[Testing Call] Phase 1 cross-platform validation — Windows · Linux · macOS

[tharindupr]

What this is

Phase 1 of ACF-SDK is complete. It delivers the full IPC wire protocol between
the Python SDK (PEP) and the Go sidecar (PDP) — binary frame encoding, HMAC-SHA256
authentication, and nonce-based replay protection.

We need real-world validation across operating systems before Phase 2 begins.

What Phase 1 covers

• Go sidecar: UDS listener (Linux/macOS) and Named Pipe listener (Windows via go-winio)
• Python SDK: socket.AF_UNIX transport (Linux/macOS) and Win32 named pipe via ctypes (Windows)
• 54-byte binary frame: magic byte · version · nonce · HMAC-SHA256 · JSON payload
• Decisions returned: ALLOW | SANITISE | BLOCK (hardcoded ALLOW in Phase 1 — pipeline wired in Phase 2)

Full details: docs/phase1.md

How to test

Prerequisites

• Go 1.22+
• Python 3.10+
• A 32-byte hex key: python3 -c "import secrets; print(secrets.token_hex(32))"

1 — Start the sidecar

cd sidecar
export ACF_HMAC_KEY=<your-key>        # Linux/macOS
# set ACF_HMAC_KEY=<your-key>         # Windows cmd
# $env:ACF_HMAC_KEY="<your-key>"      # Windows PowerShell

go run ./cmd/sidecar

2 — Run Go tests

cd sidecar
go test ./...

3 — Run Python tests

cd sdk/python
pip install -e ".[dev]"
export ACF_HMAC_KEY=<your-key>
pytest -v

4 — End-to-end smoke test

With the sidecar running, in a second terminal:

import os, sys
sys.path.insert(0, "sdk/python")
os.environ["ACF_HMAC_KEY"] = "<your-key>"

from acf.firewall import Firewall
fw = Firewall()
result = fw.on_prompt("hello world")
print(result)  # should print Decision.ALLOW

Platforms we need coverage on

Platform	Go tests	Python tests	E2E smoke	Reported by
Linux (x86-64)
macOS (Apple Silicon)
macOS (Intel)
Windows 10/11 (x86-64)

What to report if something breaks

Open a new issue with:

• OS name and version
• Go version (go version) and Python version (python3 --version)
• Full error output
• Which step failed (sidecar start / Go tests / Python tests / E2E)

Discussion

If anything in Phase 1 feels off — API shape, error messages, key loading UX,
platform behaviour — please discuss it in the comments below. Phase 2 (pipeline
stages) hasn't started yet, so this is the right time to raise concerns.

[Pranjal0410]

macOS (Apple Silicon) — all green ✅

• MacBook Air M2, macOS 26.2 (25C56)
• Go 1.26.1 darwin/arm64
• Python 3.9.6

Test	Result
Go tests	23/23 passed
Python tests	35/35 passed (0.06s)
E2E smoke	PASS: round-trip ALLOW

No issues. Sidecar started clean on /tmp/acf.sock, no stale socket problems. HMAC key loaded from env without errors.

[eddymontana]

🛡️ Windows 10 Pro Verification (Stream C Kernel)

I have verified the Phase 1 implementation on Windows 10 Pro. The Named Pipe IPC (\\.\pipe\acf) and HMAC-SHA256 handshake are fully operational.

Environment:

• OS: Windows 10 Pro (22H2)
• Go: go1.26.1 windows/amd64
• Python: 3.13.5

Test Case	Status
HMAC Handshake	✅ Verified (SHA256)
Named Pipe IPC	✅ Verified
E2E Smoke Test	✅ PASS (Decision.ALLOW)

Security & Originality:
I have implemented a Security Audit suite (included in PR #17) that leverages an Aho-Corasick automaton for the kernel. This provides the $O(n+m)$ latency baseline requested by @tharindupr for the upcoming research evaluation. The Python SDK logic has also been hardened to use secrets for secure key handling.

(See attached screenshots for terminal execution)

[eddymontana]

I have completed the Windows 10 Pro validation task. See the results above.
I've verified the Windows 10 Pro (x86-64) requirements. All 23 Go tests and 35 Python tests passed successfully using the Named Pipe transport. This should clear the Windows validation task for Phase 1.

