Testing & CI¶
Test layers¶
Each MESA repo has three test layers:
| Layer | What it covers | Runs in CI |
|---|---|---|
| Unit | Pure-function logic, no I/O | Every PR |
| Integration | Real Postgres / iRODS / Docker via testcontainers | Every PR |
| End-to-end | A real MCP client driving a real server | Nightly |
Running tests¶
| Repo | Command |
|---|---|
mesa-mcp |
pytest -q |
mesa-ducklake |
pytest -q |
irods-mcp-server |
make test |
formation-mcp |
just test |
terrain-mcp |
npm test |
CI pipelines¶
All MESA repos use GitHub Actions:
| Stage | Tool | Failure blocks merge |
|---|---|---|
| Format | ruff format / gofmt / prettier |
Yes |
| Lint | ruff / golangci-lint / eslint |
Yes |
| Type-check | mypy / tsc |
Yes |
| Unit + Integration | pytest / go test / npm test |
Yes |
| End-to-end | per-repo harness | No (warning only) |
| Security scan | bandit, gosec, npm audit, Trivy |
Yes for critical findings |
Coverage targets¶
| Repo | Branch coverage |
|---|---|
mesa-mcp |
≥ 80% |
mesa-ducklake |
≥ 90% (library, no I/O outside fixtures) |
irods-mcp-server |
≥ 75% (lots of iRODS-call wrappers) |
formation-mcp |
≥ 75% |
terrain-mcp |
≥ 70% |
Manual QA before release¶
Before tagging a release on any MCP server:
- Run the full integration suite locally.
- Wire the built binary into Claude Desktop, run the first-analysis tutorial end-to-end.
- Repeat against Cursor or Continue to confirm cross-client compatibility.
- Spot-check the troubleshooting scenarios for regressions.
TrustedCI review (Phase 2)¶
Per WBS 6.5, the MESA prototype is reviewed by TrustedCI during Phase 2. The review covers:
- Authentication and bearer-token handling.
- Sandbox isolation between tool calls.
- Secrets management.
- iRODS access-control enforcement.
- Container image supply chain.