wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 4 Packages Projects Releases Wiki Activity
Files
main
awoooi/apps/api/tests/test_public_redaction.py
Your Name 2afb7c0ab9
All checks were successful
Code Review / ai-code-review (push) Successful in 34s
Details
CD Pipeline / tests (push) Successful in 1m35s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m47s
Details
CD Pipeline / post-deploy-checks (push) Successful in 1m34s
Details
fix(governance): harden agent evidence redaction
2026-06-13 10:32:20 +08:00

88 lines
2.9 KiB
Python
Raw Permalink Blame History

from __future__ import annotations
from src.api.v1.monitoring import public_monitoring_tool_payload
from src.services.public_redaction import redact_public_lan_text, redact_public_lan_topology
def test_redact_public_lan_text_replaces_internal_endpoints_with_aliases() -> None:
value = (
"image=192.168.0.110:5000/library/api "
"scanner=http://192.168.0.112:8080/health "
"ollama=`192.168.0.188:11434` "
"local=192.168.0.111 "
"dev=192.168.0.168 "
"unknown=192.168.0.222:1234"
)
redacted = redact_public_lan_text(value)
assert "192.168.0." not in redacted
assert "host:public-gateway/registry/library/api" in redacted
assert "scanner=host:kali-readonly/scanner/health" in redacted
assert "ollama=`host:observability-a/ollama`" in redacted
assert "local=host:dev-a" in redacted
assert "dev=host:dev-b" in redacted
assert "unknown=host:internal-node" in redacted
def test_redact_public_lan_topology_recurses_json_values() -> None:
payload = {
"safe_key": "unchanged",
"nested": [{"endpoint": "192.168.0.188:3301"}],
}
redacted = redact_public_lan_topology(payload)
assert redacted["safe_key"] == "unchanged"
assert redacted["nested"][0]["endpoint"] == "host:observability-a/signoz"
def test_redact_public_lan_text_replaces_internal_work_context_terms() -> None:
redacted = redact_public_lan_text("不得顯示工作視窗對話、批准!繼續 或 source_thread_id")
assert "工作視窗" not in redacted
assert "批准!" not in redacted
assert "source_thread_id" not in redacted
assert "內部協作環境" in redacted
def test_redact_public_lan_text_replaces_sensitive_evidence_terms() -> None:
redacted = redact_public_lan_text(
"raw payload / private reasoning / authorization header / secret value / "
"raw tool output / work window transcript"
)
assert "raw payload" not in redacted
assert "private reasoning" not in redacted
assert "authorization header" not in redacted
assert "secret value" not in redacted
assert "raw tool output" not in redacted
assert "work window transcript" not in redacted
assert "原始載荷" in redacted
assert "授權標頭" in redacted
assert "機密明文" in redacted
def test_public_monitoring_tool_payload_drops_internal_probe_url() -> None:
payload = public_monitoring_tool_payload(
{
"name": "Grafana",
"status": "up",
"url": "http://192.168.0.110:3002",
}
)
assert "url" not in payload
def test_public_monitoring_tool_payload_uses_public_route_when_available() -> None:
payload = public_monitoring_tool_payload(
{
"name": "SigNoz",
"status": "up",
"url": "http://192.168.0.188:3301",
}
)
assert payload["url"] == "https://signoz.wooo.work"
Reference in New Issue View Git Blame Copy Permalink