[codex] Add full-pipeline verdict regressions by InfoSecHack · Pull Request #65 · InfoSecHack/iamscope

InfoSecHack · 2026-06-05T07:52:37Z

Summary

Adds hermetic integration regressions built from pipeline-shaped AccountData / OrgData inputs.
Covers PassRole Lambda iam:PassedToService glob handling, cross-account trust SCP filtering, dangling S3 bucket demotion, SCP source-account scoping, and frozen-artifact replay parity.
Keeps the slice tests-only: no live AWS, Terraform, benchmark semantic changes, scores, or production claims.

python -m pytest -q tests/integration/test_full_pipeline_reasoner_verdicts.py → 6 passed
python -m pytest -q tests/test_passrole_lambda_reasoner.py tests/test_passrole_ecs_reasoner.py tests/test_cross_account_reasoner.py tests/test_s3_bucket_takeover_reasoner.py tests/test_scp_binder.py → 175 passed
./scripts/check.sh → passed
./scripts/test_fast.sh → 2005 passed
git diff --check → passed
account/ARN hygiene scans → clean
Terraform/raw artifact scan → clean

Add full-pipeline verdict regressions

fd2d130

InfoSecHack marked this pull request as ready for review June 5, 2026 20:33

InfoSecHack merged commit a67ff8c into main Jun 5, 2026
6 checks passed

InfoSecHack deleted the codex/full-pipeline-verdict-regressions branch June 5, 2026 20:33