Parent tracker: #28
Recommended after: #31, #32, #33, #34
Recommended before: #37
Related: #38
CAK-11: Axon Fuzzing Harness Seed
Purpose
Add fuzzing coverage for byte-native Axon parsers and policy helpers after the first scalar prototypes exist.
The goal is to prove that arbitrary byte input cannot make Axon panic, hang, or bypass deterministic error handling.
Core rule
Malformed input is evidence of malformed input.
Malformed input must become a deterministic parser or policy error, not a process failure.
Scope
Create a fuzzing design and/or initial harness for:
- byte path validation;
- Git-Z path facts parsing;
- line index scanning;
- unified diff facts scanning;
- limit behavior from CAK-10 when available.
Possible implementation direction
Future tool may be cargo fuzz or another Rust fuzzing setup, but the first seed should keep scope narrow and avoid unnecessary dependency churn.
The PR may start with deterministic property-style tests if full fuzz infrastructure is too large for the first seed.
Required properties
For arbitrary byte input:
- no panic;
- no infinite loop;
- bounded memory behavior;
- deterministic error category;
- no UTF-8 assumption in hot parser path;
- no admission authority change.
Candidate fuzz targets
validate_repo_path_bytes;parse_git_z_path_facts;scan_lines;scan_unified_diff_facts.
Names may differ based on the final implementation.
Explicit non-goals
- No performance benchmark requirement.
- No parallel scanner.
- No SIMD.
- No current scope checker replacement.
- No admission authority change.
- No GitHub CI as evidence.
- No requirement to run fuzzing in public CI in this seed.
Acceptance criteria
Close this issue when a PR is merged that adds a fuzzing plan and/or initial fuzz/property harness for Axon byte parsers, documents how to run it locally, and proves malformed byte input is handled deterministically without changing CCL admission authority.
Parent tracker: #28
Recommended after: #31, #32, #33, #34
Recommended before: #37
Related: #38
CAK-11: Axon Fuzzing Harness Seed
Purpose
Add fuzzing coverage for byte-native Axon parsers and policy helpers after the first scalar prototypes exist.
The goal is to prove that arbitrary byte input cannot make Axon panic, hang, or bypass deterministic error handling.
Core rule
Malformed input is evidence of malformed input.
Malformed input must become a deterministic parser or policy error, not a process failure.
Scope
Create a fuzzing design and/or initial harness for:
Possible implementation direction
Future tool may be
cargo fuzzor another Rust fuzzing setup, but the first seed should keep scope narrow and avoid unnecessary dependency churn.The PR may start with deterministic property-style tests if full fuzz infrastructure is too large for the first seed.
Required properties
For arbitrary byte input:
Candidate fuzz targets
validate_repo_path_bytes;parse_git_z_path_facts;scan_lines;scan_unified_diff_facts.Names may differ based on the final implementation.
Explicit non-goals
Acceptance criteria
Close this issue when a PR is merged that adds a fuzzing plan and/or initial fuzz/property harness for Axon byte parsers, documents how to run it locally, and proves malformed byte input is handled deterministically without changing CCL admission authority.