feat(awooop): mirror AI alert card metadata

This commit is contained in:
ogt
2026-06-25 09:20:14 +08:00
parent 0bea34efda
commit dc91dc76e4
4 changed files with 121 additions and 1 deletions

View File

@@ -1,6 +1,7 @@
from __future__ import annotations
from src.services.telegram_gateway import (
format_aiops_signal_alert_card,
_outbound_source_envelope,
_sanitize_telegram_error,
)
@@ -139,3 +140,39 @@ def test_outbound_source_envelope_reads_ai_advisory_refs_without_raw_callback()
"ai_advisory:coverage_gap:auto_rule_creation"
]
assert "ai_advisory_handled:coverage_gap:auto_rule_creation" not in str(envelope)
def test_outbound_source_envelope_marks_wazuh_ai_alert_card_for_awooop_readback() -> None:
raw_alert = """
wazuh_dashboard_api_readback_degraded dashboard agent list disappeared
POST /api/check-stored-api status=429 POST /api/check-api status=500
https://127.0.0.1:55000 is unreachable manager registry readback blocked
full_log=/var/ossec/logs/alerts/alerts.json Authorization: Bearer abcdefghijklmnopqrstuvwxyz
"""
card = format_aiops_signal_alert_card(raw_alert)
payload = {
"chat_id": "-100123",
"text": card,
"parse_mode": "HTML",
}
envelope = _outbound_source_envelope("sendMessage", payload)
card_metadata = envelope["ai_automation_alert_card"]
assert card_metadata["schema_version"] == "ai_automation_alert_card_mirror_v1"
assert card_metadata["card_schema"] == "ai_automation_alert_card_v1"
assert card_metadata["event_type"] == "wazuh_dashboard_api_readback_degraded"
assert card_metadata["lane"] == "siem_observability_readback_degraded"
assert card_metadata["target"] == "wazuh_dashboard_api"
assert card_metadata["gates"] == ["candidate_only", "runtime_write_gate=0"]
assert card_metadata["runtime_write_gate_count"] == 0
assert card_metadata["delivery_receipt_readback_required"] is True
assert envelope["source_refs"]["alert_ids"] == [
"wazuh_dashboard_api_readback_degraded"
]
assert envelope["source_refs"]["fingerprints"] == [
"ai_automation_alert_card:wazuh_dashboard_api_readback_degraded:siem_observability_readback_degraded"
]
assert "127.0.0.1:55000" not in str(envelope)
assert "/var/ossec" not in str(envelope)
assert "abcdefghijkl" not in str(envelope)