coulomb/ops-bridge
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(directive): implement BRIDGE-WP-0004 AccessManagementDirective alignment

Browse Source 
- ActorType enum (adm/agt/atm) replaces actor_class string; config validates
  naming convention (adm-*/agt-*/atm-*) with hard ConfigError on mismatch;
  legacy 'human'/'automation' values accepted with DeprecationWarning
- cert_command: pluggable shell string run before each SSH launch; cert written
  to state dir; -i cert appended to SSH command alongside -i key
- TTL-aware cert refresh: parses Valid-to via ssh-keygen -L; pre-emptive restart
  5 min before expiry (no backoff, no attempt increment); CERT_EXPIRING logged
- CertAcquisitionError: cert failures trigger normal backoff/retry loop
- cert_identity: Key ID parsed from cert and recorded in BRIDGE_CONNECTED event
- bridge cert-status: new CLI command; exit 1 on expired cert; --json flag
- 233 tests passing, ruff clean

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Bernd Worsch
2026-05-15 09:38:29 +02:00
parent 22601ef3e6
commit bd169a07e2
17 changed files with 730 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/conftest.py
View File

@@ -23,10 +23,10 @@ VALID_CONFIG = textwrap.dedent("""\
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
""")
@@ -38,10 +38,10 @@ VALID_CONFIG_WITH_CATALOG = textwrap.dedent("""\
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
catalog_path: {catalog_path}
""")

16
tests/test_audit.py
View File

@@ -22,7 +22,7 @@ class TestAuditLogger:
tunnel="my-tunnel",
event=AuditEvent.BRIDGE_STARTED,
actor="operator.bernd",
actor_class="human",
actor_type="adm",
)
log_file = log_dir / "my-tunnel.log"
assert log_file.exists()
@@ -32,7 +32,7 @@ class TestAuditLogger:
tunnel="my-tunnel",
event=AuditEvent.BRIDGE_STARTED,
actor="operator.bernd",
actor_class="human",
actor_type="adm",
)
lines = (log_dir / "my-tunnel.log").read_text().strip().splitlines()
assert len(lines) == 1
@@ -40,12 +40,12 @@ class TestAuditLogger:
assert entry["tunnel"] == "my-tunnel"
assert entry["event"] == "bridge_started"
assert entry["actor"] == "operator.bernd"
assert entry["actor_class"] == "human"
assert entry["actor_type"] == "adm"
assert "timestamp" in entry
def test_multiple_events_append(self, logger, log_dir):
for event in [AuditEvent.BRIDGE_STARTED, AuditEvent.BRIDGE_CONNECTED, AuditEvent.BRIDGE_STOPPED]:
logger.log(tunnel="t", event=event, actor="a", actor_class="human")
logger.log(tunnel="t", event=event, actor="a", actor_type="adm")
lines = (log_dir / "t.log").read_text().strip().splitlines()
assert len(lines) == 3
@@ -54,7 +54,7 @@ class TestAuditLogger:
tunnel="t",
event=AuditEvent.HEALTH_CHECK_FAILED,
actor="a",
actor_class="automation",
actor_type="atm",
detail="connection refused",
)
entry = json.loads((log_dir / "t.log").read_text().strip())
@@ -72,15 +72,15 @@ class TestAuditLogger:
def test_timestamp_is_iso8601(self, logger, log_dir):
from datetime import datetime
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STOPPED, actor="a", actor_class="human")
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STOPPED, actor="a", actor_type="adm")
entry = json.loads((log_dir / "t.log").read_text().strip())
# Should parse without error
dt = datetime.fromisoformat(entry["timestamp"])
assert dt.tzinfo is not None or True # UTC or naive both acceptable
def test_read_events(self, logger, log_dir):
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STARTED, actor="a", actor_class="human")
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STOPPED, actor="a", actor_class="human")
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STARTED, actor="a", actor_type="adm")
logger.log(tunnel="t", event=AuditEvent.BRIDGE_STOPPED, actor="a", actor_type="adm")
events = logger.read_events("t")
assert len(events) == 2
assert events[0]["event"] == "bridge_started"

