generated from coulomb/repo-seed
Implement PMEM-WP-0015 credentialed live pilot with ops-warden routing.
Add credential routing advisories via warden route/access, live pilot evidence helpers, managed deployment pilot probes, evaluation trend regression gates, and expanded troubleshooting. Update operator runbook and maturity scorecard.
This commit is contained in:
40
tests/test_credential_routing.py
Normal file
40
tests/test_credential_routing.py
Normal file
@@ -0,0 +1,40 @@
|
||||
import json
|
||||
|
||||
from phase_memory.credential_routing import (
|
||||
CREDENTIAL_ROUTING_ADVISORY_SCHEMA,
|
||||
PHASE_MEMORY_CREDENTIAL_NEEDS,
|
||||
resolve_credentialed_environ,
|
||||
warden_cli_available,
|
||||
warden_credential_routing_advisory,
|
||||
)
|
||||
|
||||
|
||||
def test_warden_credential_routing_advisory_is_secret_free() -> None:
|
||||
environ = {
|
||||
"PHASE_MEMORY_MARKITECT_URL": "https://markitect.example.invalid",
|
||||
"PHASE_MEMORY_MARKITECT_TOKEN": "markitect-secret-token",
|
||||
"PHASE_MEMORY_KONTEXTUAL_URL": "https://kontextual.example.invalid",
|
||||
"PHASE_MEMORY_KONTEXTUAL_TOKEN": "kontextual-secret-token",
|
||||
}
|
||||
|
||||
advisory = warden_credential_routing_advisory(environ)
|
||||
serialized = json.dumps(advisory, sort_keys=True)
|
||||
|
||||
assert advisory["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
|
||||
assert advisory["missing_env"] == []
|
||||
assert advisory["present_env"] == sorted(PHASE_MEMORY_CREDENTIAL_NEEDS)
|
||||
assert "markitect-secret-token" not in serialized
|
||||
assert "kontextual-secret-token" not in serialized
|
||||
assert "https://markitect.example.invalid" not in serialized
|
||||
assert advisory["operator_guidance"]["anti_pattern"].startswith("Do not message ops-warden")
|
||||
if warden_cli_available():
|
||||
assert advisory["route_matches"]
|
||||
|
||||
|
||||
def test_resolve_credentialed_environ_reports_missing_credentials() -> None:
|
||||
status = resolve_credentialed_environ({})
|
||||
|
||||
assert status["ready"] is False
|
||||
assert status["missing_env"]
|
||||
assert status["routing_advisory"]["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
|
||||
assert "warden access" in status["operator_action"]
|
||||
Reference in New Issue
Block a user