mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-06-07 23:03:54 +02:00
BigBodyCobain
2379 lines
94 KiB
Python
2379 lines
94 KiB
Python
from __future__ import annotations
|
|
|
|
import asyncio
|
|
|
|
import main
|
|
from .review_surface_contracts import (
|
|
EXPLICIT_REVIEW_EXPORT_CONTRACT,
|
|
REVIEW_CONSISTENCY_CONTRACT,
|
|
REVIEW_MANIFEST_CONTRACT,
|
|
assert_surface_contract,
|
|
review_surface_corpus,
|
|
)
|
|
from services.privacy_claims import (
|
|
explicit_review_export_snapshot,
|
|
final_review_bundle_snapshot,
|
|
privacy_claims_snapshot,
|
|
release_checklist_snapshot,
|
|
release_claims_matrix_snapshot,
|
|
review_consistency_snapshot,
|
|
review_manifest_snapshot,
|
|
review_export_snapshot,
|
|
rollout_controls_snapshot,
|
|
rollout_health_snapshot,
|
|
rollout_readiness_snapshot,
|
|
staged_rollout_telemetry_snapshot,
|
|
)
|
|
|
|
|
|
def _request(path: str):
|
|
from starlette.requests import Request
|
|
|
|
return Request(
|
|
{
|
|
"type": "http",
|
|
"headers": [],
|
|
"client": ("test", 12345),
|
|
"method": "GET",
|
|
"path": path.split("?", 1)[0],
|
|
"query_string": path.split("?", 1)[1].encode("utf-8") if "?" in path else b"",
|
|
}
|
|
)
|
|
|
|
|
|
def _protected_custody() -> dict:
|
|
return {
|
|
"code": "protected_at_rest",
|
|
"provider": "passphrase",
|
|
"protected_at_rest": True,
|
|
}
|
|
|
|
|
|
def _review_surface_samples() -> tuple[dict, dict, dict]:
|
|
sample = review_surface_corpus()["clean_ready"]
|
|
return (
|
|
sample["explicit_review_export"],
|
|
sample["review_manifest"],
|
|
sample["review_consistency"],
|
|
)
|
|
|
|
|
|
def _degraded_custody() -> dict:
|
|
return {
|
|
"code": "degraded_local_custody",
|
|
"provider": "raw",
|
|
"protected_at_rest": False,
|
|
}
|
|
|
|
|
|
def _attested_current() -> dict:
|
|
return {
|
|
"attestation_state": "attested_current",
|
|
"override_active": False,
|
|
"detail": "privacy-core version and trusted artifact hash are current",
|
|
}
|
|
|
|
|
|
def _attestation_mismatch() -> dict:
|
|
return {
|
|
"attestation_state": "attestation_mismatch",
|
|
"override_active": False,
|
|
"detail": "privacy-core loaded, but its artifact hash does not match the trusted enrollment",
|
|
}
|
|
|
|
|
|
def _compatibility_clear() -> dict:
|
|
return {
|
|
"stored_legacy_lookup_contacts_present": False,
|
|
"legacy_lookup_runtime_active": False,
|
|
"legacy_mailbox_get_runtime_active": False,
|
|
"legacy_mailbox_get_enabled": False,
|
|
"local_contact_upgrade_ok": True,
|
|
}
|
|
|
|
|
|
def _gate_privilege_ok() -> dict:
|
|
return {
|
|
"ordinary_gate_view_scope_class": "gate_member_or_gate_scope",
|
|
"privileged_gate_event_scope_class": "explicit_gate_audit",
|
|
"repair_detail_scope_class": "local_operator_diagnostic",
|
|
"privileged_gate_event_view_enabled": True,
|
|
"repair_detail_view_enabled": True,
|
|
}
|
|
|
|
|
|
def _compatibility_debt_clear() -> dict:
|
|
return {
|
|
"legacy_lookup_reliance": {
|
|
"active": False,
|
|
"last_seen_at": 0,
|
|
"blocked_count": 0,
|
|
},
|
|
"legacy_mailbox_get_reliance": {
|
|
"active": False,
|
|
"last_seen_at": 0,
|
|
"blocked_count": 0,
|
|
"enabled": False,
|
|
},
|
|
}
|
|
|
|
|
|
def _strong_claims_good() -> dict:
|
|
return {
|
|
"allowed": True,
|
|
"compat_overrides_clear": True,
|
|
"clearnet_fallback_blocked": True,
|
|
"compatibility": {},
|
|
"reasons": [],
|
|
}
|
|
|
|
|
|
def _release_gate_good() -> dict:
|
|
return {
|
|
"ready": True,
|
|
"blocking_reasons": [],
|
|
}
|
|
|
|
|
|
def test_private_strong_current_attestation_and_protected_custody_yield_dm_strong_ready():
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
dm = snapshot["claims"]["dm_strong"]
|
|
|
|
assert dm["allowed"] is True
|
|
assert dm["state"] == "dm_strong_ready"
|
|
assert dm["plain_label"] == "DM strong ready"
|
|
assert dm["blockers"] == []
|
|
assert snapshot["chip"]["state"] == "dm_strong_ready"
|
|
assert snapshot["chip"]["plain_label"] == "Strong private delivery ready"
|
|
|
|
|
|
def test_attestation_mismatch_blocks_strong_claim_honestly():
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attestation_mismatch(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
dm = snapshot["claims"]["dm_strong"]
|
|
|
|
assert dm["allowed"] is False
|
|
assert dm["state"] == "dm_strong_blocked"
|
|
assert "privacy_core_attestation_not_current" in dm["blockers"]
|
|
|
|
|
|
def test_degraded_local_custody_does_not_overclaim_stronger_local_assurance():
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_degraded_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
dm = snapshot["claims"]["dm_strong"]
|
|
gate = snapshot["claims"]["gate_transitional"]
|
|
|
|
assert dm["allowed"] is False
|
|
assert gate["allowed"] is False
|
|
assert "local_custody_not_protected_at_rest" in dm["blockers"]
|
|
assert "local_custody_not_protected_at_rest" in gate["blockers"]
|
|
assert snapshot["chip"]["state"] == "dm_strong_blocked"
|
|
|
|
|
|
def test_compatibility_readiness_affects_dm_claim_blockers_honestly():
|
|
snapshot = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness={
|
|
"stored_legacy_lookup_contacts_present": True,
|
|
"legacy_lookup_runtime_active": True,
|
|
"legacy_mailbox_get_runtime_active": True,
|
|
"legacy_mailbox_get_enabled": True,
|
|
"local_contact_upgrade_ok": False,
|
|
},
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
dm = snapshot["claims"]["dm_strong"]
|
|
|
|
assert dm["allowed"] is False
|
|
assert "compatibility_stored_legacy_lookup_contacts_present" in dm["blockers"]
|
|
assert "compatibility_legacy_lookup_runtime_active" in dm["blockers"]
|
|
assert "compatibility_legacy_mailbox_get_runtime_active" in dm["blockers"]
|
|
assert "compatibility_legacy_mailbox_get_enabled" in dm["blockers"]
|
|
assert "compatibility_local_contact_upgrade_incomplete" in dm["blockers"]
|
|
|
|
|
|
def test_control_only_and_degraded_chip_states_map_from_authoritative_model():
|
|
control_only = privacy_claims_snapshot(
|
|
transport_tier="private_control_only",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
degraded = privacy_claims_snapshot(
|
|
transport_tier="public_degraded",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
assert control_only["chip"]["state"] == "control_only_local_only"
|
|
assert control_only["chip"]["plain_label"] == "Local private operations only"
|
|
assert degraded["chip"]["state"] == "degraded_requires_approval"
|
|
assert degraded["chip"]["plain_label"] == "Needs approval for weaker privacy"
|
|
|
|
|
|
def test_rollout_readiness_strong_good_state_yields_ready_for_private_default():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is True
|
|
assert rollout["state"] == "ready_for_private_default"
|
|
assert rollout["blockers"] == []
|
|
|
|
|
|
def test_rollout_readiness_attestation_mismatch_blocks_honestly():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attestation_mismatch(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attestation_mismatch(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is False
|
|
assert rollout["state"] == "blocked_by_attestation"
|
|
assert rollout["blockers"] == ["privacy_core_attestation_not_current"]
|
|
|
|
|
|
def test_rollout_readiness_degraded_local_custody_blocks_honestly():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_degraded_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_degraded_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is False
|
|
assert rollout["state"] == "blocked_by_local_custody"
|
|
assert rollout["blockers"] == ["local_custody_not_protected_at_rest"]
|
|
|
|
|
|
def test_rollout_readiness_compatibility_posture_blocks_honestly():
|
|
compatibility = {
|
|
"stored_legacy_lookup_contacts_present": True,
|
|
"legacy_lookup_runtime_active": False,
|
|
"legacy_mailbox_get_runtime_active": False,
