Skip to content

Commit 91dfef3

Browse files
synthesis: add trace export secret examples
1 parent 3f33b58 commit 91dfef3

1 file changed

Lines changed: 30 additions & 0 deletions

File tree

rust/modality/src/cmds/synthesize.rs

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -513,6 +513,8 @@ const FORMULA_EXAMPLE_GROUPS: &[FormulaExampleGroup] = &[
513513
r#"always([+REDACT_ERROR_LOGS] true -> eventually(<+NOTIFY_OBSERVABILITY_OWNER> true))"#,
514514
r#"always([+CRASH_DUMP_SECRET_LEAKED] true -> (<+PURGE_CRASH_DUMPS> true | <+REVOKE_CRASH_EXPOSED_CREDENTIALS> true))"#,
515515
r#"always([+PURGE_CRASH_DUMPS] true -> eventually(<+NOTIFY_RUNTIME_OWNER> true))"#,
516+
r#"always([+TRACE_EXPORT_SECRET_LEAKED] true -> (<+PURGE_TRACE_EXPORTS> true | <+REVOKE_TRACE_EXPOSED_CREDENTIALS> true))"#,
517+
r#"always([+PURGE_TRACE_EXPORTS] true -> eventually(<+NOTIFY_TRACING_OWNER> true))"#,
516518
r#"next(<+APPROVE> true)"#,
517519
r#"next((<+APPROVE> true | [<+REJECT>] true))"#,
518520
r#"<+WAIT> true until <+APPROVE> true"#,
@@ -5145,6 +5147,18 @@ F2: formula generated_2 {
51455147
));
51465148
}
51475149

5150+
#[test]
5151+
fn synthesis_list_includes_trace_export_secret_leak_prompt_examples() {
5152+
let output = synthesis_list_text();
5153+
5154+
assert!(output.contains(
5155+
"always([+TRACE_EXPORT_SECRET_LEAKED] true -> (<+PURGE_TRACE_EXPORTS> true | <+REVOKE_TRACE_EXPOSED_CREDENTIALS> true))"
5156+
));
5157+
assert!(output.contains(
5158+
"always([+PURGE_TRACE_EXPORTS] true -> eventually(<+NOTIFY_TRACING_OWNER> true))"
5159+
));
5160+
}
5161+
51485162
#[test]
51495163
fn synthesis_list_includes_escrow_progression_prompt_examples() {
51505164
let output = synthesis_list_text();
@@ -15248,6 +15262,22 @@ gfp(X, []((X)) & ([<+ARCHIVE>] true))
1524815262
verify_synthesized_model(&model, &formulas).unwrap();
1524915263
}
1525015264

15265+
#[test]
15266+
fn verify_synthesized_model_accepts_trace_export_secret_leak_prompt_examples() {
15267+
let formulas = parse_formula_strings(&[
15268+
"always([+TRACE_EXPORT_SECRET_LEAKED] true -> (<+PURGE_TRACE_EXPORTS> true | <+REVOKE_TRACE_EXPOSED_CREDENTIALS> true))"
15269+
.to_string(),
15270+
"always([+PURGE_TRACE_EXPORTS] true -> eventually(<+NOTIFY_TRACING_OWNER> true))"
15271+
.to_string(),
15272+
]);
15273+
let model = modality_lang::formula_synthesis::synthesize_from_formulas(
15274+
"TraceExportSecretLeak",
15275+
&formulas,
15276+
);
15277+
15278+
verify_synthesized_model(&model, &formulas).unwrap();
15279+
}
15280+
1525115281
#[test]
1525215282
fn verify_synthesized_model_accepts_mixed_alternatives_with_signer_requirement() {
1525315283
let formulas = parse_formula_strings(&[

0 commit comments

Comments
 (0)