test(fuzz): foundation fuzz harness + weekly workflow; reconcile coverage claim (DRAFT)#692
Merged
Merged
Conversation
…concile coverage claim with gate
This was referenced May 31, 2026
kcenon
added a commit
that referenced
this pull request
Jun 19, 2026
* docs: apply mechanical doc-review fixes (#642) * chore(release): prepare common_system for v1.0.0 - Bump version from 0.2.0 to 1.0.0 in VERSION and vcpkg.json - Move CHANGELOG [Unreleased] entries to [1.0.0] release section - Add API stability guarantee documentation to README (EN/KR) - Add v1.0 API stability milestone section to VERSIONING.md - Update typed_error_code documentation to reflect stable naming - Update FetchContent example tags to v1.0.0 Closes #640 * fix(vcpkg): update SHA512 hash for v0.2.0 source tarball GitHub regenerated the v0.2.0 tarball with a different hash, causing vcpkg install to fail on Windows CI (no binary cache hit). * docs: fix 31 broken links, 4 version drifts, 12 cross-references - Fix intra-file anchor slugs (ADAPTER_GUIDE adaptert, API_REFERENCE resultt-pattern-recommended, DEPENDENCY_MATRIX trailing hyphen, GUIDE_TEMPLATE step titles). - Fix inter-file paths after guides/ and advanced/ reorganization: ARCHITECTURE, MIGRATION, STRUCTURE, INTEGRATION, INTEGRATION_POLICY, QUICK_START, BEST_PRACTICES, CONTRIBUTING, README.kr, templates. - Align versions to vcpkg.json and CMakeLists.txt: gtest 1.17.0, benchmark 1.9.5, CMake 3.20+ (3.28+ for modules). - Update 2025 copyright to 2026 in RELEASING.md and CONTRIBUTING.md sample snippets. - Align ERROR_CODES "Last Updated" with frontmatter doc_date. - Mark missing Korean counterparts and missing targets (NEED_TO_FIX.md, OPTIMIZATION.md, result_pattern.md etc.) with HTML TODO comments so broken links are traceable. - Fix README quick links to existing CONTRIBUTING headings. - Add current-as-of date to RUST_PARITY.md. - Track review history by including DOC_REVIEW_REPORT.md. * docs: add post-fix re-validation report * docs(modules): document dual-build strategy for C++20 modules (#648) Add docs/guides/CXX20_MODULES.md covering: - When to use header-only vs module builds - Compiler/CMake/generator compatibility matrix - Fallback behavior when toolchain lacks module support - Known limitations (Apple Clang, sanitizers, generators) - Consuming the module target from downstream projects Link the new guide from README.md documentation table. Closes #644 * docs(release): document automated portfile SHA512 sync flow (#649) Document the existing vcpkg-registry sync automation in docs/RELEASING.md so release engineers understand that SHA512 hashes and port files are updated automatically on GitHub release publish. Adds a new section covering: - Trigger workflow (on-release-sync-registry.yml) - Reusable sync workflow (sync-vcpkg-registry.yml) - Prerequisites (VCPKG_REGISTRY_PAT secret) - Verification commands - How downstream ecosystem repos reuse the workflow Closes #643 * docs(readme): link C++20 Modules guide from content section (#650) The README reference table already links docs/guides/CXX20_MODULES.md, but the 'C++20 Modules' usage section did not. Add a direct link so readers looking at the usage example can discover the full dual-build strategy, toolchain matrix, and fallback behavior without scrolling to the reference table. Closes #644 * docs(compliance): add ISO_OVERVIEW.md ecosystem summary (#654) Closes #651 - Add docs/compliance/ISO_OVERVIEW.md — single navigable index of every ISO standard the kcenon ecosystem touches (14882, 27001, 20000-1, 8601, 9075, 12052, 27799), with per-standard summaries, status (Enforced, Documented, Implemented, Planned), and links to per-system mapping docs. - Link logger_system's ISO 27001 mapping as the first Documented entry. - Add README Compliance section and TOC entry. - Document operator responsibilities that cannot be satisfied by libraries alone (key rotation, retention policy, incident response, training). Part of #645 (ecosystem-wide ISO compliance EPIC). * docs(ecosystem): document version pins in ECOSYSTEM_OVERVIEW.md (#655) Closes #652 - Add Versions section to docs/ECOSYSTEM_OVERVIEW.md covering all 8 kcenon vcpkg ports with current version, tier classification, and kcenon dependencies. - Pin baseline SHA to b3fe244d03 (2026-04-10) and reference versions/baseline.json as the authoritative source. - Include reproducible