|
|
"legacy_mailbox_get_enabled": False,
|
|
"local_contact_upgrade_ok": True,
|
|
}
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=compatibility,
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=compatibility,
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is False
|
|
assert rollout["state"] == "blocked_by_compatibility"
|
|
assert "compatibility_stored_legacy_lookup_contacts_present" in rollout["blockers"]
|
|
|
|
|
|
def test_rollout_readiness_compatibility_debt_downgrades_honestly():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt={
|
|
"legacy_lookup_reliance": {
|
|
"active": False,
|
|
"last_seen_at": 123,
|
|
"blocked_count": 0,
|
|
},
|
|
"legacy_mailbox_get_reliance": {
|
|
"active": False,
|
|
"last_seen_at": 0,
|
|
"blocked_count": 0,
|
|
"enabled": False,
|
|
},
|
|
},
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is True
|
|
assert rollout["state"] == "ready_with_compatibility_debt"
|
|
assert "compatibility_debt_legacy_lookup" in rollout["blockers"]
|
|
|
|
|
|
def test_rollout_readiness_active_override_is_surfaced_honestly():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
|
|
rollout = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims={
|
|
**_strong_claims_good(),
|
|
"allowed": False,
|
|
"compat_overrides_clear": False,
|
|
"compatibility": {"legacy_dm_get_enabled": True},
|
|
"reasons": ["compat_overrides_enabled"],
|
|
},
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
|
|
assert rollout["allowed"] is False
|
|
assert rollout["state"] == "blocked_by_operator_override"
|
|
assert "operator_override_legacy_dm_get_enabled" in rollout["blockers"]
|
|
|
|
|
|
def test_rollout_controls_surface_active_attestation_override():
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness={"state": "requires_operator_attention"},
|
|
privacy_core={**_attested_current(), "override_active": True},
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
|
|
assert controls["attestation_override_active"] is True
|
|
assert "attestation_override_active" in controls["active_overrides"]
|
|
|
|
|
|
def test_rollout_controls_surface_active_compatibility_override():
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness={"state": "blocked_by_operator_override"},
|
|
privacy_core=_attested_current(),
|
|
strong_claims={
|
|
**_strong_claims_good(),
|
|
"compat_overrides_clear": False,
|
|
"compatibility": {"legacy_dm_get_enabled": True},
|
|
},
|
|
transport_tier="private_strong",
|
|
)
|
|
|
|
assert controls["compatibility_override_active"] is True
|
|
assert controls["legacy_compatibility_enabled"] is True
|
|
assert controls["legacy_compatibility_paths_enabled"] == ["legacy_dm_get_enabled"]
|
|
|
|
|
|
def test_rollout_health_surfaces_legacy_debt_honestly():
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness={"allowed": True, "state": "ready_with_compatibility_debt"},
|
|
compatibility_debt={
|
|
"legacy_lookup_reliance": {"active": False, "last_seen_at": 1, "blocked_count": 0},
|
|
"legacy_mailbox_get_reliance": {"active": False, "last_seen_at": 0, "blocked_count": 0, "enabled": False},
|
|
},
|
|
compatibility_readiness={
|
|
**_compatibility_clear(),
|
|
"stored_legacy_lookup_contacts_present": True,
|
|
"upgraded_contact_preferences": 2,
|
|
},
|
|
lookup_handle_rotation={
|
|
"state": "lookup_handle_rotation_pending",
|
|
"last_refresh_ok": True,
|
|
},
|
|
)
|
|
|
|
assert health["compatibility_cleanup_pending"] is True
|
|
assert "compatibility_debt_legacy_lookup" in health["debt_flags"]
|
|
assert "stored_legacy_lookup_contacts_present" in health["debt_flags"]
|
|
assert "lookup_handle_rotation_pending" in health["debt_flags"]
|
|
assert health["upgraded_contact_preferences"] == 2
|
|
|
|
|
|
def test_review_export_snapshot_contains_authoritative_surfaces_and_schema_metadata():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core=_attested_current(),
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness=readiness,
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
lookup_handle_rotation={
|
|
"state": "lookup_handle_rotation_ok",
|
|
"last_refresh_ok": True,
|
|
},
|
|
)
|
|
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health=health,
|
|
)
|
|
|
|
assert export["schema_version"] == "privacy_review_export.v1"
|
|
assert export["export_kind"] == "privacy_review_export"
|
|
assert export["surface_class"] == "authoritative_export_bundle"
|
|
assert export["authoritative_model"] == "privacy_claims"
|
|
assert export["identifier_free"] is True
|
|
assert export["privacy_claims"]["claims"]["dm_strong"]["state"] == "dm_strong_ready"
|
|
assert export["rollout_readiness"]["state"] == "ready_for_private_default"
|
|
assert export["rollout_controls"]["state"] == "private_default_safe"
|
|
assert export["rollout_health"]["state"] == "healthy"
|
|
|
|
|
|
def test_review_export_summary_rows_match_authoritative_inputs():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attestation_mismatch(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attestation_mismatch(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core=_attestation_mismatch(),
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness=readiness,
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
)
|
|
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health=health,
|
|
)
|
|
|
|
summary = export["review_summary"]
|
|
assert summary["dm_strong_claim"]["allowed"] is False
|
|
assert summary["dm_strong_claim"]["state"] == "dm_strong_blocked"
|
|
assert summary["gate_transitional_claim"]["allowed"] is False
|
|
assert summary["private_default_rollout_safe"]["allowed"] is False
|
|
assert summary["private_default_rollout_safe"]["state"] == "blocked_by_attestation"
|
|
assert summary["major_blocker"]["state"] == "attestation"
|
|
|
|
|
|
def test_review_export_summary_prefers_override_over_ready_readiness():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core={**_attested_current(), "override_active": True},
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness=readiness,
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
lookup_handle_rotation={
|
|
"state": "lookup_handle_rotation_ok",
|
|
"last_refresh_ok": True,
|
|
},
|
|
)
|
|
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health=health,
|
|
)
|
|
|
|
summary = export["review_summary"]
|
|
assert summary["private_default_rollout_safe"]["allowed"] is False
|
|
assert summary["private_default_rollout_safe"]["state"] == "blocked_by_operator_override"
|
|
assert summary["private_default_rollout_safe"]["raw_readiness_state"] == "ready_for_private_default"
|
|
assert summary["major_blocker"]["state"] == "operator_override"
|
|
|
|
|
|
def test_review_export_summary_prefers_cleanup_debt_over_ready_readiness():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core=_attested_current(),
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness={"allowed": True, "state": "ready_for_private_default"},
|
|
compatibility_debt={
|
|
"legacy_lookup_reliance": {"active": False, "last_seen_at": 10, "blocked_count": 0},
|
|
"legacy_mailbox_get_reliance": {"active": False, "last_seen_at": 0, "blocked_count": 0, "enabled": False},
|
|
},
|
|
compatibility_readiness=_compatibility_clear(),
|
|
lookup_handle_rotation={
|
|
"state": "lookup_handle_rotation_ok",
|
|
"last_refresh_ok": True,
|
|
},
|
|
)
|
|
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health=health,
|
|
)
|
|
|
|
summary = export["review_summary"]
|
|
assert summary["private_default_rollout_safe"]["allowed"] is False
|
|
assert summary["private_default_rollout_safe"]["state"] == "blocked_by_cleanup_debt"
|
|
assert summary["major_blocker"]["state"] == "compatibility_debt"
|
|
|
|
|
|
def test_final_review_bundle_contains_expected_authoritative_package_and_verdict_metadata():