59
tests/test_cli.py
View File

@@ -17,10 +17,10 @@ VALID_CONFIG = textwrap.dedent("""\
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
""")
@@ -285,3 +285,56 @@ class TestRestartCommand:
assert result.exit_code == 0
assert call_order == ["stop", "start"]
class TestCertStatusCommand:
@pytest.mark.capability("bridge_cert_status")
@pytest.mark.access_mode("cli")
def test_cert_status_no_cert_shows_static_key(self, env, state_dir):
result = runner.invoke(app, ["cert-status"], env=env)
assert result.exit_code == 0
assert "static-key" in result.output
def test_cert_status_json_no_cert(self, env, state_dir):
result = runner.invoke(app, ["cert-status", "--json"], env=env)
assert result.exit_code == 0
data = json.loads(result.output)
assert data[0]["mode"] == "static-key"
def test_cert_status_exit_1_on_expired(self, env, state_dir, tmp_path):
# Write a fake cert file in state dir; mock ssh-keygen to report expired
state_dir.mkdir(parents=True, exist_ok=True)
cert_file = state_dir / "test-tunnel-cert.pub"
cert_file.write_text("fake cert")
with patch("subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
stdout=(
"test-tunnel-cert.pub:\n"
" Key ID: \"agt-test\"\n"
" Valid: from 2026-01-01T00:00:00 to 2026-01-02T00:00:00\n"
),
returncode=0,
)
result = runner.invoke(app, ["cert-status"], env=env)
assert result.exit_code == 1
assert "EXPIRED" in result.output
def test_cert_status_json_with_cert(self, env, state_dir):
state_dir.mkdir(parents=True, exist_ok=True)
cert_file = state_dir / "test-tunnel-cert.pub"
cert_file.write_text("fake cert")
with patch("subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
stdout=(
"test-tunnel-cert.pub:\n"
" Key ID: \"agt-test\"\n"
" Valid: from 2030-01-01T00:00:00 to 2030-01-02T00:00:00\n"
),
returncode=0,
)
result = runner.invoke(app, ["cert-status", "--json"], env=env)
assert result.exit_code == 0
data = json.loads(result.output)
assert data[0]["mode"] == "cert"
assert data[0]["key_id"] == "agt-test"
assert data[0]["expired"] is False

196
tests/test_config.py
View File

@@ -1,9 +1,11 @@
"""Tests for config loading."""
import textwrap
import warnings
import pytest
from bridge.config import ConfigError, load_config
from bridge.models import ActorType
VALID_YAML = textwrap.dedent("""\
@@ -14,7 +16,7 @@ VALID_YAML = textwrap.dedent("""\
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: agent.claude-coulombcore
actor: agt-claude-coulombcore
health_check:
url: http://127.0.0.1:18000/health
interval_seconds: 30
@@ -25,11 +27,11 @@ VALID_YAML = textwrap.dedent("""\
backoff_max: 60
actors:
agent.claude-coulombcore:
class: automation
agt-claude-coulombcore:
class: agt
description: Claude Code agent on CoulombCore
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd Worsch
""")
@@ -50,7 +52,7 @@ def test_load_valid_config(config_file, monkeypatch):
assert t.remote_port == 18000
assert t.local_port == 8000
assert t.ssh_user == "ubuntu"
assert t.actor == "agent.claude-coulombcore"
assert t.actor == "agt-claude-coulombcore"
def test_health_check_loaded(config_file, monkeypatch):
@@ -74,10 +76,10 @@ def test_reconnect_policy_loaded(config_file, monkeypatch):
def test_actors_loaded(config_file, monkeypatch):
monkeypatch.setenv("BRIDGE_CONFIG", str(config_file))
cfg = load_config()
assert "agent.claude-coulombcore" in cfg.actors
a = cfg.actors["agent.claude-coulombcore"]
assert a.actor_class == "automation"
assert "operator.bernd" in cfg.actors
assert "agt-claude-coulombcore" in cfg.actors
a = cfg.actors["agt-claude-coulombcore"]
assert a.actor_type == ActorType.AGT
assert "adm-bernd" in cfg.actors
def test_missing_required_field_raises(tmp_path, monkeypatch):
@@ -118,12 +120,180 @@ def test_tunnel_without_health_check(tmp_path, monkeypatch):
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_rsa
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
cfg = load_config()
assert cfg.tunnels["simple"].health_check is None
class TestActorTypeValidation:
def test_canonical_agt_accepted(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: agt-claude
actors:
agt-claude:
class: agt
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
cfg = load_config()
assert cfg.actors["agt-claude"].actor_type == ActorType.AGT
def test_canonical_atm_accepted(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: atm-backup
actors:
atm-backup:
class: atm
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
cfg = load_config()
assert cfg.actors["atm-backup"].actor_type == ActorType.ATM
def test_wrong_prefix_raises_config_error(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: adm-bernd
actors:
adm-bernd:
class: agt
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
with pytest.raises(ConfigError, match="must start with 'agt-'"):
load_config()
def test_missing_prefix_raises_config_error(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: operator.bernd
actors:
operator.bernd:
class: adm
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
with pytest.raises(ConfigError, match="must start with 'adm-'"):
load_config()
def test_unknown_class_raises_config_error(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: adm-bernd
actors:
adm-bernd:
class: wizard
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
with pytest.raises(ConfigError, match="unknown class"):
load_config()
def test_legacy_human_maps_to_adm_with_warning(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: adm-bernd
actors:
adm-bernd:
class: human
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
with warnings.catch_warnings(record=True) as w:
warnings.simplefilter("always")
cfg = load_config()
assert cfg.actors["adm-bernd"].actor_type == ActorType.ADM
assert any("deprecated" in str(x.message).lower() for x in w)
def test_legacy_automation_maps_to_atm_with_warning(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: atm-cron
actors:
atm-cron:
class: automation
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
with warnings.catch_warnings(record=True) as w:
warnings.simplefilter("always")
cfg = load_config()
assert cfg.actors["atm-cron"].actor_type == ActorType.ATM
assert any("deprecated" in str(x.message).lower() for x in w)
class TestCertCommandConfig:
def test_cert_command_parsed(self, tmp_path, monkeypatch):
f = tmp_path / "t.yaml"
f.write_text(textwrap.dedent("""\
tunnels:
t:
host: h
remote_port: 1
local_port: 2
ssh_user: u
ssh_key: ~/.ssh/k
actor: agt-bridge
cert_command: "warden sign agt-bridge --pubkey /tmp/k.pub"
actors:
agt-bridge:
class: agt
"""))
monkeypatch.setenv("BRIDGE_CONFIG", str(f))
cfg = load_config()
assert cfg.tunnels["t"].cert_command == "warden sign agt-bridge --pubkey /tmp/k.pub"
def test_no_cert_command_is_none(self, config_file, monkeypatch):
monkeypatch.setenv("BRIDGE_CONFIG", str(config_file))
cfg = load_config()
assert cfg.tunnels["state-hub-coulombcore"].cert_command is None

