2932 lines
148 KiB
Python
Executable File
2932 lines
148 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
"""Validate the mirror-only security progress guardrails.
|
|
|
|
This script is intentionally read-only. It checks committed snapshots only and
|
|
does not call GitHub, Gitea, Kali, AwoooP, or any runtime API.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
import argparse
|
|
import json
|
|
from pathlib import Path
|
|
from typing import Any
|
|
|
|
|
|
def load_json(path: Path) -> dict[str, Any]:
|
|
return json.loads(path.read_text(encoding="utf-8"))
|
|
|
|
|
|
def assert_equal(label: str, actual: Any, expected: Any) -> None:
|
|
if actual != expected:
|
|
raise SystemExit(f"BLOCKED {label}: expected {expected!r}, got {actual!r}")
|
|
|
|
|
|
def assert_false(label: str, actual: Any) -> None:
|
|
assert_equal(label, actual, False)
|
|
|
|
|
|
def assert_true(label: str, actual: Any) -> None:
|
|
assert_equal(label, actual, True)
|
|
|
|
|
|
def assert_contains(label: str, values: list[Any], expected: Any) -> None:
|
|
if expected not in values:
|
|
raise SystemExit(f"BLOCKED {label}: missing {expected!r}")
|
|
|
|
|
|
def validate(root: Path) -> None:
|
|
security_dir = root / "docs" / "security"
|
|
|
|
manifest = load_json(security_dir / "security-supply-chain-contract-manifest.snapshot.json")
|
|
readiness = load_json(security_dir / "security-mirror-readiness.snapshot.json")
|
|
rollup = load_json(security_dir / "security-mirror-status-rollup.snapshot.json")
|
|
intake = load_json(security_dir / "security-mirror-intake-plan.snapshot.json")
|
|
event_sample = load_json(security_dir / "security-mirror-event-sample.snapshot.json")
|
|
route = load_json(security_dir / "security-mirror-route.snapshot.json")
|
|
acceptance = load_json(security_dir / "security-mirror-acceptance.snapshot.json")
|
|
dry_run = load_json(security_dir / "security-mirror-dry-run.snapshot.json")
|
|
owner_rollup = load_json(security_dir / "source-control-owner-response-validation-rollup.snapshot.json")
|
|
primary_gate = load_json(security_dir / "source-control-primary-readiness-gate.snapshot.json")
|
|
rollout_policy = load_json(security_dir / "security-rollout-policy.snapshot.json")
|
|
iwooos_projection = load_json(security_dir / "iwooos-posture-projection.snapshot.json")
|
|
|
|
manifest_count = manifest["contract_count"]
|
|
readiness_summary = readiness["summary"]
|
|
rollup_summary = rollup["summary"]
|
|
|
|
assert_equal("manifest.contract_count", manifest_count, 36)
|
|
assert_equal("readiness.total_contracts", readiness_summary["total_contracts"], manifest_count)
|
|
assert_equal("rollup.total_contracts", rollup_summary["total_contracts"], manifest_count)
|
|
assert_equal("rollup.ready_for_mirror_count", rollup_summary["ready_for_mirror_count"], 33)
|
|
assert_equal("rollup.partial_ready_count", rollup_summary["partial_ready_count"], 2)
|
|
assert_equal("rollup.contract_only_count", rollup_summary["contract_only_count"], 1)
|
|
assert_equal("rollup.blocked_count", rollup_summary["blocked_count"], 0)
|
|
assert_contains(
|
|
"manifest.contracts",
|
|
[item["contract"] for item in manifest["contracts"]],
|
|
"iwooos_posture_projection_v1",
|
|
)
|
|
assert_contains(
|
|
"readiness.contract_readiness",
|
|
[item["contract"] for item in readiness["contract_readiness"]],
|
|
"iwooos_posture_projection_v1",
|
|
)
|
|
assert_contains(
|
|
"rollup.source_indexes",
|
|
rollup["source_indexes"],
|
|
"docs/security/iwooos-posture-projection.snapshot.json",
|
|
)
|
|
assert_equal("event_sample.payload_summary.total_contracts", event_sample["payload_summary"]["total_contracts"], manifest_count)
|
|
assert_equal(
|
|
"event_sample.payload_summary.ready_for_mirror_count",
|
|
event_sample["payload_summary"]["ready_for_mirror_count"],
|
|
readiness_summary["ready_for_mirror_count"],
|
|
)
|
|
assert_contains(
|
|
"event_sample.evidence_refs",
|
|
event_sample["evidence_refs"],
|
|
"docs/security/IWOOOS-POSTURE-PROJECTION.md",
|
|
)
|
|
assert_equal("route.summary.total_contracts", route["summary"]["total_contracts"], manifest_count)
|
|
route_contracts = sorted({contract for group in route["route_groups"] for contract in group["contracts"]})
|
|
assert_equal("route.contract_coverage", route_contracts, sorted(item["contract"] for item in manifest["contracts"]))
|
|
assert_contains(
|
|
"intake.source_indexes",
|
|
intake["source_indexes"],
|
|
"docs/security/iwooos-posture-projection.snapshot.json",
|
|
)
|
|
intake_contracts = [contract for wave in intake["intake_waves"] for contract in wave["contracts"]]
|
|
assert_contains("intake.contracts", intake_contracts, "iwooos_posture_projection_v1")
|
|
|
|
progress = rollup["progress_estimate"]
|
|
assert_equal("progress.overall_percent", progress["overall_percent"], 58)
|
|
assert_equal("progress.framework_percent_min", progress["framework_percent_min"], 80)
|
|
assert_equal("progress.framework_percent_max", progress["framework_percent_max"], 85)
|
|
assert_equal("progress.runtime_landing_percent_min", progress["runtime_landing_percent_min"], 35)
|
|
assert_equal("progress.runtime_landing_percent_max", progress["runtime_landing_percent_max"], 40)
|
|
assert_true("progress.not_authorization", progress["not_authorization"])
|
|
|
|
progress_display_policy = rollup["progress_display_policy"]
|
|
assert_equal("progress_display_policy.headline_percent", progress_display_policy["headline_percent"], 58)
|
|
assert_equal(
|
|
"progress_display_policy.headline_status",
|
|
progress_display_policy["headline_status"],
|
|
"holding_until_owner_response_or_runtime_gate",
|
|
)
|
|
assert_true("progress_display_policy.recent_micro_progress_visible", progress_display_policy["recent_micro_progress_visible"])
|
|
assert_false(
|
|
"progress_display_policy.runtime_execution_authorized",
|
|
progress_display_policy["runtime_execution_authorized"],
|
|
)
|
|
assert_true("progress_display_policy.not_authorization", progress_display_policy["not_authorization"])
|
|
|
|
progress_delta_ledger = rollup["progress_delta_ledger"]
|
|
expected_delta_ids = [
|
|
"s4_10_owner_response_request_packet",
|
|
"s4_10_owner_response_template_status_ledger",
|
|
"s4_10_owner_response_audit_event_templates",
|
|
"s4_10_owner_response_redaction_examples",
|
|
"s4_10_owner_response_collection_checks",
|
|
"s4_10_owner_response_intake_preflight_checks",
|
|
"s4_11_ref_truth_owner_response_request_packet",
|
|
"s4_11_ref_truth_owner_response_template_status_ledger",
|
|
"s4_11_ref_truth_owner_response_audit_event_templates",
|
|
"s4_11_ref_truth_owner_response_redaction_examples",
|
|
"s4_11_ref_truth_owner_response_collection_checks",
|
|
"s4_11_ref_truth_owner_response_intake_preflight_checks",
|
|
"s4_12_workflow_secret_name_owner_response_request_packet",
|
|
"s4_12_workflow_secret_name_owner_response_template_status_ledger",
|
|
"s4_12_workflow_secret_name_owner_response_audit_event_templates",
|
|
"s4_12_workflow_secret_name_owner_response_redaction_examples",
|
|
"s4_12_workflow_secret_name_owner_response_collection_checks",
|
|
"s4_12_workflow_secret_name_owner_response_intake_preflight_checks",
|
|
"s4_13_owner_response_validation_evidence_routing_rules",
|
|
"s4_13_owner_response_validation_display_sections",
|
|
"s4_13_owner_response_validation_state_transition_rules",
|
|
"s4_13_owner_response_validation_reviewer_checklist",
|
|
"s4_13_owner_response_validation_reviewer_outcome_lanes",
|
|
"s4_13_owner_response_validation_reviewer_audit_event_templates",
|
|
"s4_13_owner_response_validation_reviewer_audit_display_sections",
|
|
"s4_13_owner_response_validation_reviewer_audit_collection_checks",
|
|
"s4_13_owner_response_validation_reviewer_audit_redaction_examples",
|
|
"s4_13_owner_response_validation_reviewer_audit_retention_rules",
|
|
"s4_13_owner_response_validation_reviewer_audit_retention_checks",
|
|
"s4_13_owner_response_validation_reviewer_audit_handoff_packets",
|
|
"s4_13_owner_response_validation_reviewer_audit_handoff_checks",
|
|
"s4_13_owner_response_validation_parallel_session_sync_checks",
|
|
"s4_13_owner_response_validation_parallel_session_conflict_lanes",
|
|
"s4_13_owner_response_validation_parallel_session_recovery_checks",
|
|
"s4_13_owner_response_validation_parallel_session_recovery_outcome_lanes",
|
|
"s1_3_low_friction_non_blocking_escalation_lanes",
|
|
"s2_8_iwooos_frontend_posture_entry",
|
|
"s2_9_iwooos_posture_projection_contract",
|
|
"s2_10_iwooos_existing_frontend_surface_integration",
|
|
"s2_11_iwooos_surface_coverage_boundary_matrix",
|
|
"s2_12_iwooos_operator_journey_projection",
|
|
"s2_13_iwooos_owner_evidence_readiness_board",
|
|
"s2_14_iwooos_host_coverage_view",
|
|
"s2_15_iwooos_host_action_gate_matrix",
|
|
"s2_16_iwooos_host_evidence_readiness_board",
|
|
"s2_17_iwooos_host_evidence_collection_order",
|
|
"s2_18_iwooos_host_evidence_intake_preflight",
|
|
"s2_19_iwooos_host_evidence_review_outcome_lanes",
|
|
"s2_20_iwooos_host_evidence_review_handoff_packets",
|
|
"s2_21_iwooos_host_evidence_reviewer_checklist",
|
|
"s2_22_iwooos_host_evidence_reviewer_outcome_lanes",
|
|
"s2_23_iwooos_host_owner_decision_candidate_packets",
|
|
"s2_24_iwooos_host_owner_decision_review_checklist",
|
|
"s2_25_iwooos_host_owner_decision_review_outcome_lanes",
|
|
"s2_26_iwooos_host_owner_decision_record_draft_packets",
|
|
"s2_27_iwooos_host_owner_decision_record_draft_review_checklist",
|
|
"s2_28_iwooos_host_owner_decision_record_draft_review_outcome_lanes",
|
|
"s2_29_iwooos_host_owner_decision_record_writeup_packets",
|
|
"s2_30_iwooos_host_owner_decision_record_writeup_review_checklist",
|
|
"s2_31_iwooos_host_owner_decision_record_writeup_review_outcome_lanes",
|
|
"s2_32_iwooos_host_owner_decision_record_formal_candidate_packets",
|
|
"s2_33_iwooos_host_owner_decision_record_formal_candidate_review_checklist",
|
|
"s2_34_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes",
|
|
"s2_35_iwooos_host_owner_decision_record_formal_record_queue_packets",
|
|
"s2_36_iwooos_host_owner_decision_record_formal_record_queue_review_checklist",
|
|
]
|
|
assert_equal(
|
|
"progress_delta_ledger.delta_ids",
|
|
[item["delta_id"] for item in progress_delta_ledger],
|
|
expected_delta_ids,
|
|
)
|
|
assert_equal(
|
|
"progress_delta_ledger.display_order",
|
|
[item["display_order"] for item in progress_delta_ledger],
|
|
list(range(1, len(expected_delta_ids) + 1)),
|
|
)
|
|
for item in progress_delta_ledger:
|
|
assert_equal(f"progress_delta_ledger.{item['delta_id']}.progress_axis", item["progress_axis"], "framework_detail")
|
|
assert_equal(f"progress_delta_ledger.{item['delta_id']}.headline_percent_delta", item["headline_percent_delta"], 0)
|
|
assert_true(f"progress_delta_ledger.{item['delta_id']}.framework_delta_visible", item["framework_delta_visible"])
|
|
assert_false(f"progress_delta_ledger.{item['delta_id']}.runtime_delta", item["runtime_delta"])
|
|
assert_false(f"progress_delta_ledger.{item['delta_id']}.execution_authorized", item["execution_authorized"])
|
|
assert_true(f"progress_delta_ledger.{item['delta_id']}.not_authorization", item["not_authorization"])
|
|
|
|
assert_false("rollup.runtime_execution_authorized", rollup["runtime_execution_authorized"])
|
|
assert_equal("rollup.active_runtime_gate_count", rollup_summary["active_runtime_gate_count"], 0)
|
|
assert_false("rollup.runtime_actions_executed", rollup_summary["runtime_actions_executed"])
|
|
assert_false("rollup.payloads_ingested", rollup_summary["payloads_ingested"])
|
|
assert_equal("rollup.github_primary_ready_count", rollup_summary["github_primary_ready_count"], 0)
|
|
assert_equal("rollup.owner_response_validation_received_count", rollup_summary["owner_response_validation_received_count"], 0)
|
|
assert_equal("rollup.owner_response_validation_accepted_count", rollup_summary["owner_response_validation_accepted_count"], 0)
|
|
assert_equal("rollup.workflow_secret_inventory_complete_count", rollup_summary["workflow_secret_inventory_complete_count"], 0)
|
|
assert_false("rollup.secret_value_collection_allowed", rollup_summary["secret_value_collection_allowed"])
|
|
assert_false("rollup.secret_value_detected", rollup_summary["secret_value_detected"])
|
|
|
|
assert_equal("rollout_policy.schema_version", rollout_policy["schema_version"], "security_rollout_policy_v1")
|
|
assert_equal("rollout_policy.default_mode", rollout_policy["default_mode"], "observe")
|
|
assert_equal("rollout_policy.enforcement_level", rollout_policy["enforcement_level"], "mirror_only")
|
|
assert_equal("rollout_policy.non_blocking_escalation_lane_count", rollout_policy["non_blocking_escalation_lane_count"], 7)
|
|
expected_low_friction_lane_ids = [
|
|
"lane-low-medium-observation",
|
|
"lane-owner-response-missing",
|
|
"lane-mirror-data-incomplete",
|
|
"lane-source-control-drift-draft",
|
|
"lane-kali-observe-finding",
|
|
"lane-workflow-secret-name-gap",
|
|
"lane-progress-display-holding",
|
|
]
|
|
non_blocking_lanes = rollout_policy["non_blocking_escalation_lanes"]
|
|
assert_equal(
|
|
"rollout_policy.non_blocking_escalation_lanes.ids",
|
|
[item["lane_id"] for item in non_blocking_lanes],
|
|
expected_low_friction_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"rollout_policy.non_blocking_escalation_lanes.display_order",
|
|
[item["display_order"] for item in non_blocking_lanes],
|
|
list(range(1, len(expected_low_friction_lane_ids) + 1)),
|
|
)
|
|
for item in non_blocking_lanes:
|
|
if item["initial_mode"] not in {"observe", "warn"}:
|
|
raise SystemExit(
|
|
f"BLOCKED rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.initial_mode: "
|
|
f"expected observe/warn, got {item['initial_mode']!r}"
|
|
)
|
|
assert_true(
|
|
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.owner_review_required_before_blocking",
|
|
item["owner_review_required_before_blocking"],
|
|
)
|
|
assert_false(
|
|
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.runtime_blocking_allowed",
|
|
item["runtime_blocking_allowed"],
|
|
)
|
|
assert_equal(
|
|
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.awooop_display_mode",
|
|
item["awooop_display_mode"],
|
|
"display_low_friction_non_blocking_lane_only",
|
|
)
|
|
assert_true(
|
|
f"rollout_policy.non_blocking_escalation_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
rollout_outputs = rollout_policy["allowed_awooop_outputs"]
|
|
for output in [
|
|
"display_non_blocking_escalation_lanes",
|
|
"create_followup_without_blocking",
|
|
"show_owner_review_required_before_blocking",
|
|
"keep_runtime_blocking_false",
|
|
]:
|
|
assert_contains("rollout_policy.allowed_awooop_outputs", rollout_outputs, output)
|
|
|
|
assert_equal("iwooos_projection.schema_version", iwooos_projection["schema_version"], "iwooos_posture_projection_v1")
|
|
assert_equal("iwooos_projection.product_id", iwooos_projection["product_id"], "iwooos")
|
|
assert_equal("iwooos_projection.display_name", iwooos_projection["display_name"], "IwoooS")
|
|
assert_equal("iwooos_projection.mode", iwooos_projection["mode"], "mirror_only")
|
|
assert_false("iwooos_projection.runtime_execution_authorized", iwooos_projection["runtime_execution_authorized"])
|
|
assert_false("iwooos_projection.action_buttons_allowed", iwooos_projection["action_buttons_allowed"])
|
|
assert_true("iwooos_projection.not_authorization", iwooos_projection["not_authorization"])
|
|
assert_equal("iwooos_projection.summary.route_path", iwooos_projection["summary"]["route_path"], "/iwooos")
|
|
assert_true("iwooos_projection.summary.nav_entry_added", iwooos_projection["summary"]["nav_entry_added"])
|
|
assert_true(
|
|
"iwooos_projection.summary.command_palette_entry_added",
|
|
iwooos_projection["summary"]["command_palette_entry_added"],
|
|
)
|
|
assert_equal("iwooos_projection.summary.contract_count", iwooos_projection["summary"]["contract_count"], manifest_count)
|
|
assert_equal(
|
|
"iwooos_projection.summary.active_runtime_gate_count",
|
|
iwooos_projection["summary"]["active_runtime_gate_count"],
|
|
rollup_summary["active_runtime_gate_count"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.owner_response_validation_received_count",
|
|
iwooos_projection["summary"]["owner_response_validation_received_count"],
|
|
rollup_summary["owner_response_validation_received_count"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.owner_response_validation_accepted_count",
|
|
iwooos_projection["summary"]["owner_response_validation_accepted_count"],
|
|
rollup_summary["owner_response_validation_accepted_count"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.github_primary_ready_count",
|
|
iwooos_projection["summary"]["github_primary_ready_count"],
|
|
rollup_summary["github_primary_ready_count"],
|
|
)
|
|
assert_false("iwooos_projection.summary.action_buttons_allowed", iwooos_projection["summary"]["action_buttons_allowed"])
|
|
expected_iwooos_surface_ids = [
|
|
"security_compliance",
|
|
"legacy_security",
|
|
"legacy_compliance",
|
|
"alerts",
|
|
"errors",
|
|
"authorizations",
|
|
"governance",
|
|
"alert_operation_logs",
|
|
"awooop_approvals",
|
|
"code_review",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.summary.existing_frontend_surface_count",
|
|
iwooos_projection["summary"]["existing_frontend_surface_count"],
|
|
len(expected_iwooos_surface_ids),
|
|
)
|
|
expected_iwooos_coverage_group_ids = [
|
|
"signals_and_exposure",
|
|
"human_control_boundary",
|
|
"governance_and_audit",
|
|
"engineering_review",
|
|
]
|
|
expected_iwooos_conflict_control_ids = [
|
|
"preserve_original_route_ownership",
|
|
"no_runtime_lift_from_index",
|
|
"code_review_not_deploy_gate",
|
|
"awooop_approval_not_security_approval",
|
|
"frontend_index_does_not_call_kali",
|
|
]
|
|
expected_iwooos_journey_step_ids = [
|
|
"read_current_posture",
|
|
"open_existing_security_surface",
|
|
"triage_non_blocking_lane",
|
|
"collect_owner_evidence",
|
|
"wait_for_human_decision",
|
|
"prepare_followup_runtime_gate",
|
|
]
|
|
expected_iwooos_evidence_readiness_item_ids = [
|
|
"s4_9_gitea_owner_attestation_response",
|
|
"s4_10_github_target_owner_response",
|
|
"s4_11_refs_truth_owner_response",
|
|
"s4_12_workflow_secret_owner_response",
|
|
"s1_6_redacted_finding_ingestion",
|
|
"s1_6_kali_scan_scope_approval",
|
|
"s3_4_followup_runtime_gate",
|
|
]
|
|
expected_iwooos_host_coverage_item_ids = [
|
|
"kali_112_security_host",
|
|
"dev_168_development_host",
|
|
"dev_111_development_host",
|
|
]
|
|
expected_iwooos_host_action_gate_item_ids = [
|
|
"host_active_scan_gate",
|
|
"host_credentialed_scan_gate",
|
|
"kali_execute_gate",
|
|
"ssh_host_change_gate",
|
|
"kali_host_update_gate",
|
|
"runtime_blocking_control_gate",
|
|
]
|
|
expected_iwooos_host_evidence_readiness_item_ids = [
|
|
"host_scope_boundary_evidence",
|
|
"host_owner_decision_record_evidence",
|
|
"host_credential_handling_evidence",
|
|
"host_maintenance_window_evidence",
|
|
"host_rollback_plan_evidence",
|
|
"host_validation_metrics_evidence",
|
|
"host_redacted_ingestion_evidence",
|
|
]
|
|
expected_iwooos_host_evidence_collection_step_ids = [
|
|
"collect_scope_boundary_first",
|
|
"collect_owner_decision_second",
|
|
"collect_credential_handling_third",
|
|
"collect_maintenance_window_fourth",
|
|
"collect_rollback_plan_fifth",
|
|
"collect_validation_metrics_sixth",
|
|
"collect_redacted_ingestion_seventh",
|
|
]
|
|
expected_iwooos_host_evidence_intake_preflight_check_ids = [
|
|
"host_metadata_pointer_shape_check",
|
|
"host_collection_dependency_order_check",
|
|
"host_scope_boundary_before_scan_check",
|
|
"host_owner_decision_before_change_check",
|
|
"host_credential_plaintext_rejection_check",
|
|
"host_raw_payload_rejection_check",
|
|
"host_counter_transition_freeze_check",
|
|
]
|
|
expected_iwooos_host_evidence_review_outcome_lane_ids = [
|
|
"host_ready_for_human_review_lane",
|
|
"host_needs_scope_evidence_lane",
|
|
"host_needs_owner_decision_lane",
|
|
"host_quarantine_dependency_skip_lane",
|
|
"host_reject_raw_payload_lane",
|
|
"host_reject_credential_plaintext_lane",
|
|
"host_waiting_runtime_gate_lane",
|
|
]
|
|
expected_iwooos_host_evidence_review_handoff_packet_ids = [
|
|
"host_scope_summary_handoff_packet",
|
|
"host_owner_decision_handoff_packet",
|
|
"host_credential_handling_handoff_packet",
|
|
"host_maintenance_rollback_handoff_packet",
|
|
"host_validation_metrics_handoff_packet",
|
|
"host_redaction_attestation_handoff_packet",
|
|
"host_runtime_gate_pointer_handoff_packet",
|
|
]
|
|
expected_iwooos_host_evidence_reviewer_checklist_item_ids = [
|
|
"host_scope_boundary_match_check",
|
|
"host_owner_decision_scope_expiry_check",
|
|
"host_credential_handling_metadata_only_check",
|
|
"host_redaction_attestation_pass_check",
|
|
"host_maintenance_rollback_complete_check",
|
|
"host_validation_metrics_linked_check",
|
|
"host_runtime_gate_separated_check",
|
|
]
|
|
expected_iwooos_host_evidence_reviewer_outcome_lane_ids = [
|
|
"host_ready_for_owner_decision_outcome_lane",
|
|
"host_scope_mismatch_outcome_lane",
|
|
"host_owner_decision_expired_outcome_lane",
|
|
"host_credential_metadata_failed_outcome_lane",
|
|
"host_redaction_failed_outcome_lane",
|
|
"host_rollback_missing_outcome_lane",
|
|
"host_runtime_gate_required_outcome_lane",
|
|
]
|
|
expected_iwooos_host_owner_decision_candidate_packet_ids = [
|
|
"host_scope_approval_candidate_packet",
|
|
"host_scan_mode_candidate_packet",
|
|
"host_credential_handling_candidate_packet",
|
|
"host_maintenance_window_candidate_packet",
|
|
"host_rollback_owner_candidate_packet",
|
|
"host_validation_metrics_candidate_packet",
|
|
"host_runtime_gate_candidate_packet",
|
|
]
|
|
expected_iwooos_host_owner_decision_review_checklist_item_ids = [
|
|
"host_scope_boundary_readable_review_check",
|
|
"host_scan_mode_not_authorization_review_check",
|
|
"host_credential_boundary_metadata_only_review_check",
|
|
"host_maintenance_window_not_change_review_check",
|
|
"host_rollback_owner_readable_review_check",
|
|
"host_validation_metrics_predefined_review_check",
|
|
"host_runtime_gate_still_separate_review_check",
|
|
]
|
|
expected_iwooos_host_owner_decision_review_outcome_lane_ids = [
|
|
"host_ready_for_decision_record_outcome_lane",
|
|
"host_scope_refresh_required_decision_outcome_lane",
|
|
"host_scan_mode_scope_required_decision_outcome_lane",
|
|
"host_credential_boundary_failed_decision_outcome_lane",
|
|
"host_maintenance_window_required_decision_outcome_lane",
|
|
"host_rollback_owner_required_decision_outcome_lane",
|
|
"host_runtime_gate_required_decision_outcome_lane",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_draft_packet_ids = [
|
|
"host_decision_record_scope_draft_packet",
|
|
"host_decision_record_scan_mode_draft_packet",
|
|
"host_decision_record_credential_boundary_draft_packet",
|
|
"host_decision_record_maintenance_constraints_draft_packet",
|
|
"host_decision_record_rollback_owner_draft_packet",
|
|
"host_decision_record_validation_metrics_draft_packet",
|
|
"host_decision_record_runtime_gate_draft_packet",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids = [
|
|
"host_decision_record_scope_statement_review_check",
|
|
"host_decision_record_scan_mode_review_check",
|
|
"host_decision_record_credential_boundary_review_check",
|
|
"host_decision_record_maintenance_constraints_review_check",
|
|
"host_decision_record_rollback_owner_review_check",
|
|
"host_decision_record_validation_metrics_review_check",
|
|
"host_decision_record_runtime_gate_review_check",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_draft_review_outcome_lane_ids = [
|
|
"host_decision_record_ready_for_writeup_outcome_lane",
|
|
"host_decision_record_scope_draft_incomplete_outcome_lane",
|
|
