Files
phase-memory/tests/test_credential_routing.py
tegwick 29f893b905 Implement PMEM-WP-0015 credentialed live pilot with ops-warden routing.
Add credential routing advisories via warden route/access, live pilot evidence
helpers, managed deployment pilot probes, evaluation trend regression gates,
and expanded troubleshooting. Update operator runbook and maturity scorecard.
2026-07-02 23:24:35 +02:00

40 lines
1.6 KiB
Python

import json
from phase_memory.credential_routing import (
CREDENTIAL_ROUTING_ADVISORY_SCHEMA,
PHASE_MEMORY_CREDENTIAL_NEEDS,
resolve_credentialed_environ,
warden_cli_available,
warden_credential_routing_advisory,
)
def test_warden_credential_routing_advisory_is_secret_free() -> None:
environ = {
"PHASE_MEMORY_MARKITECT_URL": "https://markitect.example.invalid",
"PHASE_MEMORY_MARKITECT_TOKEN": "markitect-secret-token",
"PHASE_MEMORY_KONTEXTUAL_URL": "https://kontextual.example.invalid",
"PHASE_MEMORY_KONTEXTUAL_TOKEN": "kontextual-secret-token",
}
advisory = warden_credential_routing_advisory(environ)
serialized = json.dumps(advisory, sort_keys=True)
assert advisory["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
assert advisory["missing_env"] == []
assert advisory["present_env"] == sorted(PHASE_MEMORY_CREDENTIAL_NEEDS)
assert "markitect-secret-token" not in serialized
assert "kontextual-secret-token" not in serialized
assert "https://markitect.example.invalid" not in serialized
assert advisory["operator_guidance"]["anti_pattern"].startswith("Do not message ops-warden")
if warden_cli_available():
assert advisory["route_matches"]
def test_resolve_credentialed_environ_reports_missing_credentials() -> None:
status = resolve_credentialed_environ({})
assert status["ready"] is False
assert status["missing_env"]
assert status["routing_advisory"]["schema_version"] == CREDENTIAL_ROUTING_ADVISORY_SCHEMA
assert "warden access" in status["operator_action"]