wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity
Files
2a2cb16c135fd7e5b159d94de9b5ff04f6cf31f5
awoooi/apps/api/tests/test_awooop_truth_chain_service.py
Your Name 1ae8f809af
Some checks failed
CD Pipeline / tests (push) Successful in 1m25s
Details
Code Review / ai-code-review (push) Successful in 15s
Details
CD Pipeline / build-and-deploy (push) Successful in 4m12s
Details
CD Pipeline / post-deploy-checks (push) Failing after 11s
Details
fix(api): record approval gate timeline events
2026-06-04 15:27:37 +08:00

1505 lines
57 KiB
Python
Raw Blame History

from __future__ import annotations
import inspect
from datetime import UTC, datetime, timedelta
from pathlib import Path
from types import SimpleNamespace
from src.core.config import settings
from src.services.awooop_ansible_audit_service import (
build_ansible_decision_audit_payload,
build_ansible_truth,
record_ansible_decision_audit,
)
from src.services.awooop_ansible_check_mode_service import (
_automation_operation_log_incident_id,
build_ansible_check_mode_claim_input,
build_ansible_check_mode_command,
claim_pending_check_modes,
detect_ansible_transport_blockers,
recent_ansible_transport_blockers,
)
from src.services.awooop_truth_chain_service import (
_ansible_playbook_roots,
_ansible_runtime_readiness,
_automation_quality_score_bucket,
_clean_row,
_execution_backend_summary,
_incident_fingerprints,
_summarize_gateway_mcp,
_truth_status,
build_automation_quality,
build_incident_reconciliation,
fetch_truth_chain,
fetch_automation_quality_summary,
summarize_automation_quality_records,
)
from src.services.drift_repeat_state import (
build_drift_fingerprint,
build_drift_repeat_state,
)
def test_clean_row_parses_json_text_fields_for_gateway_visibility() -> None:
row = {
"gate_result": '{"schema_version":"legacy_mcp_bridge_v1","policy_enforced":false}',
"source_envelope": '{"adapter":"legacy_telegram_gateway"}',
"plain_text": '{"not":"parsed"}',
}
cleaned = _clean_row(row)
assert cleaned["gate_result"]["schema_version"] == "legacy_mcp_bridge_v1"
assert cleaned["gate_result"]["policy_enforced"] is False
assert cleaned["source_envelope"]["adapter"] == "legacy_telegram_gateway"
assert cleaned["plain_text"] == '{"not":"parsed"}'
def test_incident_fingerprints_reads_signal_labels() -> None:
fingerprints = _incident_fingerprints({
"incident_id": "INC-1",
"signals": [
{"labels": {"fingerprint": "fp-label"}},
{"fingerprint": "fp-direct", "labels": {}},
{"labels": {"fingerprint": "fp-label"}},
],
})
assert fingerprints == ["fp-direct", "fp-label"]
def test_fetch_truth_chain_can_match_inbound_provider_event_id() -> None:
source = inspect.getsource(fetch_truth_chain)
assert "provider_event_id = :source_id" in source
def test_quality_summary_includes_recent_ansible_operation_incidents() -> None:
source = inspect.getsource(fetch_automation_quality_summary)
assert "FROM automation_operation_log" in source
assert "input ->> 'incident_id'" in source
assert "JOIN incidents ON incidents.incident_id = source_ids.incident_id" in source
assert "source_ids.recent_evidence_at DESC" in source
def test_quality_summary_uses_batched_truth_chain_inputs() -> None:
source = inspect.getsource(fetch_automation_quality_summary)
assert "fetch_truth_chain(" not in source
assert "approval_records" in source
assert "incident_evidence" in source
assert "awooop_outbound_message" in source
assert "_build_summary_quality_records" in source
def test_ansible_audit_keeps_external_incident_id_in_json_not_bigint_column() -> None:
decision_source = inspect.getsource(record_ansible_decision_audit)
claim_source = inspect.getsource(claim_pending_check_modes)
assert "operation_type, actor, status, incident_id" in decision_source
assert "coalesce(incident_id::text, input ->> 'incident_id')" in decision_source
assert "operation_type, actor, status, incident_id" in claim_source
assert "incident_db_id" in decision_source
assert "incident_db_id" in claim_source
assert "NULLIF(:incident_id, '')" not in decision_source
assert "NULLIF(:incident_id, '')" not in claim_source
assert _automation_operation_log_incident_id("INC-20260530-0E5C5C") is None
assert _automation_operation_log_incident_id("12345") == 12345
def test_ansible_transport_cooldown_uses_asyncpg_safe_interval_parameter() -> None:
source = inspect.getsource(recent_ansible_transport_blockers)
assert ":cooldown_seconds * INTERVAL '1 second'" in source
assert "CAST(:cooldown AS interval)" not in source
assert "include_repair_forced_command_blocker" in source
def test_fetch_truth_chain_returns_inbound_redacted_envelope_fields() -> None:
source = inspect.getsource(fetch_truth_chain)
assert "content_redacted" in source
assert "source_envelope" in source
assert "source_refs,event_ids" in source
assert "source_refs,incident_ids" in source
assert "source_refs,sentry_issue_ids" in source
assert "source_refs,signoz_alerts" in source
def test_truth_status_marks_no_action_approval_as_manual_required() -> None:
status = _truth_status(
incident={"incident_id": "INC-1", "status": "INVESTIGATING"},
approvals=[{"status": "APPROVED", "action": "未知操作 | NO_ACTION"}],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 0}],
automation_ops=[],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=0,
legacy_mcp_total=8,
outbound_visible_total=0,
)
assert status["current_stage"] == "manual_required"
assert status["stage_status"] == "blocked"
assert status["needs_human"] is True
assert "approval_resolved_no_action_without_execution" in status["blockers"]
assert "all_evidence_sensors_failed" in status["blockers"]
assert "awooop_mcp_gateway_audit_empty" in status["blockers"]
def test_truth_status_marks_inbound_only_source_as_received() -> None:
status = _truth_status(
incident=None,
approvals=[],
evidence_rows=[],
automation_ops=[],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=0,
