enhanced tests adn CI

ehsan6sha · ehsan6sha · commit 6f0168d217ad · 2026-04-26T13:18:38.000-04:00
diff --git a/.github/clippy-wasm/clippy.toml b/.github/clippy-wasm/clippy.toml
@@ -0,0 +1,11 @@
+# WASM-only clippy configuration.
+#
+# Loaded by the `test-wasm` job in flutter-ci.yml via CLIPPY_CONF_DIR. Bans
+# stdlib time APIs that compile cleanly on wasm32-unknown-unknown but panic at
+# runtime with "time not implemented on this platform". Native clippy never
+# loads this file, so heartbeat/WAL/retry-backoff code that's
+# `#[cfg(not(target_arch = "wasm32"))]`-gated remains free to use SystemTime.
+disallowed-methods = [
+    { path = "std::time::Instant::now", reason = "panics on wasm32; use web_time::Instant::now()" },
+    { path = "std::time::SystemTime::now", reason = "panics on wasm32; use fula_crypto::time::now_timestamp() or web_time" },
+]
diff --git a/.github/workflows/flutter-ci.yml b/.github/workflows/flutter-ci.yml
@@ -41,11 +41,14 @@ jobs:
           shared-key: rust-ci
 
       - name: Run Rust tests
-        run: |
-          cargo test -p fula-flutter --lib
-          cargo test -p fula-js --lib
-          cargo test -p fula-client --lib
-          cargo test -p fula-crypto --lib
+        # `--workspace --all-targets` covers lib + integration tests under each
+        # crate's tests/ AND the workspace-root tests/. The previous
+        # `-p X --lib` form silently excluded tests/migration_tests.rs and the
+        # rest of the integration suite, so bugs that integration tests would
+        # have caught (including v1→v7 migration correctness on native) never
+        # gated PRs. `--no-fail-fast` lets every failure report on the first
+        # run with the broader scope.
+        run: cargo test --workspace --all-targets --no-fail-fast
 
   # Test WASM compilation (fula-js npm package)
   test-wasm:
@@ -79,6 +82,46 @@ jobs:
           grep -q "deriveKey" crates/fula-js/pkg/fula_js.d.ts
           echo "All expected exports found!"
 
+      # Layer 1: ban panic-on-wasm stdlib time APIs at compile time.
+      # The disallowed-methods config lives at `.github/clippy-wasm/clippy.toml`
+      # and is loaded only here via `CLIPPY_CONF_DIR`, so native clippy never
+      # sees the bans (cfg(not(target_arch = "wasm32"))-gated heartbeat / WAL /
+      # retry-backoff code in encryption.rs is free to keep using SystemTime).
+      # Two clippy invocations are needed because fula-crypto's default features
+      # include `tokio-runtime`, which doesn't compile on wasm32. The other
+      # crates pull fula-crypto with `default-features = false, features = ["wasm"]`
+      # via target-conditional deps, but a direct `-p fula-crypto` would use its
+      # own defaults. We use `-D clippy::disallowed_methods` (not `-D warnings`)
+      # to scope the failure mode to the panic-on-wasm bug class only — pre-existing
+      # style/idiom warnings in the workspace shouldn't gate this PR.
+      #
+      # `--lib` only: integration tests under `tests/` pull in tokio with full
+      # features and don't compile on wasm32. The lint applies to library code,
+      # which is what actually ships into the browser bundle.
+      - name: WASM clippy — fula-client / fula-flutter / fula-js
+        env:
+          CLIPPY_CONF_DIR: ${{ github.workspace }}/.github/clippy-wasm
+        run: |
+          cargo clippy --target wasm32-unknown-unknown \
+            -p fula-client -p fula-flutter -p fula-js \
+            --lib -- -D clippy::disallowed_methods
+
+      - name: WASM clippy — fula-crypto (forced wasm features)
+        env:
+          CLIPPY_CONF_DIR: ${{ github.workspace }}/.github/clippy-wasm
+        run: |
+          cargo clippy --target wasm32-unknown-unknown \
+            -p fula-crypto --no-default-features --features wasm \
+            --lib -- -D clippy::disallowed_methods
+
+      # Layer 2: actually exercise the time wiring at runtime in a browser.
+      # Catches dependency-config regressions clippy can't see (e.g. someone
+      # later sets default-features = false on chrono and drops `wasmbind`).
+      - name: Install Firefox + geckodriver for wasm-pack test
+        uses: browser-actions/setup-firefox@v1
+      - name: WASM runtime smoke tests
+        run: wasm-pack test --headless --firefox crates/fula-flutter
+
   # Generate and validate Dart bindings
   generate-bindings:
     runs-on: ubuntu-latest
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/fula-flutter/Cargo.toml b/crates/fula-flutter/Cargo.toml
@@ -53,6 +53,9 @@ async-lock = "3.4"
 [dev-dependencies]
 # For WASM tests
 wasm-bindgen-test = "0.3"
+# Used by tests/wasm_time_smoke.rs to assert that the wasm-incompat stdlib
+# time APIs aren't re-introduced into the migration path.
+web-time = "1"
 