17
tests/test_diagnostics.py
View File

@@ -6,7 +6,7 @@ from unittest.mock import MagicMock, patch
import pytest
from bridge.diagnostics import TunnelCheckResult, check_all_tunnels, check_tunnel
from bridge.diagnostics import check_all_tunnels, check_tunnel
from bridge.models import BridgeState, TunnelConfig
from bridge.state import StateManager
@@ -20,7 +20,7 @@ def tcfg():
local_port=8000,
ssh_user="ubuntu",
ssh_key="~/.ssh/id_ops",
actor="operator.bernd",
actor="adm-bernd",
)
@@ -114,7 +114,7 @@ class TestCheckTunnel:
local_port=8000,
ssh_user="ubuntu",
ssh_key="~/.ssh/id_ops",
actor="operator.bernd",
actor="adm-bernd",
health_check=HealthCheckConfig(url="http://127.0.0.1:8000/health"),
)
state_mgr.write_pid("test-tunnel", 12345)
@@ -135,7 +135,8 @@ class TestCheckAllTunnels:
def test_check_all_iterates_tunnels(self, tmp_path):
"""check_all_tunnels returns one result per tunnel in cfg."""
from bridge.config import load_config
import textwrap, os
import textwrap
import os
cfg_file = tmp_path / "tunnels.yaml"
cfg_file.write_text(textwrap.dedent("""\
@@ -146,17 +147,17 @@ class TestCheckAllTunnels:
local_port: 8001
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
t2:
host: h2.local
remote_port: 18002
local_port: 8002
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
"""))
os.environ["BRIDGE_CONFIG"] = str(cfg_file)

10
tests/test_integration.py
View File

@@ -18,14 +18,14 @@ MINIMAL_CONFIG = textwrap.dedent("""\
local_port: 8000
ssh_user: testuser
ssh_key: ~/.ssh/id_rsa
actor: operator.bernd
actor: adm-bernd
reconnect:
max_attempts: 2
backoff_initial: 1
backoff_max: 2
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
""")
@@ -51,7 +51,7 @@ def tunnel_cfg():
local_port=8000,
ssh_user="testuser",
ssh_key="~/.ssh/id_rsa",
actor="operator.bernd",
actor="adm-bernd",
reconnect=ReconnectPolicy(max_attempts=2, backoff_initial=1, backoff_max=2),
)
@@ -142,7 +142,7 @@ class TestHealthCheckDegradedPath:
local_port=8001,
ssh_user="u",
ssh_key="k",
actor="operator.bernd",
actor="adm-bernd",
reconnect=ReconnectPolicy(max_attempts=1, backoff_initial=1, backoff_max=1),
health_check=hc_cfg,
)