legacy_mcp_total=0,
outbound_visible_total=0,
inbound_visible_total=1,
)
assert status["current_stage"] == "inbound_received"
assert status["stage_status"] == "observed"
assert status["needs_human"] is False
assert "awooop_mcp_gateway_audit_empty" in status["blockers"]
def test_truth_status_does_not_treat_no_action_audit_as_execution() -> None:
status = _truth_status(
incident={"incident_id": "INC-1", "status": "RESOLVED"},
approvals=[{"status": "EXECUTION_SUCCESS", "action": "未知操作 | NO_ACTION"}],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 6}],
automation_ops=[
{
"operation_type": "playbook_executed",
"status": "success",
"actor": "approval_execution",
"output_reason": "NO_ACTION",
"output_action": "未知操作 | NO_ACTION",
},
{
"operation_type": "ansible_candidate_matched",
"status": "dry_run",
"output_not_used_reason": "Ansible check-mode is not wired yet",
},
],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=8,
legacy_mcp_total=8,
outbound_visible_total=1,
)
assert status["current_stage"] == "manual_required"
assert status["stage_status"] == "blocked"
assert status["needs_human"] is True
assert "approval_resolved_no_action_without_execution" in status["blockers"]
def test_truth_status_marks_open_incident_after_successful_execution() -> None:
status = _truth_status(
incident={"incident_id": "INC-OPEN", "status": "INVESTIGATING"},
approvals=[{"status": "EXECUTION_SUCCESS", "action": "kubectl rollout restart deployment/app"}],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 6}],
automation_ops=[],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=3,
legacy_mcp_total=2,
outbound_visible_total=1,
auto_repair_executions=[{"success": True}],
)
assert status["current_stage"] == "execution_succeeded"
assert status["stage_status"] == "success"
assert status["needs_human"] is True
assert "incident_open_after_successful_execution" in status["blockers"]
def test_truth_status_marks_repeated_pending_drift_as_human_needed() -> None:
status = _truth_status(
incident=None,
approvals=[],
evidence_rows=[],
automation_ops=[],
drift={
"report_id": "7f858956",
"status": "pending",
"interpretation": {"confidence": 0.0},
},
drift_repeat_count=12,
gateway_mcp_total=0,
legacy_mcp_total=0,
outbound_visible_total=0,
)
assert status["current_stage"] == "dedup_or_repeat_updated"
assert status["stage_status"] == "pending"
assert status["needs_human"] is True
assert "drift_report_pending_without_resolution" in status["blockers"]
assert "drift_ai_confidence_zero" in status["blockers"]
def test_gateway_summary_surfaces_first_class_approval_execution() -> None:
summary = _summarize_gateway_mcp([
{
"agent_id": "approval_executor",
"tool_name": "ssh_docker_restart",
"result_status": "failed",
"block_gate": None,
"gate_result": {
"schema_version": "awooop_mcp_gateway_audit_v1",
"gateway_path": "awooop_mcp_gateway",
"policy_enforced": True,
"required_scope": "write",
"is_shadow": False,
"gate5_approval": True,
},
}
])
assert summary["total"] == 1
assert summary["first_class_total"] == 1
assert summary["legacy_bridge_total"] == 0
assert summary["policy_enforced_total"] == 1
assert summary["approval_executor_total"] == 1
assert summary["stage"] == "provider_failed_after_gateway"
assert summary["stage_status"] == "failed"
assert summary["needs_human"] is True
assert summary["by_agent"][0]["agent_id"] == "approval_executor"
assert summary["by_tool"][0]["tool_name"] == "ssh_docker_restart"
assert summary["by_scope"][0]["required_scope"] == "write"
assert summary["by_scope"][0]["failed"] == 1
def _drift_item(
*,
resource_name: str = "awoooi-api",
field_path: str = "spec.template.spec.containers[0].image",
actual_value: str = "api:hotfix",
) -> dict:
return {
"resource_kind": "Deployment",
"resource_name": resource_name,
"namespace": "awoooi-prod",
"field_path": field_path,
"git_value": "api:main",
"actual_value": actual_value,
"drift_level": "high",
"is_allowlisted": False,
}
def test_drift_fingerprint_is_stable_across_item_order() -> None:
item_a = _drift_item(resource_name="awoooi-api")
item_b = _drift_item(
resource_name="awoooi-worker",
field_path="spec.template.spec.serviceAccountName",
actual_value="awoooi-executor",
)
first = build_drift_fingerprint("awoooi-prod", [item_a, item_b])
second = build_drift_fingerprint("awoooi-prod", [item_b, item_a])
changed = build_drift_fingerprint(
"awoooi-prod",
[item_a, {**item_b, "actual_value": "different-service-account"}],
)
assert first == second
assert first.startswith("dfp_")
assert first != changed
def test_drift_repeat_state_counts_matching_fingerprint_only() -> None:
now = datetime(2026, 5, 13, 1, 0, tzinfo=UTC)
report = {
"report_id": "drift-now",
"namespace": "awoooi-prod",
"status": "pending",
"scanned_at": now,
"created_at": now,
"items": [_drift_item()],
}
recent = [
{
**report,
"report_id": "drift-prev",
"scanned_at": now - timedelta(hours=1),
"created_at": now - timedelta(hours=1),
},
{
**report,
"report_id": "drift-different",
"scanned_at": now - timedelta(hours=2),
"created_at": now - timedelta(hours=2),
"items": [_drift_item(actual_value="api:other")],
},
{
**report,
"report_id": "drift-old",
"scanned_at": now - timedelta(hours=13),
"created_at": now - timedelta(hours=13),
},
]
repeat_state = build_drift_repeat_state(report, recent)
assert repeat_state["schema_version"] == "drift_repeat_state_v1"
assert repeat_state["fingerprint"].startswith("dfp_")
assert repeat_state["matching_strategy"] == "namespace_and_stable_items_v1"
assert repeat_state["occurrences_12h"] == 2
assert repeat_state["operator_stage"] == "pending_human"
assert [row["report_id"] for row in repeat_state["reports"]] == [
"drift-now",
"drift-prev",
]
def test_drift_repeat_state_can_group_semantic_shape_without_values() -> None:
now = datetime(2026, 5, 19, 1, 0, tzinfo=UTC)
report = {
