wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity
Files
44ea892e4fb3e5847eaef30c8e9564d0acdafcea
awoooi/apps/api/tests/test_ai_agent_professional_task_expansion.py
Your Name 44ea892e4f
All checks were successful
Code Review / ai-code-review (push) Successful in 11s
Details
CD Pipeline / tests (push) Successful in 1m46s
Details
CD Pipeline / build-and-deploy (push) Successful in 6m39s
Details
CD Pipeline / post-deploy-checks (push) Successful in 2m53s
Details
feat(governance): 新增 AI Agent TG canary 批准包
2026-06-16 10:15:00 +08:00

303 lines
14 KiB
Python
Raw Blame History

from __future__ import annotations
import copy
import json
import os
from pathlib import Path
import pytest
os.environ.setdefault("DATABASE_URL", "postgresql+asyncpg://test:test@localhost/test")
from src.services.ai_agent_professional_task_expansion import (
load_latest_ai_agent_professional_task_expansion,
)
def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
snapshot = load_latest_ai_agent_professional_task_expansion()
assert snapshot["schema_version"] == "ai_agent_professional_task_expansion_v1"
assert snapshot["program_status"]["current_task_id"] == "P2-405C"
assert snapshot["program_status"]["next_task_id"] == "P2-405D"
assert snapshot["program_status"]["overall_completion_percent"] == 92
assert snapshot["program_status"]["runtime_authority"] == (
"professional_task_expansion_and_telegram_bridge_read_only_no_send"
)
bridge = snapshot["telegram_runtime_bridge"]
assert bridge["canonical_room"] == "AwoooI SRE 戰情室"
assert bridge["canonical_room_env"] == "SRE_GROUP_CHAT_ID"
assert bridge["no_send_preview_ready"] is True
assert bridge["queue_preview_readback_ready"] is True
assert bridge["direct_bot_api_allowed"] is False
assert bridge["bot_api_call_enabled"] is False
assert bridge["gateway_queue_write_enabled"] is False
assert bridge["telegram_send_enabled"] is False
assert len(bridge["stages"]) == 5
assert len(bridge["message_types"]) == 6
assert len(bridge["no_send_message_previews"]) == 6
assert len(bridge["dedup_policy"]["keys"]) == 6
assert len(bridge["receipt_expectations"]) == 6
assert bridge["queue_preview_readback"]["write_enabled"] is False
assert bridge["canary_approval_package"]["status"] == "blocked_until_explicit_approval"
assert bridge["canary_approval_package"]["live_send_enabled"] is False
assert bridge["canary_send_approval_packet"]["status"] == "waiting_explicit_commander_approval"
assert bridge["canary_send_approval_packet"]["approval_granted"] is False
assert bridge["canary_send_approval_packet"]["selected_message_type"] == "not_selected"
assert bridge["canary_send_approval_packet"]["proposed_time_window"] == "waiting_commander_input"
rollups = snapshot["rollups"]
assert rollups["professional_task_count"] == 24
assert rollups["domain_count"] == 8
assert rollups["telegram_stage_count"] == 5
assert rollups["telegram_message_type_count"] == 6
assert rollups["approval_required_count"] == 19
assert rollups["low_risk_task_count"] == 3
assert rollups["medium_risk_task_count"] == 10
assert rollups["high_risk_task_count"] == 6
assert rollups["critical_risk_task_count"] == 5
assert rollups["current_live_count"] == 0
assert rollups["gateway_queue_write_count"] == 0
assert rollups["telegram_send_count"] == 0
assert rollups["bot_api_call_count"] == 0
assert rollups["delivery_receipt_write_count"] == 0
assert rollups["production_write_count"] == 0
assert rollups["secret_read_count"] == 0
assert rollups["paid_api_call_count"] == 0
assert rollups["host_write_count"] == 0
assert rollups["kubectl_action_count"] == 0
assert rollups["no_send_preview_count"] == 6
assert rollups["dedup_key_count"] == 6
assert rollups["receipt_expectation_count"] == 6
assert rollups["canary_approval_package_count"] == 1
assert rollups["preview_send_enabled_count"] == 0
assert rollups["preview_queue_write_enabled_count"] == 0
assert rollups["preview_bot_api_call_enabled_count"] == 0
assert rollups["receipt_live_write_enabled_count"] == 0
assert rollups["canary_live_send_enabled_count"] == 0
assert rollups["canary_send_approval_packet_count"] == 1
assert rollups["canary_operator_approval_field_count"] == 7
assert rollups["canary_stop_condition_count"] == 6
assert rollups["canary_rollback_mute_step_count"] == 5
assert rollups["canary_receipt_readback_check_count"] == 6
assert rollups["canary_approval_granted_count"] == 0
assert rollups["canary_selected_message_type_count"] == 0
assert rollups["canary_approved_time_window_count"] == 0
assert rollups["canary_send_execution_enabled_count"] == 0
assert rollups["canary_gateway_queue_write_enabled_count"] == 0
assert rollups["canary_bot_api_call_enabled_count"] == 0
assert rollups["canary_delivery_receipt_write_enabled_count"] == 0
assert rollups["canary_secret_read_enabled_count"] == 0
def test_professional_tasks_cover_required_agents_and_reporting() -> None:
snapshot = load_latest_ai_agent_professional_task_expansion()
owners = {task["owner_agent"] for task in snapshot["professional_tasks"]}
assert {
"openclaw",
"hermes",
"nemotron",
"telegram_ops_liaison",
"security_sentinel",
"sre_sentinel",
"devops_commander",
}.issubset(owners)
assert snapshot["reporting_contract"]["daily"]["required"] is True
assert snapshot["reporting_contract"]["weekly"]["required"] is True
assert snapshot["reporting_contract"]["monthly"]["required"] is True
assert snapshot["reporting_contract"]["action_required"]["required"] is True
assert snapshot["redaction_contract"]["conversation_transcript_display_allowed"] is False
assert snapshot["redaction_contract"]["raw_prompt_display_allowed"] is False
assert snapshot["redaction_contract"]["private_reasoning_display_allowed"] is False
assert snapshot["redaction_contract"]["secret_value_display_allowed"] is False
assert snapshot["redaction_contract"]["frontend_display_policy"]
def test_no_send_previews_have_unique_dedup_and_no_live_flags() -> None:
snapshot = load_latest_ai_agent_professional_task_expansion()
bridge = snapshot["telegram_runtime_bridge"]
message_types = {item["message_type"] for item in bridge["message_types"]}
previews = bridge["no_send_message_previews"]
receipts = bridge["receipt_expectations"]
assert {preview["message_type"] for preview in previews} == message_types
assert len({preview["dedup_key"] for preview in previews}) == 6
assert {preview["receipt_expectation_id"] for preview in previews} == {
receipt["receipt_id"] for receipt in receipts
}
for preview in previews:
assert preview["status"] == "preview_ready_no_send"
assert preview["send_enabled"] is False
assert preview["gateway_queue_write_enabled"] is False
assert preview["bot_api_call_enabled"] is False
assert preview["delivery_receipt_write_enabled"] is False
assert preview["sanitized_body_lines"]
assert bridge["dedup_policy"]["required"] is True
assert bridge["dedup_policy"]["live_cache_write_enabled"] is False
assert bridge["queue_preview_readback"]["preview_only"] is True
assert bridge["queue_preview_readback"]["write_enabled"] is False
def test_receipts_and_canary_package_remain_no_send() -> None:
snapshot = load_latest_ai_agent_professional_task_expansion()
bridge = snapshot["telegram_runtime_bridge"]
for receipt in bridge["receipt_expectations"]:
assert receipt["receipt_write_enabled"] is False
assert receipt["production_receipt_readback_enabled"] is False
assert receipt["required_evidence_refs"]
canary = bridge["canary_approval_package"]
assert canary["package_ready"] is True
assert canary["approval_required"] is True
assert canary["live_send_enabled"] is False
assert canary["gateway_queue_write_enabled"] is False
assert canary["bot_api_call_enabled"] is False
assert canary["delivery_receipt_write_enabled"] is False
assert canary["production_write_enabled"] is False
def test_canary_send_approval_packet_waits_for_explicit_approval() -> None:
snapshot = load_latest_ai_agent_professional_task_expansion()
bridge = snapshot["telegram_runtime_bridge"]
packet = bridge["canary_send_approval_packet"]
assert packet["packet_ready"] is True
assert packet["approval_required"] is True
assert packet["approval_granted"] is False
assert packet["target_room_env"] == "SRE_GROUP_CHAT_ID"
assert packet["target_room_value_visible"] is False
assert packet["selected_message_type"] == "not_selected"
assert packet["proposed_time_window"] == "waiting_commander_input"
assert set(packet["eligible_message_types"]) == {
message_type["message_type"] for message_type in bridge["message_types"]
}
assert len(packet["operator_approval_fields"]) == 7
assert len(packet["stop_conditions"]) == 6
assert len(packet["mute_rollback_plan"]) == 5
assert len(packet["receipt_readback_plan"]["required_checks"]) == 6
assert packet["approval_decision_log"] == []
