diff --git a/.storkit/work/1_backlog/364_bug_test_suite_incompatible_with_hardened_docker_environment.md b/.storkit/work/1_backlog/364_bug_test_suite_incompatible_with_hardened_docker_environment.md deleted file mode 100644 index 0e10e12..0000000 --- a/.storkit/work/1_backlog/364_bug_test_suite_incompatible_with_hardened_docker_environment.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -name: "Test suite incompatible with hardened Docker environment" ---- - -# Bug 364: Test suite incompatible with hardened Docker environment - -## Description - -The Docker hardening in story 359 introduced several environment constraints that break the test suite when the server runs acceptance gates. Tests were written assuming an unhardened environment and fail silently from the agent's perspective — the agent reports success but the server-owned gate check fails, causing stories to retry indefinitely. - -Known failures discovered so far: -1. `/tmp` is mounted with `noexec` — tests that create executable bash scripts via `tempfile::tempdir()` fail because scripts in `/tmp` cannot be executed. Fix: use `tempdir_in(env!("CARGO_MANIFEST_DIR"))` instead. -2. `ps` is not installed — `process_is_running` used `ps -p ` which is unavailable. Fix: use `/proc/` existence check. -3. Agents run clippy without `--all-targets` but the server gate runs `cargo clippy --all-targets --all-features` — borrow/lint errors in test-only code paths are invisible to agents. -4. Possible write permission failures — tests that write to paths that are now read-only under the hardened root filesystem may be failing silently. - -A full audit of the test suite against the hardened container's constraints is needed to find all remaining failures. - -## How to Reproduce - -1. Start any agent on a story in the hardened Docker environment -2. Agent reports clippy and tests pass -3. Server runs acceptance gates on agent exit -4. gates_passed=false, story retries - -## Actual Result - -Server acceptance gates fail after agent exits, triggering retries. Stories accumulate retry_count and get marked blocked despite agents reporting success. - -## Expected Result - -Server acceptance gates pass when the agent reports tests and clippy pass. Stories advance through the pipeline without spurious retries. - -## Acceptance Criteria - -- [ ] All tests pass when run inside the hardened Docker container (noexec /tmp, no ps, read-only root filesystem) -- [ ] Agents run clippy with --all-targets --all-features to match the server gate check -- [ ] No story accumulates retries due to environment-specific test failures -- [ ] A script/test or equivalent validates the full test suite inside the container before declaring a story done