"report_id": "drift-now",
"namespace": "awoooi-prod",
"status": "pending",
"scanned_at": now,
"created_at": now,
"items": [_drift_item(actual_value=["vol-a", "vol-b"])],
}
recent = [
{
**report,
"report_id": "drift-prev",
"scanned_at": now - timedelta(hours=1),
"created_at": now - timedelta(hours=1),
"items": [_drift_item(actual_value=["vol-a", "vol-b", "vol-c"])],
},
]
strict_state = build_drift_repeat_state(report, recent)
semantic_state = build_drift_repeat_state(
report,
recent,
include_values=False,
)
assert strict_state["occurrences_12h"] == 1
assert semantic_state["matching_strategy"] == "namespace_resource_field_level_v2"
assert semantic_state["occurrences_12h"] == 2
assert semantic_state["fingerprint"] != semantic_state["strict_fingerprint"]
def test_reconciliation_blocks_open_incident_after_no_action_approval() -> None:
reconciliation = build_incident_reconciliation(
incident={"incident_id": "INC-1", "status": "INVESTIGATING"},
approvals=[
{
"id": "approval-1",
"status": "APPROVED",
"action": "未知操作 | NO_ACTION",
"resolved_at": "2026-05-13T01:00:00+00:00",
}
],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 0}],
automation_ops=[],
timeline_events=[],
)
codes = {row["code"] for row in reconciliation["mismatches"]}
assert reconciliation["schema_version"] == "incident_reconciliation_v1"
assert reconciliation["consistency_status"] == "blocked"
assert reconciliation["operator_next_state"] == "manual_required"
assert reconciliation["facts"]["incident_closed"] is False
assert reconciliation["facts"]["automation_operation_records"] == 0
assert "incident_open_after_approval_resolved" in codes
assert "approval_approved_without_execution_record" in codes
assert "approval_no_action_without_execution" in codes
assert "evidence_all_sensors_failed" in codes
assert "timeline_missing_for_approval" in codes
def test_reconciliation_accepts_approval_with_raw_timeline_event() -> None:
reconciliation = build_incident_reconciliation(
incident={"incident_id": "INC-1", "status": "INVESTIGATING"},
approvals=[
{
"id": "approval-1",
"status": "PENDING",
"action": "kubectl rollout restart deployment/api",
}
],
evidence_rows=[],
automation_ops=[],
timeline_events=[
{
"event_type": "human",
"status": "warning",
"approval_id": "approval-1",
}
],
)
codes = {row["code"] for row in reconciliation["mismatches"]}
assert "timeline_missing_for_approval" not in codes
assert reconciliation["facts"]["timeline_events"] == 1
def test_reconciliation_counts_auto_repair_execution_as_real_execution() -> None:
reconciliation = build_incident_reconciliation(
incident={"incident_id": "INC-2", "status": "INVESTIGATING"},
approvals=[
{
"id": "approval-2",
"status": "APPROVED",
"action": "未知操作 | NO_ACTION",
"resolved_at": "2026-05-13T01:00:00+00:00",
}
],
evidence_rows=[
{
"sensors_attempted": 8,
"sensors_succeeded": 6,
"verification_result": "degraded",
}
],
automation_ops=[],
auto_repair_executions=[
{
"id": "repair-1",
"success": True,
"playbook_id": "PB-1",
}
],
timeline_events=[{"event_type": "executor", "status": "success"}],
)
codes = {row["code"] for row in reconciliation["mismatches"]}
assert reconciliation["consistency_status"] == "blocked"
assert reconciliation["facts"]["auto_repair_execution_records"] == 1
assert reconciliation["facts"]["successful_auto_repair_records"] == 1
assert reconciliation["facts"]["effective_execution_records"] == 1
assert "incident_open_after_successful_execution" in codes
assert "verification_degraded_after_auto_repair" in codes
assert "approval_approved_without_execution_record" not in codes
assert "approval_no_action_without_execution" not in codes
def test_automation_quality_marks_no_action_without_execution() -> None:
quality = build_automation_quality(
incident={"incident_id": "INC-1", "status": "INVESTIGATING"},
approvals=[{"status": "APPROVED", "action": "未知操作 | NO_ACTION"}],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 0}],
automation_ops=[],
auto_repair_executions=[],
gateway_mcp_summary={"total": 8},
legacy_mcp_summary={"total": 8},
outbound_rows=[{"message_id": "m1"}],
km_entries=[],
timeline_events=[],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["schema_version"] == "automation_quality_v1"
assert quality["verdict"] == "manual_required_no_action"
assert quality["facts"]["auto_repair_execution_records"] == 0
assert gates["execution_recorded"] == "missing"
assert gates["verification_recorded"] == "not_applicable"
assert "execution_recorded" in quality["blockers"]
def test_automation_quality_marks_rejected_approval_closed_without_execution() -> None:
quality = build_automation_quality(
incident={"incident_id": "INC-REJECTED", "status": "INVESTIGATING"},
approvals=[{"status": "REJECTED", "action": "kubectl rollout restart deployment/api"}],
evidence_rows=[],
automation_ops=[],
auto_repair_executions=[],
gateway_mcp_summary={"total": 1},
legacy_mcp_summary={"total": 1},
outbound_rows=[{"message_id": "m1"}],
km_entries=[],
timeline_events=[],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "approval_rejected_no_execution"
assert gates["approval_state"] == "passed"
assert gates["execution_recorded"] == "missing"
def test_automation_quality_marks_expired_approval_for_manual_review() -> None:
quality = build_automation_quality(
incident={"incident_id": "INC-EXPIRED", "status": "INVESTIGATING"},
approvals=[{"status": "EXPIRED", "action": "kubectl rollout restart deployment/api"}],
evidence_rows=[],
automation_ops=[],
auto_repair_executions=[],
gateway_mcp_summary={"total": 1},
legacy_mcp_summary={"total": 1},
outbound_rows=[{"message_id": "m1"}],
km_entries=[],
timeline_events=[],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "approval_expired_manual_review"
assert gates["approval_state"] == "warning"
assert "approval_state" not in quality["blockers"]
def test_truth_status_marks_rejected_approval_as_closed() -> None:
status = _truth_status(
incident={"incident_id": "INC-REJECTED", "status": "INVESTIGATING"},
approvals=[{"status": "REJECTED", "action": "kubectl rollout restart deployment/api"}],
evidence_rows=[],
automation_ops=[],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=1,
legacy_mcp_total=1,
outbound_visible_total=1,
auto_repair_executions=[],
)
assert status["current_stage"] == "approval_rejected"
assert status["stage_status"] == "closed"
assert status["needs_human"] is False
def test_truth_status_marks_expired_approval_as_manual_needed() -> None:
status = _truth_status(
incident={"incident_id": "INC-EXPIRED", "status": "INVESTIGATING"},
approvals=[{"status": "EXPIRED", "action": "kubectl rollout restart deployment/api"}],
evidence_rows=[],
automation_ops=[],
drift=None,
drift_repeat_count=0,
gateway_mcp_total=1,
legacy_mcp_total=1,
outbound_visible_total=1,
auto_repair_executions=[],
)
assert status["current_stage"] == "approval_expired"
assert status["stage_status"] == "expired"
assert status["needs_human"] is True
assert "approval_expired_without_operator_decision" in status["blockers"]
def test_reconciliation_ignores_no_action_audit_rows_as_execution() -> None:
reconciliation = build_incident_reconciliation(
incident={"incident_id": "INC-NOOP", "status": "INVESTIGATING"},
approvals=[
{
"id": "approval-noop",
"status": "APPROVED",
"action": "未知操作 | NO_ACTION",
"resolved_at": "2026-05-31T01:00:00+00:00",
}
],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 6}],
automation_ops=[
{
"operation_type": "playbook_executed",
"status": "success",
"actor": "approval_execution",
"output_reason": "NO_ACTION",
"output_action": "未知操作 | NO_ACTION",
}
],
auto_repair_executions=[],
timeline_events=[{"event_type": "executor", "status": "success"}],
)
codes = {row["code"] for row in reconciliation["mismatches"]}
assert reconciliation["facts"]["executed_operation_records"] == 0
assert reconciliation["facts"]["effective_execution_records"] == 0
assert "approval_approved_without_execution_record" in codes
assert "approval_no_action_without_execution" in codes
assert "incident_open_after_successful_execution" not in codes
def test_automation_quality_ignores_no_action_audit_rows_as_execution() -> None:
quality = build_automation_quality(
incident={"incident_id": "INC-1", "status": "RESOLVED"},
approvals=[{"status": "EXECUTION_SUCCESS", "action": "未知操作 | NO_ACTION"}],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 6}],
automation_ops=[
{
"operation_type": "playbook_executed",
"status": "success",
"actor": "approval_execution",
"output_reason": "NO_ACTION",
"output_action": "未知操作 | NO_ACTION",
},
{
"operation_type": "ansible_candidate_matched",
"status": "dry_run",
"output_not_used_reason": "Ansible check-mode is not wired yet",
},
],
auto_repair_executions=[],
gateway_mcp_summary={"total": 8},
legacy_mcp_summary={"total": 8},
outbound_rows=[{"message_id": "m1"}],
km_entries=[{"id": "km-1"}],
timeline_events=[{"id": "tl-1"}],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "manual_required_no_action"
assert quality["facts"]["automation_operation_records"] == 2
assert quality["facts"]["effective_execution_records"] == 0
assert quality["facts"]["noop_operation_records"] == 1
assert quality["facts"]["audit_only_operation_records"] == 1
assert gates["execution_recorded"] == "missing"
assert gates["verification_recorded"] == "not_applicable"
def test_automation_quality_uses_approval_metadata_to_suppress_diagnostic_ops() -> None:
quality = build_automation_quality(
incident={"incident_id": "INC-DIAG", "status": "RESOLVED"},
approvals=[
{
"status": "EXECUTION_SUCCESS",
"action": "ssh 192.168.0.110 'df -h /data/minio'",
"extra_metadata": {
"execution_kind": "diagnostic",
"repair_executed": False,
},
}
],
evidence_rows=[
{
"sensors_attempted": 8,
"sensors_succeeded": 6,
"verification_result": "degraded",
}
],
automation_ops=[
{
"operation_type": "playbook_executed",
"status": "success",
"actor": "approval_execution",
"output_action": "ssh 192.168.0.110 'df -h /data/minio'",
}
],
auto_repair_executions=[],
gateway_mcp_summary={"total": 8},
legacy_mcp_summary={"total": 8},
outbound_rows=[{"message_id": "m1"}],
km_entries=[{"id": "km-1"}],
timeline_events=[{"id": "tl-1"}],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "manual_required_diagnostic_only"
assert quality["facts"]["automation_operation_records"] == 1
assert quality["facts"]["effective_execution_records"] == 0
assert quality["facts"]["approval_repair_suppressed"] is True
assert gates["execution_recorded"] == "missing"
assert gates["verification_recorded"] == "not_applicable"
def test_automation_quality_marks_verified_auto_repair() -> None:
quality = build_automation_quality(
incident={
"incident_id": "INC-2",
"status": "RESOLVED",
"verification_result": "success",
},
approvals=[],
evidence_rows=[{"sensors_attempted": 3, "sensors_succeeded": 3}],
automation_ops=[],
auto_repair_executions=[
{
"id": "repair-1",
"success": True,
"playbook_id": "pb-1",
}
],
gateway_mcp_summary={"total": 3},
legacy_mcp_summary={"total": 3},
outbound_rows=[{"message_id": "m1"}],
km_entries=[{"id": "km-1"}],
timeline_events=[{"id": "tl-1"}],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "auto_repaired_verified"
assert quality["facts"]["verification_result"] == "success"
assert quality["score"] == 100
assert gates["auto_repair_recorded"] == "passed"
assert gates["verification_recorded"] == "passed"
assert quality["blockers"] == []
def test_automation_quality_marks_degraded_auto_repair_verification() -> None:
quality = build_automation_quality(
incident={
"incident_id": "INC-3",
"status": "INVESTIGATING",
},
approvals=[{"status": "APPROVED", "action": "未知操作 | NO_ACTION"}],
evidence_rows=[
{
"sensors_attempted": 8,
"sensors_succeeded": 6,
