID check that can't happen) - Add test for Telegram edit_message failure fallback - Add command intent tests for real-world edge cases - Document known security limitation in script execution detection - Create comprehensive TEST_IMPROVEMENTS.md analysis Tests went from 65 → 69 (+6.2% meaningful coverage) Co-authored-by: poseidonchan <43901301+poseidonchan@users.noreply.github.com>
Claude
AI
changed the title
|
@codex someone says " Parsing: parse_event_obj now accepts function_call arguments as dicts (and list cmd values), joining argv into a shell string and still detecting escalation/justification metadata for approvals. evs = parse_event_obj({ => [ToolStarted(command="ls -la")]" |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 9a35acb18e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| def test_needs_write_approval_bash_lc_readonly(self) -> None: | ||
| self.assertFalse(needs_write_approval("bash -lc 'cd /tmp && ls -la'")) | ||
|
|
||
| def test_script_execution_limitation(self) -> None: |
There was a problem hiding this comment.
These new tests improve command-intent and output-stream behavior, but they do not cover (or fix) the reported production failure mode where parse_event_obj receives function_call.arguments as a dict and cmd as argv list; that path is still dropped because the parser currently only enters the exec_command branch when arguments is a string (src/tgcodex/codex/events.py around the isinstance(args_s, str) check). In that scenario the bot remains blind to tool starts and escalation prompts, so this PR does not resolve the issue it is being used to validate.
Useful? React with 👍 / 👎.
@codex So, is this PR helpful? |
|
Codex Review: Didn't find any major issues. 🚀 ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
2 participants
The test suite included tests that don't catch real-world issues while missing coverage for actual production failure modes. This PR removes trivial tests and adds tests for critical error paths.
Changes
Removed (1 test)
test_daemon_process::test_is_pid_running_non_positive_false- Trivial edge case (negative PIDs) that cannot occur in practiceAdded (5 tests)
test_output_stream::test_edit_failure_falls_back_to_new_message- Validates Telegram API edit failure handling (rate limits, deleted messages)test_command_intent::test_script_execution_limitation- Documents known security gap: script execution not detected as potentially dangeroustest_command_intent::test_needs_write_approval_detects_piped_writes- Teststeeand piped redirectionstest_command_intent::test_needs_write_approval_detects_redirection- Tests>and>>operatorstest_command_intent::test_readonly_commands_do_not_need_approval- Validates read-only operationsDocumentation
TEST_IMPROVEMENTS.md- Analysis of test quality, high vs low value tests, and remaining gapsKey Improvements
The new tests validate actual failure scenarios users encounter:
The command intent tests now explicitly document security limitations:
Results
See
TEST_IMPROVEMENTS.mdfor detailed analysis of test quality and recommendations.Original prompt