[AndyVale]

Linux (x86-64) — all green ✅

• Pop!_OS 24.04 LTS (x86-64)
• Go 1.26.1 linux/amd64
• Python 3.14.3

Test	Result
Go tests	23/23 passed
Python tests	35/35 passed
E2E smoke	PASS: round-trip ALLOW

I found no issues. (Thanks @Pranjal0410 for the table)

[Kartheekmurala]

@tharindupr
Windows (x86-64) — all green ✅

Environment:
OS: Windows (x86-64)
Go: go1.26.1 windows/amd64
Python: 3.13.9

Test Results:
Go tests: PASS (all modules OK)
Python tests: 35/35 passed (0.54s)
E2E smoke: PASS (Decision.ALLOW)

Notes:

• Sidecar started successfully on \.\pipe\acf with no errors
• Named Pipe IPC working as expected
• HMAC-SHA256 authentication verified
• Python-Go communication stable
• No connection or retry issues observed

Additional observations:

• System handled repeated requests consistently without failure
• Suggest adding debug logs for connection establishment for better observability

No issues encountered.

[AdityaCJaiswal]

WSL2 (Ubuntu 24.04) — Performance Baseline ✅

Environment:

• OS: Windows 11 (WSL2 / Ubuntu 24.04)
• Go: 1.22+
• Python: 3.12+

Test Results:

• Go Tests: 23/23 Passed (internal/crypto, internal/transport)
• Python Tests: 35/35 Passed (0.05s)
• E2E Smoke Test: PASS (Decision.ALLOW)

Latency Benchmark: Achieved a consistent 1.222ms round-trip latency over the /tmp/acf.sock UDS bridge. This validates the efficiency of the 54-byte binary contract for low-overhead IPC.

I am now moving to Section 3.5 of my proposal to conduct the resilience stress-tests (p95/p99) requested for the research evaluation.

[Rohinikm26]

✅ Windows 10 (x86-64) | Windows-specific setup blocker found & fixed in Sidecar

OS: Windows 10 x86-64
Go version: go1.26.1 windows/amd64
Python version: Python 3.14.3

---

Results

Step	Result	Notes
Sidecar start	✅ PASS	Required fix — see below
Go tests	✅ PASS	All packages ok
Python tests	✅ PASS	All tests passed
E2E smoke test	✅ PASS	Printed Decision.ALLOW

---

Windows-Specific Issue Found

Sidecar start failed initially with:

internal\transport\pipe.go:8:2: missing go.sum entry for module
providing package github.com/Microsoft/go-winio

Root cause: go.sum is missing the checksum entry for go-winio on Windows.

Fix that worked:

go get github.com/Microsoft/go-winio
go mod tidy

After this fix, all subsequent steps passed cleanly.

---

Go Test Output

? github.com/acf-sdk/sidecar/cmd/sidecar [no test files]
ok github.com/acf-sdk/sidecar/internal/crypto 0.594s
ok github.com/acf-sdk/sidecar/internal/pipeline 0.442s [no tests to run]
ok github.com/acf-sdk/sidecar/internal/policy 0.442s [no tests to run]
? github.com/acf-sdk/sidecar/internal/state [no test files]
? github.com/acf-sdk/sidecar/internal/telemetry [no test files]
ok github.com/acf-sdk/sidecar/internal/transport 0.575s
? github.com/acf-sdk/sidecar/pkg/riskcontext [no test files]

###PYTHON TEST OUTPUT

E2E OUTPUT

---

Recommendation: Add go get github.com/Microsoft/go-winio
and run go mod tidy on a Windows machine before Phase 2 begins,
so this doesn't block other Windows contributors.

[VibhorGautam]

macOS (Apple Silicon) - all green

• MacBook Air M2, macOS 26.3.1
• Go 1.25.6 darwin/arm64
• Python 3.14.2

Test	Result
Go tests	32/32 passed
Python tests	35/35 passed (0.04s)
E2E smoke	PASS: round-trip ALLOW

no issues, sidecar started clean on /tmp/acf.sock, no stale socket problems

[Benguar]

OS: Windows 11 (x86-64)

Go version: go1.26.1 windows/amd64

Python version: 3.13.1

Test	Result
Go tests	passed
Python tests	35/35 passed (0.35s)
E2E smoke	PASS: round-trip ALLOW

everything is good ✅

[tharindupr]

Thanks for everyone who tested this.

[RachanaB5]

**macOS (Apple Silicon) — all green **

Environment:

• OS: macOS Sequoia 15.5 (MacBook Air M1)
• Go: 1.26.1 darwin/arm64
• Python: 3.12.6

Test Results:

Test	Result
Go tests	PASS (all modules OK)
Python tests	35/35 passed (~0.14s)
E2E smoke	PASS (Decision.ALLOW round-trip)

Notes:

• Sidecar started successfully on /tmp/acf.sock
• No socket/connection issues observed
• HMAC-SHA256 authentication verified
• Python ↔ Go communication stable
• No retry or transport errors encountered

All Phase 1 requirements validated successfully.