"verification_result": "degraded",
}
],
automation_ops=[],
auto_repair_executions=[
{
"id": "repair-1",
"success": True,
"playbook_id": "PB-1",
}
],
gateway_mcp_summary={"total": 3},
legacy_mcp_summary={"total": 3},
outbound_rows=[{"message_id": "m1"}],
km_entries=[],
timeline_events=[{"id": "tl-1"}],
)
gates = {row["name"]: row["status"] for row in quality["gates"]}
assert quality["verdict"] == "auto_repaired_verification_degraded"
assert quality["facts"]["auto_repair_execution_records"] == 1
assert quality["facts"]["verification_result"] == "degraded"
assert gates["execution_recorded"] == "passed"
assert gates["verification_recorded"] == "warning"
def test_automation_quality_score_buckets_are_stable() -> None:
assert _automation_quality_score_bucket(100) == "green"
assert _automation_quality_score_bucket(85) == "green"
assert _automation_quality_score_bucket(84) == "yellow"
assert _automation_quality_score_bucket(60) == "yellow"
assert _automation_quality_score_bucket(59) == "red"
def test_automation_quality_summary_denies_full_claim_when_unverified() -> None:
summary = summarize_automation_quality_records(
project_id="awoooi",
window_hours=24,
limit=200,
records=[
{
"incident": {
"incident_id": "INC-OK",
"alertname": "container recovered",
"severity": "P4",
"status": "RESOLVED",
"created_at": "2026-05-13T01:00:00+00:00",
},
"truth_status": {
"current_stage": "execution_succeeded",
"stage_status": "success",
"needs_human": False,
},
"automation_quality": {
"applicable": True,
"verdict": "auto_repaired_verified",
"score": 100,
"facts": {
"automation_operation_records": 1,
"effective_execution_records": 1,
"noop_operation_records": 0,
"audit_only_operation_records": 0,
"auto_repair_execution_records": 1,
},
"gates": [
{"name": "verification_recorded", "status": "passed"},
],
"blockers": [],
},
"execution": {
"automation_operation_log": [
{
"operation_type": "playbook_executed",
"status": "success",
}
],
"auto_repair_executions": [{"success": True}],
"ansible": {
"considered": False,
"records": [],
"candidate_catalog": {"candidates": []},
},
},
},
{
"incident": {
"incident_id": "INC-GAP",
"alertname": "low risk action",
"severity": "P4",
"status": "INVESTIGATING",
"created_at": "2026-05-13T02:00:00+00:00",
},
"truth_status": {
"current_stage": "execution_succeeded",
"stage_status": "success",
"needs_human": False,
},
"automation_quality": {
"applicable": True,
"verdict": "execution_unverified",
"score": 65,
"facts": {
"automation_operation_records": 2,
"effective_execution_records": 0,
"noop_operation_records": 0,
"audit_only_operation_records": 2,
"auto_repair_execution_records": 0,
},
"gates": [
{"name": "verification_recorded", "status": "missing"},
{"name": "learning_recorded", "status": "missing"},
],
"blockers": ["verification_recorded", "learning_recorded"],
},
"execution": {
"automation_operation_log": [
{
"operation_type": "ansible_candidate_matched",
"status": "dry_run",
},
{
"operation_type": "ansible_check_mode_executed",
"status": "dry_run",
},
],
"auto_repair_executions": [],
"ansible": {
"considered": True,
"records": [
{
"operation_type": "ansible_candidate_matched",
"status": "dry_run",
},
{
"operation_type": "ansible_check_mode_executed",
"status": "dry_run",
},
],
"candidate_catalog": {
"candidates": [
{"catalog_id": "ansible:188-ai-web"},
{"catalog_id": "ansible:nginx-sync"},
]
},
},
},
},
],
)
assert summary["schema_version"] == "automation_quality_summary_v1"
assert summary["incident_total"] == 2
assert summary["evaluated_total"] == 2
assert summary["verified_auto_repair_total"] == 1
assert summary["score_buckets"] == {"green": 1, "yellow": 1, "red": 0}
assert summary["production_claim"]["can_claim_full_auto_repair"] is False
assert summary["production_claim"]["reason"] == "some_incidents_are_not_auto_repaired_verified"
assert {row["verdict"]: row["total"] for row in summary["by_verdict"]} == {
"auto_repaired_verified": 1,
"execution_unverified": 1,
}
assert {row["gate"]: row["total"] for row in summary["gate_failures"]} == {
"learning_recorded": 1,
"verification_recorded": 1,
}
assert summary["execution_backend_summary"] == {
"operation_records_total": 3,
"effective_execution_records_total": 1,
"noop_operation_records_total": 0,
"audit_only_operation_records_total": 2,
"auto_repair_execution_records_total": 1,
"ansible_considered_total": 1,
"ansible_audit_record_total": 2,
"ansible_candidate_total": 2,
"ansible_check_mode_total": 1,
"ansible_apply_total": 0,
"ansible_rollback_total": 0,
"ansible_pending_check_mode_total": 1,
}
assert summary["ansible_runtime"]["playbook_root_present"] is True
assert summary["ansible_runtime"]["inventory_present"] is True
assert summary["ansible_runtime"]["playbook_count"] >= 1
assert "ansible_playbook_binary_present" in summary["ansible_runtime"]
assert summary["examples"][1]["incident_id"] == "INC-GAP"
assert summary["examples"][1]["score_bucket"] == "yellow"
def test_automation_quality_summary_builds_operator_flow_gates() -> None:
def quality(
*,
incident_id: str,
verdict: str,
score: int,
gates: list[dict[str, str]],
blockers: list[str] | None = None,
) -> dict[str, object]:
return {
"incident": {
"incident_id": incident_id,
"alertname": "container restart loop",
"severity": "P3",
"status": "INVESTIGATING",
},
"truth_status": {
"current_stage": "execution_succeeded",
"stage_status": "success",
"needs_human": verdict != "auto_repaired_verified",
},
"automation_quality": {
"applicable": True,
"verdict": verdict,
"score": score,
"facts": {
"automation_operation_records": 1,
"effective_execution_records": 1 if verdict == "auto_repaired_verified" else 0,
"auto_repair_execution_records": 1 if verdict == "auto_repaired_verified" else 0,
},
"gates": gates,
"blockers": blockers or [],
},
"execution": {
"automation_operation_log": [],
