131 lines
5.6 KiB
Python
131 lines
5.6 KiB
Python
import copy
|
|
import json
|
|
|
|
import pytest
|
|
|
|
from src.services.ai_agent_operation_permission_model import (
|
|
load_latest_ai_agent_operation_permission_model,
|
|
)
|
|
|
|
|
|
def _write_snapshot(tmp_path, payload):
|
|
path = tmp_path / "ai_agent_operation_permission_model_2026-06-12.json"
|
|
path.write_text(json.dumps(payload), encoding="utf-8")
|
|
return path
|
|
|
|
|
|
def test_load_latest_ai_agent_operation_permission_model():
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
|
|
assert data["schema_version"] == "ai_agent_operation_permission_model_v1"
|
|
assert data["program_status"]["current_task_id"] == "P2-101"
|
|
assert data["program_status"]["next_task_id"] == "P2-102"
|
|
assert data["program_status"]["overall_completion_percent"] == 97
|
|
assert data["operation_permission_truth"]["permission_model_ready"] is True
|
|
assert data["operation_permission_truth"]["operation_category_matrix_ready"] is True
|
|
assert data["operation_permission_truth"]["runtime_execution_enabled"] is False
|
|
assert data["operation_permission_truth"]["gateway_queue_write_enabled"] is False
|
|
assert data["operation_permission_truth"]["telegram_send_enabled"] is False
|
|
assert data["operation_permission_truth"]["telegram_bot_api_call_enabled"] is False
|
|
assert data["operation_permission_truth"]["ai_runtime_worker_enabled"] is False
|
|
assert data["operation_permission_truth"]["medium_low_auto_worker_enabled"] is False
|
|
assert data["operation_permission_truth"]["production_write_enabled"] is False
|
|
assert data["operation_permission_truth"]["secret_value_read_enabled"] is False
|
|
assert data["operation_permission_truth"]["destructive_operation_enabled"] is False
|
|
assert data["rollups"]["permission_lane_count"] == 5
|
|
assert data["rollups"]["operation_category_count"] == 13
|
|
assert data["rollups"]["observe_only_category_count"] == 2
|
|
assert data["rollups"]["no_write_replay_allowed_category_count"] == 2
|
|
assert data["rollups"]["proposal_only_category_count"] == 2
|
|
assert data["rollups"]["human_approval_required_category_count"] == 4
|
|
assert data["rollups"]["explicitly_blocked_category_count"] == 3
|
|
assert data["rollups"]["agent_role_count"] == 3
|
|
assert data["rollups"]["gate_transition_count"] == 8
|
|
assert data["rollups"]["operator_decision_template_count"] == 5
|
|
assert data["rollups"]["runtime_execution_count"] == 0
|
|
assert data["rollups"]["gateway_queue_write_count"] == 0
|
|
assert data["rollups"]["telegram_send_count"] == 0
|
|
assert data["rollups"]["production_write_count"] == 0
|
|
assert data["rollups"]["destructive_operation_count"] == 0
|
|
|
|
|
|
def test_rejects_runtime_execution_enabled(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["operation_permission_truth"]["runtime_execution_enabled"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="live execution/send/write flags"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_gateway_queue_write_count(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["operation_permission_truth"]["gateway_queue_write_count_24h"] = 1
|
|
bad["rollups"]["gateway_queue_write_count"] = 1
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="live execution/send/write counts"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_lane_live_execution(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["permission_lanes"][0]["live_execution_allowed"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="live_execution_allowed"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_category_telegram_send(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["operation_categories"][0]["telegram_send_allowed"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="telegram_send_allowed"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_agent_self_approval(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["agent_permission_roles"][0]["self_approval_allowed"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="self_approval_allowed"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_gate_opening_live_execution(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["gate_transitions"][0]["opens_live_execution"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="opens_live_execution"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_template_runtime_action(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["operator_decision_templates"][0]["creates_runtime_action"] = True
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="creates_runtime_action"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|
|
|
|
|
|
def test_rejects_rollup_mismatch(tmp_path):
|
|
data = load_latest_ai_agent_operation_permission_model()
|
|
bad = copy.deepcopy(data)
|
|
bad["rollups"]["operation_category_count"] = 999
|
|
_write_snapshot(tmp_path, bad)
|
|
|
|
with pytest.raises(ValueError, match="rollup counts"):
|
|
load_latest_ai_agent_operation_permission_model(tmp_path)
|