@@ -493,6 +493,8 @@ const FORMULA_EXAMPLE_GROUPS: &[FormulaExampleGroup] = &[
493493 r#"always([+REVOKE_SERVICE_ACCOUNT_KEY] true -> eventually(<+NOTIFY_SERVICE_OWNER> true))"#,
494494 r#"always([+CONTAINER_REGISTRY_TOKEN_LEAKED] true -> (<+ROTATE_REGISTRY_TOKEN> true | <+DISABLE_REGISTRY_PUSH> true))"#,
495495 r#"always([+ROTATE_REGISTRY_TOKEN] true -> eventually(<+NOTIFY_REGISTRY_OWNER> true))"#,
496+ r#"always([+KUBECONFIG_LEAKED] true -> (<+ROTATE_CLUSTER_CREDENTIALS> true | <+DISABLE_CLUSTER_ACCESS> true))"#,
497+ r#"always([+ROTATE_CLUSTER_CREDENTIALS] true -> eventually(<+NOTIFY_CLUSTER_OWNER> true))"#,
496498 r#"next(<+APPROVE> true)"#,
497499 r#"next((<+APPROVE> true | [<+REJECT>] true))"#,
498500 r#"<+WAIT> true until <+APPROVE> true"#,
@@ -5005,6 +5007,18 @@ F2: formula generated_2 {
50055007 ));
50065008 }
50075009
5010+ #[test]
5011+ fn synthesis_list_includes_kubeconfig_leak_prompt_examples() {
5012+ let output = synthesis_list_text();
5013+
5014+ assert!(output.contains(
5015+ "always([+KUBECONFIG_LEAKED] true -> (<+ROTATE_CLUSTER_CREDENTIALS> true | <+DISABLE_CLUSTER_ACCESS> true))"
5016+ ));
5017+ assert!(output.contains(
5018+ "always([+ROTATE_CLUSTER_CREDENTIALS] true -> eventually(<+NOTIFY_CLUSTER_OWNER> true))"
5019+ ));
5020+ }
5021+
50085022 #[test]
50095023 fn synthesis_list_includes_escrow_progression_prompt_examples() {
50105024 let output = synthesis_list_text();
@@ -14950,6 +14964,20 @@ gfp(X, []((X)) & ([<+ARCHIVE>] true))
1495014964 verify_synthesized_model(&model, &formulas).unwrap();
1495114965 }
1495214966
14967+ #[test]
14968+ fn verify_synthesized_model_accepts_kubeconfig_leak_prompt_examples() {
14969+ let formulas = parse_formula_strings(&[
14970+ "always([+KUBECONFIG_LEAKED] true -> (<+ROTATE_CLUSTER_CREDENTIALS> true | <+DISABLE_CLUSTER_ACCESS> true))"
14971+ .to_string(),
14972+ "always([+ROTATE_CLUSTER_CREDENTIALS] true -> eventually(<+NOTIFY_CLUSTER_OWNER> true))"
14973+ .to_string(),
14974+ ]);
14975+ let model =
14976+ modality_lang::formula_synthesis::synthesize_from_formulas("KubeconfigLeak", &formulas);
14977+
14978+ verify_synthesized_model(&model, &formulas).unwrap();
14979+ }
14980+
1495314981 #[test]
1495414982 fn verify_synthesized_model_accepts_mixed_alternatives_with_signer_requirement() {
1495514983 let formulas = parse_formula_strings(&[
0 commit comments