feat(directive): implement BRIDGE-WP-0004 AccessManagementDirective alignment

- ActorType enum (adm/agt/atm) replaces actor_class string; config validates naming convention (adm-*/agt-*/atm-*) with hard ConfigError on mismatch; legacy 'human'/'automation' values accepted with DeprecationWarning - cert_command: pluggable shell string run before each SSH launch; cert written to state dir; -i cert appended to SSH command alongside -i key - TTL-aware cert refresh: parses Valid-to via ssh-keygen -L; pre-emptive restart 5 min before expiry (no backoff, no attempt increment); CERT_EXPIRING logged - CertAcquisitionError: cert failures trigger normal backoff/retry loop - cert_identity: Key ID parsed from cert and recorded in BRIDGE_CONNECTED event - bridge cert-status: new CLI command; exit 1 on expired cert; --json flag - 233 tests passing, ruff clean Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 09:38:29 +02:00
parent 22601ef3e6
commit bd169a07e2
17 changed files with 730 additions and 145 deletions
--- a/tests/test_mcp.py
+++ b/tests/test_mcp.py
@@ -49,10 +49,10 @@ def _simple_config(tmp_path: Path) -> Path:
            local_port: 8000
            ssh_user: ubuntu
            ssh_key: ~/.ssh/id_ops
-            actor: operator.bernd
+            actor: adm-bernd
        actors:
-          operator.bernd:
-            class: human
+          adm-bernd:
+            class: adm
            description: Bernd
    """))

@@ -66,10 +66,10 @@ def _catalog_config(tmp_path: Path, catalog_dir: Path) -> Path:
            local_port: 8000
            ssh_user: ubuntu
            ssh_key: ~/.ssh/id_ops
-            actor: operator.bernd
+            actor: adm-bernd
        actors:
-          operator.bernd:
-            class: human
+          adm-bernd:
+            class: adm
            description: Bernd
        catalog_path: {catalog_dir}
    """))
@@ -278,8 +278,8 @@ class TestMcpBridgeLogs:
            _json.dumps({
                "timestamp": "2026-01-01T00:00:00+00:00",
                "tunnel": "test-tunnel",
-                "actor": "operator.bernd",
-                "actor_class": "human",
+                "actor": "adm-bernd",
+                "actor_type": "adm",
                "event": "bridge_started",
            }) + "\n"
        )