code_public/ja4-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: update copilot-instructions with integration tests, gotchas, comment standard

Browse Source 
- Add make test-integration* commands
- Add SKIP_TESTS=true fast build flag
- Add 'Comments standard' section referencing docs/commenting-standard.md
- Add 'Known gotchas' section with 6 non-obvious issues:
  * go.work build context must include both sentinel + correlator
  * YAML does not expand env vars in Go (hardcode DSN)
  * REGEXP_TREE dict requires >=1 rule or inserts fail
  * pcap only captures non-loopback traffic
  * ClickHouse init needs 120s timeout
  * RPM builds must use Rocky Linux (libpcap.so.1 vs .so.0.8)
  * FLAT() layout requires numeric keys (use COMPLEX_KEY_HASHED for strings)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
toto
2026-04-07 21:42:54 +02:00
parent 3b8c06b86d
commit 69940bf18b
1 changed files with 40 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.github/copilot-instructions.md vendored
View File

@ -32,9 +32,17 @@ docker run --rm -v $(pwd):/build -w /build/services/correlator golang:1.24 \
docker build -f services/dashboard/Dockerfile.tests -t dash-tests . docker build -f services/dashboard/Dockerfile.tests -t dash-tests .
docker run --rm dash-tests pytest backend/tests/test_metrics.py -v -k test_health docker run --rm dash-tests pytest backend/tests/test_metrics.py -v -k test_health
# Faster correlator build (skip tests):
docker build --target builder --build-arg SKIP_TESTS=true -f services/correlator/Dockerfile .
# Linting (Go only — no Python linter configured) # Linting (Go only — no Python linter configured)
cd services/sentinel && go vet ./... && gofmt -l . cd services/sentinel && go vet ./... && gofmt -l .
cd services/correlator && go vet ./... && gofmt -l . cd services/correlator && go vet ./... && gofmt -l .
# Full-stack integration tests (Docker Compose, resets DB each run)
make test-integration # runs tests/integration/run-tests.sh → down -v + up + traffic + verify
make test-integration-keep # same but leaves stack running after
make test-integration-down # tear down integration stack
``` ```
## Architecture ## Architecture
@ -136,3 +144,35 @@ Services communicate via **Unix sockets**, not HTTP:
### Sentinel requires elevated privileges ### Sentinel requires elevated privileges
Tests need `--cap-add=NET_RAW --cap-add=NET_ADMIN` for packet capture (pcap). Tests need `--cap-add=NET_RAW --cap-add=NET_ADMIN` for packet capture (pcap).
## Comments standard
All code is commented in **French** (identifiers stay in English). Standard defined in `docs/commenting-standard.md`:
- **Go**: godoc `// FuncName does X`, package-level `// Package foo fournit...`
- **Python**: PEP-257 triple-quoted French docstrings on all functions/classes/modules
- **C**: Doxygen `/** @brief ... @param ... @return ... */` before every function, `/* ====== Section ====== */` banners
- **Bash**: standardized header block with `Usage:` and `Variables d'environnement:`
- **SQL**: `-- === filename.sql — description ===` banner + `-- --- Table ---` section headers
## Known gotchas
### go.work and Docker build contexts
When building either `sentinel` or `correlator` in Docker, the build context must include **both** service directories because `go.work` references them both. The root-level Makefiles always use `.` (repo root) as context — don't change this.
### Correlator YAML does not expand env vars
Go's YAML parser reads `${VAR:-default}` as a **literal string**. Use hardcoded values or pass values directly in the YAML file. This is why `tests/integration/platform/correlator.yml` has a hardcoded DSN.
### REGEXP_TREE dictionary requires ≥1 rule
`dict_anubis_ua` uses `LAYOUT(REGEXP_TREE)`. If `anubis_ua_rules` is empty, **every INSERT into `http_logs_raw` fails** because the materialized view `mv_http_logs` calls `dictGet()` on it. The integration test init script seeds a catch-all rule.
### TLS/pcap capture needs non-loopback traffic
`sentinel` listens on a network interface (e.g., `eth0`), not loopback. Traffic sent to `localhost` or `127.0.0.1` from the same container is invisible to pcap. In integration tests, traffic must come from a separate container crossing the Docker bridge network.
### ClickHouse initialization timing
ClickHouse takes ~15-20s to initialize all 10 SQL files. Integration health checks use a 120s timeout (not the default 60s).
### RPM builds must use Rocky Linux
All `Dockerfile.package` files use `rockylinux:9` (or `rockylinux:8`/`almalinux:10`) as the build base — never Debian-based images. Reason: Rocky provides `libpcap.so.1`; Debian provides `libpcap.so.0.8`. Building sentinel on Debian and running on Rocky produces a missing library error at runtime.
### ClickHouse `FLAT()` layout requires numeric keys
If adding a new dictionary with a `String` primary key, use `COMPLEX_KEY_HASHED()` not `FLAT()`.