Skip to content

test(mcp-scan): pin per-finding HIGH severity so a downgrade can't silently disarm the gate (#4)#125

Merged
ruvnet merged 1 commit into
mainfrom
test/mcp-scan-per-finding-severity
Jul 7, 2026
Merged

test(mcp-scan): pin per-finding HIGH severity so a downgrade can't silently disarm the gate (#4)#125
ruvnet merged 1 commit into
mainfrom
test/mcp-scan-per-finding-severity

Conversation

@ruvnet

@ruvnet ruvnet commented Jul 7, 2026

Copy link
Copy Markdown
Owner

What / why

Closes a mutation-surfaced test gap from the AQE beta feedback (#4). mcp-scan is the CI security gate — mcpScanCmd exits 1 iff a HIGH finding is present. Mutation testing showed the allow-shell HIGH→MEDIUM mutant survives: the tests assert finding IDs + the aggregate worst, and the "flags shell access" case has three co-occurring HIGH findings, so downgrading allow-shell leaves worst still HIGH and goes unnoticed — the gate would silently stop blocking on shell access.

Change (test-only)

  • allow-shell ALONE: a clean default-deny policy with only allowShell:trueallow-shell is the sole non-info finding, so its severity is asserted directly (high), worst is high, and mcpScanCmd exits 1. This can't hide behind another HIGH.
  • each security-critical rule (no-policy, no-default-deny, wildcard-tool-perm) keeps its HIGH severity.

Mutation-kill verified

Downgrading allow-shell to medium in mcp-scan.ts makes the new test fail; it passes on the real code. (Verified locally, then reverted.)

Tests

Full create-agent-harness suite 363/363; tsc clean. No behaviour change.

🤖 Generated with claude-flow

…lently disarm the gate (#4)

Beta feedback #4 (mutation finding): mcp-scan is the CI security gate — mcpScanCmd exits 1 iff a HIGH
finding is present. Mutation testing showed that downgrading the `allow-shell` rule HIGH→MEDIUM SURVIVES
the suite: the existing tests assert finding IDs + the aggregate `worst`, and the "flags shell access"
case carries three co-occurring HIGH findings, so an allow-shell downgrade leaves `worst` still HIGH and
goes unnoticed — the gate would silently stop blocking on shell access.

Adds two mutation-killing tests:
- allow-shell ALONE (clean default-deny policy + allowShell:true) is the SOLE non-info finding, so its
  severity is asserted directly (`high`), `worst` is `high`, and `mcpScanCmd` exits 1. Verified: this
  test FAILS when allow-shell is mutated to `medium` and PASSES on the real code.
- each security-critical rule (no-policy, no-default-deny, wildcard-tool-perm) keeps its HIGH severity.

Test-only; no behaviour change. Full create-agent-harness suite 363/363; tsc clean.

Co-Authored-By: claude-flow <ruv@ruv.net>
@ruvnet ruvnet merged commit 6a4d43e into main Jul 7, 2026
25 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant