test(v3): cross-ciphertext equality via per-type doubles fixtures (CIP-3141)#303
Merged
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
tobyhede
force-pushed
the
v3-property-tests-fn-doubles
branch
from
65fe909 to
34d3e9e
Compare
tobyhede
force-pushed
the
v3-property-cross-ciphertext
branch
from
efddeb5 to
c6366d7
Compare
docs-static (source-only SQL doxygen coverage + required-tags) ran on every PR, unlike the other heavy jobs. Its inputs are a strict subset of the changes-job relevant filter — src/**, the crates/** codegen build it depends on, and the tasks/docs/** validator scripts — so a PR that leaves relevant false cannot change its outcome. Gate it on the same flag as the other jobs: consistent, and drops a redundant codegen build on markdown-only PRs without losing coverage. A narrower src/**-only filter was rejected — it would risk a silent false-green (ci-required counts skipped as pass) by skipping on a real input change. Sync .github/workflows/README.md (coverage map, known gaps, recently- closed, operator-setup verification) and the stale validate-job comment.
The cross-ciphertext oracle include_str!s eql_v2_<token>_doubles.sql at compile time, but stub-fixtures.sh only stubbed eql_v2_<token>.sql and the literal .gitignore *.sql entries — neither matches the _doubles glob. So the no-creds matrix-coverage / inventory jobs could not compile the encrypted_domain binary to --list it (rustc: couldn't read eql_v2_int4_doubles.sql, ...). Stub eql_v2_<token>_doubles.sql alongside eql_v2_<token>.sql for every catalog token, consistent with the helper's stub-the-complete-set policy (harmless extras for storage-only tokens with no real doubles fixture).
tobyhede
force-pushed
the
v3-property-cross-ciphertext
branch
from
c6366d7 to
e55f72d
Compare
tobyhede
added a commit
that referenced
this pull request
Jun 20, 2026
test(v3): cross-ciphertext equality via per-type doubles fixtures (CIP-3141)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #293 (function-double oracles). Merge #293 first.
What
Proves "two independent encryptions of one value compare equal" for every comparison-capable
eql_v3scalar, credential-free in the fixture suite — not only in the creds-gated e2e suite.The matrix's curated fixtures have unique plaintexts (the
scalars::*matrix asserts the table equalsfixture_values()exactly), so they can only exercise equality-true on self-pairs (same ciphertext). To cover equality across distinct ciphertexts without fresh test-time encryption, each comparison type gets a tiny sibling tablefixtures.eql_v2_<T>_doubles— the first three catalog values, each encrypted twice — read ONLY by the newproperty::cross_ciphertexttest. The matrix and its curated fixtures are untouched.Covers both equality mechanisms for all 7 types (
int2/int4/int8/date/timestamptz/numeric/text):hm/HMAC via the_eqdomain (assert_eq_oracle),obvia the_ord/_ord_oredomains, where=routes throughcompare_ore_block_256_terms(...) = 0(a structural guarantee — the Lewi-Wu comparator decides equality on deterministic PRP + LEFT bytes only).Changes
fixtures/eql_doubles.rs— per-type non-catalogFixtureSpecgenerators (thev3_numeric_collisionpattern, generalized), wired intofixture:generate:all.fixture_oracle.rs—embedded_doubles_sql/load_doubles_rows.property/cross_ciphertext.rs— the focused test: distinct-ciphertext pair +=/<>through hm and both ORE domains, per type.The generated
eql_v2_<T>_doubles.sqlfixtures are gitignored; CI regenerates them intest:sqlx:prep.Testing
cross_ciphertext_*tests + fixture regen) run in CI.