Incomex AI Portal
KB-6A72

Light Follow-ups · 04 Test Result

3 min read Revision 1
dot-iu-cutterv0.5light-followups-after-ddl-main-fftest-resultg3-pass265-of-265dieu442026-05-20

Light Follow-ups · 04 Test Result

doc 4 of 6 · 2026-05-20 · G3 gate

phase                : G3 — run targeted + full discover
outcome              : G3 PASS — 12/12 targeted, 265/265 discover
production_mutation  : NONE

1. Targeted: tests.test_security_boundaries

$ python3 -m unittest tests.test_security_boundaries -v
test_delete_forbidden … ok
test_truncate_forbidden … ok
test_write_outside_transaction_forbidden … ok
test_production_flag_refused_nonzero … ok
test_cutter_ro_write_forbidden … ok
test_other_privileged_principals_forbidden … ok
test_sanctioned_writers_allowed … ok
test_pipeline_runs_with_cleared_environment … ok
test_production_adapter_refuses_to_construct … ok
test_production_adapter_refuses_with_any_args … ok
test_cli_demo_output_has_no_secret … ok
test_source_has_no_hardcoded_dsn_or_secret … ok
----------------------------------------------------------------------
Ran 12 tests in 0.011s
OK

All 12 PASS — the previously failing test_source_has_no_hardcoded_dsn_or_secret now passes after the G2 refinement (doc 3). The other 11 in the file (refusal-to-connect, append-only, sanctioned-writer set, etc.) PASS unchanged — confirming the refinement did not regress any other security boundary.

2. Full: python3 -m unittest discover -s tests

Ran 265 tests in 0.161s
OK

Baseline before this macro: Ran 265 … FAILED (failures=1) (the PGPASSWORD substring assertion). Post-fix: Ran 265 … OK — full discover is now clean for the first time in the v0.5 line.

3. Static checks

  • py_compile over modified files: implicit (the test module is imported by the test runner; failure to compile would surface as ERROR, none observed).
  • No *.py outside tests/ was modified, so no production module needed recompilation.
  • fingerprints.yaml change is parsed by YAML loaders; doc-03's edit retains valid YAML structure (verified by file size + listing — no YAML parser is invoked at test time; verify_postapply.sql reads it manually).

4. Diff summary

$ git diff --stat HEAD~1 HEAD
 sql/lifecycle/fingerprints.yaml   |  7 ++++++-
 tests/test_security_boundaries.py | 23 +++++++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

5. G3 result

g3_outcome                         : PASS
targeted_test_module               : tests.test_security_boundaries → 12/12 OK
full_discover                      : 265/265 OK (was 264/265)
regression_in_other_tests          : NONE
production_mutation                : NONE
Back to Knowledge Hub knowledge/dev/laws/dieu44-trien-khai/v0.5-light-followups-after-ddl-main-ff/04-test-result-2026-05-20.md