"host_decision_record_scan_mode_ambiguous_outcome_lane",
|
|
"host_decision_record_credential_boundary_incomplete_outcome_lane",
|
|
"host_decision_record_maintenance_constraints_incomplete_outcome_lane",
|
|
"host_decision_record_rollback_owner_incomplete_outcome_lane",
|
|
"host_decision_record_runtime_gate_required_outcome_lane",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_writeup_packet_ids = [
|
|
"host_decision_record_summary_writeup_packet",
|
|
"host_decision_record_scope_writeup_packet",
|
|
"host_decision_record_scan_mode_limits_writeup_packet",
|
|
"host_decision_record_credential_boundary_writeup_packet",
|
|
"host_decision_record_maintenance_rollback_writeup_packet",
|
|
"host_decision_record_validation_evidence_writeup_packet",
|
|
"host_decision_record_runtime_gate_pointer_writeup_packet",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_writeup_review_checklist_item_ids = [
|
|
"host_decision_record_summary_writeup_review_check",
|
|
"host_decision_record_scope_writeup_review_check",
|
|
"host_decision_record_scan_mode_limits_writeup_review_check",
|
|
"host_decision_record_credential_boundary_writeup_review_check",
|
|
"host_decision_record_maintenance_rollback_writeup_review_check",
|
|
"host_decision_record_validation_evidence_writeup_review_check",
|
|
"host_decision_record_runtime_gate_writeup_review_check",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_writeup_review_outcome_lane_ids = [
|
|
"host_decision_record_writeup_review_ready_for_formal_record_outcome_lane",
|
|
"host_decision_record_writeup_summary_needs_clarification_outcome_lane",
|
|
"host_decision_record_writeup_scope_expiry_needs_refresh_outcome_lane",
|
|
"host_decision_record_writeup_scan_mode_ambiguous_outcome_lane",
|
|
"host_decision_record_writeup_credential_boundary_failed_outcome_lane",
|
|
"host_decision_record_writeup_maintenance_rollback_incomplete_outcome_lane",
|
|
"host_decision_record_writeup_runtime_gate_required_outcome_lane",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_packet_ids = [
|
|
"host_decision_record_formal_candidate_identity_packet",
|
|
"host_decision_record_formal_candidate_decision_summary_packet",
|
|
"host_decision_record_formal_candidate_approved_scope_packet",
|
|
"host_decision_record_formal_candidate_scan_mode_limits_packet",
|
|
"host_decision_record_formal_candidate_credential_boundary_packet",
|
|
"host_decision_record_formal_candidate_maintenance_rollback_packet",
|
|
"host_decision_record_formal_candidate_validation_runtime_gate_packet",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_checklist_item_ids = [
|
|
"host_decision_record_formal_candidate_identity_review_check",
|
|
"host_decision_record_formal_candidate_summary_review_check",
|
|
"host_decision_record_formal_candidate_scope_review_check",
|
|
"host_decision_record_formal_candidate_scan_limits_review_check",
|
|
"host_decision_record_formal_candidate_credential_boundary_review_check",
|
|
"host_decision_record_formal_candidate_maintenance_rollback_review_check",
|
|
"host_decision_record_formal_candidate_runtime_gate_review_check",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids = [
|
|
"host_decision_record_formal_candidate_review_ready_for_record_queue_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_identity_needs_trace_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_summary_needs_clarification_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_scope_expiry_needs_refresh_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_scan_limits_ambiguous_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_credential_boundary_failed_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_maintenance_rollback_incomplete_outcome_lane",
|
|
"host_decision_record_formal_candidate_review_runtime_gate_required_outcome_lane",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids = [
|
|
"host_decision_record_formal_record_queue_identity_packet",
|
|
"host_decision_record_formal_record_queue_decision_summary_packet",
|
|
"host_decision_record_formal_record_queue_scope_expiry_packet",
|
|
"host_decision_record_formal_record_queue_scan_limits_packet",
|
|
"host_decision_record_formal_record_queue_credential_boundary_packet",
|
|
"host_decision_record_formal_record_queue_maintenance_rollback_packet",
|
|
"host_decision_record_formal_record_queue_validation_runtime_gate_packet",
|
|
"host_decision_record_formal_record_queue_no_execution_attestation_packet",
|
|
]
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids = [
|
|
"host_decision_record_formal_record_queue_review_identity_traceable_check",
|
|
"host_decision_record_formal_record_queue_review_decision_summary_readable_check",
|
|
"host_decision_record_formal_record_queue_review_scope_expiry_fresh_check",
|
|
"host_decision_record_formal_record_queue_review_scan_limits_not_authorization_check",
|
|
"host_decision_record_formal_record_queue_review_credential_boundary_metadata_only_check",
|
|
"host_decision_record_formal_record_queue_review_maintenance_rollback_linked_check",
|
|
"host_decision_record_formal_record_queue_review_validation_runtime_gate_separate_check",
|
|
"host_decision_record_formal_record_queue_review_no_execution_attestation_present_check",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.summary.frontend_surface_coverage_group_count",
|
|
iwooos_projection["summary"]["frontend_surface_coverage_group_count"],
|
|
len(expected_iwooos_coverage_group_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.frontend_surface_conflict_control_count",
|
|
iwooos_projection["summary"]["frontend_surface_conflict_control_count"],
|
|
len(expected_iwooos_conflict_control_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.operator_journey_step_count",
|
|
iwooos_projection["summary"]["operator_journey_step_count"],
|
|
len(expected_iwooos_journey_step_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.owner_evidence_readiness_item_count",
|
|
iwooos_projection["summary"]["owner_evidence_readiness_item_count"],
|
|
len(expected_iwooos_evidence_readiness_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_coverage_item_count",
|
|
iwooos_projection["summary"]["host_coverage_item_count"],
|
|
len(expected_iwooos_host_coverage_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_action_gate_item_count",
|
|
iwooos_projection["summary"]["host_action_gate_item_count"],
|
|
len(expected_iwooos_host_action_gate_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_readiness_item_count",
|
|
iwooos_projection["summary"]["host_evidence_readiness_item_count"],
|
|
len(expected_iwooos_host_evidence_readiness_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_collection_step_count",
|
|
iwooos_projection["summary"]["host_evidence_collection_step_count"],
|
|
len(expected_iwooos_host_evidence_collection_step_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_intake_preflight_check_count",
|
|
iwooos_projection["summary"]["host_evidence_intake_preflight_check_count"],
|
|
len(expected_iwooos_host_evidence_intake_preflight_check_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_review_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_evidence_review_outcome_lane_count"],
|
|
len(expected_iwooos_host_evidence_review_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_review_handoff_packet_count",
|
|
iwooos_projection["summary"]["host_evidence_review_handoff_packet_count"],
|
|
len(expected_iwooos_host_evidence_review_handoff_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_reviewer_checklist_item_count",
|
|
iwooos_projection["summary"]["host_evidence_reviewer_checklist_item_count"],
|
|
len(expected_iwooos_host_evidence_reviewer_checklist_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_evidence_reviewer_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_evidence_reviewer_outcome_lane_count"],
|
|
len(expected_iwooos_host_evidence_reviewer_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_candidate_packet_count",
|
|
iwooos_projection["summary"]["host_owner_decision_candidate_packet_count"],
|
|
len(expected_iwooos_host_owner_decision_candidate_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_review_checklist_item_count",
|
|
iwooos_projection["summary"]["host_owner_decision_review_checklist_item_count"],
|
|
len(expected_iwooos_host_owner_decision_review_checklist_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_review_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_owner_decision_review_outcome_lane_count"],
|
|
len(expected_iwooos_host_owner_decision_review_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_draft_packet_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_draft_packet_count"],
|
|
len(expected_iwooos_host_owner_decision_record_draft_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_draft_review_checklist_item_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_draft_review_checklist_item_count"],
|
|
len(expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_draft_review_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_draft_review_outcome_lane_count"],
|
|
len(expected_iwooos_host_owner_decision_record_draft_review_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_writeup_packet_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_writeup_packet_count"],
|
|
len(expected_iwooos_host_owner_decision_record_writeup_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_writeup_review_checklist_item_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_writeup_review_checklist_item_count"],
|
|
len(expected_iwooos_host_owner_decision_record_writeup_review_checklist_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_writeup_review_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_writeup_review_outcome_lane_count"],
|
|
len(expected_iwooos_host_owner_decision_record_writeup_review_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_formal_candidate_packet_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_formal_candidate_packet_count"],
|
|
len(expected_iwooos_host_owner_decision_record_formal_candidate_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_formal_candidate_review_checklist_item_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_formal_candidate_review_checklist_item_count"],
|
|
len(expected_iwooos_host_owner_decision_record_formal_candidate_review_checklist_item_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_formal_candidate_review_outcome_lane_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_formal_candidate_review_outcome_lane_count"],
|
|
len(expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_formal_record_queue_packet_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_formal_record_queue_packet_count"],
|
|
len(expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.summary.host_owner_decision_record_formal_record_queue_review_checklist_item_count",
|
|
iwooos_projection["summary"]["host_owner_decision_record_formal_record_queue_review_checklist_item_count"],
|
|
len(expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids),
|
|
)
|
|
iwooos_progress = iwooos_projection["progress"]
|
|
assert_equal("iwooos_projection.progress.overall_percent", iwooos_progress["overall_percent"], progress["overall_percent"])
|
|
assert_equal(
|
|
"iwooos_projection.progress.framework_percent_min",
|
|
iwooos_progress["framework_percent_min"],
|
|
progress["framework_percent_min"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.progress.framework_percent_max",
|
|
iwooos_progress["framework_percent_max"],
|
|
progress["framework_percent_max"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.progress.runtime_landing_percent_min",
|
|
iwooos_progress["runtime_landing_percent_min"],
|
|
progress["runtime_landing_percent_min"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.progress.runtime_landing_percent_max",