 [features]
 default = []
diff --git a/crates/fula-flutter/tests/wasm_time_smoke.rs b/crates/fula-flutter/tests/wasm_time_smoke.rs
@@ -0,0 +1,52 @@
+//! WASM regression tests for the v1→v7 forest migration time-API panic.
+//!
+//! Background: `std::time::Instant::now()` and `std::time::SystemTime::now()`
+//! compile cleanly on `wasm32-unknown-unknown` but panic at runtime with
+//! "time not implemented on this platform". The migration code path used both
+//! at module level (un-gated by `cfg(not(target_arch = "wasm32"))`), so any
+//! browser user listing a v1-format bucket panicked the WASM module.
+//!
+//! These tests exercise the public surface of the time wiring so a regression
+//! that drops `web-time` from `fula-client`'s deps, removes the `wasmbind`
+//! feature on chrono, or re-introduces a raw stdlib time call inside an
+//! ungated code path will fail CI's `wasm-pack test` step instead of
+//! reaching production.
+//!
+//! Run with: `wasm-pack test --headless --firefox crates/fula-flutter`
+
+#![cfg(target_arch = "wasm32")]
+
+use wasm_bindgen_test::*;
+
+wasm_bindgen_test_configure!(run_in_browser);
+
+/// Validates that `web_time::Instant::now()` — the replacement for
+/// `std::time::Instant::now()` at `fula-client/src/encryption.rs:3600` — wires
+/// through to `performance.now()` without panicking.
+#[wasm_bindgen_test]
+fn web_time_instant_now_does_not_panic() {
+    let _ = web_time::Instant::now();
+}
+
+/// Validates that `fula_crypto::time::now_timestamp()` — the wrapper used at
+/// `fula-crypto/src/private_forest.rs:292, 368, 1125, 1350` — returns a
+/// plausible Unix timestamp from the JS Date API on WASM.
+#[wasm_bindgen_test]
+fn fula_crypto_now_timestamp_returns_current_seconds() {
+    let ts = fula_crypto::time::now_timestamp();
+    assert!(
+        ts > 1_700_000_000,
+        "expected a post-2023 Unix timestamp, got {ts}",
+    );
+}
+
+/// Constructs a `PrivateForest` via the public `with_format` constructor
+/// (`fula-crypto/src/private_forest.rs:287`). Before the fix, that constructor
+/// called `std::time::SystemTime::now().duration_since(...)` at line 292 and
+/// panicked under WASM. The fix routes through `crate::time::now_timestamp()`;
+/// this test catches a regression that re-introduces the raw stdlib call.
+#[wasm_bindgen_test]
+fn private_forest_with_format_does_not_panic_on_wasm() {
+    use fula_crypto::{ForestFormat, PrivateForest};
+    let _ = PrivateForest::with_format(ForestFormat::FlatMapV1);
+}
