Quality & Testing

OpenPawz maintains enterprise-grade quality gates. Every commit is validated by a 3-job CI pipeline and must pass all checks before merging.

CI Pipeline

Job	Steps	Timeout
Rust	`cargo check` → `cargo test` → `cargo clippy -D warnings`	15 min
TypeScript	`tsc --noEmit` → `eslint` → `vitest run` → `prettier --check`	10 min
Security	`cargo audit` → `npm audit`	5 min

All three jobs run in parallel on every push. All must pass.

Test Suite

Layer	Count	What’s covered
Rust unit tests	124	Cryptography, injection detection, DeFi primitives, access control, routing, retry logic
Rust integration tests	40	Session lifecycle, memory roundtrip, tool classification, config persistence
TypeScript tests	366	Risk classifier, injection patterns, command parsing, view modules, error handling
Total	530

Rust Test Modules

Module	Description
`security.rs`	AES-256-GCM encryption, key derivation, nonce generation
`injection.rs`	30+ prompt injection patterns, severity classification
`access_control.rs`	Agent policy enforcement, tool allowlist/denylist
`retry.rs`	Exponential backoff, circuit breaker, jitter
`providers/`	Provider routing, fallback chains, streaming
`channels/`	Bridge lifecycle, message routing, user sessions
`trading/`	Honeypot detection, swap primitives, wallet signing
`memory/`	BM25 search, vector similarity, temporal decay

Running Tests

# All TypeScript tests
npx vitest run

# All Rust tests
cd src-tauri && cargo test

# Single Rust test module
cd src-tauri && cargo test --lib security

# With output
cd src-tauri && cargo test -- --nocapture

Linting

# TypeScript
npx tsc --noEmit          # Type check
npx eslint .              # Lint
npx prettier --check .    # Format check

# Rust
cd src-tauri && cargo clippy -- -D warnings
cd src-tauri && cargo fmt --check

Zero clippy warnings enforced. Zero known CVEs. Dependabot enabled for automated dependency updates.

Enterprise Hardening

Area	Implementation
Encryption	AES-256-GCM with 12-byte random nonce per field. Key stored in OS keychain.
Error handling	12-variant `EngineError` enum via `thiserror` — no `Result<T, String>` in the engine.
Retry logic	Exponential backoff with jitter (1s base, 30s max, 3 retries). Circuit breaker after 5 failures.
Logging	Daily rotation, 7-day pruning, structured format, in-app log viewer.
Keychain	Hard-fail on missing OS keychain — no silent plaintext fallback.
Warnings	`cargo clippy -- -D warnings` enforced in CI on every commit.

See ENTERPRISE_PLAN.md for the complete hardening audit.

Reference

​Quality & Testing

​CI Pipeline

​Test Suite

​Rust Test Modules

​Running Tests

​Linting

​Enterprise Hardening