Skip to content

orch-446: boundary enforcement follow-up (semgrep, CLI DI, testutil mocks)#427

Merged
proboscis merged 1 commit intomainfrom
issue/orch-446/run-20260213-094446
Feb 13, 2026
Merged

orch-446: boundary enforcement follow-up (semgrep, CLI DI, testutil mocks)#427
proboscis merged 1 commit intomainfrom
issue/orch-446/run-20260213-094446

Conversation

@proboscis
Copy link
Owner

@proboscis proboscis commented Feb 13, 2026

Summary

Follow-up for orch-446 after the effect-boundary refactor:

  • broadened raw exec boundary enforcement in semgrep
  • converted CLI capture-all, resolve, and ps to per-command deps injection (removed global getAPIFunc)
  • made PR cache public entrypoints injectable by github.Client
  • updated daemon branch-state enrichment to use shared runner context
  • made internal/testutil generated mocks importable as regular .go files
  • added reusable testutil.TestHelperProcess for FakeExecutor

What changed

1) Semgrep: broad raw exec rule

  • Replaced narrow daemon-only git exec rule with:
    • no-raw-exec-in-boundary-layers
    • matches exec.Command(...) and exec.CommandContext(...)
    • applies to internal/daemon/, internal/cli/, internal/monitor/
    • explicit allowlist exclusions for known UI/process-launch exceptions

File:

  • .semgrep/architecture.yaml

2) Generated mocks: _test.go -> .go

  • Updated go:generate outputs in internal/testutil/generate.go
  • Regenerated and renamed:
    • internal/testutil/mock_orchapi.go
    • internal/testutil/mock_store.go
    • internal/testutil/mock_multiplexer.go
    • internal/testutil/mock_git_runner.go
    • internal/testutil/mock_github_client.go

3) CLI DI: removed global mutable API override

  • Removed getAPIFunc from internal/cli/root.go
  • Added deps structs and ...WithDeps execution paths for:
    • capture_all.go (captureDeps)
    • resolve.go (resolveDeps)
    • ps.go (psDeps)
  • Updated tests to inject API via deps instead of mutating global state

4) PR cache injectable public entrypoints

  • Added:
    • PopulateRunInfoWithClient(client github.Client, runs []*model.Run) InfoMap
    • LookupInfoWithClient(client github.Client, repoRoot, branch string) (*Info, error)
  • Kept existing wrappers using default singleton client
  • Added unit coverage in internal/pr/cache_test.go

5) computeBranchState wrapper shared-runner path

  • computeBranchState now accepts optional runner variadically
  • enrichRunProto now takes runner and uses shared s.gitRunner
  • Updated handleProtoGetRun and handleProtoGetRunByShortID callsites

6) FakeExecutor helper

  • Added testutil.TestHelperProcess(t *testing.T) in internal/testutil/fake_executor.go
  • Keeps helper logic in one reusable place for tests using FakeExecutor

Acceptance criteria verification

  • Semgrep catches raw exec.Command/exec.CommandContext across boundary layers with allowlist

    • Rule added in .semgrep/architecture.yaml
    • Verification:
      • make lint => pass (0 findings)

  • Generated mocks are importable .go files

    • Verification:
      • ls -1 internal/testutil/mock_*.go
      • go build ./... => pass

  • CLI commands use per-command deps structs and getAPIFunc removed

    • Verification:
      • rg -n "getAPIFunc" internal/cli -g'*.go' => no matches
      • deps added in capture_all.go, resolve.go, ps.go

  • pr/cache.go public functions accept injectable github.Client

    • Verification:
      • new functions present in internal/pr/cache.go
      • tests: go test ./internal/pr => pass

  • computeBranchState uses shared runner from caller context

    • Verification:
      • enrichRunProto(..., runner) + callsites pass s.gitRunner
      • computeBranchState(..., runner ...git.Runner) present

  • FakeExecutor includes helper process

    • Verification:
      • internal/testutil/fake_executor.go contains TestHelperProcess

  • make lint passes

    • make lint => pass (0 findings)

  • go build ./... passes

    • go build ./... => pass

  • go test ./... passes (excluding known pre-existing failures)

    • go test ./... currently fails in pre-existing/unrelated tests:
      • internal/cli: TestBuildAgentPromptCustomTemplate
      • internal/cli: TestApplyConfigDefaultsFallbacks
    • Changed-area tests pass:
      • go test ./internal/cli -run 'TestRunCaptureAllJSON|TestRunCaptureAllPlain|TestRunResolve|TestOutputTableTruncatesSummary|TestOutputTableUsesTopic|TestOutputTableTruncatesTopicChars|TestRunPsShowsAllIssuesByDefault|TestRunPsAllIncludesResolvedIssues'
      • go test ./internal/pr
      • go test ./internal/daemon
      • go test ./internal/multiplexer

Issue link

  • orch-446

@proboscis proboscis merged commit df77084 into main Feb 13, 2026
1 of 2 checks passed
@proboscis proboscis deleted the issue/orch-446/run-20260213-094446 branch February 13, 2026 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@proboscis