vcpkg-configuration.json snippet so downstream consumers can lock to the tested ecosystem composition. - Document how versions advance (release.yml + sync-vcpkg-registry.yml) so pinned consumers know when and how to advance their baseline. - Add README Ecosystem Version Baseline subsection linking to the Versions anchor. Part of #646 (Ecosystem-wide vcpkg distribution readiness EPIC). * docs(layout): add kcenon-system-layout.md v1.0 (#663) Publish v1.0 of the canonical directory-structure standard for the kcenon ecosystem (8 systems: common, thread, logger, container, monitoring, database, network, pacs). The document specifies: - include/kcenon/<name>/ public header path with kcenon:: namespace - src/ implementation layout, header-source separation - tests/ (GTest unit) and integration_tests/ split - 8-module cmake/*.cmake decomposition (extracted from pacs_system) - forwarding-header policy for breaking moves - documented exceptions (pacs_system Catch2 retention) Refs #658 Part of #656 * docs(readme): link kcenon-system-layout standard (#664) Add a short Layout Standard subsection under Architecture pointing to docs/kcenon-system-layout.md so the ecosystem-wide layout standard is discoverable from the project entry point. Closes #662 * chore(cmake): extract kcenon-cmake-template from pacs_system (#665) * chore(cmake): add kcenon-cmake-template suite Extract pacs_system's modular CMake decomposition into a reusable, project-agnostic template under cmake/template/. The template defines the canonical eight-module layout described in docs/kcenon-system-layout.md and is owned by common_system as the foundation tier. Modules options.cmake Standard option set + export-bridge / register helpers compiler.cmake C++ standard, build type, IDE compile-commands baseline dependencies.cmake find_package CONFIG/MODULE fallback, Homebrew probing warnings.cmake Per-target warning flags scoped to project targets only targets.cmake Include-directory and ALIAS conventions install.cmake One-call install + config-package generation testing.cmake enable_testing(), GTest discovery, gtest helper examples.cmake Option-gated add_subdirectory + helper The template is consumed by adding cmake/template to CMAKE_MODULE_PATH and calling kcenon_template_*() helpers from the consuming root CMakeLists.txt. README documents the adoption checklist, required variables, and the SemVer version policy tracked in cmake/template/VERSION. Part of #656. Closes #659. * chore(cmake): adopt kcenon-cmake-template in common_system root Refactor the root CMakeLists.txt to consume the template suite added in the previous commit. common_system serves as the reference adopter for the other seven kcenon ecosystem systems. Adoption details * Add cmake/template to CMAKE_MODULE_PATH and include() all eight modules * kcenon_template_set_cpp_baseline / set_default_build_type / enable_compile_commands replace the inline CMAKE_CXX_STANDARD / build-type plumbing * kcenon_template_define_standard_options(COMMON) defines the canonical BUILD_TESTS / BUILD_EXAMPLES / BUILD_BENCHMARKS / BUILD_DOCS / BUILD_MODULES / WARNINGS_AS_ERRORS options. COMMON_BUILD_EXAMPLES is pre-set to ON via cache to preserve common_system's historical default. * kcenon_template_install_package consolidates install(TARGETS), configure_package_config_file, write_basic_package_version_file, install(EXPORT), install(FILES), and the build-tree export() into a single call. * kcenon_template_setup_testing wraps enable_testing + GTest discovery. Caller still owns the unit / integration test combination logic. * kcenon_template_create_aliases factors out the three historical namespaced ALIAS targets (kcenon::common, kcenon::common_system, common_system::common_system). Preserved unchanged * VERSION file reading and project() declaration * features.cmake (KCENON_WITH_* feature flags) and KcenonCompilerRequirements.cmake — domain-specific kcenon helpers, not part of the build-infrastructure template * Event Bus ABI configure_file plumbing (abi_version.h / .cpp generation) * BUILD_INTEGRATION_TESTS umbrella flag handling * COMMON_HEADER_ONLY and the optional static-library variant * COMMON_BUILD_MODULES C++20 module support block * BUILD_WITH_YAML_CPP optional dependency block * COMMON_BUILD_DOCS Doxygen target * ENABLE_COVERAGE flag handling * Configuration summary print Net change: 270-line