test(executor): tracked param integration tests (PR-04)

[shivasurya]

Summary

15 new Go integration tests covering the full tracked parameter filtering feature:

Positive tests (should detect):

• Positional match (taint at tracked param 0)
• No tracks backward compat (all params sensitive)
• Multiple tracked params (tracks(0,1))
• Variable renamed before sink (SinkVar propagation)
• TypeConstrainedCallIR with tracks(0)
• Name-based tracking (tracks("query") resolves via CallGraph.Parameters)
• Return source no-op (tracks("return") accepted, v1 no-op)
• Positional arg constraint + tracks combined
• Inter-proc summary filtered (global scope)

Negative tests (should NOT detect):

• Positional reject (taint at param 1, tracked param 0)
• Sanitized before tracked param
• Nonexistent param name (resolves to no indices)
• TypeConstrainedCallIR reject
• summaryConfirmsFlow unit test with TrackedParams filtering

Edge cases:

• Nil/mismatched CallSite line (backward compat, no TrackedParams)

Test plan

• All 15 new TestTrackedParam_* tests pass
• gradle buildGo passes
• gradle testGo passes (zero regressions across all packages)
• gradle lintGo passes (0 issues)
• 352 Python SDK tests pass (zero regressions)

🤖 Generated with Claude Code

[safedep]

SafeDep Report Summary

No dependency changes detected. Nothing to scan.

_{This report is generated by SafeDep Github App}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 83.85%. Comparing base (eb40c77) to head (7abe44e).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #608      +/-   ##
==========================================
+ Coverage   83.61%   83.85%   +0.24%     
==========================================
  Files         155      155              
  Lines       21030    21030              
==========================================
+ Hits        17584    17635      +51     
+ Misses       2799     2748      -51     
  Partials      647      647              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[shivasurya]

• test(executor): tracked param integration tests (PR-04) #608 👈 (View in Graphite)
• feat(executor): wire tracked param filtering (PR-03) #607
• feat(ir): add TrackedParam struct and SinkVar fields (PR-02) #606
• feat(sdk): add .where() and .tracks() parameter targeting APIs (PR-01) #605
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[shivasurya]

Merge activity

• Mar 14, 3:17 AM UTC: A user started a stack merge that includes this pull request via Graphite.
• Mar 14, 3:22 AM UTC: Graphite rebased this pull request as part of a merge.
• Mar 14, 3:23 AM UTC: @shivasurya merged this pull request with Graphite.

[github-actions]

Code Pathfinder Security Scan

No security issues detected.

Metric	Value
Files Scanned	1
Rules	38

---

_{Powered by Code Pathfinder}