96
tests/test_manager.py
View File

@@ -105,3 +105,99 @@ class TestTunnelManager:
def test_is_running_false_initially(self, tunnel_cfg, state_dir):
mgr = TunnelManager(tunnel_cfg, state_dir=state_dir)
assert not mgr.is_running()
class TestBuildSshCommandWithCert:
def test_no_cert_path_omits_extra_i(self, tunnel_cfg):
cmd = build_ssh_command(tunnel_cfg)
assert cmd.count("-i") == 1
def test_cert_path_appends_after_key(self, tunnel_cfg, tmp_path):
cert = tmp_path / "test-cert.pub"
cert.write_text("cert")
cmd = build_ssh_command(tunnel_cfg, cert_path=cert)
i_indices = [i for i, x in enumerate(cmd) if x == "-i"]
assert len(i_indices) == 2
key_idx, cert_idx = i_indices
assert not cmd[key_idx + 1].endswith("-cert.pub") # key comes first
assert cmd[cert_idx + 1] == str(cert)
class TestRunCertCommand:
def test_returns_none_when_no_cert_command(self, tunnel_cfg, tmp_path):
from bridge.manager import _run_cert_command
assert _run_cert_command(tunnel_cfg, tmp_path) is None
def test_writes_cert_and_returns_path(self, tunnel_cfg, tmp_path):
from bridge.manager import _run_cert_command
tunnel_cfg.cert_command = "echo 'ssh-rsa-cert AAAA'"
path = _run_cert_command(tunnel_cfg, tmp_path)
assert path is not None
assert path.exists()
assert "ssh-rsa-cert" in path.read_text()
def test_raises_on_nonzero_exit(self, tunnel_cfg, tmp_path):
from bridge.manager import _run_cert_command
from bridge.models import CertAcquisitionError
tunnel_cfg.cert_command = "exit 1"
with pytest.raises(CertAcquisitionError):
_run_cert_command(tunnel_cfg, tmp_path)
class TestActorTypeFromName:
def test_adm_prefix(self):
from bridge.manager import _actor_type_from_name
assert _actor_type_from_name("adm-bernd") == "adm"
def test_agt_prefix(self):
from bridge.manager import _actor_type_from_name
assert _actor_type_from_name("agt-claude") == "agt"
def test_atm_prefix(self):
from bridge.manager import _actor_type_from_name
assert _actor_type_from_name("atm-cron") == "atm"
def test_unknown_prefix(self):
from bridge.manager import _actor_type_from_name
assert _actor_type_from_name("operator.bernd") == "unknown"
class TestTtlRefresh:
def test_parse_cert_expiry_returns_none_for_missing_file(self, tmp_path):
from bridge.manager import _parse_cert_expiry
missing = tmp_path / "no.pub"
result = _parse_cert_expiry(missing)
assert result is None
def test_parse_cert_identity_returns_none_for_missing_file(self, tmp_path):
from bridge.manager import _parse_cert_identity
missing = tmp_path / "no.pub"
result = _parse_cert_identity(missing)
assert result is None
def test_parse_cert_identity_from_keygen_output(self, tmp_path):
from unittest.mock import patch, MagicMock
from bridge.manager import _parse_cert_identity
cert = tmp_path / "test.pub"
cert.write_text("fake")
with patch("subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
stdout='test.pub:\n Key ID: "agt-bridge"\n',
returncode=0,
)
result = _parse_cert_identity(cert)
assert result == "agt-bridge"
def test_parse_cert_expiry_from_keygen_output(self, tmp_path):
from unittest.mock import patch, MagicMock
from bridge.manager import _parse_cert_expiry
cert = tmp_path / "test.pub"
cert.write_text("fake")
with patch("subprocess.run") as mock_run:
mock_run.return_value = MagicMock(
stdout="test.pub:\n Valid: from 2026-05-15T10:00:00 to 2030-05-15T22:00:00\n",
returncode=0,
)
result = _parse_cert_expiry(cert)
assert result is not None
assert result.year == 2030

16
tests/test_mcp.py
View File

@@ -49,10 +49,10 @@ def _simple_config(tmp_path: Path) -> Path:
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
"""))
@@ -66,10 +66,10 @@ def _catalog_config(tmp_path: Path, catalog_dir: Path) -> Path:
local_port: 8000
ssh_user: ubuntu
ssh_key: ~/.ssh/id_ops
actor: operator.bernd
actor: adm-bernd
actors:
operator.bernd:
class: human
adm-bernd:
class: adm
description: Bernd
catalog_path: {catalog_dir}
"""))
@@ -278,8 +278,8 @@ class TestMcpBridgeLogs:
_json.dumps({
"timestamp": "2026-01-01T00:00:00+00:00",
"tunnel": "test-tunnel",
"actor": "operator.bernd",
"actor_class": "human",
"actor": "adm-bernd",
"actor_type": "adm",
"event": "bridge_started",
}) + "\n"
)

7
tests/test_models.py
View File

@@ -69,6 +69,7 @@ class TestTunnelConfig:
class TestActorInfo:
def test_fields(self):
a = ActorInfo(name="operator.bernd", actor_class="human", description="Bernd")
assert a.name == "operator.bernd"
assert a.actor_class == "human"
from bridge.models import ActorType
a = ActorInfo(name="adm-bernd", actor_type=ActorType.ADM, description="Bernd")
assert a.name == "adm-bernd"
assert a.actor_type == ActorType.ADM