generated from coulomb/repo-seed
Add credential routing advisories via warden route/access, live pilot evidence helpers, managed deployment pilot probes, evaluation trend regression gates, and expanded troubleshooting. Update operator runbook and maturity scorecard.
40 lines
1.6 KiB
Python
40 lines
1.6 KiB
Python
import json
|
|
|
|
from phase_memory.credential_routing import (
|
|
CREDENTIAL_ROUTING_ADVISORY_SCHEMA,
|
|
PHASE_MEMORY_CREDENTIAL_NEEDS,
|
|
resolve_credentialed_environ,
|
|
warden_cli_available,
|
|
warden_credential_routing_advisory,
|
|
)
|
|
|
|
|
|
def test_warden_credential_routing_advisory_is_secret_free() -> None:
|
|
environ = {
|
|
"PHASE_MEMORY_MARKITECT_URL": "https://markitect.example.invalid",
|
|
"PHASE_MEMORY_MARKITECT_TOKEN": "markitect-secret-token",
|
|
"PHASE_MEMORY_KONTEXTUAL_URL": "https://kontextual.example.invalid",
|
|
"PHASE_MEMORY_KONTEXTUAL_TOKEN": "kontextual-secret-token",
|
|
}
|
|
|
|
advisory = warden_credential_routing_advisory(environ)
|
|
serialized = json.dumps(advisory, sort_keys=True)
|
|
|
|
assert advisory["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
|
|
assert advisory["missing_env"] == []
|
|
assert advisory["present_env"] == sorted(PHASE_MEMORY_CREDENTIAL_NEEDS)
|
|
assert "markitect-secret-token" not in serialized
|
|
assert "kontextual-secret-token" not in serialized
|
|
assert "https://markitect.example.invalid" not in serialized
|
|
assert advisory["operator_guidance"]["anti_pattern"].startswith("Do not message ops-warden")
|
|
if warden_cli_available():
|
|
assert advisory["route_matches"]
|
|
|
|
|
|
def test_resolve_credentialed_environ_reports_missing_credentials() -> None:
|
|
status = resolve_credentialed_environ({})
|
|
|
|
assert status["ready"] is False
|
|
assert status["missing_env"]
|
|
assert status["routing_advisory"]["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
|
|
assert "warden access" in status["operator_action"] |