for field in packet["operator_approval_fields"]:
assert field["required"] is True
assert field["current_value_status"] == "waiting_input"
assert field["value_display_allowed"] is False
assert packet["rate_limit_plan"]["max_messages"] == 1
assert packet["rate_limit_plan"]["live_rate_limit_write_enabled"] is False
assert packet["receipt_readback_plan"]["production_receipt_write_enabled"] is False
assert packet["receipt_readback_plan"]["receipt_readback_enabled_before_send"] is False
assert all(value is False for value in packet["execution_flags"].values())
def test_rejects_telegram_send_enabled(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
snapshot["telegram_runtime_bridge"]["telegram_send_enabled"] = True
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="telegram_runtime_bridge mismatch"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_gateway_queue_write_count(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
snapshot["rollups"]["gateway_queue_write_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="must remain zero"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_preview_send_enabled(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
snapshot["telegram_runtime_bridge"]["no_send_message_previews"][0]["send_enabled"] = True
snapshot["rollups"]["preview_send_enabled_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="send_enabled must remain false"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_duplicate_dedup_key(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
previews = snapshot["telegram_runtime_bridge"]["no_send_message_previews"]
previews[1]["dedup_key"] = previews[0]["dedup_key"]
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="dedup_key values must be unique"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_canary_live_send_enabled(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
snapshot["telegram_runtime_bridge"]["canary_approval_package"]["live_send_enabled"] = True
snapshot["rollups"]["canary_live_send_enabled_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="canary_approval_package mismatch"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_canary_send_approval_granted(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
packet["approval_granted"] = True
snapshot["rollups"]["canary_approval_granted_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="canary_send_approval_packet mismatch"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_canary_send_execution_enabled(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
packet["execution_flags"]["canary_send_execution_enabled"] = True
snapshot["rollups"]["canary_send_execution_enabled_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="canary send execution flags mismatch"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_selected_canary_message_type_without_approval(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
packet = snapshot["telegram_runtime_bridge"]["canary_send_approval_packet"]
packet["selected_message_type"] = "daily_agent_workload_digest"
snapshot["rollups"]["canary_selected_message_type_count"] = 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="canary_send_approval_packet mismatch"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_high_risk_without_approval(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
high_task = next(task for task in snapshot["professional_tasks"] if task["risk_tier"] == "high")
high_task["approval_required"] = False
snapshot["rollups"]["approval_required_count"] -= 1
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="high/critical tasks must require approval"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def test_rejects_forbidden_public_terms_outside_policy_list(tmp_path: Path) -> None:
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
snapshot["professional_tasks"][0]["title"] = "raw prompt leakage candidate"
_write_snapshot(tmp_path, snapshot)
with pytest.raises(ValueError, match="forbidden public terms leaked"):
load_latest_ai_agent_professional_task_expansion(tmp_path)
def _write_snapshot(directory: Path, payload: dict) -> None:
path = directory / "ai_agent_professional_task_expansion_2099-01-01.json"
path.write_text(json.dumps(payload, ensure_ascii=False), encoding="utf-8")
Reference in New Issue View Git Blame Copy Permalink