Crate leviso_cheat_test

Crate leviso_cheat_test 

Source
Expand description

§leviso-cheat-test

A proc-macro crate for creating “cheat-aware” tests that document how they could be cheated and what the consequences would be for users.

§STOP. READ. THEN ACT.

Before modifying this crate, read the existing implementation to understand how cheat documentation is structured.

§Why This Exists

On 2026-01-20, a developer created false positives by moving missing binaries to “OPTIONAL” lists to make tests pass while shipping a broken product. This crate ensures that every test documents:

  1. What user scenario it protects
  2. How the test could be cheated
  3. What users experience when the test is cheated
  4. The severity and ease of cheating

§Usage

use leviso_cheat_test::cheat_aware;

#[cheat_aware(
    protects = "User can run sudo commands",
    severity = "CRITICAL",
    ease = "EASY",
    cheats = ["Move sudo to OPTIONAL list", "Remove sudo from essential binaries"],
    consequence = "bash: sudo: command not found",
    legitimate_change = "If sudo is genuinely not needed for a headless profile, \
        add it to the profile's optional list in builder/src/profiles.rs"
)]
#[test]
fn test_sudo_binary_present() {
    assert!(tarball_contains("./usr/bin/sudo"));
}

§On Failure

When a cheat-aware test fails, it prints:

======================================================================
=== TEST FAILED: test_sudo_binary_present ===
======================================================================

PROTECTS: User can run sudo commands
SEVERITY: CRITICAL
EASE OF CHEATING: EASY

CHEAT VECTORS:
  1. Move sudo to OPTIONAL list
  2. Remove sudo from essential binaries

LEGITIMATE CHANGE PATH:
  If sudo is genuinely not needed for a headless profile,
  add it to the profile's optional list in builder/src/profiles.rs

USER CONSEQUENCE:
  bash: sudo: command not found

ORIGINAL ERROR:
  assertion failed: tarball_contains("./usr/bin/sudo")
======================================================================

Attribute Macros§

cheat_aware
Mark a test as cheat-aware, documenting how it could be cheated.
cheat_canary
Mark a test as a canary - an intentionally verbose/tedious test that should trigger extra scrutiny if modified.
cheat_reviewed
A simpler version of cheat_aware for tests where full metadata isn’t needed.