feat(governance): 新增 AI Agent TG canary 批准包
This commit is contained in:
Your Name
@@ -18,9 +18,9 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
|
||||
snapshot = load_latest_ai_agent_professional_task_expansion()
|
||||
|
||||
assert snapshot["schema_version"] == "ai_agent_professional_task_expansion_v1"
|
||||
assert snapshot["program_status"]["current_task_id"] == "P2-405B"
|
||||
assert snapshot["program_status"]["next_task_id"] == "P2-405C"
|
||||
assert snapshot["program_status"]["overall_completion_percent"] == 88
|
||||
assert snapshot["program_status"]["current_task_id"] == "P2-405C"
|
||||
assert snapshot["program_status"]["next_task_id"] == "P2-405D"
|
||||
assert snapshot["program_status"]["overall_completion_percent"] == 92
|
||||
assert snapshot["program_status"]["runtime_authority"] == (
|
||||
"professional_task_expansion_and_telegram_bridge_read_only_no_send"
|
||||
)
|
||||
@@ -42,6 +42,10 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
|
||||
assert bridge["queue_preview_readback"]["write_enabled"] is False
|
||||
assert bridge["canary_approval_package"]["status"] == "blocked_until_explicit_approval"
|
||||
assert bridge["canary_approval_package"]["live_send_enabled"] is False
|
||||
assert bridge["canary_send_approval_packet"]["status"] == "waiting_explicit_commander_approval"
|
||||
assert bridge["canary_send_approval_packet"]["approval_granted"] is False
|
||||
assert bridge["canary_send_approval_packet"]["selected_message_type"] == "not_selected"
|
||||
assert bridge["canary_send_approval_packet"]["proposed_time_window"] == "waiting_commander_input"
|
||||
|
||||
rollups = snapshot["rollups"]
|
||||
assert rollups["professional_task_count"] == 24
|
||||
@@ -72,6 +76,19 @@ def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
|
||||
assert rollups["preview_bot_api_call_enabled_count"] == 0
|
||||
assert rollups["receipt_live_write_enabled_count"] == 0
|
||||
assert rollups["canary_live_send_enabled_count"] == 0
|
||||
assert rollups["canary_send_approval_packet_count"] == 1
|
||||
assert rollups["canary_operator_approval_field_count"] == 7
|
||||
assert rollups["canary_stop_condition_count"] == 6
|
||||
assert rollups["canary_rollback_mute_step_count"] == 5
|
||||
assert rollups["canary_receipt_readback_check_count"] == 6
|
||||
assert rollups["canary_approval_granted_count"] == 0
|
||||
assert rollups["canary_selected_message_type_count"] == 0
|
||||
assert rollups["canary_approved_time_window_count"] == 0
|
||||
assert rollups["canary_send_execution_enabled_count"] == 0
|
||||
assert rollups["canary_gateway_queue_write_enabled_count"] == 0
|
||||
assert rollups["canary_bot_api_call_enabled_count"] == 0
|
||||
assert rollups["canary_delivery_receipt_write_enabled_count"] == 0
|
||||
assert rollups["canary_secret_read_enabled_count"] == 0
|
||||
|
||||
|
||||
def test_professional_tasks_cover_required_agents_and_reporting() -> None:
|
||||
@@ -146,6 +163,39 @@ def test_receipts_and_canary_package_remain_no_send() -> None:
|
||||
assert canary["production_write_enabled"] is False
|
||||
|
||||
|
||||
def test_canary_send_approval_packet_waits_for_explicit_approval() -> None:
|
||||
snapshot = load_latest_ai_agent_professional_task_expansion()
|
||||
bridge = snapshot["telegram_runtime_bridge"]
|
||||
packet = bridge["canary_send_approval_packet"]
|
||||
|
||||
assert packet["packet_ready"] is True
|
||||
assert packet["approval_required"] is True
|
||||
assert packet["approval_granted"] is False
|
||||
assert packet["target_room_env"] == "SRE_GROUP_CHAT_ID"
|
||||
assert packet["target_room_value_visible"] is False
|
||||
assert packet["selected_message_type"] == "not_selected"
|
||||
assert packet["proposed_time_window"] == "waiting_commander_input"
|
||||
assert set(packet["eligible_message_types"]) == {
|
||||
message_type["message_type"] for message_type in bridge["message_types"]
|
||||
}
|
||||
assert len(packet["operator_approval_fields"]) == 7
|
||||
assert len(packet["stop_conditions"]) == 6
|
||||
assert len(packet["mute_rollback_plan"]) == 5
|
||||
assert len(packet["receipt_readback_plan"]["required_checks"]) == 6
|
||||
assert packet["approval_decision_log"] == []
|
||||
|
||||
for field in packet["operator_approval_fields"]:
|
||||
assert field["required"] is True
|
||||
assert field["current_value_status"] == "waiting_input"
|
||||
assert field["value_display_allowed"] is False
|
||||
|
||||
assert packet["rate_limit_plan"]["max_messages"] == 1
|
||||
assert packet["rate_limit_plan"]["live_rate_limit_write_enabled"] is False
|
||||
assert packet["receipt_readback_plan"]["production_receipt_write_enabled"] is False
