CI: add cross-port byte-exact interop checks#19
Merged
Conversation
Two new safeguards for the canonical 966-byte PCF-SIG vector that every
port ships under testdata/canonical.bin:
(1) Rust workspace test
reference/PCF-SIG-v1.0/tests/cross_port_testdata.rs runs as part of
`cargo test --workspace`. It compiles the reference vector via
include_bytes! and asserts that the copies shipped by the .NET, PHP
and TypeScript ports are byte-identical. Catches the easy regression
where someone regenerates the reference vector but forgets to
propagate it to one or more ports. Fast (one file read each) and
requires no new toolchains.
(2) New workflow .github/workflows/cross-port-interop.yml
Installs Rust + Node 22 + PHP 8.3 + .NET 8 in a single Ubuntu job,
generates the canonical vector from each language's writer to a
fresh path, and asserts:
- every output's sha256 matches the spec-pinned
b158e2f5...1307 expected value
- every pair of outputs is byte-for-byte equal
Catches writer-side drift that the per-port suites would miss if a
port's own testdata happened to match its (also drifted) writer.
Triggered on changes that touch any pcf-sig directory or the
workflow itself.
Both checks are independent and cheap relative to the assurance they
provide: any future minor-version bump that regenerates the canonical
vector now has CI as a single source of truth for byte-exact agreement
across all four implementations.
https://claude.ai/code/session_01ST4PcjqvobURus32WuyEi5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to #10 — adds the two safeguards I sketched in the PR-merge debrief.
(1) Rust workspace test —
reference/PCF-SIG-v1.0/tests/cross_port_testdata.rsRuns as part of
cargo test --workspace. Compiles the reference vector viainclude_bytes!and asserts that the copies shipped by the .NET, PHP and TypeScript ports are byte-identical.Catches: someone regenerates
reference/PCF-SIG-v1.0/testdata/canonical.binbut forgets to propagate it to one or more ports.Cost: one file read each, runs in <1 ms. No new toolchains.
(2) New workflow —
.github/workflows/cross-port-interop.ymlInstalls Rust + Node 22 + PHP 8.3 + .NET 8 in a single Ubuntu job, generates the canonical vector from each writer to a fresh path, and asserts:
b158e2f5…1307cmp-equal byte-for-byteCatches: writer-side drift that the per-port suites would miss if a port's testdata happened to match its (also drifted) writer.
The .NET case builds a tiny disposable CLI on the fly that calls
SignPartitions.Runand writesCompactedImage()to a path — the .NET port doesn't ship a standalone gen-testvector example like the other three.Triggered on changes that touch any
pcf-sigdirectory or the workflow itself.Why both
(1) is cheap and catches the common case (testdata desync). (2) is the actual interop guarantee — it proves all four writers produce identical bytes from the same deterministic seed, which is the central PCF-SIG cross-port property. Without (2), a writer regression could land if its committed testdata silently drifted with it.
Test plan
cargo test -p pcf-sig --test cross_port_testdatapasses locally (4/4)https://claude.ai/code/session_01ST4PcjqvobURus32WuyEi5
Generated by Claude Code