|
|
claims = privacy_claims_snapshot(
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
)
|
|
readiness = rollout_readiness_snapshot(
|
|
privacy_claims=claims,
|
|
transport_tier="private_strong",
|
|
local_custody=_protected_custody(),
|
|
privacy_core=_attested_current(),
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
gate_privilege_access=_gate_privilege_ok(),
|
|
strong_claims=_strong_claims_good(),
|
|
release_gate=_release_gate_good(),
|
|
)
|
|
controls = rollout_controls_snapshot(
|
|
rollout_readiness=readiness,
|
|
privacy_core=_attested_current(),
|
|
strong_claims=_strong_claims_good(),
|
|
transport_tier="private_strong",
|
|
)
|
|
health = rollout_health_snapshot(
|
|
rollout_readiness=readiness,
|
|
compatibility_debt=_compatibility_debt_clear(),
|
|
compatibility_readiness=_compatibility_clear(),
|
|
lookup_handle_rotation={
|
|
"state": "lookup_handle_rotation_ok",
|
|
"last_refresh_ok": True,
|
|
},
|
|
)
|
|
export = review_export_snapshot(
|
|
privacy_claims=claims,
|
|
rollout_readiness=readiness,
|
|
rollout_controls=controls,
|
|
rollout_health=health,
|
|
)
|
|
|
|
bundle = final_review_bundle_snapshot(review_export=export)
|
|
|
|
assert bundle["schema_version"] == "privacy_final_review_bundle.v1"
|
|
assert bundle["bundle_kind"] == "final_review_bundle"
|
|
assert bundle["surface_class"] == "authoritative_export_bundle"
|
|
assert bundle["source_surface"] == "review_export"
|
|
assert bundle["review_completeness"]["deterministic"] is True
|
|
assert bundle["review_completeness"]["identifier_free"] is True
|
|
assert bundle["review_completeness"]["sourced_from_authoritative_model"] is True
|
|
assert bundle["release_readiness_verdict"]["state"] == "release_ready"
|
|
assert bundle["compatibility_shim_provenance"]["strong_claims"]["surface_class"] == "compatibility_shim"
|
|
assert bundle["compatibility_shim_provenance"]["release_gate"]["surface_class"] == "compatibility_shim"
|
|
assert bundle["review_export"]["schema_version"] == "privacy_review_export.v1"
|
|
|
|
|
|
def test_final_review_bundle_verdict_mapping_is_correct():
|
|
ready_bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": True},
|
|
"major_blocker": {"state": "none", "detail": "none"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
debt_bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": False},
|
|
"major_blocker": {"state": "compatibility_debt", "detail": "debt"},
|
|
},
|
|
"rollout_health": {"state": "cleanup_debt_present"},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
blocked_bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": False},
|
|
"major_blocker": {"state": "attestation", "detail": "blocked"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
attention_bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": False},
|
|
"major_blocker": {"state": "operator_attention", "detail": "attention"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
|
|
assert ready_bundle["release_readiness_verdict"]["state"] == "release_ready"
|
|
assert debt_bundle["release_readiness_verdict"]["state"] == "release_ready_with_debt"
|
|
assert blocked_bundle["release_readiness_verdict"]["state"] == "release_blocked"
|
|
assert attention_bundle["release_readiness_verdict"]["state"] == "operator_attention_required"
|
|
|
|
|
|
def test_staged_rollout_telemetry_ready_clean_maps_to_safe_canary():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": True},
|
|
"major_blocker": {"state": "none", "detail": "none"},
|
|
},
|
|
"rollout_controls": {
|
|
"active_overrides": [],
|
|
"compatibility_override_active": False,
|
|
"legacy_compatibility_enabled": False,
|
|
},
|
|
"rollout_health": {
|
|
"compatibility_cleanup_pending": False,
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
assert telemetry["rollout_stage_recommendation"] == "private_default_canary"
|
|
assert telemetry["rollout_safe_now"] is True
|
|
assert telemetry["migration_cleanup_complete"] is True
|
|
assert telemetry["compatibility_debt_present"] is False
|
|
assert telemetry["canary_safe_now"] is True
|
|
|
|
|
|
def test_staged_rollout_telemetry_debt_maps_to_canary_with_debt():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": False},
|
|
"major_blocker": {"state": "compatibility_debt", "detail": "debt"},
|
|
},
|
|
"rollout_controls": {
|
|
"active_overrides": [],
|
|
"compatibility_override_active": False,
|
|
"legacy_compatibility_enabled": False,
|
|
},
|
|
"rollout_health": {
|
|
"compatibility_cleanup_pending": True,
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
assert telemetry["rollout_stage_recommendation"] == "private_default_canary_with_debt"
|
|
assert telemetry["rollout_safe_now"] is False
|
|
assert telemetry["migration_cleanup_complete"] is False
|
|
assert telemetry["compatibility_debt_present"] is True
|
|
assert telemetry["canary_safe_now"] is True
|
|
|
|
|
|
def test_staged_rollout_telemetry_override_maps_to_non_safe_stage():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"private_default_rollout_safe": {"allowed": False},
|
|
"major_blocker": {"state": "operator_override", "detail": "override"},
|
|
},
|
|
"rollout_controls": {
|
|
"active_overrides": ["attestation_override_active"],
|
|
"compatibility_override_active": True,
|
|
"legacy_compatibility_enabled": True,
|
|
},
|
|
"rollout_health": {
|
|
"compatibility_cleanup_pending": False,
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
assert telemetry["rollout_stage_recommendation"] == "hold_for_override_clearance"
|
|
assert telemetry["rollout_safe_now"] is False
|
|
assert telemetry["kill_switch_posture_active"] is True
|
|
assert telemetry["active_overrides_present"] is True
|
|
assert telemetry["active_compatibility_allowances"] is True
|
|
assert telemetry["operator_attention_required"] is True
|
|
|
|
|
|
def test_release_claims_matrix_clean_state_maps_to_claimable_rows():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {
|
|
"allowed": True,
|
|
"state": "dm_strong_ready",
|
|
"plain_label": "DM strong ready",
|
|
"detail": "ready",
|
|
},
|
|
"gate_transitional_claim": {
|
|
"allowed": True,
|
|
"state": "gate_transitional_ready",
|
|
"plain_label": "Gate transitional ready",
|
|
"detail": "ready",
|
|
},
|
|
"private_default_rollout_safe": {
|
|
"allowed": True,
|
|
"state": "ready_for_private_default",
|
|
"plain_label": "Private default safe now",
|
|
"detail": "safe",
|
|
},
|
|
"major_blocker": {"state": "none", "detail": "none"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
assert matrix["schema_version"] == "privacy_release_claims_matrix.v1"
|
|
assert matrix["rows"]["dm_strong_claim_now"]["allowed"] is True
|
|
assert matrix["rows"]["gate_transitional_claim_now"]["allowed"] is True
|
|
assert matrix["rows"]["private_default_rollout_claim_now"]["allowed"] is True
|
|
assert matrix["rows"]["compatibility_cleanup_complete"]["allowed"] is True
|
|
assert matrix["rows"]["operator_override_free"]["allowed"] is True
|
|
|
|
|
|
def test_release_claims_matrix_keeps_rollout_rows_honest_under_compatibility_debt():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {
|
|
"allowed": True,
|
|
"state": "dm_strong_ready",
|
|
"plain_label": "DM strong ready",
|
|
"detail": "ready",
|
|
},
|
|
"gate_transitional_claim": {
|
|
"allowed": True,
|
|
"state": "gate_transitional_ready",
|
|
"plain_label": "Gate transitional ready",
|
|
"detail": "ready",
|
|
},
|
|
"private_default_rollout_safe": {
|
|
"allowed": False,
|
|
"state": "blocked_by_cleanup_debt",
|
|
"plain_label": "Private default blocked by cleanup debt",
|
|
"detail": "debt",
|
|
},
|
|
"major_blocker": {"state": "compatibility_debt", "detail": "debt"},
|
|
},
|
|
"rollout_health": {"compatibility_cleanup_pending": True},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
assert matrix["claim_truth_metadata"]["compatibility_debt_reflected"] is True
|
|
assert matrix["rows"]["private_default_rollout_claim_now"]["allowed"] is False
|
|
assert matrix["rows"]["compatibility_cleanup_complete"]["allowed"] is False
|
|
assert "compatibility_debt" in matrix["blocker_categories"]
|
|
|
|
|
|
def test_release_claims_matrix_active_override_blocks_relevant_rows_honestly():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {
|
|
"allowed": True,
|
|
"state": "dm_strong_ready",
|
|
"plain_label": "DM strong ready",
|
|
"detail": "ready",
|
|
},
|
|
"gate_transitional_claim": {
|
|
"allowed": True,
|
|
"state": "gate_transitional_ready",
|
|
"plain_label": "Gate transitional ready",
|
|
"detail": "ready",
|
|
},
|
|
"private_default_rollout_safe": {
|
|
"allowed": False,
|
|
"state": "blocked_by_operator_override",
|
|
"plain_label": "Private default blocked by override",
|
|
"detail": "override",
|
|
},
|
|
"major_blocker": {"state": "operator_override", "detail": "override"},
|
|
},
|
|
"rollout_controls": {
|
|
"active_overrides": ["attestation_override_active"],
|
|
"compatibility_override_active": True,
|
|
"legacy_compatibility_enabled": True,
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
assert matrix["rows"]["private_default_rollout_claim_now"]["allowed"] is False
|
|
assert matrix["rows"]["operator_override_free"]["allowed"] is False
|
|
assert "operator_override" in matrix["blocker_categories"]
|
|
|
|
|
|
def test_release_checklist_clean_state_yields_fully_completed_checklist():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {"allowed": True, "detail": "ready"},
|
|
"gate_transitional_claim": {"allowed": True, "detail": "ready"},
|
|
"private_default_rollout_safe": {"allowed": True, "detail": "ready"},
|
|
"major_blocker": {"state": "none", "detail": "none"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
|
|
assert checklist["schema_version"] == "privacy_release_checklist.v1"
|
|
assert checklist["checklist_status"] == "completed"
|
|
assert checklist["completed_count"] == 6
|
|
assert checklist["pending_count"] == 0
|
|
assert all(item["completed"] for item in checklist["items"].values())
|
|
|
|
|
|
def test_release_checklist_compatibility_debt_leaves_expected_items_pending():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {"allowed": True, "detail": "ready"},
|
|
"gate_transitional_claim": {"allowed": True, "detail": "ready"},
|
|
"private_default_rollout_safe": {"allowed": False, "detail": "debt"},
|
|
"major_blocker": {"state": "compatibility_debt", "detail": "debt"},
|
|
},
|
|
"rollout_health": {"compatibility_cleanup_pending": True},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
|
|
assert checklist["checklist_status"] == "pending"
|
|
assert checklist["items"]["private_default_rollout_claim_truth_confirmed"]["completed"] is False
|
|
assert checklist["items"]["compatibility_cleanup_complete"]["completed"] is False
|
|
assert "compatibility_debt" in checklist["blocker_categories"]
|
|
|
|
|
|
def test_release_checklist_active_override_leaves_expected_items_pending():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {"allowed": True, "detail": "ready"},
|
|
"gate_transitional_claim": {"allowed": True, "detail": "ready"},
|
|
"private_default_rollout_safe": {"allowed": False, "detail": "override"},
|
|
"major_blocker": {"state": "operator_override", "detail": "override"},
|
|
},
|
|
"rollout_controls": {
|
|
"active_overrides": ["attestation_override_active"],
|
|
"compatibility_override_active": True,
|
|
"legacy_compatibility_enabled": True,
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
|
|
assert checklist["checklist_status"] == "pending"
|
|
assert checklist["items"]["private_default_rollout_claim_truth_confirmed"]["completed"] is False
|
|
assert checklist["items"]["no_active_override_posture"]["completed"] is False
|
|
assert "operator_override" in checklist["blocker_categories"]
|
|
|
|
|
|
def test_explicit_review_export_snapshot_contains_expected_consolidated_package():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"schema_version": "privacy_review_export.v1",
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {"allowed": True},
|
|
"gate_transitional_claim": {"allowed": True},
|
|
"private_default_rollout_safe": {"allowed": True},
|
|
"major_blocker": {"state": "none"},
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
|
|
export = explicit_review_export_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
release_claims_matrix=matrix,
|
|
release_checklist=checklist,
|
|
)
|
|
|
|
assert export["schema_version"] == "privacy_explicit_review_export.v1"
|
|
assert export["export_kind"] == "explicit_review_export"
|
|
assert export["surface_class"] == "authoritative_export_bundle"
|
|
assert export["source_surface"] == "final_review_bundle"
|
|
assert export["authoritative_model"] == "privacy_claims"
|
|
assert export["export_metadata"]["deterministic"] is True
|
|
assert export["export_metadata"]["identifier_free"] is True
|
|
assert export["export_metadata"]["source_surfaces"] == [
|
|
"final_review_bundle",
|
|
"staged_rollout_telemetry",
|
|
"release_claims_matrix",
|
|
"release_checklist",
|
|
]
|
|
assert export["final_review_bundle"] == bundle
|
|
assert export["staged_rollout_telemetry"] == telemetry
|
|
assert export["release_claims_matrix"] == matrix
|
|
assert export["release_checklist"] == checklist
|
|
|
|
|
|
def test_explicit_review_export_contract_fixture_is_stable():
|
|
export, _manifest, _consistency = _review_surface_samples()
|
|
assert_surface_contract(export, EXPLICIT_REVIEW_EXPORT_CONTRACT)
|
|
|
|
|
|
def test_review_manifest_contract_fixture_is_stable():
|
|
_export, manifest, _consistency = _review_surface_samples()
|
|
assert_surface_contract(manifest, REVIEW_MANIFEST_CONTRACT)
|
|
|
|
|
|
def test_review_consistency_contract_fixture_is_stable():
|
|
_export, _manifest, consistency = _review_surface_samples()
|
|
assert_surface_contract(consistency, REVIEW_CONSISTENCY_CONTRACT)
|
|
|
|
|
|
def test_review_manifest_contains_expected_summary_and_provenance_mapping():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"schema_version": "privacy_review_export.v1",
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {
|
|
"allowed": True,
|
|
"state": "dm_strong_ready",
|
|
"plain_label": "Strong private ready",
|
|
"detail": "ready",
|
|
},
|
|
"gate_transitional_claim": {
|
|
"allowed": True,
|
|
"state": "gate_transitional_ready",
|
|
"plain_label": "Transitional private ready",
|
|
"detail": "ready",
|
|
},
|
|
"private_default_rollout_safe": {
|
|
"allowed": True,
|
|
"state": "ready_for_private_default",
|
|
"plain_label": "Private default safe now",
|
|
"detail": "ready",
|
|
},
|
|
"major_blocker": {"state": "none"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"privacy_claims": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_readiness": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_controls": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_health": {"surface_class": "authoritative_diagnostic"},
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
export = explicit_review_export_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
release_claims_matrix=matrix,
|
|
release_checklist=checklist,
|
|
)
|
|
|
|
manifest = review_manifest_snapshot(explicit_review_export=export)
|
|
|
|
assert manifest["schema_version"] == "privacy_review_manifest.v1"
|
|
assert manifest["manifest_kind"] == "review_manifest"
|
|
assert manifest["surface_class"] == "authoritative_review_manifest"
|
|
assert manifest["source_surface"] == "explicit_review_export"
|
|
assert manifest["manifest_metadata"]["deterministic"] is True
|
|
assert manifest["manifest_metadata"]["identifier_free"] is True
|
|
