Testing
CI structure
Section titled “CI structure”Three lanes, ~2 minutes total:
build-and-core-tests (85s) → strict-compile-fail (30s)supply-chain-audit (25s, parallel)Build + Core Tests
Section titled “Build + Core Tests”175 tests across the main crate and judge-service. Single-threaded to prevent workspace race conditions.
Compile-Fail (Typestate)
Section titled “Compile-Fail (Typestate)”Verifies that skipping or reordering typestate steps produces compiler errors. Uses trybuild.
Supply Chain Audit
Section titled “Supply Chain Audit”- Unsafe boundary audit - fails if
verdict/contains anyunsafeblocks - Dependency audit (cargo-deny) - CVE checks, license validation, source verification
Local testing
Section titled “Local testing”# All tests (permissive, no root)cargo test --all -- --nocapture
# Strict mode (requires root)sudo cargo test --test integration_execution -- --test-threads=1 --include-ignored
# Unsafe auditbash scripts/unsafe-audit.sh
# Dependency auditcargo deny checkFuzz targets
Section titled “Fuzz targets”Three targets in fuzz/ for local use (not in CI):
cargo +nightly fuzz run fuzz_verdict # verdict classifiercargo +nightly fuzz run fuzz_config_deser # config JSON parsingcargo +nightly fuzz run fuzz_binding_parse # directory binding parserTest tiers
Section titled “Test tiers”| Tier | Count | When | How |
|---|---|---|---|
| Unit | 108 | Every push | cargo test --all |
| Integration (permissive) | 19 | Every push | cargo test --test integration_execution |
| Integration (strict) | 7 | Manual / pre-release | sudo ... --include-ignored |
| Compile-fail | - | Every push | cargo test --test trybuild |
| Fuzz | - | Before parser changes | cargo +nightly fuzz run |
| Supply chain | - | Every push | cargo deny check + scripts/unsafe-audit.sh |