generated from coulomb/repo-seed
Add credential routing advisories via warden route/access, live pilot evidence helpers, managed deployment pilot probes, evaluation trend regression gates, and expanded troubleshooting. Update operator runbook and maturity scorecard.
80 lines
3.0 KiB
Python
80 lines
3.0 KiB
Python
import json
|
|
from pathlib import Path
|
|
|
|
from phase_memory.pilot import (
|
|
LIVE_PILOT_REPORT_SCHEMA,
|
|
MANAGED_DEPLOYMENT_PILOT_SCHEMA,
|
|
live_pilot_report,
|
|
managed_deployment_pilot_report,
|
|
write_live_pilot_evidence,
|
|
)
|
|
from phase_memory.service_app import ServiceAppConfig
|
|
|
|
FIXTURES = Path(__file__).parent / "fixtures"
|
|
|
|
|
|
def test_managed_deployment_pilot_report_passes_local_probes(tmp_path) -> None:
|
|
report = managed_deployment_pilot_report(
|
|
ServiceAppConfig(host="127.0.0.1", port=8125, local_store_path=str(tmp_path)),
|
|
platform="local",
|
|
)
|
|
|
|
assert report["schema_version"] == MANAGED_DEPLOYMENT_PILOT_SCHEMA
|
|
assert report["valid"] is True
|
|
assert report["probes"]["health"]["ok"] is True
|
|
assert report["probes"]["ready"]["ok"] is True
|
|
assert report["local_store_mount"]["validated"] is True
|
|
assert report["rollback"]["validated"] is True
|
|
|
|
|
|
def test_live_pilot_report_redacts_secrets_and_marks_partial_live_evidence() -> None:
|
|
environ = {
|
|
"PHASE_MEMORY_MARKITECT_URL": "https://markitect.example.invalid",
|
|
"PHASE_MEMORY_MARKITECT_TOKEN": "markitect-secret-token",
|
|
"PHASE_MEMORY_KONTEXTUAL_URL": "https://kontextual.example.invalid",
|
|
"PHASE_MEMORY_KONTEXTUAL_TOKEN": "kontextual-secret-token",
|
|
}
|
|
|
|
report = live_pilot_report(
|
|
environ,
|
|
run_id="pytest",
|
|
scenarios_path=FIXTURES / "evaluation-scenarios.json",
|
|
operator_approved_fixture=True,
|
|
)
|
|
serialized = json.dumps(report, sort_keys=True)
|
|
|
|
assert report["schema_version"] == LIVE_PILOT_REPORT_SCHEMA
|
|
assert report["tooling_verified"] is True
|
|
assert report["live_evidence"]["credentialed_smoke"] is True
|
|
assert report["live_evidence"]["managed_deployment_probes"] is True
|
|
assert report["live_evidence"]["telemetry_retention"] is True
|
|
assert report["sections"]["evaluation_regression_gate"]["valid"] is True
|
|
assert "markitect-secret-token" not in serialized
|
|
assert "https://kontextual.example.invalid" not in serialized
|
|
|
|
|
|
def test_write_live_pilot_evidence_persists_redacted_artifacts(tmp_path) -> None:
|
|
report = write_live_pilot_evidence(
|
|
tmp_path,
|
|
{},
|
|
run_id="pytest",
|
|
scenarios_path=FIXTURES / "evaluation-scenarios.json",
|
|
operator_approved_fixture=True,
|
|
)
|
|
|
|
expected_files = (
|
|
"live-pilot-report.json",
|
|
"credentialed-operator-report.json",
|
|
"managed-deployment-pilot.json",
|
|
"telemetry-retention-evidence.json",
|
|
"evaluation-trend-history.json",
|
|
"evaluation-regression-gate.json",
|
|
"credential-routing-advisory.json",
|
|
)
|
|
for filename in expected_files:
|
|
assert (tmp_path / filename).exists()
|
|
|
|
serialized = "".join((tmp_path / name).read_text(encoding="utf-8") for name in expected_files)
|
|
assert report["live_evidence"]["credentialed_smoke"] is False
|
|
assert "credential_env_missing" in serialized
|
|
assert "warden access" in serialized or "warden_cli_unavailable" in serialized |