|
|
iwooos_progress["runtime_landing_percent_max"],
|
|
progress["runtime_landing_percent_max"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.progress.headline_status",
|
|
iwooos_progress["headline_status"],
|
|
progress_display_policy["headline_status"],
|
|
)
|
|
assert_true("iwooos_projection.progress.not_authorization", iwooos_progress["not_authorization"])
|
|
assert_equal(
|
|
"iwooos_projection.posture_pillars.ids",
|
|
[item["pillar_id"] for item in iwooos_projection["posture_pillars"]],
|
|
["exposure_posture", "source_control_supply_chain", "kali_112_mesh", "approval_boundary"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.posture_pillars.display_order",
|
|
[item["display_order"] for item in iwooos_projection["posture_pillars"]],
|
|
[1, 2, 3, 4],
|
|
)
|
|
for item in iwooos_projection["posture_pillars"]:
|
|
assert_equal(f"iwooos_projection.posture_pillars.{item['pillar_id']}.display_mode", item["display_mode"], "posture_only")
|
|
assert_false(
|
|
f"iwooos_projection.posture_pillars.{item['pillar_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_true(f"iwooos_projection.posture_pillars.{item['pillar_id']}.not_authorization", item["not_authorization"])
|
|
iwooos_surfaces = iwooos_projection["existing_frontend_surfaces"]
|
|
assert_equal(
|
|
"iwooos_projection.existing_frontend_surfaces.ids",
|
|
[item["surface_id"] for item in iwooos_surfaces],
|
|
expected_iwooos_surface_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.existing_frontend_surfaces.display_order",
|
|
[item["display_order"] for item in iwooos_surfaces],
|
|
list(range(1, len(expected_iwooos_surface_ids) + 1)),
|
|
)
|
|
for item in iwooos_surfaces:
|
|
assert_equal(
|
|
f"iwooos_projection.existing_frontend_surfaces.{item['surface_id']}.display_mode",
|
|
item["display_mode"],
|
|
"link_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.existing_frontend_surfaces.{item['surface_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.existing_frontend_surfaces.{item['surface_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.existing_frontend_surfaces.{item['surface_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_coverage_groups = iwooos_projection["frontend_surface_coverage_groups"]
|
|
assert_equal(
|
|
"iwooos_projection.frontend_surface_coverage_groups.ids",
|
|
[item["group_id"] for item in iwooos_coverage_groups],
|
|
expected_iwooos_coverage_group_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.frontend_surface_coverage_groups.display_order",
|
|
[item["display_order"] for item in iwooos_coverage_groups],
|
|
list(range(1, len(expected_iwooos_coverage_group_ids) + 1)),
|
|
)
|
|
covered_surface_ids = sorted({surface_id for item in iwooos_coverage_groups for surface_id in item["surface_ids"]})
|
|
assert_equal("iwooos_projection.frontend_surface_coverage_groups.coverage", covered_surface_ids, sorted(expected_iwooos_surface_ids))
|
|
for item in iwooos_coverage_groups:
|
|
assert_equal(
|
|
f"iwooos_projection.frontend_surface_coverage_groups.{item['group_id']}.display_mode",
|
|
item["display_mode"],
|
|
"coverage_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.frontend_surface_coverage_groups.{item['group_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.frontend_surface_coverage_groups.{item['group_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.frontend_surface_coverage_groups.{item['group_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_conflict_controls = iwooos_projection["frontend_surface_conflict_controls"]
|
|
assert_equal(
|
|
"iwooos_projection.frontend_surface_conflict_controls.ids",
|
|
[item["control_id"] for item in iwooos_conflict_controls],
|
|
expected_iwooos_conflict_control_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.frontend_surface_conflict_controls.display_order",
|
|
[item["display_order"] for item in iwooos_conflict_controls],
|
|
list(range(1, len(expected_iwooos_conflict_control_ids) + 1)),
|
|
)
|
|
for item in iwooos_conflict_controls:
|
|
assert_equal(
|
|
f"iwooos_projection.frontend_surface_conflict_controls.{item['control_id']}.display_mode",
|
|
item["display_mode"],
|
|
"conflict_control_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.frontend_surface_conflict_controls.{item['control_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.frontend_surface_conflict_controls.{item['control_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.frontend_surface_conflict_controls.{item['control_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_journey_steps = iwooos_projection["operator_journey_steps"]
|
|
assert_equal(
|
|
"iwooos_projection.operator_journey_steps.ids",
|
|
[item["step_id"] for item in iwooos_journey_steps],
|
|
expected_iwooos_journey_step_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.operator_journey_steps.display_order",
|
|
[item["display_order"] for item in iwooos_journey_steps],
|
|
list(range(1, len(expected_iwooos_journey_step_ids) + 1)),
|
|
)
|
|
for item in iwooos_journey_steps:
|
|
assert_equal(
|
|
f"iwooos_projection.operator_journey_steps.{item['step_id']}.display_mode",
|
|
item["display_mode"],
|
|
"journey_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.operator_journey_steps.{item['step_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.operator_journey_steps.{item['step_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.operator_journey_steps.{item['step_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_evidence_readiness = iwooos_projection["owner_evidence_readiness_items"]
|
|
assert_equal(
|
|
"iwooos_projection.owner_evidence_readiness_items.ids",
|
|
[item["item_id"] for item in iwooos_evidence_readiness],
|
|
expected_iwooos_evidence_readiness_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.owner_evidence_readiness_items.display_order",
|
|
[item["display_order"] for item in iwooos_evidence_readiness],
|
|
list(range(1, len(expected_iwooos_evidence_readiness_item_ids) + 1)),
|
|
)
|
|
for item in iwooos_evidence_readiness:
|
|
assert_equal(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.display_mode",
|
|
item["display_mode"],
|
|
"readiness_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.owner_evidence_readiness_items.{item['item_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_coverage = iwooos_projection["host_coverage_items"]
|
|
assert_equal(
|
|
"iwooos_projection.host_coverage_items.ids",
|
|
[item["host_id"] for item in iwooos_host_coverage],
|
|
expected_iwooos_host_coverage_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_coverage_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_coverage],
|
|
list(range(1, len(expected_iwooos_host_coverage_item_ids) + 1)),
|
|
)
|
|
for item in iwooos_host_coverage:
|
|
assert_equal(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.display_mode",
|
|
item["display_mode"],
|
|
"coverage_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.active_scan_authorized",
|
|
item["active_scan_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.ssh_change_authorized",
|
|
item["ssh_change_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_coverage_items.{item['host_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_action_gates = iwooos_projection["host_action_gate_items"]
|
|
assert_equal(
|
|
"iwooos_projection.host_action_gate_items.ids",
|
|
[item["action_id"] for item in iwooos_host_action_gates],
|
|
expected_iwooos_host_action_gate_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_action_gate_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_action_gates],
|
|
list(range(1, len(expected_iwooos_host_action_gate_item_ids) + 1)),
|
|
)
|
|
for item in iwooos_host_action_gates:
|
|
assert_equal(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.display_mode",
|
|
item["display_mode"],
|
|
"gate_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.active_scan_authorized",
|
|
item["active_scan_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.credentialed_scan_authorized",
|
|
item["credentialed_scan_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.ssh_change_authorized",
|
|
item["ssh_change_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.host_update_authorized",
|
|
item["host_update_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_action_gate_items.{item['action_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_readiness = iwooos_projection["host_evidence_readiness_items"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_readiness_items.ids",
|
|
[item["item_id"] for item in iwooos_host_evidence_readiness],
|
|
expected_iwooos_host_evidence_readiness_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_readiness_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_readiness],
|
|
list(range(1, len(expected_iwooos_host_evidence_readiness_item_ids) + 1)),
|
|
)
|
|
for item in iwooos_host_evidence_readiness:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.display_mode",
|
|
item["display_mode"],
|
|
"evidence_readiness_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.active_scan_authorized",
|
|
item["active_scan_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.credentialed_scan_authorized",
|
|
item["credentialed_scan_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.ssh_change_authorized",
|
|
item["ssh_change_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.host_update_authorized",
|
|
item["host_update_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_readiness_items.{item['item_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_collection_order = iwooos_projection["host_evidence_collection_order"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_collection_order.ids",
|
|
[item["step_id"] for item in iwooos_host_evidence_collection_order],
|
|
expected_iwooos_host_evidence_collection_step_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_collection_order.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_collection_order],
|
|
list(range(1, len(expected_iwooos_host_evidence_collection_step_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_collection_source_ids = [
|
|
"host_scope_boundary_evidence",
|
|
"host_owner_decision_record_evidence",
|
|
"host_credential_handling_evidence",
|
|
"host_maintenance_window_evidence",
|
|
"host_rollback_plan_evidence",
|
|
"host_validation_metrics_evidence",
|
|
"host_redacted_ingestion_evidence",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_collection_order.source_item_ids",
|
|
[item["source_item_id"] for item in iwooos_host_evidence_collection_order],
|
|
expected_iwooos_host_evidence_collection_source_ids,
|
|
)
|
|
expected_iwooos_host_evidence_collection_dependencies = [
|
|
[],
|
|
["collect_scope_boundary_first"],
|
|
["collect_owner_decision_second"],
|
|
["collect_owner_decision_second"],
|
|
["collect_maintenance_window_fourth"],
|
|
["collect_rollback_plan_fifth"],
|
|
["collect_validation_metrics_sixth"],
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_collection_order.depends_on_step_ids",
|
|
[item["depends_on_step_ids"] for item in iwooos_host_evidence_collection_order],
|
|
expected_iwooos_host_evidence_collection_dependencies,
|
|
)
|
|
for item in iwooos_host_evidence_collection_order:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.display_mode",
|
|
item["display_mode"],
|
|
"collection_order_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_collection_order.{item['step_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_intake_preflight = iwooos_projection["host_evidence_intake_preflight_checks"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_intake_preflight_checks.ids",
|
|
[item["check_id"] for item in iwooos_host_evidence_intake_preflight],
|
|
expected_iwooos_host_evidence_intake_preflight_check_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_intake_preflight_checks.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_intake_preflight],