assert manifest["claim_summary_rows"]["dm_strong_claim_now"]["allowed"] is True
|
|
assert manifest["claim_summary_rows"]["private_default_rollout_claim_now"]["state"] == "ready_for_private_default"
|
|
assert manifest["checklist_summary"]["checklist_status"] == "completed"
|
|
assert manifest["checklist_summary"]["completed_count"] == 6
|
|
assert manifest["checklist_summary"]["pending_count"] == 0
|
|
assert manifest["evidence_map"]["dm_strong_claim_now"]["source_surfaces"] == [
|
|
"release_claims_matrix",
|
|
"final_review_bundle",
|
|
"review_export",
|
|
"privacy_claims",
|
|
]
|
|
assert manifest["evidence_map"]["operator_review_package_complete"]["source_surfaces"] == [
|
|
"release_checklist",
|
|
"final_review_bundle",
|
|
"review_export",
|
|
"claim_surface_sources",
|
|
]
|
|
|
|
|
|
def test_review_consistency_snapshot_reports_aligned_clean_state():
|
|
bundle = final_review_bundle_snapshot(
|
|
review_export={
|
|
"schema_version": "privacy_review_export.v1",
|
|
"authoritative_model": "privacy_claims",
|
|
"review_summary": {
|
|
"dm_strong_claim": {
|
|
"allowed": True,
|
|
"state": "dm_strong_ready",
|
|
"plain_label": "Strong private ready",
|
|
"detail": "ready",
|
|
},
|
|
"gate_transitional_claim": {
|
|
"allowed": True,
|
|
"state": "gate_transitional_ready",
|
|
"plain_label": "Transitional private ready",
|
|
"detail": "ready",
|
|
},
|
|
"private_default_rollout_safe": {
|
|
"allowed": True,
|
|
"state": "ready_for_private_default",
|
|
"plain_label": "Private default safe now",
|
|
"detail": "ready",
|
|
},
|
|
"major_blocker": {"state": "none"},
|
|
},
|
|
"claim_surface_sources": {
|
|
"surfaces": {
|
|
"privacy_claims": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_readiness": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_controls": {"surface_class": "authoritative_diagnostic"},
|
|
"rollout_health": {"surface_class": "authoritative_diagnostic"},
|
|
"strong_claims": {"surface_class": "compatibility_shim"},
|
|
"release_gate": {"surface_class": "compatibility_shim"},
|
|
}
|
|
},
|
|
}
|
|
)
|
|
telemetry = staged_rollout_telemetry_snapshot(final_review_bundle=bundle)
|
|
matrix = release_claims_matrix_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
)
|
|
checklist = release_checklist_snapshot(
|
|
release_claims_matrix=matrix,
|
|
staged_rollout_telemetry=telemetry,
|
|
final_review_bundle=bundle,
|
|
)
|
|
export = explicit_review_export_snapshot(
|
|
final_review_bundle=bundle,
|
|
staged_rollout_telemetry=telemetry,
|
|
release_claims_matrix=matrix,
|
|
release_checklist=checklist,
|
|
)
|
|
manifest = review_manifest_snapshot(explicit_review_export=export)
|
|
|
|
consistency = review_consistency_snapshot(
|
|
explicit_review_export=export,
|
|
review_manifest=manifest,
|
|
)
|
|
|
|
assert consistency["schema_version"] == "privacy_review_consistency.v1"
|
|
assert consistency["consistency_kind"] == "review_surface_consistency"
|
|
assert consistency["alignment_verdict"]["aligned"] is True
|
|
assert consistency["alignment_verdict"]["state"] == "aligned"
|
|
assert consistency["alignment_verdict"]["detail"] == "Review export and manifest are structurally aligned."
|
|
assert consistency["blocker_category_mismatches"] == {
|
|
"export_only": [],
|
|
"manifest_only": [],
|
|
}
|
|
assert consistency["handoff_summary"]["export_and_manifest_aligned_now"]["allowed"] is True
|
|
assert consistency["handoff_summary"]["claim_rows_fully_backed_by_evidence_now"]["allowed"] is True
|
|
assert consistency["handoff_summary"]["checklist_rows_fully_backed_by_evidence_now"]["allowed"] is True
|
|
assert consistency["handoff_summary"]["blocker_categories_fully_covered_by_provenance"]["allowed"] is True
|
|
|
|
|
|
def test_review_consistency_snapshot_treats_blocker_category_disagreement_as_mismatch():
|
|
export = {
|
|
"schema_version": "privacy_explicit_review_export.v1",
|
|
"surface_class": "authoritative_export_bundle",
|
|
"authoritative_model": "privacy_claims",
|
|
"export_metadata": {
|
|
"deterministic": True,
|
|
"identifier_free": True,
|
|
"source_surfaces": [
|
|
"final_review_bundle",
|
|
"staged_rollout_telemetry",
|
|
"release_claims_matrix",
|
|
"release_checklist",
|
|
],
|
|
},
|
|
"release_claims_matrix": {
|
|
"rows": {
|
|
"dm_strong_claim_now": {"allowed": True, "state": "dm_strong_ready"},
|
|
},
|
|
"blocker_categories": ["compatibility_debt"],
|
|
},
|
|
"release_checklist": {
|
|
"items": {
|
|
"dm_strong_claim_truth_confirmed": {"completed": True},
|
|
},
|
|
},
|
|
}
|
|
manifest = {
|
|
"surface_class": "authoritative_review_manifest",
|
|
"manifest_metadata": {"deterministic": True, "identifier_free": True},
|
|
"claim_summary_rows": {
|
|
"dm_strong_claim_now": {"allowed": True, "state": "dm_strong_ready"},
|
|
},
|
|
"checklist_summary": {
|
|
"completed_count": 1,
|
|
"pending_count": 0,
|
|
"completed_items": ["dm_strong_claim_truth_confirmed"],
|
|
"pending_items": [],
|
|
},
|
|
"blocker_categories": ["operator_override"],
|
|
"evidence_surfaces": ["release_claims_matrix", "review_export"],
|
|
"evidence_map": {
|
|
"dm_strong_claim_now": {"source_surfaces": ["release_claims_matrix"]},
|
|
"dm_strong_claim_truth_confirmed": {"source_surfaces": ["release_checklist"]},
|
|
},
|
|
}
|
|
|
|
consistency = review_consistency_snapshot(
|
|
explicit_review_export=export,
|
|
review_manifest=manifest,
|
|
)
|
|
|
|
assert consistency["alignment_verdict"]["aligned"] is False
|
|
assert consistency["alignment_verdict"]["state"] == "not_aligned"
|
|
assert consistency["blocker_category_mismatches"] == {
|
|
"export_only": ["compatibility_debt"],
|
|
"manifest_only": ["operator_override"],
|
|
}
|
|
assert consistency["handoff_summary"]["export_and_manifest_aligned_now"]["allowed"] is False
|
|
assert consistency["handoff_summary"]["claim_rows_fully_backed_by_evidence_now"]["allowed"] is True
|
|
assert consistency["handoff_summary"]["checklist_rows_fully_backed_by_evidence_now"]["allowed"] is True
|
|
|
|
|
|
def test_review_consistency_snapshot_keeps_provenance_separate_from_alignment():
|
|
export = {
|
|
"schema_version": "privacy_explicit_review_export.v1",
|
|
"surface_class": "authoritative_export_bundle",
|
|
"authoritative_model": "privacy_claims",
|
|
"export_metadata": {
|
|
"deterministic": True,
|
|
"identifier_free": True,
|
|
"source_surfaces": [
|
|
"final_review_bundle",
|
|
"staged_rollout_telemetry",
|
|
"release_claims_matrix",
|
|
"release_checklist",
|
|
],
|
|
},
|
|
"release_claims_matrix": {
|
|
"rows": {
|
|
"dm_strong_claim_now": {"allowed": True, "state": "dm_strong_ready"},
|
|
},
|
|
"blocker_categories": ["compatibility_debt"],
|
|
},
|
|
"release_checklist": {
|
|
"items": {
|
|
"dm_strong_claim_truth_confirmed": {"completed": True},
|
|
},
|
|
},
|
|
}
|
|
manifest = {
|
|
"surface_class": "authoritative_review_manifest",
|
|
"manifest_metadata": {"deterministic": True, "identifier_free": True},
|
|
"claim_summary_rows": {
|
|
"dm_strong_claim_now": {"allowed": True, "state": "dm_strong_ready"},
|
|
},
|
|
"checklist_summary": {
|
|
"completed_count": 1,
|
|
"pending_count": 0,
|
|
"completed_items": ["dm_strong_claim_truth_confirmed"],
|
|
"pending_items": [],
|
|
},
|
|
"blocker_categories": ["compatibility_debt"],
|
|
"evidence_surfaces": ["review_export"],
|
|
"evidence_map": {
|
|
"dm_strong_claim_now": {"source_surfaces": ["release_claims_matrix"]},
|
|
"dm_strong_claim_truth_confirmed": {"source_surfaces": ["release_checklist"]},
|
|
},
|
|
}
|
|
|
|
consistency = review_consistency_snapshot(
|
|
explicit_review_export=export,
|
|
review_manifest=manifest,
|
|
)
|
|
|
|
assert consistency["alignment_verdict"]["aligned"] is True
|
|
assert consistency["alignment_verdict"]["detail"] == "Review export and manifest are structurally aligned."