root CMakeLists.txt down to ~280 lines including adoption boilerplate and section headers. The reduction is offset by clearer section separation and helper call sites that document intent. Part of #656. Closes #659. * ci(infra): add ecosystem cross-build workflow (#666) Validates that structural changes to common_system (cmake/, include/) do not silently break sibling consumers. Each of the 7 sibling systems is fetched at its default branch and rebuilt against the PR's common_system in dependency order: Tier 0: common_system (this PR — header-only install) Tier 1: thread_system, container_system, database_system Tier 2: logger_system (needs thread), network_system (needs thread) Tier 3: monitoring_system (needs logger + network) Tier 4: pacs_system (needs monitoring + container + database) Per-tier install trees pass downstream via upload-artifact / download-artifact so each sibling configures against the PR-built upstream chain rather than released vcpkg ports. This complements ecosystem-vcpkg-integration.yml (which validates released ports) by catching path renames, removed exports, and CMake config changes pre-merge. Triggers: push/PR to develop+main paths cmake/, include/, CMakeLists.txt, CMakePresets.json, this workflow file. Also workflow_dispatch (with sibling_ref input) and repository_dispatch type ecosystem-structural-change so siblings can request a re-validation. Escape hatch: PR label skip-cross-build short-circuits the matrix; the rationale must be documented in the PR body when used. Initial-rollout caveats: - ubuntu-24.04 only; macOS to be added once cycle time is measured. - database_system and pacs_system jobs are advisory (continue-on-error) until libpq/sqlite/DCMTK are reliably available in the runner image — both still emit logs and aggregate into the summary. Layout doc cross-build CI section now points at the workflow file path instead of the placeholder linking issue #660. Refs #660 * docs(layout): document cmake/template/ exception (#672) Add an Exceptions entry permitting common_system to keep its canonical cmake modules under cmake/template/, enabling the template to be version-tracked and copied verbatim by downstream systems. Bump the standard version from v1.0 to v1.1 (additive convention, SemVer MINOR). This amendment formalizes the deviation surfaced by DEV-01 in the Phase 7 audit (#661) and preserves the obligation that all other systems place their copied modules directly under cmake/. Closes #671. * chore(cmake): post-audit corrective patches for #661 deviations (#670) (#673) * chore(integration_tests): replace file(GLOB) with explicit source lists Replaces four file(GLOB) calls in integration_tests/CMakeLists.txt with explicit set(...) lists, satisfying layout standard rule R-19 (no file(GLOB) for source discovery). Existing sources under scenarios/, failures/, performance/, and stress/ are enumerated. Behavior is unchanged because the previous globs already resolved to these files. Closes part of #670 (DEV-03). * chore(tests): drop improved_ prefix from test filenames Renames tests/improved_result_test.cpp -> tests/result_test.cpp and tests/improved_event_bus_test.cpp -> tests/event_bus_test.cpp to satisfy layout standard rule R-33 (<unit>_test.cpp). The improved_ prefix was historical, used to distinguish a revised test suite from an older baseline that has since been superseded and removed. Updates: - tests/CMakeLists.txt source list - docs/TRACEABILITY.md feature mapping - @file doc comments inside the renamed files Closes part of #670 (DEV-04). * chore(cmake): remove redundant enable_testing() in test subdirs Removes enable_testing() calls from tests/CMakeLists.txt and integration_tests/CMakeLists.txt. The root CMakeLists.txt already invokes kcenon_template_setup_testing() which calls enable_testing() at the root scope. Subdirectory calls are redundant and would limit CTest discovery scope when invoked from there. Satisfies layout standard rule R-34. Closes part of #670 (DEV-05). * refactor(cmake): extract project-specific logic into common-*.cmake modules Refactors the root CMakeLists.txt from 364 LOC of mixed orchestration and inline target/install/extras logic into a thin orchestrator (110 LOC) plus seven project-specific cmake modules under cmake/. This satisfies layout standard rule R-17 (root CMakeLists.txt MUST be a thin orchestrator). New modules (each carries the canonical Responsibility / Required input / Side effects header block): - cmake/common-abi.cmake ABI version configure_file generation + umbrella BUILD_INTEGRATION_TESTS forwarding - cmake/common-targets.cmake INTERFACE library, aliases, optional static variant, optional yaml-cpp support - cmake/common-modules.cmake Optional C++20 named-modules build - cmake/common-install.cmake Header + package install rules - cmake/common-tests.cmake tests/ + integration_tests/ subdir wiring - cmake/common-extras.cmake examples / benchmarks / Doxygen / coverage - cmake/common-summary.cmake Configuration summary block The root file now appends both cmake/template (template owner exception per SA-01 amendment) and cmake (project-specific layer) to CMAKE_MODULE_PATH, then includes the eight canonical template modules followed by the seven common-* project modules in dependency order. Behavior is unchanged. Targets, options, install rules, and configure output are byte-identical to the previous root CMakeLists.txt. Closes part of #670 (DEV-02). * chore(release): add SHA512 verify-against-archive step (#675) (#676) Add an independent SHA512 verification step in sync-vcpkg-registry.yml that re-downloads the release archive from GitHub and compares the recomputed SHA against the value the workflow is about to write to portfile.cmake. On mismatch the step prints both SHAs and exits 1 before any registry commit happens. Mitigates the failure mode found in microsoft/vcpkg#51511 and kcenon/vcpkg-registry#87, where every kcenon port shipped a SHA that did not match the actual archive and cold-cache vcpkg installs failed. The audit confirmed sync-vcpkg-registry.yml is the only workflow in this repo that computes SHA512; release.yml and release-template.yml build/test/publish but do not write portfile SHAs, so no changes were needed there. on-release-sync-registry.yml is a thin caller that inherits the new step automatically. Implementation notes: - New step runs between 'Download release archive and compute SHA512' (id: sha) and 'Update portfile.cmake with new SHA512 and REF', so a mismatch fails the run before any portfile mutation - Downloads to a file (not pipe) so curl's --fail exit code is not masked by sha512sum producing the empty-input hash on fetch error - curl uses --retry 3 --retry-delay 2 for transient network blips - Runtime cost ~1-2s for a kcenon archive Part of #674. * feat(cmake/template): add BUILD_INTERFACE-only include helper (#677) Add kcenon_template_add_build_interface_includes(<target> <visibility> <dir>...) to cmake/template/targets.cmake. The helper wraps the common pattern of attaching one or more $<BUILD_INTERFACE:...>-only include directories to a target. Use this when an include directory must be visible during the build but should NOT be exported via INSTALL_INTERFACE (e.g., build-only test fixtures, generated code that should not be installed). The existing kcenon_template_setup_target_includes always pairs BUILD_INTERFACE with INSTALL_INTERFACE, so it cannot serve this case. Promoting this helper to the template lets pacs_system delete its local inline equivalent (pacs_add_build_interface_include_dirs in cmake/options.cmake) and aligns other ecosystem systems on the same name. Bump template VERSION 1.0.0 -> 1.1.0 (MINOR per template versioning policy: new helper added). Update template README.md adoption checklist with a usage example for the new helper. Closes #667 * feat(cmake/template): add shared build-summary helper (#680) Promote the build-configuration summary block (previously a pacs-only helper) into the canonical template suite. The new `kcenon_template_print_summary()` function accepts PROJECT, optional VERSION/BANNER, and OPTIONS/TARGETS/DEPENDENCIES lists, replacing the ad-hoc `message(STATUS ...)