[Repo Assist] test(rust-guard): add list_commits tests for default-branch vs feature-branch integrity#6095
Merged
lpcox merged 1 commit intoMay 20, 2026
Conversation
…e-branch integrity Add two unit tests to response_paths.rs covering the list_commits labeling branch — the only response-path handler that was untested. The sha field drives is_default_branch_ref() → merged-level integrity promotion, which is a security-relevant decision: treating all commits as default-branch would over-elevate integrity labels. Tests added: - list_commits_default_branch_gets_merged_integrity: sha=main → default_labels integrity contains merged:octocat/hello-world; items_path is None (root array) - list_commits_feature_branch_public_repo_has_no_merged_integrity: sha=feature/my-branch → default_labels integrity has no merged: prefix; items_path is None All 413 Rust guard unit tests pass (411 pre-existing + 2 new). Closes #6086 (Improvement 2) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Adds unit test coverage for the Rust guard’s path-based labeling of the list_commits tool response, specifically validating integrity behavior for default-branch vs feature-branch SHAs (a security-relevant distinction).
Changes:
- Added a test ensuring
sha = "main"results in merged-level integrity ondefault_labels. - Added a test ensuring a feature-branch
shain a public repo does not receive merged-level integrity. - Both tests assert
items_pathisNonefor the root-arraylist_commitsresponse shape.
Show a summary per file
| File | Description |
|---|---|
| guards/github-guard/rust-guard/src/labels/response_paths.rs | Adds list_commits unit tests covering default-branch vs feature-branch integrity labeling and root-array items_path behavior. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 0
lpcox
deleted the
repo-assist/test-task9-list-commits-response-paths-2026-05-20-d115ea4bc446fc6e
branch
This was referenced May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🤖 This PR was created by Repo Assist, an automated AI assistant.
Summary
Adds two unit tests to
response_paths.rsfor thelist_commitshandler — the only response-path handler that had zero test coverage (identified in issue #6086, Improvement 2).Why This Matters
The
shafield inlist_commitstool args drivesis_default_branch_ref()→ merged-level integrity promotion. This is a security-relevant decision: a regression that treats all commits as default-branch would silently over-elevate integrity labels, allowing feature-branch commits to be treated as if they had merged status.Tests Added
list_commits_default_branch_gets_merged_integritysha = "main"default_labels.integritycontainsmerged:octocat/hello-world;items_pathisNone(root array)list_commits_feature_branch_public_repo_has_no_merged_integritysha = "feature/my-branch"default_labels.integrityhas nomerged:prefix;items_pathisNoneBoth tests are self-contained and require no backend mocking (the
is_repo_privatebackend returnsNone→falsein#[cfg(test)]).Test Status
(411 pre-existing + 2 new)
Closes #6086 (Improvement 2)