|
|
list(range(1, len(expected_iwooos_host_evidence_intake_preflight_check_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_intake_preflight_rejection_lanes = [
|
|
"reject_missing_redacted_metadata_pointer",
|
|
"quarantine_dependency_skip",
|
|
"reject_scan_without_scope",
|
|
"reject_change_without_owner_decision",
|
|
"reject_plaintext_credential_or_secret_value",
|
|
"reject_raw_payload_ingestion",
|
|
"reject_frontend_counter_transition",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_intake_preflight_checks.rejection_lanes",
|
|
[item["rejection_lane"] for item in iwooos_host_evidence_intake_preflight],
|
|
expected_iwooos_host_evidence_intake_preflight_rejection_lanes,
|
|
)
|
|
for item in iwooos_host_evidence_intake_preflight:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"intake_preflight_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_intake_preflight_checks.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_review_outcome_lanes = iwooos_projection["host_evidence_review_outcome_lanes"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_evidence_review_outcome_lanes],
|
|
expected_iwooos_host_evidence_review_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_review_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_evidence_review_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_review_outcome_states = [
|
|
"candidate_only_not_received",
|
|
"needs_scope_evidence",
|
|
"needs_owner_decision_pointer",
|
|
"quarantine_dependency_skip",
|
|
"rejected_raw_payload",
|
|
"rejected_plaintext_credential",
|
|
"waiting_followup_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_evidence_review_outcome_lanes],
|
|
expected_iwooos_host_evidence_review_outcome_states,
|
|
)
|
|
for item in iwooos_host_evidence_review_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"review_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.approval_record_created",
|
|
item["approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_review_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_review_handoff_packets = iwooos_projection["host_evidence_review_handoff_packets"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_handoff_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_evidence_review_handoff_packets],
|
|
expected_iwooos_host_evidence_review_handoff_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_handoff_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_review_handoff_packets],
|
|
list(range(1, len(expected_iwooos_host_evidence_review_handoff_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_review_handoff_requirements = [
|
|
"redacted_scope_boundary_summary",
|
|
"owner_decision_record_pointer",
|
|
"credential_handling_metadata_only_statement",
|
|
"maintenance_window_and_rollback_pointer",
|
|
"post_review_validation_metrics_pointer",
|
|
"redaction_attestation_metadata_only",
|
|
"followup_runtime_gate_pointer_only",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_review_handoff_packets.packet_requirements",
|
|
[item["packet_requirement"] for item in iwooos_host_evidence_review_handoff_packets],
|
|
expected_iwooos_host_evidence_review_handoff_requirements,
|
|
)
|
|
for item in iwooos_host_evidence_review_handoff_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"review_handoff_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.approval_record_created",
|
|
item["approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_review_handoff_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_reviewer_checklist = iwooos_projection["host_evidence_reviewer_checklist_items"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_checklist_items.ids",
|
|
[item["check_id"] for item in iwooos_host_evidence_reviewer_checklist],
|
|
expected_iwooos_host_evidence_reviewer_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_reviewer_checklist],
|
|
list(range(1, len(expected_iwooos_host_evidence_reviewer_checklist_item_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_reviewer_checklist_pass_conditions = [
|
|
"redacted_scope_pointer_only_no_scan_started",
|
|
"decision_pointer_only_no_approval_record_created",
|
|
"secret_value_collection_false",
|
|
"raw_payload_allowed_false",
|
|
"future_change_conditions_only_no_change_execution",
|
|
"validation_pointer_only_runtime_gate_closed",
|
|
"active_runtime_gates_zero_action_buttons_false",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_checklist_items.pass_conditions",
|
|
[item["pass_condition"] for item in iwooos_host_evidence_reviewer_checklist],
|
|
expected_iwooos_host_evidence_reviewer_checklist_pass_conditions,
|
|
)
|
|
for item in iwooos_host_evidence_reviewer_checklist:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"reviewer_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.approval_record_created",
|
|
item["approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_reviewer_checklist_items.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_evidence_reviewer_outcome_lanes = iwooos_projection["host_evidence_reviewer_outcome_lanes"]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_evidence_reviewer_outcome_lanes],
|
|
expected_iwooos_host_evidence_reviewer_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_evidence_reviewer_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_evidence_reviewer_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_evidence_reviewer_outcome_states = [
|
|
"candidate_only_not_accepted",
|
|
"needs_scope_rework",
|
|
"needs_owner_decision_refresh",
|
|
"quarantine_credential_metadata_gap",
|
|
"rejected_redaction_failed",
|
|
"needs_rollback_evidence",
|
|
"waiting_separate_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_evidence_reviewer_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_evidence_reviewer_outcome_lanes],
|
|
expected_iwooos_host_evidence_reviewer_outcome_states,
|
|
)
|
|
for item in iwooos_host_evidence_reviewer_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"reviewer_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.checklist_passed_count",
|
|
item["checklist_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.received_count",
|
|
item["received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.accepted_count",
|
|
item["accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.approval_record_created",
|
|
item["approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_evidence_reviewer_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_candidate_packets = iwooos_projection["host_owner_decision_candidate_packets"]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_candidate_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_owner_decision_candidate_packets],
|
|
expected_iwooos_host_owner_decision_candidate_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_candidate_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_candidate_packets],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_candidate_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_scopes = [
|
|
"scope_boundary_hosts_networks_services_exclusions",
|
|
"observe_only_future_active_or_credentialed_scan_mode",
|
|
"metadata_only_credential_handling_boundary",
|
|
"future_maintenance_window_constraints",
|
|
"rollback_owner_and_recovery_path",
|
|
"post_check_metrics_and_baseline_pointer",
|
|
"separate_runtime_gate_requirement",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_candidate_packets.decision_scopes",
|
|
[item["decision_scope"] for item in iwooos_host_owner_decision_candidate_packets],
|
|
expected_iwooos_host_owner_decision_scopes,
|
|
)
|
|
for item in iwooos_host_owner_decision_candidate_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_candidate_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_candidate_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_review_checklist = iwooos_projection["host_owner_decision_review_checklist_items"]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_checklist_items.ids",
|
|
[item["check_id"] for item in iwooos_host_owner_decision_review_checklist],
|
|
expected_iwooos_host_owner_decision_review_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_review_checklist],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_review_checklist_item_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_review_guard_conditions = [
|
|
"scope_review_only_owner_decision_received_zero",
|
|
"active_scan_and_credentialed_scan_authorized_false",
|
|
"secret_value_collection_allowed_false",
|
|
"host_update_authorized_false",
|
|
"owner_approval_record_created_false",
|
|
"runtime_gate_opened_false",
|
|
"action_buttons_allowed_false_runtime_gate_separate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_checklist_items.guard_conditions",
|
|
[item["guard_condition"] for item in iwooos_host_owner_decision_review_checklist],
|
|
expected_iwooos_host_owner_decision_review_guard_conditions,
|
|
)
|
|
for item in iwooos_host_owner_decision_review_checklist:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_review_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_review_checklist_items.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_review_outcome_lanes = iwooos_projection["host_owner_decision_review_outcome_lanes"]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_owner_decision_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_review_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_review_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_review_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_review_outcome_states = [
|
|
"candidate_decision_record_only",
|
|
"needs_scope_refresh",
|
|
"needs_scan_mode_scope_review",
|
|
"quarantine_credential_boundary_gap",
|
|
"needs_maintenance_window",
|
|
"needs_rollback_owner",
|
|
"waiting_separate_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_review_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_owner_decision_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_review_outcome_states,
|
|
)
|
|
for item in iwooos_host_owner_decision_review_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_review_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.owner_decision_review_passed_count",
|
|
item["owner_decision_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_review_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_draft_packets = iwooos_projection[
|
|
"host_owner_decision_record_draft_packets"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_owner_decision_record_draft_packets],
|
|
expected_iwooos_host_owner_decision_record_draft_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_draft_packets],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_draft_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_draft_fields = [
|
|
"scope_statement",
|
|
"scan_mode_statement",
|
|
"credential_boundary_statement",
|
|
"maintenance_constraints_statement",
|
|
"rollback_owner_statement",
|
|
"validation_metrics_statement",
|
|
"runtime_gate_pointer_statement",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_packets.draft_fields",
|
|
[item["draft_field"] for item in iwooos_host_owner_decision_record_draft_packets],
|
|
expected_iwooos_host_owner_decision_record_draft_fields,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_draft_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_draft_only",
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_draft_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_draft_review_checklist = iwooos_projection[
|
|
"host_owner_decision_record_draft_review_checklist_items"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.ids",
|
|
[item["check_id"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
|
|
expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_draft_review_checklist_item_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_draft_review_conditions = [
|
|
"scope_statement_metadata_complete",
|
|
"scan_mode_not_authorization_confirmed",
|
|
"credential_boundary_metadata_only_confirmed",
|
|
"maintenance_constraints_no_change_confirmed",
|
|
"rollback_owner_recovery_pointer_readable",
|
|
"validation_metrics_baseline_linked",
|
|
"runtime_gate_separate_and_closed",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.review_conditions",
|
|
[item["review_condition"] for item in iwooos_host_owner_decision_record_draft_review_checklist],
|
|
expected_iwooos_host_owner_decision_record_draft_review_conditions,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_draft_review_checklist:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_draft_review_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.decision_record_review_passed_count",
|
|
item["decision_record_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_checklist_items.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_draft_review_outcome_lanes = iwooos_projection[
|
|
"host_owner_decision_record_draft_review_outcome_lanes"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_owner_decision_record_draft_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_draft_review_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_draft_review_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_draft_review_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_draft_review_outcome_states = [
|
|
"candidate_decision_record_writeup_only",
|
|
"needs_scope_statement_refresh",
|
|
"needs_scan_mode_wording_refresh",
|
|
"needs_credential_boundary_metadata_refresh",
|
|
"needs_maintenance_constraints_refresh",
|
|
"needs_rollback_owner_refresh",
|
|
"waiting_separate_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_owner_decision_record_draft_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_draft_review_outcome_states,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_draft_review_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_draft_review_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.decision_record_review_passed_count",
|
|
item["decision_record_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_draft_review_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_writeup_packets = iwooos_projection[
|
|
"host_owner_decision_record_writeup_packets"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_owner_decision_record_writeup_packets],
|
|
expected_iwooos_host_owner_decision_record_writeup_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_writeup_packets],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_writeup_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_writeup_fields = [
|
|
"decision_summary",
|
|
"approved_scope_statement",
|
|
"scan_mode_limits_statement",
|
|
"credential_boundary_statement",
|
|
"maintenance_and_rollback_statement",
|
|
"validation_evidence_statement",
|
|
"runtime_gate_pointer_statement",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_packets.writeup_fields",
|
|
[item["writeup_field"] for item in iwooos_host_owner_decision_record_writeup_packets],
|
|
expected_iwooos_host_owner_decision_record_writeup_fields,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_writeup_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_writeup_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.decision_record_writeup_completed_count",
|
|
item["decision_record_writeup_completed_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_writeup_review_checklist_items = iwooos_projection[
|
|
"host_owner_decision_record_writeup_review_checklist_items"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.ids",
|
|
[item["check_id"] for item in iwooos_host_owner_decision_record_writeup_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_writeup_review_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_writeup_review_checklist_items],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_writeup_review_checklist_item_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_writeup_review_conditions = [
|
|
"decision_summary_risk_acceptance_and_no_execution_statement_readable",
|
|
"scope_exclusion_observation_intent_and_expiry_complete",
|
|
"scan_mode_limits_explicit_and_not_authorization",
|
|
"credential_boundary_metadata_only_and_no_secret_collection",
|
|
"maintenance_window_constraints_rollback_and_human_contact_linked",
|
|
"validation_metrics_baseline_evidence_and_acceptance_condition_linked",
|
|
"runtime_gate_pointer_separate_and_closed",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.review_conditions",
|
|
[item["review_condition"] for item in iwooos_host_owner_decision_record_writeup_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_writeup_review_conditions,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_writeup_review_checklist_items:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_writeup_review_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.decision_record_writeup_review_passed_count",
|
|
item["decision_record_writeup_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.decision_record_writeup_completed_count",
|
|
item["decision_record_writeup_completed_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_checklist_items.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_writeup_review_outcome_lanes = iwooos_projection[
|
|
"host_owner_decision_record_writeup_review_outcome_lanes"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_owner_decision_record_writeup_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_writeup_review_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_writeup_review_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_writeup_review_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_writeup_review_outcome_states = [
|
|
"candidate_formal_decision_record_only",
|
|
"needs_decision_summary_clarification",
|
|
"needs_scope_and_expiry_refresh",
|
|
"needs_scan_mode_limit_wording_refresh",
|
|
"needs_credential_boundary_metadata_refresh",
|
|
"needs_maintenance_rollback_refresh",
|
|
"waiting_separate_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_owner_decision_record_writeup_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_writeup_review_outcome_states,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_writeup_review_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_writeup_review_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.decision_record_writeup_review_passed_count",
|
|
item["decision_record_writeup_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.decision_record_writeup_completed_count",
|
|
item["decision_record_writeup_completed_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_writeup_review_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_formal_candidate_packets = iwooos_projection[
|
|
"host_owner_decision_record_formal_candidate_packets"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_owner_decision_record_formal_candidate_packets],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_formal_candidate_packets],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_formal_candidate_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_fields = [
|
|
"record_identity_and_version",
|
|
"decision_summary",
|
|
"approved_scope_statement",
|
|
"scan_mode_limits_statement",
|
|
"credential_boundary_statement",
|
|
"maintenance_and_rollback_statement",
|
|
"validation_and_runtime_gate_statement",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_packets.candidate_fields",
|
|
[item["candidate_field"] for item in iwooos_host_owner_decision_record_formal_candidate_packets],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_fields,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_formal_candidate_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.source_lane_id",
|
|
item["source_lane_id"],
|
|
"host_decision_record_writeup_review_ready_for_formal_record_outcome_lane",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_formal_candidate_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.formal_record_candidate_finalized_count",
|
|
item["formal_record_candidate_finalized_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_formal_candidate_review_checklist_items = iwooos_projection[
|
|
"host_owner_decision_record_formal_candidate_review_checklist_items"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.ids",
|
|
[item["check_id"] for item in iwooos_host_owner_decision_record_formal_candidate_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_formal_candidate_review_checklist_items],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_formal_candidate_review_checklist_item_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_conditions = [
|
|
"record_identity_version_owner_scope_and_trace_source_readable",
|
|
"decision_summary_risk_acceptance_and_no_execution_statement_readable",
|
|
"scope_exclusion_observation_intent_and_expiry_consistent",
|
|
"scan_limits_explicit_and_not_authorization",
|
|
"credential_boundary_metadata_only_masked_and_no_secret_collection",
|
|
"maintenance_window_constraints_rollback_and_human_contact_traceable",
|
|
"validation_evidence_linked_and_runtime_gate_separate_closed",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.review_conditions",
|
|
[
|
|
item["review_condition"]
|
|
for item in iwooos_host_owner_decision_record_formal_candidate_review_checklist_items
|
|
],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_conditions,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_formal_candidate_review_checklist_items:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_formal_candidate_review_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.formal_record_candidate_review_passed_count",
|
|
item["formal_record_candidate_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.formal_record_candidate_finalized_count",
|
|
item["formal_record_candidate_finalized_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_checklist_items.{item['check_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes = iwooos_projection[
|
|
"host_owner_decision_record_formal_candidate_review_outcome_lanes"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.ids",
|
|
[item["lane_id"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_lane_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_states = [
|
|
"ready_for_separate_human_record_queue",
|
|
"record_identity_trace_missing",
|
|
"decision_summary_needs_clarification",
|
|
"scope_expiry_needs_refresh",
|
|
"scan_limits_ambiguous_not_authorization",
|
|
"credential_boundary_failed",
|
|
"maintenance_rollback_incomplete",
|
|
"waiting_separate_runtime_gate",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.outcome_states",
|
|
[item["outcome_state"] for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes],
|
|
expected_iwooos_host_owner_decision_record_formal_candidate_review_outcome_states,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_formal_candidate_review_outcome_lanes:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_formal_candidate_review_outcome_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.formal_record_candidate_review_passed_count",
|
|
item["formal_record_candidate_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.formal_record_candidate_finalized_count",
|
|
item["formal_record_candidate_finalized_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_formal_candidate_review_outcome_lanes.{item['lane_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_formal_record_queue_packets = iwooos_projection[
|
|
"host_owner_decision_record_formal_record_queue_packets"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.ids",
|
|
