Lines 571-613shell
571assert tf('src/test/java/AppTest.java') and tf('tests/test_flow.py')
572assert tf('src/integrationTest/kotlin/FlowTest.kt') and tf('lib/foo.spec.ts')
573assert tf('Api.Tests/FooTests.cs') and tf('pkg/foo_test.go')
574assert not tf('src/main/java/App.java') and not tf('src/backtest.cpp')
575assert not tf('src/protest.cc') and not tf('Sources/Core/Engine.swift')
577 && { PASS=$((PASS+1)); echo " ok presupuesto solo prod (6 lineas, 1 archivo); tests contados aparte (+302 en 2)"; } \
578 || { FAIL=$((FAIL+1)); echo " FAIL tests dentro del presupuesto de simplicity"; }
580echo "== T33 gate-check: borrado de tests go/dotnet/js tambien bloquea (clasificador unificado) =="
581# gate-check reusa el clasificador de los 9 stacks + TESTDEF ampliado: la promesa
582# 'borrar tests lo bloquea gate-check' vale para TODAS las convenciones, no solo JVM.
583printf -- "diff --git a/pkg/foo_test.go b/pkg/foo_test.go\n--- a/pkg/foo_test.go\n+++ /dev/null\n@@ -1,2 +0,0 @@\n-func TestFoo(t *testing.T) {\n-\tassertEqual(t, 1, 1)\n" > del-go.diff
584chk "delete de foo_test.go (Go) -> BLOCKER" 1 run gate-check --diff del-go.diff
585printf -- "diff --git a/Api.Tests/CalcTests.cs b/Api.Tests/CalcTests.cs\n--- a/Api.Tests/CalcTests.cs\n+++ /dev/null\n@@ -1,2 +0,0 @@\n-[Fact]\n-public void Suma_Valida() { Assert.Equal(2, Calc.Suma(1,1)); }\n" > del-cs.diff
586chk "delete de Api.Tests/*.cs (xunit [Fact]) -> BLOCKER" 1 run gate-check --diff del-cs.diff
587printf -- "diff --git a/__tests__/flow.test.ts b/__tests__/flow.test.ts\n--- a/__tests__/flow.test.ts\n+++ /dev/null\n@@ -1,2 +0,0 @@\n-it('valida el flujo', () => {\n- expect(flow()).toBe(true);\n" > del-ts.diff
588chk "delete de __tests__/*.test.ts (it/expect) -> BLOCKER" 1 run gate-check --diff del-ts.diff
590echo "== T34 gate-check: secret-scan (Topic 43) — secretos agregados bloquean como hecho =="
591printf -- "diff --git a/src/cfg.py b/src/cfg.py\n--- a/src/cfg.py\n+++ b/src/cfg.py\n@@ -0,0 +1,1 @@\n+AWS_KEY = \"AKIAIOSFODNN7EXAMPLE\"\n" > sec-akia.diff
CriticalCritical Secret
Package contains a critical-looking secret pattern.
uscha-kit/tests/smoke-engine.shView on unpkg · L591 CriticalSecret Pattern
AWS access key ID in uscha-kit/tests/smoke-engine.sh
uscha-kit/tests/smoke-engine.shView on unpkg · L591 592chk "AWS access key agregada -> BLOCKER" 1 run gate-check --diff sec-akia.diff
593printf -- "diff --git a/deploy/id_rsa b/deploy/id_rsa\n--- /dev/null\n+++ b/deploy/id_rsa\n@@ -0,0 +1,1 @@\n+-----BEGIN PRIVATE KEY-----\n" > sec-pem.diff
CriticalSecret Pattern
RSA private key in uscha-kit/tests/smoke-engine.sh
uscha-kit/tests/smoke-engine.shView on unpkg · L593 594chk "clave privada PEM agregada -> BLOCKER" 1 run gate-check --diff sec-pem.diff
595printf -- "diff --git a/certs/client.p12 b/certs/client.p12\nindex 0000000..1111111 100644\nBinary files a/certs/client.p12 and b/certs/client.p12 differ\n" > sec-p12.diff
596chk "contenedor .p12 binario agregado -> BLOCKER" 1 run gate-check --diff sec-p12.diff
597printf -- "diff --git a/certs/old.p12 b/certs/old.p12\ndeleted file mode 100644\nindex 1111111..0000000\nBinary files a/certs/old.p12 and /dev/null differ\n" > sec-del.diff
598chk "BORRAR un .p12 no bloquea (sacar secretos es bueno)" 0 run gate-check --diff sec-del.diff
599printf -- "diff --git a/src/cfg.py b/src/cfg.py\n--- a/src/cfg.py\n+++ b/src/cfg.py\n@@ -0,0 +1,1 @@\n+password = \"hunter2secreto\"\n" > sec-lit.diff
600chk "literal password generico -> REVIEW exit 0 (advisory)" 0 run gate-check --diff sec-lit.diff
601chk "literal password generico + --strict -> exit 1" 1 run gate-check --diff sec-lit.diff --strict
603echo "== T35 ledger atomico: checksum de integridad + carga blindada =="
604# el ledger recien escrito trae integrity y carga verificado
605chk "ledger con integrity carga OK" 0 run summary
606# mutacion EXTERNA (JSON valido, contenido cambiado, hash viejo) -> bloquea
609d = json.load(open('QA-LEDGER.json', encoding='utf-8'))
610assert 'integrity' in d and d['integrity']['sha256'], 'falta integrity en ledger nuevo'
611d['config']['defaults']['coverage_threshold'] = 1
612json.dump(d, open('QA-LEDGER.json', 'w', encoding='utf-8'))"
613chk "mutacion externa (checksum roto) -> bloquea exit 1" 1 run summary