feat(event-bridge): WP-0003a — domain model, rules module, event type registry

Implements phases 7–8 of the Event Bridge architecture (custodian-WP-0003a). Domain model (T34, T40): - Added RuleDef, InstructionDef, ActionDef to models.py - Updated ActivityDefinition with rules/instructions fields (task_templates deprecated) - Formalized EventEnvelope: id, type, version, timestamp, publisher, attributes - Added from_nats_message() and from_webhook_payload() classmethods Rules module (T35, T36, T37): - src/activity_core/rules/ skeleton with boundary enforcement - evaluate_condition() — sandboxed AST walker, whitelisted nodes only, never exec() - execute_instruction() — LLM task generation with trusted_fields injection guard - tests/rules/test_boundary.py verifies no cross-boundary imports Infrastructure (T38, T39): - Alembic migrations 0004 (task_spawn_log) and 0005 (event_types) - IssueSink ABC + IssueCoreRestSink (REST) + NullSink (testing) - TaskSpawnLog and EventType ORM models Event type registry (T41, T42, T43): - event_type_registry.py: file scanner, parser, DB sync, in-process lookup - ACTIVITY_CURATOR_GATE env var (disabled|required) + approve endpoint - Three org event type definitions: org.repo.registered, org.workstream.completed, org.activity.run.completed All 10 tests pass. Boundary test confirms rules/ isolation. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-14 22:01:15 +02:00
parent ee81adb2fa
commit c3a256509b
22 changed files with 1281 additions and 137 deletions
--- a/tests/rules/init.py
+++ b/tests/rules/init.py
--- a/tests/rules/test_boundary.py
+++ b/tests/rules/test_boundary.py
@@ -0,0 +1,57 @@
+"""
+Verifies the rules/ module boundary: nothing inside activity_core/rules/
+may import from temporalio, sqlalchemy, fastapi, or any activity_core.*
+module outside rules/.
+"""
+
+import ast
+import os
+from pathlib import Path
+
+_RULES_DIR = Path(__file__).parent.parent.parent / "src" / "activity_core" / "rules"
+
+_FORBIDDEN_MODULES = {
+    "temporalio",
+    "sqlalchemy",
+    "fastapi",
+}
+
+
+def _get_imports(filepath: Path) -> list[str]:
+    """Return all top-level imported module names from a Python file."""
+    tree = ast.parse(filepath.read_text())
+    imports = []
+    for node in ast.walk(tree):
+        if isinstance(node, ast.Import):
+            for alias in node.names:
+                imports.append(alias.name.split(".")[0])
+        elif isinstance(node, ast.ImportFrom):
+            if node.module:
+                root = node.module.split(".")[0]
+                imports.append(root)
+                # Detect cross-boundary activity_core imports
+                if node.module.startswith("activity_core.") and not node.module.startswith(
+                    "activity_core.rules"
+                ):
+                    imports.append(f"_cross_boundary:{node.module}")
+    return imports
+
+
+def test_rules_module_boundary() -> None:
+    """No file in rules/ may import forbidden modules or cross the boundary."""
+    violations: list[str] = []
+
+    for py_file in sorted(_RULES_DIR.glob("*.py")):
+        imports = _get_imports(py_file)
+        for imp in imports:
+            if imp in _FORBIDDEN_MODULES:
+                violations.append(f"{py_file.name}: imports {imp!r}")
+            if imp.startswith("_cross_boundary:"):
+                module = imp[len("_cross_boundary:"):]
+                violations.append(
+                    f"{py_file.name}: cross-boundary import from {module!r}"
+                )
+
+    assert not violations, (
+        "rules/ boundary violations:\n" + "\n".join(violations)
+    )