"auto_repair_executions": [],
"ansible": {"considered": False, "records": [], "candidate_catalog": {"candidates": []}},
},
}
passed_gates = [
{"name": "source_persisted", "status": "passed"},
{"name": "outbound_recorded", "status": "passed"},
{"name": "evidence_collected", "status": "passed"},
{"name": "mcp_gateway_observed", "status": "passed"},
{"name": "approval_state", "status": "not_applicable"},
{"name": "execution_recorded", "status": "passed"},
{"name": "auto_repair_recorded", "status": "passed"},
{"name": "verification_recorded", "status": "passed"},
{"name": "learning_recorded", "status": "passed"},
{"name": "timeline_recorded", "status": "passed"},
]
blocked_gates = [
{"name": "source_persisted", "status": "passed"},
{"name": "outbound_recorded", "status": "passed"},
{"name": "evidence_collected", "status": "missing"},
{"name": "mcp_gateway_observed", "status": "missing"},
{"name": "approval_state", "status": "warning"},
{"name": "execution_recorded", "status": "missing"},
{"name": "auto_repair_recorded", "status": "missing"},
{"name": "verification_recorded", "status": "not_applicable"},
{"name": "learning_recorded", "status": "not_applicable"},
{"name": "timeline_recorded", "status": "missing"},
]
summary = summarize_automation_quality_records(
project_id="awoooi",
window_hours=24,
limit=2,
records=[
quality(
incident_id="INC-PASS",
verdict="auto_repaired_verified",
score=100,
gates=passed_gates,
),
quality(
incident_id="INC-BLOCKED",
verdict="manual_required_no_action",
score=40,
gates=blocked_gates,
blockers=["mcp_gateway_observed", "execution_recorded"],
),
],
)
flow = summary["automation_flow_gates"]
gates = {row["gate"]: row for row in flow["gates"]}
assert flow["schema_version"] == "automation_flow_gate_summary_v1"
assert flow["overall_status"] == "blocked"
assert gates["alert_intake"]["status"] == "passed"
assert gates["mcp_investigation"]["missing_total"] == 1
assert gates["approval_policy"]["warning_total"] == 1
assert gates["execution_recorded"]["missing_total"] == 1
assert gates["verification_recorded"]["missing_total"] == 1
assert gates["knowledge_recorded"]["missing_total"] == 1
assert gates["operator_visible"]["missing_total"] == 1
assert gates["mcp_investigation"]["examples"][0]["incident_id"] == "INC-BLOCKED"
def test_ansible_runtime_readiness_reports_check_mode_blockers() -> None:
readiness = _ansible_runtime_readiness()
assert readiness["playbook_root_present"] is True
assert readiness["inventory_present"] is True
assert readiness["playbook_count"] >= 1
assert isinstance(readiness["can_run_check_mode"], bool)
assert isinstance(readiness["blockers"], list)
assert "check_mode_transport_profile" in readiness
assert "check_mode_ssh_key_readable" in readiness
assert "check_mode_known_hosts_readable" in readiness
assert "repair_ssh_key_readable" in readiness
assert "repair_known_hosts_readable" in readiness
def test_ansible_runtime_readiness_requires_check_mode_ssh_material(tmp_path: Path) -> None:
missing_key = tmp_path / "missing-id-ed25519"
missing_known_hosts = tmp_path / "missing-known-hosts"
readiness = _ansible_runtime_readiness(
check_mode_ssh_key_path=missing_key,
check_mode_known_hosts_path=missing_known_hosts,
)
assert readiness["check_mode_ssh_key_present"] is False
assert readiness["check_mode_ssh_key_readable"] is False
assert readiness["check_mode_known_hosts_present"] is False
assert readiness["check_mode_known_hosts_readable"] is False
assert "ansible_check_mode_ssh_key_missing" in readiness["blockers"]
assert "ansible_check_mode_known_hosts_missing" in readiness["blockers"]
def test_ansible_runtime_readiness_accepts_readable_check_mode_ssh_material(tmp_path: Path) -> None:
key_path = tmp_path / "id_ed25519"
known_hosts_path = tmp_path / "known_hosts"
key_path.write_text("test-key", encoding="utf-8")
known_hosts_path.write_text("192.168.0.110 ssh-ed25519 AAAATEST", encoding="utf-8")
key_path.chmod(0o400)
known_hosts_path.chmod(0o400)
readiness = _ansible_runtime_readiness(
check_mode_ssh_key_path=key_path,
check_mode_known_hosts_path=known_hosts_path,
)
assert readiness["check_mode_ssh_key_present"] is True
assert readiness["check_mode_ssh_key_readable"] is True
assert readiness["check_mode_known_hosts_present"] is True
assert readiness["check_mode_known_hosts_readable"] is True
assert "ansible_check_mode_ssh_key_missing" not in readiness["blockers"]
assert "ansible_check_mode_known_hosts_missing" not in readiness["blockers"]
def test_ansible_playbook_roots_supports_flat_container_module_path() -> None:
roots = _ansible_playbook_roots(Path("/app/src/services/awooop_truth_chain_service.py"))
assert Path("/app/infra/ansible") in roots
assert Path("/app/src/infra/ansible") in roots
def test_reconciliation_marks_consistent_resolved_execution() -> None:
reconciliation = build_incident_reconciliation(
incident={"incident_id": "INC-2", "status": "RESOLVED"},
approvals=[
{
"id": "approval-2",
"status": "APPROVED",
"action": "restart service",
"resolved_at": "2026-05-13T01:00:00+00:00",
}
],
evidence_rows=[{"sensors_attempted": 8, "sensors_succeeded": 7}],
automation_ops=[{"status": "success"}],
timeline_events=[{"event_type": "executor", "status": "success"}],
)
assert reconciliation["consistency_status"] == "consistent"
assert reconciliation["operator_next_state"] == "continue"
assert reconciliation["mismatches"] == []
def test_ansible_truth_surfaces_audited_check_mode_record() -> None:
truth = build_ansible_truth(
[
{
"op_id": "op-ansible-1",
"operation_type": "ansible_check_mode_executed",
"status": "dry_run",
"actor": "platform_operator",
"input_catalog_id": "ansible:188-momo-backup-user",
"input_execution_mode": "check_mode",
"input_playbook_path": "infra/ansible/playbooks/188-ai-web.yml",
"input_check_mode": "true",
"dry_run_result": {
"changed": 1,
"check_mode_executed": True,
