Skip to content

Sync OSS release

Sync OSS release #46

Workflow file for this run

name: Test
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- run: cargo fmt --check
- run: cargo clippy --workspace -- -D warnings
- run: cargo test --workspace
fuzz:
runs-on: ubuntu-latest
needs: test
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install protoc
run: sudo apt-get update && sudo apt-get install -y protobuf-compiler
# Pin nightly to avoid str::as_str() breakage in shellexpand 3.1.1
# (rust-lang/rust#152961). Unpin once revert #152963 lands in nightly.
- uses: dtolnay/rust-toolchain@nightly
with:
toolchain: nightly-2026-02-21
- uses: Swatinem/rust-cache@v2
with:
workspaces: tools/fuzz
- name: Install cargo-fuzz
run: cargo install cargo-fuzz
- name: Fuzz (short CI run)
run: |
cd tools/fuzz
for target in \
policy_parser \
fail_closed_tool_invocation \
tofu_key_substitution \
slack_signature_verification \
enforcement_policy_matrix \
dsl_lexer_parser \
schema_verification_garbage \
sensitive_arg_masking \
tool_substitution_detection \
dsl_structure_aware \
sse_jsonrpc_parsing \
schemapin_keystore_roundtrip; do
echo "--- Fuzzing $target (15s) ---"
cargo fuzz run --fuzz-dir . "$target" -- -max_total_time=15 || exit 1
done