Skip to content

test(sf): close 6 L302-audit content-vs-uniqueness gaps in one chokepoint module#328

Merged
cipher813 merged 1 commit into
mainfrom
feat-l302-sf-payload-uniqueness-260527
May 27, 2026
Merged

test(sf): close 6 L302-audit content-vs-uniqueness gaps in one chokepoint module#328
cipher813 merged 1 commit into
mainfrom
feat-l302-sf-payload-uniqueness-260527

Conversation

@cipher813
Copy link
Copy Markdown
Owner

@cipher813 cipher813 commented May 27, 2026

Summary

Closes the remaining 6 findings from the 2026-05-27 wider L302 audit (P0 retrospective on PR #317's content-vs-uniqueness CI gap that caused the 2026-05-26 dup-EB-target trading-day miss). PR #322 closed the EventBridge target instance; this closes the meta-pattern across the rest of this repo's CI.

New module `tests/test_sf_payload_uniqueness.py` with 29 tests across 6 classes — one per audit finding:

Class L302 Finding What it closes
`TestSaturdaySFPayloadFieldSetsClosed` F2 eval_judge_wiring + F4 aggregate_costs + cross-cutting Lambda Payload field-set drift across all 14 Saturday SF Lambda calls
`TestWeekdaySFPayloadFieldSetsClosed` (extension) Lambda Payload field-set drift across 6 weekday SF Lambda calls
`TestSFRoleInvokeFunctionStatementCount` F3 iam_lambda_grants Exactly 1 `lambda:InvokeFunction` Statement in `alpha-engine-step-functions-role.json` (catches stale overlapping ARN statements from pre-2026 refactors)
`TestWeekdaySSMFlowDoctorOrdering` F5 ssm_pipefail_wiring `FLOW_DOCTOR_ENABLED=1` in first 3 commands (closes 2026-05-11 ordering-incident recurrence path)
`TestEODSFTopLevelFieldsClosed` F6 eod_substrate_check_wiring Top-level `$.field` namespace closed across input + intermediate ResultPath fields (catches silent collisions)
`TestSaturdaySFSpotStateCount` F7 friday_shell_run_wiring Exactly 8 spot-launching states (catches orphaned legacy state from incomplete refactor)

Shape per surface: pin a closed registry of expected keys/states, fail loud when actual diverges. Mirrors PR #322's `TestCFNTargetUniqueness` pattern; same chokepoint shape applied to 6 more surfaces.

Test plan

  • All 29 new tests pass locally
  • Full suite passes (1596 passed, 1 skipped)
  • Registry-and-actual drift tests fire correctly (verified: dropping a Payload field from the SF JSON causes the corresponding `test_payload_keys_match_registry[State]` test to fail loud)
  • On merge: future PRs touching SF Payloads must update the registry in the same PR — that's the contract this PR codifies

Composes with #322, the L258 PRs (#327 + research #239), [[reference-eventbridge-target-uniqueness-invariant]], [[feedback-mocked-tests-dont-validate-external-api-contract]], [[feedback-audit-findings-become-roadmap-followups]] and the L302 P0-retrospective entry in ROADMAP.

🤖 Generated with Claude Code

@cipher813 @claude
test(sf): close 6 L302-audit content-vs-uniqueness gaps in one chokep…
b501b22 
…oint module

Closes the remaining 6 findings from the 2026-05-27 wider L302 audit
(P0 retrospective on PR #317's content-vs-uniqueness CI gap that
caused the 2026-05-26 dup-EB-target trading-day miss). PR #322 closed
the EventBridge target instance; this closes the meta-pattern across
the rest of this repo's CI: tests pin WHAT was put, not HOW MANY were
put or whether anything ELSE was put.

New module tests/test_sf_payload_uniqueness.py with 29 tests across
6 classes — one per audit finding:

| Class | L302 Finding | What it closes |
|---|---|---|
| TestSaturdaySFPayloadFieldSetsClosed | F2 eval_judge_wiring + F4 aggregate_costs + cross-cutting | Lambda Payload field-set drift across all 14 Saturday SF Lambda calls |
| TestWeekdaySFPayloadFieldSetsClosed | (extension) | Lambda Payload field-set drift across 6 weekday SF Lambda calls |
| TestSFRoleInvokeFunctionStatementCount | F3 iam_lambda_grants | exactly 1 lambda:InvokeFunction Statement in alpha-engine-step-functions-role.json (catches stale overlapping ARN statements from pre-2026 refactors) |
| TestWeekdaySSMFlowDoctorOrdering | F5 ssm_pipefail_wiring | FLOW_DOCTOR_ENABLED=1 in first 3 commands (closes 2026-05-11 ordering-incident recurrence path) |
| TestEODSFTopLevelFieldsClosed | F6 eod_substrate_check_wiring | top-level $.field namespace closed across input + intermediate ResultPath fields (catches silent collisions) |
| TestSaturdaySFSpotStateCount | F7 friday_shell_run_wiring | exactly 8 spot-launching states (catches orphaned legacy state from incomplete refactor) |

Shape per surface: pin a closed registry of expected keys/states,
fail loud when actual diverges. Mirrors PR #322's
TestCFNTargetUniqueness pattern; same chokepoint shape applied to
6 more surfaces.

Suite: 1567 → 1596 passed (+29 net).

Composes with #322, [[reference-eventbridge-target-uniqueness-invariant]],
[[feedback-mocked-tests-dont-validate-external-api-contract]],
[[feedback-audit-findings-become-roadmap-followups]] and the L302
P0-retrospective entry in ROADMAP.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@cipher813 cipher813 merged commit a7ebcce into main May 27, 2026
1 check passed
@cipher813 cipher813 deleted the feat-l302-sf-payload-uniqueness-260527 branch May 27, 2026 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@cipher813