|
|
assert "fully backed by evidence" not in consistency["alignment_verdict"]["detail"]
|
|
assert consistency["handoff_summary"]["export_and_manifest_aligned_now"]["allowed"] is True
|
|
assert consistency["handoff_summary"]["blocker_categories_fully_covered_by_provenance"]["allowed"] is False
|
|
assert consistency["handoff_summary"]["blocker_categories_fully_covered_by_provenance"]["state"] == "missing_blocker_provenance"
|
|
|
|
|
|
def test_review_surface_contract_fixtures_are_identifier_free():
|
|
export, manifest, consistency = _review_surface_samples()
|
|
combined = repr(export) + repr(manifest) + repr(consistency)
|
|
assert "recent_targets" not in combined
|
|
assert "agent_id" not in combined
|
|
|
|
|
|
def test_review_surface_corpus_contracts_cover_all_representative_states():
|
|
corpus = review_surface_corpus()
|
|
|
|
for state_name, state in corpus.items():
|
|
export = dict(state["explicit_review_export"])
|
|
manifest = dict(state["review_manifest"])
|
|
consistency = dict(state["review_consistency"])
|
|
assert_surface_contract(export, EXPLICIT_REVIEW_EXPORT_CONTRACT)
|
|
assert_surface_contract(manifest, REVIEW_MANIFEST_CONTRACT)
|
|
assert_surface_contract(consistency, REVIEW_CONSISTENCY_CONTRACT)
|
|
assert export["surface_class"] == "authoritative_export_bundle", state_name
|
|
assert manifest["surface_class"] == "authoritative_review_manifest", state_name
|
|
assert consistency["surface_class"] == "authoritative_review_handoff", state_name
|
|
|
|
|
|
def test_review_surface_corpus_has_expected_state_specific_drift_signals():
|
|
corpus = review_surface_corpus()
|
|
|
|
clean_ready = corpus["clean_ready"]
|
|
assert clean_ready["explicit_review_export"]["release_claims_matrix"]["blocker_categories"] == []
|
|
assert clean_ready["review_manifest"]["checklist_summary"]["checklist_status"] == "completed"
|
|
assert clean_ready["review_consistency"]["alignment_verdict"]["aligned"] is True
|
|
|
|
compatibility_debt = corpus["compatibility_debt"]
|
|
assert compatibility_debt["explicit_review_export"]["release_claims_matrix"]["blocker_categories"] == ["compatibility_debt"]
|
|
assert compatibility_debt["review_manifest"]["checklist_summary"]["checklist_status"] == "pending"
|
|
assert (
|
|
compatibility_debt["review_manifest"]["claim_summary_rows"]["private_default_rollout_claim_now"]["state"]
|
|
== "blocked_by_cleanup_debt"
|
|
)
|
|
assert compatibility_debt["review_consistency"]["alignment_verdict"]["aligned"] is True
|
|
|
|
operator_override = corpus["operator_override"]
|
|
assert operator_override["explicit_review_export"]["release_claims_matrix"]["blocker_categories"] == ["operator_override"]
|
|
assert (
|
|
operator_override["explicit_review_export"]["release_checklist"]["items"]["no_active_override_posture"]["completed"]
|
|
is False
|
|
)
|
|
assert operator_override["review_manifest"]["checklist_summary"]["checklist_status"] == "pending"
|
|
assert operator_override["review_consistency"]["alignment_verdict"]["aligned"] is True
|
|
|
|
provenance_gap = corpus["provenance_gap"]
|
|
assert provenance_gap["explicit_review_export"]["release_claims_matrix"]["blocker_categories"] == ["compatibility_debt"]
|
|
assert provenance_gap["review_manifest"]["checklist_summary"]["checklist_status"] == "pending"
|
|
assert provenance_gap["review_consistency"]["alignment_verdict"]["aligned"] is True
|
|
assert (
|
|
provenance_gap["review_consistency"]["handoff_summary"]["blocker_categories_fully_covered_by_provenance"]["allowed"]
|
|
is False
|
|
)
|
|
|
|
|
|
def test_review_surface_corpus_is_identifier_free():
|
|
corpus = review_surface_corpus()
|
|
combined = "".join(repr(state) for state in corpus.values())
|
|
assert "recent_targets" not in combined
|
|
assert "agent_id" not in combined
|
|
|
|
|
|
def test_ordinary_status_omits_explicit_review_surfaces_across_corpus_states(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
scenarios = {
|
|
"clean_ready": {
|
|
"privacy_core": _attested_current(),
|
|
"compatibility_snapshot": {"usage": {}, "sunset": {}},
|
|
},
|
|
"compatibility_debt": {
|
|
"privacy_core": _attested_current(),
|
|
"compatibility_snapshot": {
|
|
"usage": {
|
|
"legacy_agent_id_lookup": {
|
|
"count": 1,
|
|
"last_seen_at": 1,
|
|
"blocked_count": 0,
|
|
}
|
|
},
|
|
"sunset": {},
|
|
},
|
|
},
|
|
"operator_override": {
|
|
"privacy_core": {**_attested_current(), "override_active": True},
|
|
"compatibility_snapshot": {"usage": {}, "sunset": {}},
|
|
},
|
|
"provenance_gap": {
|
|
"privacy_core": _attested_current(),
|
|
"compatibility_snapshot": {"usage": {}, "sunset": {}},
|
|
},
|
|
}
|
|
|
|
for scenario in scenarios.values():
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda scenario=scenario: scenario["privacy_core"])
|
|
monkeypatch.setattr(
|
|
main,
|
|
"compatibility_status_snapshot",
|
|
lambda scenario=scenario: scenario["compatibility_snapshot"],
|
|
)
|
|
result = asyncio.run(main.api_wormhole_status(_request("/api/wormhole/status")))
|
|
|
|
assert "explicit_review_export" not in result
|
|
assert "review_manifest" not in result
|
|
assert "review_consistency" not in result
|
|
|
|
|
|
def test_ordinary_status_omits_detailed_claim_matrix(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(main.api_wormhole_status(_request("/api/wormhole/status")))
|
|
|
|
assert "privacy_claims" not in result
|
|
assert "rollout_readiness" not in result
|
|
assert "rollout_controls" not in result
|
|
assert "rollout_health" not in result
|
|
assert "claim_surface_sources" not in result
|
|
assert "review_export" not in result
|
|
assert "final_review_bundle" not in result
|
|
assert "staged_rollout_telemetry" not in result
|
|
assert "release_claims_matrix" not in result
|
|
assert "release_checklist" not in result
|
|
assert "explicit_review_export" not in result
|
|
assert "review_manifest" not in result
|
|
assert "review_consistency" not in result
|
|
assert result["strong_claims"]["allowed"] is False
|
|
assert result["release_gate"]["ready"] is False
|
|
assert result["privacy_status"]["state"] == "dm_strong_pending"
|
|
assert "blockers" not in result["privacy_status"]
|
|
|
|
|
|
def test_diagnostic_status_exposes_detailed_claim_matrix(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_strong_claims_policy_snapshot",
|
|
lambda **_kwargs: _strong_claims_good(),
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_release_gate_status",
|
|
lambda **_kwargs: {
|
|
**_release_gate_good(),
|
|
"compatibility_shim": True,
|
|
"source_model": "privacy_claims",
|
|
"authoritative_dm_claim_state": "dm_strong_ready",
|
|
"authoritative_gate_claim_state": "gate_transitional_ready",
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
|
|
assert result["privacy_claims"]["transport_tier"] == "private_strong"