[item["packet_id"] for item in iwooos_host_owner_decision_record_formal_record_queue_packets],
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_formal_record_queue_packets],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids) + 1)),
|
|
)
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_fields = [
|
|
"record_identity_queue_packet",
|
|
"decision_summary_queue_packet",
|
|
"scope_expiry_queue_packet",
|
|
"scan_limits_queue_packet",
|
|
"credential_boundary_queue_packet",
|
|
"maintenance_rollback_queue_packet",
|
|
"validation_runtime_gate_queue_packet",
|
|
"no_execution_attestation_queue_packet",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.queue_fields",
|
|
[item["queue_field"] for item in iwooos_host_owner_decision_record_formal_record_queue_packets],
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_fields,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_formal_record_queue_packets:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.source_lane_id",
|
|
item["source_lane_id"],
|
|
"host_decision_record_formal_candidate_review_ready_for_record_queue_outcome_lane",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_formal_record_queue_packet_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.formal_record_queue_enqueued_count",
|
|
item["formal_record_queue_enqueued_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_packets.{item['packet_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items = iwooos_projection[
|
|
"host_owner_decision_record_formal_record_queue_review_checklist_items"
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.ids",
|
|
[item["item_id"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids,
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.display_order",
|
|
[item["display_order"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
|
|
list(range(1, len(expected_iwooos_host_owner_decision_record_formal_record_queue_review_checklist_item_ids) + 1)),
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.source_packet_ids",
|
|
[item["source_packet_id"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_packet_ids,
|
|
)
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_review_conditions = [
|
|
"identity_traceable_to_candidate_source",
|
|
"decision_summary_readable_without_approval_semantics",
|
|
"scope_expiry_current_and_bounded",
|
|
"scan_limits_not_authorization",
|
|
"credential_boundary_metadata_only",
|
|
"maintenance_rollback_pointer_linked",
|
|
"validation_runtime_gate_separate",
|
|
"no_execution_attestation_present",
|
|
]
|
|
assert_equal(
|
|
"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.review_conditions",
|
|
[item["review_condition"] for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items],
|
|
expected_iwooos_host_owner_decision_record_formal_record_queue_review_conditions,
|
|
)
|
|
for item in iwooos_host_owner_decision_record_formal_record_queue_review_checklist_items:
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.display_mode",
|
|
item["display_mode"],
|
|
"owner_decision_record_formal_record_queue_review_checklist_only",
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.formal_record_queue_review_passed_count",
|
|
item["formal_record_queue_review_passed_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.formal_record_queue_enqueued_count",
|
|
item["formal_record_queue_enqueued_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.decision_record_created",
|
|
item["decision_record_created"],
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_decision_received_count",
|
|
item["owner_decision_received_count"],
|
|
0,
|
|
)
|
|
assert_equal(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_decision_accepted_count",
|
|
item["owner_decision_accepted_count"],
|
|
0,
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.owner_approval_record_created",
|
|
item["owner_approval_record_created"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.runtime_gate_opened",
|
|
item["runtime_gate_opened"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.raw_payload_allowed",
|
|
item["raw_payload_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.secret_value_collection_allowed",
|
|
item["secret_value_collection_allowed"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.runtime_execution_authorized",
|
|
item["runtime_execution_authorized"],
|
|
)
|
|
assert_false(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.action_buttons_allowed",
|
|
item["action_buttons_allowed"],
|
|
)
|
|
assert_true(
|
|
f"iwooos_projection.host_owner_decision_record_formal_record_queue_review_checklist_items.{item['item_id']}.not_authorization",
|
|
item["not_authorization"],
|
|
)
|
|
assert_equal(
|
|
"iwooos_projection.non_blocking_lane_ids",
|
|
iwooos_projection["non_blocking_lane_ids"],
|
|
expected_low_friction_lane_ids,
|
|
)
|
|
for evidence_ref in [
|
|
"docs/security/iwooos-posture-projection.snapshot.json",
|
|
"docs/security/security-rollout-policy.snapshot.json",
|
|
"docs/security/security-mirror-status-rollup.snapshot.json",
|
|
"docs/security/source-control-owner-response-validation-rollup.snapshot.json",
|
|
"docs/security/kali-integration-status.snapshot.json",
|
|
]:
|
|
assert_contains("iwooos_projection.evidence_refs", iwooos_projection["evidence_refs"], evidence_ref)
|
|
for output in [
|
|
"display_security_posture",
|
|
"display_progress_estimate",
|
|
"display_non_blocking_lanes",
|
|
"display_existing_frontend_security_surfaces",
|
|
"display_frontend_surface_coverage_matrix",
|
|
"display_frontend_surface_conflict_controls",
|
|
"display_operator_journey_steps",
|
|
"display_owner_evidence_readiness_board",
|
|
"display_host_coverage_view",
|
|
"display_host_action_gate_matrix",
|
|
"display_host_evidence_readiness_board",
|
|
"display_host_evidence_collection_order",
|
|
"display_host_evidence_intake_preflight_checks",
|
|
"display_host_evidence_review_outcome_lanes",
|
|
"display_host_evidence_review_handoff_packets",
|
|
"display_host_evidence_reviewer_checklist",
|
|
"display_host_evidence_reviewer_outcome_lanes",
|
|
"display_host_owner_decision_candidate_packets",
|
|
"display_host_owner_decision_review_checklist",
|
|
"display_host_owner_decision_review_outcome_lanes",
|
|
"display_host_owner_decision_record_draft_packets",
|
|
"display_host_owner_decision_record_draft_review_checklist",
|
|
"display_host_owner_decision_record_draft_review_outcome_lanes",
|
|
"display_host_owner_decision_record_writeup_packets",
|
|
"display_host_owner_decision_record_writeup_review_checklist",
|
|
"display_host_owner_decision_record_writeup_review_outcome_lanes",
|
|
"display_host_owner_decision_record_formal_candidate_packets",
|
|
"display_host_owner_decision_record_formal_candidate_review_checklist",
|
|
"display_host_owner_decision_record_formal_candidate_review_outcome_lanes",
|
|
"display_host_owner_decision_record_formal_record_queue_packets",
|
|
"display_host_owner_decision_record_formal_record_queue_review_checklist",
|
|
"display_evidence_refs",
|
|
"display_forbidden_actions",
|
|
]:
|
|
assert_contains("iwooos_projection.allowed_frontend_outputs", iwooos_projection["allowed_frontend_outputs"], output)
|
|
for output in [
|
|
"add_scan_button",
|
|
"add_execute_button",
|
|
"add_repair_button",
|
|
"start_kali_scan",
|
|
"call_kali_execute_endpoint",
|
|
"create_github_repo",
|
|
"sync_git_refs",
|
|
"modify_workflow_or_secret",
|
|
"enable_runner",
|
|
"ssh_to_host",
|
|
"open_ssh_session",
|
|
"update_kali_host",
|
|
"auto_update_host",
|
|
"run_host_package_upgrade",
|
|
"credentialed_scan_host",
|
|
"mark_host_evidence_received",
|
|
"mark_host_evidence_accepted",
|
|
"ingest_raw_host_evidence",
|
|
"advance_host_collection_state",
|
|
"skip_host_evidence_dependency",
|
|
"accept_host_evidence_without_preflight",
|
|
"ingest_host_evidence_raw_payload",
|
|
"collect_host_credential_plaintext",
|
|
"advance_host_evidence_counters_from_frontend",
|
|
"create_host_approval_from_review_lane",
|
|
"treat_host_review_lane_as_runtime_gate",
|
|
"mark_host_review_outcome_accepted",
|
|
"treat_host_handoff_packet_as_approval",
|
|
"mark_host_handoff_packet_received",
|
|
"store_host_handoff_sensitive_payload",
|
|
"treat_host_reviewer_check_as_approval",
|
|
"mark_host_reviewer_check_passed_from_frontend",
|
|
"open_runtime_gate_from_reviewer_check",
|
|
"treat_host_reviewer_outcome_as_approval",
|
|
"mark_host_reviewer_outcome_passed",
|
|
"open_runtime_gate_from_reviewer_outcome",
|
|
"treat_host_owner_decision_candidate_as_approval",
|
|
"mark_host_owner_decision_approved",
|
|
"open_runtime_gate_from_owner_decision_candidate",
|
|
"treat_host_owner_decision_review_check_as_approval",
|
|
"mark_host_owner_decision_review_passed",
|
|
"open_runtime_gate_from_owner_decision_review_check",
|
|
"treat_host_owner_decision_review_outcome_as_approval",
|
|
"mark_host_owner_decision_review_outcome_passed",
|
|
"open_runtime_gate_from_owner_decision_review_outcome",
|
|
"create_host_owner_decision_record_from_draft",
|
|
"mark_host_owner_decision_record_created",
|
|
"open_runtime_gate_from_owner_decision_record_draft",
|
|
"treat_host_owner_decision_record_draft_review_as_approval",
|
|
"mark_host_owner_decision_record_draft_review_passed",
|
|
"create_host_owner_decision_record_from_draft_review",
|
|
"open_runtime_gate_from_owner_decision_record_draft_review",
|
|
"treat_host_owner_decision_record_draft_review_outcome_as_approval",
|
|
"mark_host_owner_decision_record_draft_review_outcome_passed",
|
|
"create_host_owner_decision_record_from_draft_review_outcome",
|
|
"open_runtime_gate_from_owner_decision_record_draft_review_outcome",
|
|
"create_host_owner_decision_record_from_writeup",
|
|
"mark_host_owner_decision_record_writeup_completed",
|
|
"mark_host_owner_decision_record_accepted_from_writeup",
|
|
"open_runtime_gate_from_owner_decision_record_writeup",
|
|
"treat_host_owner_decision_record_writeup_review_as_approval",
|
|
"mark_host_owner_decision_record_writeup_review_passed",
|
|
"mark_host_owner_decision_record_writeup_review_completed",
|
|
"create_host_owner_decision_record_from_writeup_review",
|
|
"open_runtime_gate_from_owner_decision_record_writeup_review",
|
|
"treat_host_owner_decision_record_writeup_review_outcome_as_approval",
|
|
"mark_host_owner_decision_record_writeup_review_outcome_passed",
|
|
"mark_host_owner_decision_record_writeup_review_outcome_completed",
|
|
"create_host_owner_decision_record_from_writeup_review_outcome",
|
|
"open_runtime_gate_from_owner_decision_record_writeup_review_outcome",
|
|
"treat_host_owner_decision_record_formal_candidate_as_approval",
|
|
"mark_host_owner_decision_record_formal_candidate_finalized",
|
|
"create_host_owner_decision_record_from_formal_candidate",
|
|
"accept_host_owner_decision_record_from_formal_candidate",
|
|
"open_runtime_gate_from_owner_decision_record_formal_candidate",
|
|
"treat_host_owner_decision_record_formal_candidate_review_as_approval",
|
|
"mark_host_owner_decision_record_formal_candidate_review_passed",
|
|
"mark_host_owner_decision_record_formal_candidate_review_finalized",
|
|
"create_host_owner_decision_record_from_formal_candidate_review",
|
|
"open_runtime_gate_from_owner_decision_record_formal_candidate_review",
|
|
"treat_host_owner_decision_record_formal_candidate_review_outcome_as_approval",
|
|
"mark_host_owner_decision_record_formal_candidate_review_outcome_passed",
|
|
"mark_host_owner_decision_record_formal_candidate_review_outcome_finalized",
|
|
"create_host_owner_decision_record_from_formal_candidate_review_outcome",
|
|
"open_runtime_gate_from_owner_decision_record_formal_candidate_review_outcome",
|
|
"treat_host_owner_decision_record_formal_record_queue_packet_as_approval",
|
|
"enqueue_host_owner_decision_record_formal_record_queue_from_frontend",
|
|