` blocks each system maintained at the end of its root CMakeLists.txt. common_system itself is migrated to use the new helper as the reference adopter, replacing the inline summary in cmake/common-summary.cmake. Template VERSION bumped 1.1.0 -> 1.2.0 (MINOR: new module added). Closes #668 * feat(cmake/template): add safety.cmake with forbid-in-release helper (#681) Add the new `cmake/template/safety.cmake` module that hosts defensive build-config guards. The first helper, `kcenon_template_forbid_in_release(<flag_var> [REASON <text>])`, encodes the "prohibit a mock-only flag in Release builds" idiom previously re-implemented inline by individual systems (e.g. pacs_system's `PACS_USE_MOCK_S3` guard in `cmake/options.cmake`). The helper is multi-config-aware: on multi-config generators (Visual Studio, Xcode, Ninja Multi-Config) `CMAKE_BUILD_TYPE` is empty at configure time because the build type is selected per-build, so the configure-time check is skipped. Per-config enforcement on multi-config generators must be expressed as a generator-expression guard at the call site if required. Updates: - New `cmake/template/safety.cmake` (single helper, include_guard GLOBAL). - Template `README.md` directory layout, adoption checklist (now 10 modules, new `include(safety)` step), and a new "Safety helpers" section documenting the helper signature, multi-config behaviour, and the optional REASON argument. - Reference adopter `CMakeLists.txt` includes the new module. - Template VERSION bumped 1.2.0 -> 1.3.0 (MINOR per template versioning policy: new module added). - CHANGELOG entry under [Unreleased] / Added. Closes #669 * chore(release): sync Doxyfile/CLAUDE version metadata with VERSION (#691) * docs: add Result/event_bus consolidation roadmap; ci: surface macOS module-build skip (#695) Add ADR-004 documenting the dual representation of Result<T> and event_bus (classic headers under include/kcenon/common/ as the SSOT vs the C++20 named-module units under src/modules/ that re-export them) and a phased consolidation roadmap with risks and a decoupled deprecation sequence. Surface the macOS module-build coverage gap explicitly: add a dedicated module-build-coverage job in ci.yml that emits a GitHub Actions warning annotation stating the C++20 named-modules surface is not exercised on macOS/AppleClang (which is omitted from the module-build matrix), and correct the misleading "silently disabled with a warning" comment in cmake/common-modules.cmake. Documentation/visibility only; no change to which toolchains build modules and no source consolidation. * test(fuzz): add foundation fuzz harness and weekly workflow; docs: reconcile coverage claim with gate (#692) * chore(ci): consolidate Doxygen workflows; mark governance SSOT (DRAFT) (#694) * chore(ci): consolidate Doxygen workflows; docs: mark governance SSOT Make the reusable/caller relationship between the twin Doxygen workflows explicit and mark a single source of truth for the root vs docs governance files. - doxygen.yml: document it as the canonical reusable (workflow_call) build/deploy workflow; build-Doxygen.yaml: document it as the thin event caller. No behavior change; clarifies role separation so the two files are not mistaken for duplicate twins. - CONTRIBUTING.md (root): add SSOT marker designating docs/contributing/CONTRIBUTING.md (COM-PROJ-017) as canonical and this file as a brief quick-start redirect. - CHANGELOG.md (root): add SSOT marker (canonical English changelog; Korean at docs/CHANGELOG.kr.md; registry mirror at docs/CHANGELOG.md COM-PROJ-002). - README.md: point the Contributing doc-table link at the canonical docs/contributing/CONTRIBUTING.md for consistency. doc-audit workflows are role-separated (PR-gate vs scheduled ecosystem scan), not duplicates; left unchanged. Closes #689 * docs: repoint README Contributing doc-table link to canonical docs/contributing/CONTRIBUTING.md * chore(ci): add cross-system conformance linter and CI gate (#693) * fix(error): classify positive codes as Invalid not Success (#703) get_category_name reported any code>=0 as "Success", so positive codes emitted into the shared error_info.code (monitoring 1000-4999 via to_common_error, container 100+) were silently classified as success. Only the success sentinel (0) now maps to "Success"; positive out-of-range codes map to "Invalid". The negative-range category ladder is unchanged. Closes #698 * feat(error): gate error-code registry SSOT (header <-> module) (#704) error.cppm re-declared the registry inline and had drifted from error_codes.h: it was missing the 6 DI error codes and still used the pre-#698 classifier (code>=0 -> "Success"). Reconcile the module to the header SSOT, add a std-lib Python guard (scripts/check_error_registry_ssot.py) that fails CI on any header/module divergence, wire it into conformance.yml, and add a runtime contract test locking the classifier behaviour and disjoint reserved ranges. Closes #699 * docs(deps): fix dangling FetchContent tag; refresh DEPENDENCY_MATRIX (#705) README FetchContent example pointed at GIT_TAG v1.0.0, a tag that does not exist (highest is v0.2.0). Refresh DEPENDENCY_MATRIX third-party rows (OpenSSL 3.4.1, spdlog 1.15.3, gRPC 1.60.0, Protobuf 4.25.1, OTel 1.18.0, libpqxx 7.9.2) and the internal ecosystem pins (thread/container/database now v1.0.0-tagged; others at their real pre-1.0 tags) to match current vcpkg.json and git tags; redate the footers. Closes #702 * fix(error): remove exported using-directive (#706) C++20 forbids exporting a using-directive; clang-16 promotes -Wexport-using-directive to an error under -Werror, breaking the Module Build (ubuntu-22.04 / clang-16). The directive only re-exported the lowercase common_errors names, which no ecosystem consumer uses (all reference the uppercase compatibility aliases), so this is behavior-preserving dead-code removal. * chore: reconcile develop with main (Dependabot CI-action bumps #678, #683) (#707) * build(deps): bump dawidd6/action-download-artifact from 20 to 21 (#678) Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 20 to 21. - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](dawidd6/action-download-artifact@v20...v21) --- updated-dependencies: - dependency-name: dawidd6/action-download-artifact dependency-version: '21' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump google/osv-scanner-action from 2.3.5 to 2.3.8 (#683) Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 2.3.5 to 2.3.8. - [Release notes](https://github.com/google/osv-scanner-action/releases) - [Commits](google/osv-scanner-action@v2.3.5...v2.3.8) --- updated-dependencies: - dependency-name: google/osv-scanner-action dependency-version: 2.3.8 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #688
Status: DRAFT — fuzzer NOT compile-verified here (no libFuzzer runtime)
The harness passes a
clang++ -std=c++20 -fsyntax-onlycheck against the realcommon_systemheaders, and the CMakeBUILD_FUZZERS=ONgating is correct(see notes). It was not link-verified locally: the available Apple-clang
toolchain does not ship the libFuzzer runtime archive
(
libclang_rt.fuzzer_osx.ais absent), and the repo's vcpkg-hash infra blocks afull build, so no compile/link or fuzzing run was performed on this branch. The
weekly workflow installs upstream LLVM clang on Linux, which provides the
libFuzzer runtime; that path has not yet been exercised in CI.
Done
fuzz/result_error_fuzzer.cpplibFuzzer harness targeting the foundationerror/
Result<T>decoding path using the real API:error::get_error_message(int)switch lookup,error::get_category_name(int)range bucketing,common_error_category::message(int),error_infoconstruction, and theResult<T>error branch (make_error<T>/is_err/error()/value_or) plus theok<T>success branch. Verified syntactically withclang++ -fsyntax-onlyagainst the installed headers.BUILD_FUZZERSCMake option (default OFF) +fuzz/CMakeLists.txtgatedbehind it, wired into
cmake/common-extras.cmakenext to the other optionalartifacts, using
clang -fsanitize=fuzzer,address. The default build, tests,examples, benchmarks, and integration tests are unaffected.
fuzz/corpus/result_error/seed corpus (13 seeds: success, common errorcodes, category range boundaries
-99 / -100 / -200 / -500 / -700, thereserved range
-1000, andINT_MIN/INT_MAX).fuzz/README.mddocumenting build / run / corpus..github/workflows/fuzzing.yml: weekly cron (Mon 05:17 UTC) + manualworkflow_dispatch(configurablemax_total_time), mirroring the existingcoverage.ymlconventions (checkout@v4, apt clang/cmake/ninja,configure/build, time-boxed run, crash-artifact upload).
places while the Codecov gate floor is 40% project / 60% patch (80% is only
the far-future aspiration in
codecov.yml's gradual-improvement plan and therangeupper bound). Both README lines now state the enforced gate floor +the 80% long-term target honestly and point readers to the existing live
Codecov badge for the measured value;
codecov.ymlgains a commentclarifying that the
rangelower bound is the enforced floor, not themeasured value.
Risks / Notes
-fsyntax-onlyhere; first real build + fuzz runhappens in the Linux CI workflow (or any Clang toolchain shipping the
libFuzzer runtime).
inventing a measured number; when real coverage is measured, the README
target and
codecov.ymlproject/patch targets can be raised together.