"apply_executed": False,
"returncode": 0,
},
"tags": ["ansible", "check_mode"],
"created_at": "2026-05-12T22:00:00+08:00",
}
],
incident={"incident_id": "INC-1", "alertname": "momo pg_backup failed on 188"},
drift=None,
)
assert truth["considered"] is True
assert truth["not_used_reason"] is None
assert truth["records"][0]["playbook_path"] == "infra/ansible/playbooks/188-ai-web.yml"
assert truth["records"][0]["check_mode"] == "true"
assert truth["records"][0]["catalog_id"] == "ansible:188-momo-backup-user"
assert truth["records"][0]["execution_mode"] == "check_mode"
assert truth["records"][0]["returncode"] == 0
assert truth["records"][0]["dry_run_result"]["changed"] == 1
assert truth["summary"]["check_mode_total"] == 1
assert truth["summary"]["apply_total"] == 0
assert truth["summary"]["latest_catalog_id"] == "ansible:188-momo-backup-user"
assert truth["summary"]["latest_returncode"] == 0
assert "ansible_check_mode_executed" in truth["audit_contract"]["operation_types"]
assert truth["candidate_catalog"]["decision_effect"] == "none"
assert truth["candidate_catalog"]["candidates"][0]["catalog_id"] == "ansible:188-momo-backup-user"
assert truth["candidate_catalog"]["candidates"][0]["auto_apply_enabled"] is False
assert (
truth["candidate_catalog"]["candidates"][0]["check_mode_playbook_path"]
== "infra/ansible/playbooks/188-momo-backup-user.yml"
)
def test_ansible_truth_keeps_catalog_hint_separate_from_runtime_use() -> None:
truth = build_ansible_truth(
[],
incident={"incident_id": "INC-2", "alertname": "nginx 502 upstream timeout"},
drift=None,
)
assert truth["considered"] is False
assert truth["records"] == []
assert truth["not_used_reason"].startswith("no automation_operation_log row")
assert truth["candidate_catalog"]["candidates"][0]["catalog_id"] == "ansible:nginx-sync"
assert truth["candidate_catalog"]["candidates"][0]["approval_required"] is True
assert truth["candidate_catalog"]["decision_effect"] == "none"
def test_ansible_decision_audit_payload_is_dry_run_only() -> None:
incident = SimpleNamespace(
incident_id="INC-DOCKER",
project_id="awoooi",
alert_category="infrastructure",
notification_type="TYPE-3",
severity=SimpleNamespace(value="P3"),
affected_services=["bitan-pharmacy-bitan-1"],
signals=[
SimpleNamespace(
alert_name="DockerContainerUnhealthy",
labels={"alertname": "DockerContainerUnhealthy", "container": "bitan-pharmacy-bitan-1"},
annotations={},
)
],
)
payload = build_ansible_decision_audit_payload(
incident=incident,
proposal_data={"source": "expert_system", "risk_level": "low", "action": "NO_ACTION"},
decision_path="manual_approval",
not_used_reason="manual approval required; Ansible check-mode is not wired yet",
)
assert payload is not None
assert payload["operation_type"] == "ansible_candidate_matched"
assert payload["status"] == "dry_run"
assert payload["input"]["executor"] == "ansible"
assert payload["input"]["check_mode"] is True
assert payload["input"]["apply_enabled"] is False
assert payload["input"]["approval_required"] is True
assert payload["input"]["executor_candidates"]
assert payload["output"]["decision_effect"] == "audit_only"
assert payload["dry_run_result"]["check_mode_executed"] is False
def test_ansible_decision_audit_payload_exposes_check_mode_safety_flags() -> None:
incident = SimpleNamespace(
incident_id="INC-MOMO",
project_id="awoooi",
alert_category="database",
notification_type="TYPE-3",
severity=SimpleNamespace(value="P3"),
affected_services=["momo"],
signals=[
SimpleNamespace(
alert_name="MomoPostgresBackupFailed",
labels={"alertname": "MomoPostgresBackupFailed", "instance": "188"},
annotations={},
)
],
)
payload = build_ansible_decision_audit_payload(
incident=incident,
proposal_data={"source": "expert_system", "risk_level": "low"},
decision_path="manual_approval",
not_used_reason="candidate audit",
)
candidate = payload["input"]["executor_candidates"][0]
assert candidate["catalog_id"] == "ansible:188-momo-backup-user"
assert candidate["supports_check_mode"] is True
assert candidate["playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
assert candidate["check_mode_playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
assert candidate["auto_apply_enabled"] is False
assert candidate["approval_required"] is True
assert candidate["risk_level"] == "low"
def test_ansible_check_mode_claim_input_keeps_apply_locked() -> None:
candidate_input = {
"incident_id": "INC-MOMO",
"executor": "ansible",
"executor_candidates": [
{
"catalog_id": "ansible:188-ai-web",
"playbook_path": "infra/ansible/playbooks/188-ai-web.yml",
"inventory_hosts": ["host_188"],
"risk_level": "medium",
}
],
}
claim = build_ansible_check_mode_claim_input(
source_candidate_op_id="00000000-0000-0000-0000-000000000001",
candidate_input=candidate_input,
)
assert claim["execution_mode"] == "check_mode"
assert claim["check_mode"] is True
assert claim["diff"] is True
assert claim["apply_enabled"] is False
assert claim["transport_profile"]
assert claim["approval_required_before_apply"] is True
assert claim["catalog_playbook_path"] == "infra/ansible/playbooks/188-ai-web.yml"
assert claim["source_candidate_playbook_path"] == "infra/ansible/playbooks/188-ai-web.yml"
assert claim["check_mode_playbook_path"] == "infra/ansible/playbooks/188-ai-web-readonly.yml"
assert claim["playbook_path"] == "infra/ansible/playbooks/188-ai-web-readonly.yml"
def test_ansible_check_mode_claim_input_accepts_momo_backup_user_catalog() -> None:
candidate_input = {
"incident_id": "INC-MOMO",
"executor": "ansible",
"executor_candidates": [
{
"catalog_id": "ansible:188-momo-backup-user",
"playbook_path": "infra/ansible/playbooks/188-momo-backup-user.yml",
"inventory_hosts": ["host_188"],
"risk_level": "low",
}
],
}
claim = build_ansible_check_mode_claim_input(
source_candidate_op_id="00000000-0000-0000-0000-000000000003",
