220 lines
9.8 KiB
Python
220 lines
9.8 KiB
Python
from __future__ import annotations
|
|
|
|
import copy
|
|
import json
|
|
import os
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
|
|
os.environ.setdefault("DATABASE_URL", "postgresql+asyncpg://test:test@localhost/test")
|
|
|
|
from src.services.ai_agent_professional_task_expansion import (
|
|
load_latest_ai_agent_professional_task_expansion,
|
|
)
|
|
|
|
|
|
def test_load_latest_ai_agent_professional_task_expansion_snapshot() -> None:
|
|
snapshot = load_latest_ai_agent_professional_task_expansion()
|
|
|
|
assert snapshot["schema_version"] == "ai_agent_professional_task_expansion_v1"
|
|
assert snapshot["program_status"]["current_task_id"] == "P2-405B"
|
|
assert snapshot["program_status"]["next_task_id"] == "P2-405C"
|
|
assert snapshot["program_status"]["overall_completion_percent"] == 88
|
|
assert snapshot["program_status"]["runtime_authority"] == (
|
|
"professional_task_expansion_and_telegram_bridge_read_only_no_send"
|
|
)
|
|
|
|
bridge = snapshot["telegram_runtime_bridge"]
|
|
assert bridge["canonical_room"] == "AwoooI SRE 戰情室"
|
|
assert bridge["canonical_room_env"] == "SRE_GROUP_CHAT_ID"
|
|
assert bridge["no_send_preview_ready"] is True
|
|
assert bridge["queue_preview_readback_ready"] is True
|
|
assert bridge["direct_bot_api_allowed"] is False
|
|
assert bridge["bot_api_call_enabled"] is False
|
|
assert bridge["gateway_queue_write_enabled"] is False
|
|
assert bridge["telegram_send_enabled"] is False
|
|
assert len(bridge["stages"]) == 5
|
|
assert len(bridge["message_types"]) == 6
|
|
assert len(bridge["no_send_message_previews"]) == 6
|
|
assert len(bridge["dedup_policy"]["keys"]) == 6
|
|
assert len(bridge["receipt_expectations"]) == 6
|
|
assert bridge["queue_preview_readback"]["write_enabled"] is False
|
|
assert bridge["canary_approval_package"]["status"] == "blocked_until_explicit_approval"
|
|
assert bridge["canary_approval_package"]["live_send_enabled"] is False
|
|
|
|
rollups = snapshot["rollups"]
|
|
assert rollups["professional_task_count"] == 24
|
|
assert rollups["domain_count"] == 8
|
|
assert rollups["telegram_stage_count"] == 5
|
|
assert rollups["telegram_message_type_count"] == 6
|
|
assert rollups["approval_required_count"] == 19
|
|
assert rollups["low_risk_task_count"] == 3
|
|
assert rollups["medium_risk_task_count"] == 10
|
|
assert rollups["high_risk_task_count"] == 6
|
|
assert rollups["critical_risk_task_count"] == 5
|
|
assert rollups["current_live_count"] == 0
|
|
assert rollups["gateway_queue_write_count"] == 0
|
|
assert rollups["telegram_send_count"] == 0
|
|
assert rollups["bot_api_call_count"] == 0
|
|
assert rollups["delivery_receipt_write_count"] == 0
|
|
assert rollups["production_write_count"] == 0
|
|
assert rollups["secret_read_count"] == 0
|
|
assert rollups["paid_api_call_count"] == 0
|
|
assert rollups["host_write_count"] == 0
|
|
assert rollups["kubectl_action_count"] == 0
|
|
assert rollups["no_send_preview_count"] == 6
|
|
assert rollups["dedup_key_count"] == 6
|
|
assert rollups["receipt_expectation_count"] == 6
|
|
assert rollups["canary_approval_package_count"] == 1
|
|
assert rollups["preview_send_enabled_count"] == 0
|
|
assert rollups["preview_queue_write_enabled_count"] == 0
|
|
assert rollups["preview_bot_api_call_enabled_count"] == 0
|
|
assert rollups["receipt_live_write_enabled_count"] == 0
|
|
assert rollups["canary_live_send_enabled_count"] == 0
|
|
|
|
|
|
def test_professional_tasks_cover_required_agents_and_reporting() -> None:
|
|
snapshot = load_latest_ai_agent_professional_task_expansion()
|
|
|
|
owners = {task["owner_agent"] for task in snapshot["professional_tasks"]}
|
|
assert {
|
|
"openclaw",
|
|
"hermes",
|
|
"nemotron",
|
|
"telegram_ops_liaison",
|
|
"security_sentinel",
|
|
"sre_sentinel",
|
|
"devops_commander",
|
|
}.issubset(owners)
|
|
|
|
assert snapshot["reporting_contract"]["daily"]["required"] is True
|
|
assert snapshot["reporting_contract"]["weekly"]["required"] is True
|
|
assert snapshot["reporting_contract"]["monthly"]["required"] is True
|
|
assert snapshot["reporting_contract"]["action_required"]["required"] is True
|
|
assert snapshot["redaction_contract"]["conversation_transcript_display_allowed"] is False
|
|
assert snapshot["redaction_contract"]["raw_prompt_display_allowed"] is False
|
|
assert snapshot["redaction_contract"]["private_reasoning_display_allowed"] is False
|
|
assert snapshot["redaction_contract"]["secret_value_display_allowed"] is False
|
|
assert snapshot["redaction_contract"]["frontend_display_policy"]
|
|
|
|
|
|
def test_no_send_previews_have_unique_dedup_and_no_live_flags() -> None:
|
|
snapshot = load_latest_ai_agent_professional_task_expansion()