|
|
assert result["privacy_claims"]["claims"]["dm_strong"]["state"] == "dm_strong_ready"
|
|
assert result["privacy_claims"]["claims"]["gate_transitional"]["state"] == "gate_transitional_ready"
|
|
assert result["privacy_claims"]["claims"]["control_only_posture"]["state"] == "control_only_local_only"
|
|
assert result["privacy_claims"]["claims"]["degraded_posture"]["state"] == "degraded_requires_approval"
|
|
assert result["privacy_status"]["state"] == "dm_strong_ready"
|
|
assert result["rollout_readiness"]["state"] == "ready_for_private_default"
|
|
assert result["rollout_controls"]["state"] == "private_default_safe"
|
|
assert result["rollout_health"]["state"] == "healthy"
|
|
assert result["claim_surface_sources"]["authoritative_model"] == "privacy_claims"
|
|
assert result["review_export"]["schema_version"] == "privacy_review_export.v1"
|
|
assert result["review_export"]["review_summary"]["dm_strong_claim"]["allowed"] is True
|
|
assert result["review_export"]["review_summary"]["private_default_rollout_safe"]["allowed"] is True
|
|
assert result["review_export"]["review_summary"]["major_blocker"]["state"] == "none"
|
|
assert result["final_review_bundle"]["schema_version"] == "privacy_final_review_bundle.v1"
|
|
assert result["final_review_bundle"]["release_readiness_verdict"]["state"] == "release_ready"
|
|
assert result["final_review_bundle"]["review_completeness"]["identifier_free"] is True
|
|
assert result["staged_rollout_telemetry"]["schema_version"] == "privacy_staged_rollout_telemetry.v1"
|
|
assert result["staged_rollout_telemetry"]["rollout_stage_recommendation"] == "private_default_canary"
|
|
assert result["staged_rollout_telemetry"]["rollout_safe_now"] is True
|
|
assert result["release_claims_matrix"]["schema_version"] == "privacy_release_claims_matrix.v1"
|
|
assert result["release_claims_matrix"]["rows"]["dm_strong_claim_now"]["allowed"] is True
|
|
assert result["release_claims_matrix"]["rows"]["gate_transitional_claim_now"]["allowed"] is True
|
|
assert result["release_claims_matrix"]["rows"]["private_default_rollout_claim_now"]["allowed"] is True
|
|
assert result["release_checklist"]["schema_version"] == "privacy_release_checklist.v1"
|
|
assert result["release_checklist"]["checklist_status"] == "completed"
|
|
assert result["release_checklist"]["completed_count"] == 6
|
|
assert result["release_checklist"]["pending_count"] == 0
|
|
assert result["claim_surface_sources"]["surfaces"]["privacy_claims"]["surface_class"] == "authoritative_diagnostic"
|
|
assert result["claim_surface_sources"]["surfaces"]["privacy_status"]["surface_class"] == "coarse_ordinary_summary"
|
|
assert result["strong_claims"]["source_model"] == "privacy_claims"
|
|
assert result["strong_claims"]["source_surface"] == "privacy_claims"
|
|
assert result["strong_claims"]["surface_class"] == "compatibility_shim"
|
|
assert result["strong_claims"]["authoritative_claim_state"] == "dm_strong_ready"
|
|
assert result["release_gate"]["source_model"] == "rollout_readiness"
|
|
assert result["release_gate"]["source_surface"] == "rollout_readiness"
|
|
assert result["release_gate"]["surface_class"] == "compatibility_shim"
|
|
assert result["release_gate"]["authoritative_gate_claim_state"] == "gate_transitional_ready"
|
|
assert result["release_gate"]["authoritative_rollout_state"] == "ready_for_private_default"
|
|
assert result["release_gate"]["ready"] == result["rollout_readiness"]["allowed"]
|
|
|
|
|
|
def test_ordinary_settings_status_omits_detailed_claim_matrix(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_get_wormhole_status(_request("/api/settings/wormhole-status"))
|
|
)
|
|
|
|
assert "privacy_claims" not in result
|
|
assert "rollout_readiness" not in result
|
|
assert "rollout_controls" not in result
|
|
assert "rollout_health" not in result
|
|
assert "claim_surface_sources" not in result
|
|
assert "review_export" not in result
|
|
assert "final_review_bundle" not in result
|
|
assert "staged_rollout_telemetry" not in result
|
|
assert "release_claims_matrix" not in result
|
|
assert "release_checklist" not in result
|
|
assert "explicit_review_export" not in result
|
|
assert "review_manifest" not in result
|
|
assert "review_consistency" not in result
|
|
assert result["strong_claims"]["allowed"] is False
|
|
assert result["release_gate"]["ready"] is False
|
|
assert result["privacy_status"]["state"] == "dm_strong_pending"
|
|
assert "blockers" not in result["privacy_status"]
|
|
|
|
|
|
def test_diagnostic_settings_status_matches_wormhole_status_claims(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_strong_claims_policy_snapshot",
|
|
lambda **_kwargs: _strong_claims_good(),
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_release_gate_status",
|
|
lambda **_kwargs: {
|
|
**_release_gate_good(),
|
|
"compatibility_shim": True,
|
|
"source_model": "privacy_claims",
|
|
"authoritative_dm_claim_state": "dm_strong_ready",
|
|
"authoritative_gate_claim_state": "gate_transitional_ready",
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
wormhole = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
settings = asyncio.run(
|
|
main.api_get_wormhole_status(
|
|
_request("/api/settings/wormhole-status?exposure=diagnostic")
|
|
)
|
|
)
|
|
|
|
assert settings["privacy_claims"] == wormhole["privacy_claims"]
|
|
assert settings["privacy_status"] == wormhole["privacy_status"]
|
|
assert settings["rollout_readiness"] == wormhole["rollout_readiness"]
|
|
assert settings["rollout_controls"] == wormhole["rollout_controls"]
|
|
assert settings["rollout_health"] == wormhole["rollout_health"]
|
|
assert settings["claim_surface_sources"] == wormhole["claim_surface_sources"]
|
|
assert settings["review_export"] == wormhole["review_export"]
|
|
assert settings["final_review_bundle"] == wormhole["final_review_bundle"]
|
|
assert settings["staged_rollout_telemetry"] == wormhole["staged_rollout_telemetry"]
|
|
assert settings["release_claims_matrix"] == wormhole["release_claims_matrix"]
|
|
assert settings["release_checklist"] == wormhole["release_checklist"]
|
|
assert (
|
|
settings["privacy_claims"]["claims"]["gate_transitional"]["state"]
|
|
== "gate_transitional_ready"
|
|
)
|
|
|
|
|
|
def test_settings_gate_transitional_claim_is_not_blocked_by_omitted_inputs(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 1},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_get_wormhole_status(
|
|
_request("/api/settings/wormhole-status?exposure=diagnostic")
|
|
)
|
|
)
|
|
|
|
gate = result["privacy_claims"]["claims"]["gate_transitional"]
|
|
assert gate["allowed"] is True
|
|
assert gate["state"] == "gate_transitional_ready"
|
|
assert gate["blockers"] == []
|
|
|
|
|
|
def test_compatibility_shim_surfaces_track_authoritative_claim_states(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
