fetch_ml

jfraeysd/fetch_ml

Fork 0

Commit graph

Author	SHA1	Message	Date
Jeremie Fraeys	ca6ad970c3	refactor: co-locate logging, manifest, network, privacy, prommetrics tests Move unit tests from tests/unit/ to internal/ following Go conventions: - tests/unit/logging/* -> internal/logging/* (logging tests) - tests/unit/manifest/* -> internal/manifest/* (run_manifest, schema tests) - tests/unit/network/* -> internal/network/* (retry, ssh_pool, ssh tests) - tests/unit/privacy/* -> internal/privacy/* (pii tests) - tests/unit/metrics/* -> internal/prommetrics/* (metrics tests) Update import paths in test files to reflect new locations. Note: metrics_test.go moved from tests/unit/metrics/ to internal/prommetrics/ to match the actual package name.	2026-03-12 16:35:37 -04:00
Jeremie Fraeys	8f2495deb0	chore(cleanup): remove obsolete files and update .gitignore Remove deprecated components replaced by new scheduler: - Delete internal/controller/pacing_controller.go (replaced by scheduler/pacing.go) - Delete internal/manifest/schema_test.go (consolidated into tests/unit/) - Delete internal/workertest/worker.go (consolidated into tests/fixtures/) - Update .gitignore with scheduler binary and new patterns	2026-02-26 12:09:18 -05:00
Jeremie Fraeys	4a4d3de8e1	feat(security): Manifest security - nonce generation, environment tracking, schema validation Add cryptographically secure manifest filename nonce generation: - GenerateManifestNonce() creates 16-byte random nonce (32 hex chars) - GenerateManifestFilename() creates unique filenames: run_manifest_<nonce>.json - Prevents enumeration attacks on manifest files Add ExecutionEnvironment struct to manifest: - Captures ConfigHash for reproducibility verification - Records GPU detection method (auto-detected, env override, config, etc.) - Records sandbox settings (NoNewPrivileges, DropAllCaps, NetworkMode) - Records compliance mode and manifest nonce - Records artifact scan exclusions with reason Add JSON Schema validation: - schema.json: Canonical schema for manifest validation - schema_version.go: Schema versioning and compatibility checking - schema_test.go: Drift detection with SHA-256 hash verification - Validates required fields (run_id, environment.config_hash, etc.) - Validates compliance_mode enum values (hipaa, standard) - Validates no negative sizes in artifacts Closes: manifest nonce, environment tracking, scan exclusions from security plan	2026-02-23 19:43:39 -05:00

Author

SHA1

Message

Date

Jeremie Fraeys

ca6ad970c3

refactor: co-locate logging, manifest, network, privacy, prommetrics tests

Move unit tests from tests/unit/ to internal/ following Go conventions:
- tests/unit/logging/* -> internal/logging/* (logging tests)
- tests/unit/manifest/* -> internal/manifest/* (run_manifest, schema tests)
- tests/unit/network/* -> internal/network/* (retry, ssh_pool, ssh tests)
- tests/unit/privacy/* -> internal/privacy/* (pii tests)
- tests/unit/metrics/* -> internal/prommetrics/* (metrics tests)

Update import paths in test files to reflect new locations.

Note: metrics_test.go moved from tests/unit/metrics/ to internal/prommetrics/ to match the actual package name.

2026-03-12 16:35:37 -04:00

Jeremie Fraeys

8f2495deb0

chore(cleanup): remove obsolete files and update .gitignore

Remove deprecated components replaced by new scheduler:
- Delete internal/controller/pacing_controller.go (replaced by scheduler/pacing.go)
- Delete internal/manifest/schema_test.go (consolidated into tests/unit/)
- Delete internal/workertest/worker.go (consolidated into tests/fixtures/)
- Update .gitignore with scheduler binary and new patterns

2026-02-26 12:09:18 -05:00

Jeremie Fraeys

4a4d3de8e1

feat(security): Manifest security - nonce generation, environment tracking, schema validation

Add cryptographically secure manifest filename nonce generation:
- GenerateManifestNonce() creates 16-byte random nonce (32 hex chars)
- GenerateManifestFilename() creates unique filenames: run_manifest_<nonce>.json
- Prevents enumeration attacks on manifest files

Add ExecutionEnvironment struct to manifest:
- Captures ConfigHash for reproducibility verification
- Records GPU detection method (auto-detected, env override, config, etc.)
- Records sandbox settings (NoNewPrivileges, DropAllCaps, NetworkMode)
- Records compliance mode and manifest nonce
- Records artifact scan exclusions with reason

Add JSON Schema validation:
- schema.json: Canonical schema for manifest validation
- schema_version.go: Schema versioning and compatibility checking
- schema_test.go: Drift detection with SHA-256 hash verification
- Validates required fields (run_id, environment.config_hash, etc.)
- Validates compliance_mode enum values (hipaa, standard)
- Validates no negative sizes in artifacts

Closes: manifest nonce, environment tracking, scan exclusions from security plan

2026-02-23 19:43:39 -05:00

3 commits