candidate_input=candidate_input,
)
assert claim["execution_mode"] == "check_mode"
assert claim["apply_enabled"] is False
assert claim["catalog_id"] == "ansible:188-momo-backup-user"
assert claim["risk_level"] == "low"
assert claim["catalog_playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
assert claim["source_candidate_playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
assert claim["check_mode_playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
assert claim["playbook_path"] == "infra/ansible/playbooks/188-momo-backup-user.yml"
def test_ansible_check_mode_claim_rejects_non_check_mode_catalog() -> None:
candidate_input = {
"incident_id": "INC-SSH",
"executor": "ansible",
"executor_candidates": [
{
"catalog_id": "ansible:restore-password-auth",
"playbook_path": "infra/ansible/playbooks/restore-password-auth.yml",
"inventory_hosts": ["host_188"],
"risk_level": "high",
}
],
}
try:
build_ansible_check_mode_claim_input(
source_candidate_op_id="00000000-0000-0000-0000-000000000002",
candidate_input=candidate_input,
)
except ValueError as exc:
assert str(exc) == "no_safe_check_mode_candidate"
else:
raise AssertionError("non-check-mode catalog should be rejected")
def test_ansible_check_mode_command_uses_check_diff_and_selected_ssh_transport(tmp_path: Path) -> None:
playbook_root = tmp_path / "infra" / "ansible"
playbook_dir = playbook_root / "playbooks"
inventory_dir = playbook_root / "inventory"
playbook_dir.mkdir(parents=True)
inventory_dir.mkdir(parents=True)
(playbook_dir / "188-ai-web.yml").write_text("---\n- hosts: host_188\n tasks: []\n")
(inventory_dir / "hosts.yml").write_text("all: {}\n")
repair_key = tmp_path / "id_ed25519"
known_hosts = tmp_path / "known_hosts"
repair_key.write_text("key")
known_hosts.write_text("host key")
spec = build_ansible_check_mode_command(
playbook_path="infra/ansible/playbooks/188-ai-web.yml",
inventory_hosts=("host_188",),
playbook_root=playbook_root,
check_mode_ssh_key_path=repair_key,
check_mode_known_hosts_path=known_hosts,
)
assert "--check" in spec.command
assert "--diff" in spec.command
assert "--limit" in spec.command
assert "host_188" in spec.command
assert "ansible_ssh_private_key_file" in spec.command[-1]
assert str(repair_key) in spec.command[-1]
assert str(known_hosts) in spec.command[-1]
assert "apply" not in " ".join(spec.command)
def test_ansible_claim_query_limits_recent_candidate_backlog() -> None:
source = inspect.getsource(claim_pending_check_modes)
assert "candidate.created_at >= NOW() - (:candidate_max_age_hours * INTERVAL '1 hour')" in source
assert "AWOOOP_ANSIBLE_CHECK_MODE_CANDIDATE_MAX_AGE_HOURS" in source
def test_ansible_transport_blocker_detects_repair_forced_command_denial() -> None:
blockers = detect_ansible_transport_blockers(
"fatal: host unreachable REPAIR_DENIED:invalid_command",
)
assert blockers == ["ansible_repair_ssh_forced_command_denies_ansible_bootstrap"]
def test_execution_backend_summary_subtracts_completed_check_mode_parent() -> None:
summary = _execution_backend_summary([
{
"execution": {
"ansible": {
"considered": True,
"candidate_catalog": {"candidates": [{"catalog_id": "ansible:188-ai-web"}]},
"records": [
{
"op_id": "candidate-1",
"operation_type": "ansible_candidate_matched",
"status": "dry_run",
},
{
"op_id": "check-1",
"parent_op_id": "candidate-1",
"operation_type": "ansible_check_mode_executed",
"status": "success",
},
],
},
"automation_operation_log": [],
"auto_repair_executions": [],
},
"automation_quality": {"facts": {}},
}
])
assert summary["ansible_check_mode_total"] == 1
assert summary["ansible_pending_check_mode_total"] == 0
def test_quality_summary_marks_forced_command_denial_as_runtime_blocker(monkeypatch) -> None:
monkeypatch.setattr(
settings,
"AWOOOP_ANSIBLE_CHECK_MODE_SSH_KEY_PATH",
"/etc/repair-ssh/id_ed25519",
)
summary = summarize_automation_quality_records(
project_id="awoooi",
window_hours=24,
limit=20,
records=[
{
"incident": {"incident_id": "INC-1", "alertname": "DockerContainerUnhealthy"},
"truth_status": {},
"automation_quality": {"applicable": True, "score": 50, "verdict": "observed"},
"execution": {
"automation_operation_log": [],
"auto_repair_executions": [],
"ansible": {
"considered": True,
"candidate_catalog": {"candidates": [{"catalog_id": "ansible:110-devops"}]},
"records": [
{
"op_id": "check-1",
"operation_type": "ansible_check_mode_executed",
"status": "failed",
"dry_run_result": {
"stdout_tail": "REPAIR_DENIED:invalid_command",
},
}
],
},
},
}
],
)
assert summary["ansible_runtime"]["can_run_check_mode"] is False
assert (
"ansible_repair_ssh_forced_command_denies_ansible_bootstrap"
in summary["ansible_runtime"]["blockers"]
)
def test_quality_summary_keeps_repair_forced_blocker_historical_for_ssh_mcp(monkeypatch) -> None:
monkeypatch.setattr(
settings,
"AWOOOP_ANSIBLE_CHECK_MODE_SSH_KEY_PATH",
"/run/secrets/ssh_mcp_key",
)
summary = summarize_automation_quality_records(
project_id="awoooi",
window_hours=24,
limit=20,
records=[
{
"incident": {"incident_id": "INC-1", "alertname": "DockerContainerUnhealthy"},
"truth_status": {},
"automation_quality": {"applicable": True, "score": 50, "verdict": "observed"},
"execution": {
"automation_operation_log": [],
"auto_repair_executions": [],
"ansible": {
"considered": True,
"candidate_catalog": {"candidates": [{"catalog_id": "ansible:110-devops"}]},
"records": [
{
"op_id": "check-1",
"operation_type": "ansible_check_mode_executed",
"status": "failed",
"dry_run_result": {
"stdout_tail": "REPAIR_DENIED:invalid_command",
},
}
],
},
},
}
],
)
assert (
"ansible_repair_ssh_forced_command_denies_ansible_bootstrap"
in summary["ansible_runtime"]["historical_transport_blockers"]
)
assert (
"ansible_repair_ssh_forced_command_denies_ansible_bootstrap"
not in summary["ansible_runtime"]["blockers"]
)
Reference in New Issue View Git Blame Copy Permalink