"create_host_owner_decision_record_from_formal_record_queue_packet",
|
|
"accept_host_owner_decision_record_from_formal_record_queue_packet",
|
|
"open_runtime_gate_from_owner_decision_record_formal_record_queue_packet",
|
|
"treat_host_owner_decision_record_formal_record_queue_review_as_approval",
|
|
"mark_host_owner_decision_record_formal_record_queue_review_passed",
|
|
"enqueue_host_owner_decision_record_from_formal_record_queue_review",
|
|
"create_host_owner_decision_record_from_formal_record_queue_review",
|
|
"open_runtime_gate_from_formal_record_queue_review",
|
|
"apply_runtime_blocking_control",
|
|
"switch_github_primary",
|
|
"production_deploy",
|
|
"treat_progress_as_authorization",
|
|
]:
|
|
assert_contains("iwooos_projection.forbidden_frontend_outputs", iwooos_projection["forbidden_frontend_outputs"], output)
|
|
|
|
owner_summary = owner_rollup["summary"]
|
|
assert_equal("owner_rollup.total_received_response_count", owner_summary["total_received_response_count"], 0)
|
|
assert_equal("owner_rollup.total_accepted_response_count", owner_summary["total_accepted_response_count"], 0)
|
|
assert_equal("owner_rollup.owner_response_evidence_routing_rule_count", owner_summary["owner_response_evidence_routing_rule_count"], 6)
|
|
assert_equal("owner_rollup.owner_response_validation_display_section_count", owner_summary["owner_response_validation_display_section_count"], 8)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_state_transition_rule_count",
|
|
owner_summary["owner_response_validation_state_transition_rule_count"],
|
|
7,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_checklist_count",
|
|
owner_summary["owner_response_validation_reviewer_checklist_count"],
|
|
9,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_outcome_lane_count",
|
|
owner_summary["owner_response_validation_reviewer_outcome_lane_count"],
|
|
7,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_event_template_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_event_template_count"],
|
|
4,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_display_section_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_display_section_count"],
|
|
5,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_collection_check_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_collection_check_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_redaction_example_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_redaction_example_count"],
|
|
5,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_retention_rule_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_retention_rule_count"],
|
|
5,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_retention_check_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_retention_check_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_handoff_packet_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_handoff_packet_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_reviewer_audit_handoff_check_count",
|
|
owner_summary["owner_response_validation_reviewer_audit_handoff_check_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_parallel_session_sync_check_count",
|
|
owner_summary["owner_response_validation_parallel_session_sync_check_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_parallel_session_conflict_lane_count",
|
|
owner_summary["owner_response_validation_parallel_session_conflict_lane_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_parallel_session_recovery_check_count",
|
|
owner_summary["owner_response_validation_parallel_session_recovery_check_count"],
|
|
6,
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.owner_response_validation_parallel_session_recovery_outcome_lane_count",
|
|
owner_summary["owner_response_validation_parallel_session_recovery_outcome_lane_count"],
|
|
7,
|
|
)
|
|
assert_false("owner_rollup.runtime_execution_authorized", owner_summary["runtime_execution_authorized"])
|
|
assert_false("owner_rollup.repo_creation_authorized", owner_summary["repo_creation_authorized"])
|
|
assert_false("owner_rollup.refs_sync_authorized", owner_summary["refs_sync_authorized"])
|
|
assert_false("owner_rollup.workflow_modification_authorized", owner_summary["workflow_modification_authorized"])
|
|
assert_false("owner_rollup.github_primary_switch_authorized", owner_summary["github_primary_switch_authorized"])
|
|
assert_false("owner_rollup.action_buttons_allowed", owner_summary["action_buttons_allowed"])
|
|
|
|
next_candidate = owner_rollup["next_collection_candidate"]
|
|
assert_equal("owner_rollup.next_collection_candidate.order", next_candidate["order"], 1)
|
|
assert_equal(
|
|
"owner_rollup.next_collection_candidate.lane_id",
|
|
next_candidate["lane_id"],
|
|
"s4_9_gitea_inventory_owner_attestation_response",
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.next_collection_candidate.display_status",
|
|
next_candidate["display_status"],
|
|
"next_owner_response_required",
|
|
)
|
|
assert_equal(
|
|
"owner_rollup.next_collection_candidate.required_response_template_count",
|
|
next_candidate["required_response_template_count"],
|
|
5,
|
|
)
|
|
assert_equal("owner_rollup.next_collection_candidate.received_response_count", next_candidate["received_response_count"], 0)
|
|
assert_equal("owner_rollup.next_collection_candidate.accepted_response_count", next_candidate["accepted_response_count"], 0)
|
|
assert_equal(
|
|
"owner_rollup.next_collection_candidate.awooop_display_mode",
|
|
next_candidate["awooop_display_mode"],
|
|
"display_next_collection_item_only",
|
|
)
|
|
assert_true("owner_rollup.next_collection_candidate.blocked_until_received", next_candidate["blocked_until_received"])
|
|
assert_false("owner_rollup.next_collection_candidate.execution_authorized", next_candidate["execution_authorized"])
|
|
assert_true("owner_rollup.next_collection_candidate.not_approval", next_candidate["not_approval"])
|
|
|
|
owner_local_validation = owner_rollup["latest_local_validation"]
|
|
assert_equal("owner_rollup.latest_local_validation.status", owner_local_validation["status"], "repo_snapshot_guard_pass")
|
|
assert_equal("owner_rollup.latest_local_validation.scope", owner_local_validation["scope"], "repo_snapshot_only")
|
|
assert_equal("owner_rollup.latest_local_validation.result", owner_local_validation["result"], "SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK")
|
|
assert_equal("owner_rollup.latest_local_validation.received_response_count", owner_local_validation["received_response_count"], 0)
|
|
assert_equal("owner_rollup.latest_local_validation.accepted_response_count", owner_local_validation["accepted_response_count"], 0)
|
|
assert_false("owner_rollup.latest_local_validation.runtime_actions_authorized", owner_local_validation["runtime_actions_authorized"])
|
|
assert_false("owner_rollup.latest_local_validation.repo_or_refs_actions_authorized", owner_local_validation["repo_or_refs_actions_authorized"])
|
|
assert_false("owner_rollup.latest_local_validation.workflow_or_secret_actions_authorized", owner_local_validation["workflow_or_secret_actions_authorized"])
|
|
assert_true("owner_rollup.latest_local_validation.not_authorization", owner_local_validation["not_authorization"])
|
|
|
|
primary_summary = primary_gate["summary"]
|
|
assert_equal("primary_gate.primary_ready_count", primary_summary["primary_ready_count"], 0)
|
|
assert_false("primary_gate.runtime_actions_authorized", primary_summary["runtime_actions_authorized"])
|
|
assert_false("primary_gate.github_primary_switch_authorized", primary_summary["github_primary_switch_authorized"])
|
|
assert_false("primary_gate.action_buttons_allowed", primary_summary["action_buttons_allowed"])
|
|
assert_false("primary_gate.raw_secret_storage_authorized", primary_summary["raw_secret_storage_authorized"])
|
|
|
|
acceptance_ids = [item["check_id"] for item in acceptance["acceptance_checks"]]
|
|
assert_equal("acceptance.total_contracts", acceptance["summary"]["total_contracts"], manifest_count)
|
|
assert_equal(
|
|
"acceptance.ready_for_mirror_count",
|
|
acceptance["summary"]["ready_for_mirror_count"],
|
|
readiness_summary["ready_for_mirror_count"],
|
|
)
|
|
assert_contains("acceptance_checks", acceptance_ids, "PROGRESS_ESTIMATE_NOT_AUTHORIZATION")
|
|
assert_equal("acceptance.summary.acceptance_check_count", acceptance["summary"]["acceptance_check_count"], len(acceptance_ids))
|
|
assert_equal(
|
|
"acceptance.summary.blocking_check_count",
|
|
acceptance["summary"]["blocking_check_count"],
|
|
sum(1 for item in acceptance["acceptance_checks"] if item["blocking_if_failed"]),
|
|
)
|
|
assert_false("acceptance.runtime_execution_authorized", acceptance["runtime_execution_authorized"])
|
|
|
|
dry_run_summary = dry_run["summary"]
|
|
dry_run_step_ids = [item["step_id"] for item in dry_run["dry_run_steps"]]
|
|
assert_equal("dry_run.dry_run_status", dry_run["dry_run_status"], "contract_defined_not_executed")
|
|
assert_equal("dry_run.total_contracts", dry_run_summary["total_contracts"], manifest_count)
|
|
assert_equal(
|
|
"dry_run.ready_for_mirror_count",
|
|
dry_run_summary["ready_for_mirror_count"],
|
|
readiness_summary["ready_for_mirror_count"],
|
|
)
|
|
assert_equal("dry_run.acceptance_check_count", dry_run_summary["acceptance_check_count"], 8)
|
|
assert_false("dry_run.runtime_execution_authorized", dry_run["runtime_execution_authorized"])
|
|
assert_false("dry_run.runtime_actions_executed", dry_run_summary["runtime_actions_executed"])
|
|
assert_false("dry_run.payloads_ingested", dry_run_summary["payloads_ingested"])
|
|
assert_contains("dry_run_steps", dry_run_step_ids, "CHECK_PROGRESS_GUARD")
|
|
assert_contains("dry_run_steps", dry_run_step_ids, "CHECK_OWNER_RESPONSE_GUARD")
|
|
|
|
local_validation = dry_run["latest_local_validation"]
|
|
assert_equal("dry_run.latest_local_validation.status", local_validation["status"], "repo_snapshot_guard_pass")
|
|
assert_equal("dry_run.latest_local_validation.scope", local_validation["scope"], "repo_snapshot_only")
|
|
assert_equal(
|
|
"dry_run.latest_local_validation.result",
|
|
local_validation["result"],
|
|
"SECURITY_MIRROR_PROGRESS_GUARD_OK; SOURCE_CONTROL_OWNER_RESPONSE_GUARD_OK",
|
|
)
|
|
assert_contains("dry_run.latest_local_validation.validated_steps", local_validation["validated_steps"], "CHECK_PROGRESS_GUARD")
|
|
assert_contains(
|
|
"dry_run.latest_local_validation.validated_steps",
|
|
local_validation["validated_steps"],
|
|
"CHECK_OWNER_RESPONSE_GUARD",
|
|
)
|
|
assert_false("dry_run.latest_local_validation.runtime_actions_executed", local_validation["runtime_actions_executed"])
|
|
assert_false("dry_run.latest_local_validation.payloads_ingested", local_validation["payloads_ingested"])
|
|
assert_false("dry_run.latest_local_validation.production_ingestion_enabled", local_validation["production_ingestion_enabled"])
|
|
assert_true("dry_run.latest_local_validation.not_authorization", local_validation["not_authorization"])
|
|
|
|
forbidden_actions = (
|
|
set(rollup["forbidden_actions"])
|
|
| set(acceptance["forbidden_actions"])
|
|
| set(iwooos_projection["forbidden_frontend_outputs"])
|
|
)
|
|
for action in [
|
|
"start_kali_scan",
|
|
"call_kali_execute_endpoint",
|
|
"create_github_repo",
|
|
"change_repo_visibility",
|
|
"sync_git_refs",
|
|
"switch_github_primary",
|
|
"production_deploy",
|
|
]:
|
|
assert_contains("forbidden_actions", list(forbidden_actions), action)
|
|
|
|
|
|
def main() -> None:
|
|
parser = argparse.ArgumentParser(description=__doc__)
|
|
parser.add_argument(
|
|
"--root",
|
|
default=Path(__file__).resolve().parents[2],
|
|
type=Path,
|
|
help="Repository root. Defaults to the current script's repository.",
|
|
)
|
|
args = parser.parse_args()
|
|
validate(args.root.resolve())
|
|
print("SECURITY_MIRROR_PROGRESS_GUARD_OK")
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|