|
|
bridge = snapshot["telegram_runtime_bridge"]
|
|
|
|
message_types = {item["message_type"] for item in bridge["message_types"]}
|
|
previews = bridge["no_send_message_previews"]
|
|
receipts = bridge["receipt_expectations"]
|
|
|
|
assert {preview["message_type"] for preview in previews} == message_types
|
|
assert len({preview["dedup_key"] for preview in previews}) == 6
|
|
assert {preview["receipt_expectation_id"] for preview in previews} == {
|
|
receipt["receipt_id"] for receipt in receipts
|
|
}
|
|
|
|
for preview in previews:
|
|
assert preview["status"] == "preview_ready_no_send"
|
|
assert preview["send_enabled"] is False
|
|
assert preview["gateway_queue_write_enabled"] is False
|
|
assert preview["bot_api_call_enabled"] is False
|
|
assert preview["delivery_receipt_write_enabled"] is False
|
|
assert preview["sanitized_body_lines"]
|
|
|
|
assert bridge["dedup_policy"]["required"] is True
|
|
assert bridge["dedup_policy"]["live_cache_write_enabled"] is False
|
|
assert bridge["queue_preview_readback"]["preview_only"] is True
|
|
assert bridge["queue_preview_readback"]["write_enabled"] is False
|
|
|
|
|
|
def test_receipts_and_canary_package_remain_no_send() -> None:
|
|
snapshot = load_latest_ai_agent_professional_task_expansion()
|
|
bridge = snapshot["telegram_runtime_bridge"]
|
|
|
|
for receipt in bridge["receipt_expectations"]:
|
|
assert receipt["receipt_write_enabled"] is False
|
|
assert receipt["production_receipt_readback_enabled"] is False
|
|
assert receipt["required_evidence_refs"]
|
|
|
|
canary = bridge["canary_approval_package"]
|
|
assert canary["package_ready"] is True
|
|
assert canary["approval_required"] is True
|
|
assert canary["live_send_enabled"] is False
|
|
assert canary["gateway_queue_write_enabled"] is False
|
|
assert canary["bot_api_call_enabled"] is False
|
|
assert canary["delivery_receipt_write_enabled"] is False
|
|
assert canary["production_write_enabled"] is False
|
|
|
|
|
|
def test_rejects_telegram_send_enabled(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
snapshot["telegram_runtime_bridge"]["telegram_send_enabled"] = True
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="telegram_runtime_bridge mismatch"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_gateway_queue_write_count(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
snapshot["rollups"]["gateway_queue_write_count"] = 1
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="must remain zero"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_preview_send_enabled(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
snapshot["telegram_runtime_bridge"]["no_send_message_previews"][0]["send_enabled"] = True
|
|
snapshot["rollups"]["preview_send_enabled_count"] = 1
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="send_enabled must remain false"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_duplicate_dedup_key(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
previews = snapshot["telegram_runtime_bridge"]["no_send_message_previews"]
|
|
previews[1]["dedup_key"] = previews[0]["dedup_key"]
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="dedup_key values must be unique"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_canary_live_send_enabled(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
snapshot["telegram_runtime_bridge"]["canary_approval_package"]["live_send_enabled"] = True
|
|
snapshot["rollups"]["canary_live_send_enabled_count"] = 1
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="canary_approval_package mismatch"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_high_risk_without_approval(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
high_task = next(task for task in snapshot["professional_tasks"] if task["risk_tier"] == "high")
|
|
high_task["approval_required"] = False
|
|
snapshot["rollups"]["approval_required_count"] -= 1
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="high/critical tasks must require approval"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def test_rejects_forbidden_public_terms_outside_policy_list(tmp_path: Path) -> None:
|
|
snapshot = copy.deepcopy(load_latest_ai_agent_professional_task_expansion())
|
|
snapshot["professional_tasks"][0]["title"] = "raw prompt leakage candidate"
|
|
_write_snapshot(tmp_path, snapshot)
|
|
|
|
with pytest.raises(ValueError, match="forbidden public terms leaked"):
|
|
load_latest_ai_agent_professional_task_expansion(tmp_path)
|
|
|
|
|
|
def _write_snapshot(directory: Path, payload: dict) -> None:
|
|
path = directory / "ai_agent_professional_task_expansion_2099-01-01.json"
|
|
path.write_text(json.dumps(payload, ensure_ascii=False), encoding="utf-8")
|