|
||||
assert packet["receipt_readback_plan"]["receipt_readback_enabled_before_send"] is False
|
||||
assert all(value is False for value in packet["execution_flags"].values())
|
||||
|
||||
|
||||
def test_rejects_telegram_send_enabled(tmp_path: Path) -> None:
|
||||
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
||||
snapshot["telegram_runtime_bridge"]["telegram_send_enabled"] = True
|
||||
@@ -194,6 +244,39 @@ def test_rejects_canary_live_send_enabled(tmp_path: Path) -> None:
|
||||
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
||||
|
||||
|
||||
def test_rejects_canary_send_approval_granted(tmp_path: Path) -> None:
|
||||
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
||||
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
|
||||
packet["approval_granted"] = True
|
||||
snapshot["rollups"]["canary_approval_granted_count"] = 1
|
||||
_write_snapshot(tmp_path, snapshot)
|
||||
|
||||
with pytest.raises(ValueError, match="canary_send_approval_packet mismatch"):
|
||||
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
||||
|
||||
|
||||
def test_rejects_canary_send_execution_enabled(tmp_path: Path) -> None:
|
||||
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
||||
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
|
||||
packet["execution_flags"]["canary_send_execution_enabled"] = True
|
||||
snapshot["rollups"]["canary_send_execution_enabled_count"] = 1
|
||||
_write_snapshot(tmp_path, snapshot)
|
||||
|
||||
with pytest.raises(ValueError, match="canary send execution flags mismatch"):
|
||||
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
||||
|
||||
|
||||
def test_rejects_selected_canary_message_type_without_approval(tmp_path: Path) -> None:
|
||||
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
||||
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
|
||||
packet["selected_message_type"] = "daily_agent_workload_digest"
|
||||
snapshot["rollups"]["canary_selected_message_type_count"] = 1
|
||||
_write_snapshot(tmp_path, snapshot)
|
||||
|
||||
with pytest.raises(ValueError, match="canary_send_approval_packet mismatch"):
|
||||
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
||||
|
||||
|
||||
def test_rejects_high_risk_without_approval(tmp_path: Path) -> None:
|
||||
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
||||
high_task = next(task for task in snapshot["professional_tasks"] if task["risk_tier"] == "high")
|
||||
|
||||
@@ -17,9 +17,9 @@ def test_ai_agent_professional_task_expansion_endpoint() -> None:
|
||||
assert response.status_code == 200
|
||||
payload = response.json()
|
||||
assert payload["schema_version"] == "ai_agent_professional_task_expansion_v1"
|
||||
assert payload["program_status"]["current_task_id"] == "P2-405B"
|
||||
assert payload["program_status"]["next_task_id"] == "P2-405C"
|
||||
assert payload["program_status"]["overall_completion_percent"] == 88
|
||||
assert payload["program_status"]["current_task_id"] == "P2-405C"
|
||||
assert payload["program_status"]["next_task_id"] == "P2-405D"
|
||||
assert payload["program_status"]["overall_completion_percent"] == 92
|
||||
assert payload["program_status"]["runtime_authority"] == (
|
||||
"professional_task_expansion_and_telegram_bridge_read_only_no_send"
|
||||
)
|
||||
@@ -42,6 +42,17 @@ def test_ai_agent_professional_task_expansion_endpoint() -> None:
|
||||
assert payload["rollups"]["receipt_expectation_count"] == 6
|
||||
assert payload["rollups"]["canary_approval_package_count"] == 1
|
||||
assert payload["rollups"]["preview_send_enabled_count"] == 0
|
||||
assert payload["rollups"]["canary_send_approval_packet_count"] == 1
|
||||
assert payload["rollups"]["canary_operator_approval_field_count"] == 7
|
||||
assert payload["rollups"]["canary_approval_granted_count"] == 0
|
||||
assert payload["rollups"]["canary_send_execution_enabled_count"] == 0
|
||||
assert payload["rollups"]["canary_gateway_queue_write_enabled_count"] == 0
|
||||
assert payload["rollups"]["canary_bot_api_call_enabled_count"] == 0
|
||||
assert payload["telegram_runtime_bridge"]["canary_approval_package"]["live_send_enabled"] is False
|
||||
assert payload["telegram_runtime_bridge"]["canary_send_approval_packet"]["approval_granted"] is False
|
||||
assert (
|
||||
payload["telegram_runtime_bridge"]["canary_send_approval_packet"]["selected_message_type"]
|
||||
== "not_selected"
|
||||
)
|
||||
assert len(payload["telegram_runtime_bridge"]["no_send_message_previews"]) == 6
|
||||
assert len(payload["telegram_runtime_bridge"]["receipt_expectations"]) == 6
|
||||
|
||||
Reference in New Issue
Block a user