|
|
assert result["strong_claims"]["compatibility_shim"] is True
|
|
assert result["strong_claims"]["surface_class"] == "compatibility_shim"
|
|
assert result["strong_claims"]["authoritative_claim"] == "dm_strong"
|
|
assert result["strong_claims"]["authoritative_claim_state"] == result["privacy_claims"]["claims"]["dm_strong"]["state"]
|
|
assert result["strong_claims"]["coarse_surface_consistent"] is True
|
|
assert result["release_gate"]["compatibility_shim"] is True
|
|
assert result["release_gate"]["surface_class"] == "compatibility_shim"
|
|
assert result["release_gate"]["authoritative_dm_claim_state"] == result["privacy_claims"]["claims"]["dm_strong"]["state"]
|
|
assert result["release_gate"]["authoritative_gate_claim_state"] == result["privacy_claims"]["claims"]["gate_transitional"]["state"]
|
|
assert result["release_gate"]["authoritative_rollout_state"] == result["rollout_readiness"]["state"]
|
|
assert result["release_gate"]["ready"] == result["rollout_readiness"]["allowed"]
|
|
assert result["release_gate"]["authoritative_rollout_consistent"] is True
|
|
|
|
|
|
def test_ordinary_wormhole_status_coarse_chip_does_not_contradict_legacy_shim_booleans(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(main.api_wormhole_status(_request("/api/wormhole/status")))
|
|
|
|
assert result["strong_claims"]["allowed"] is False
|
|
assert result["release_gate"]["ready"] is False
|
|
assert result["privacy_status"]["state"] not in {"dm_strong_ready", "gate_transitional_ready"}
|
|
|
|
|
|
def test_ordinary_settings_status_coarse_chip_does_not_contradict_legacy_shim_booleans(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_get_wormhole_status(_request("/api/settings/wormhole-status"))
|
|
)
|
|
|
|
assert result["strong_claims"]["allowed"] is False
|
|
assert result["release_gate"]["ready"] is False
|
|
assert result["privacy_status"]["state"] not in {"dm_strong_ready", "gate_transitional_ready"}
|
|
|
|
|
|
def test_diagnostic_claim_surface_sources_are_explicit_and_identifier_free(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
|
|
annotations = result["claim_surface_sources"]
|
|
assert annotations["authoritative_model"] == "privacy_claims"
|
|
assert annotations["surfaces"]["privacy_status"]["surface_class"] == "coarse_ordinary_summary"
|
|
assert annotations["surfaces"]["strong_claims"]["surface_class"] == "compatibility_shim"
|
|
assert annotations["surfaces"]["release_gate"]["source_surface"] == "rollout_readiness"
|
|
assert "recent_targets" not in repr(annotations)
|
|
|
|
|
|
def test_live_diagnostic_review_export_prefers_override_over_ready_readiness(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: {**_attested_current(), "override_active": True})
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(main, "compatibility_status_snapshot", lambda: {"usage": {}, "sunset": {}})
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_strong_claims_policy_snapshot",
|
|
lambda **_kwargs: _strong_claims_good(),
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_release_gate_status",
|
|
lambda **_kwargs: {
|
|
**_release_gate_good(),
|
|
"compatibility_shim": True,
|
|
"source_model": "privacy_claims",
|
|
"authoritative_dm_claim_state": "dm_strong_ready",
|
|
"authoritative_gate_claim_state": "gate_transitional_ready",
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_ok",
|
|
"detail": "lookup handles healthy",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": True, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
|
|
assert result["rollout_readiness"]["state"] == "ready_for_private_default"
|
|
assert result["rollout_controls"]["state"] == "override_active"
|
|
assert result["review_export"]["review_summary"]["private_default_rollout_safe"]["allowed"] is False
|
|
assert result["review_export"]["review_summary"]["private_default_rollout_safe"]["state"] == "blocked_by_operator_override"
|
|
assert result["review_export"]["review_summary"]["major_blocker"]["state"] == "operator_override"
|
|
|
|
|
|
def test_rollout_diagnostics_are_identifier_free(monkeypatch):
|
|
monkeypatch.setattr(main, "_check_scoped_auth", lambda *_args, **_kwargs: (True, "ok"))
|
|
monkeypatch.setattr(
|
|
main,
|
|
"get_wormhole_state",
|
|
lambda: {
|
|
"installed": True,
|
|
"configured": True,
|
|
"running": True,
|
|
"ready": True,
|
|
"arti_ready": True,
|
|
"rns_ready": True,
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "_privacy_core_status", lambda: _attested_current())
|
|
monkeypatch.setattr(main, "local_custody_status_snapshot", lambda: _protected_custody())
|
|
monkeypatch.setattr(
|
|
main,
|
|
"compatibility_status_snapshot",
|
|
lambda: {
|
|
"usage": {
|
|
"legacy_agent_id_lookup": {
|
|
"count": 1,
|
|
"last_seen_at": 1,
|
|
"blocked_count": 0,
|
|
"recent_targets": [{"agent_id": "sb://raw-id"}],
|
|
}
|
|
},
|
|
"sunset": {},
|
|
},
|
|
)
|
|
monkeypatch.setattr(main, "gate_privileged_access_status_snapshot", _gate_privilege_ok)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_upgrade_invite_scoped_contact_preferences_background",
|
|
lambda: {"ok": True, "upgraded_contacts": 0},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"lookup_handle_rotation_status_snapshot",
|
|
lambda: {
|
|
"state": "lookup_handle_rotation_pending",
|
|
"detail": "lookup handle rollover pending",
|
|
"active_handle_count": 1,
|
|
"fresh_handle_available": False,
|
|
},
|
|
)
|
|
monkeypatch.setattr(
|
|
main,
|
|
"_refresh_lookup_handle_rotation_background",
|
|
lambda **_kwargs: {"ok": False, "rotated": False},
|
|
)
|
|
|
|
result = asyncio.run(
|
|
main.api_wormhole_status(_request("/api/wormhole/status?exposure=diagnostic"))
|
|
)
|
|
|
|
rollout_text = (
|
|
repr(result["rollout_controls"])
|
|
+ repr(result["rollout_health"])
|
|
+ repr(result["review_export"])
|
|
+ repr(result["final_review_bundle"])
|
|
+ repr(result["staged_rollout_telemetry"])
|
|
+ repr(result["release_claims_matrix"])
|
|
+ repr(result["release_checklist"])
|
|
+ repr(
|
|
explicit_review_export_snapshot(
|
|
final_review_bundle=result["final_review_bundle"],
|
|
staged_rollout_telemetry=result["staged_rollout_telemetry"],
|
|
release_claims_matrix=result["release_claims_matrix"],
|
|
release_checklist=result["release_checklist"],
|
|
)
|
|
)
|
|
+ repr(
|
|
review_manifest_snapshot(
|
|
explicit_review_export=explicit_review_export_snapshot(
|
|
final_review_bundle=result["final_review_bundle"],
|
|
staged_rollout_telemetry=result["staged_rollout_telemetry"],
|
|
release_claims_matrix=result["release_claims_matrix"],
|
|
release_checklist=result["release_checklist"],
|
|
)
|
|
)
|
|
)
|
|
+ repr(
|
|
review_consistency_snapshot(
|
|
explicit_review_export=explicit_review_export_snapshot(
|
|
final_review_bundle=result["final_review_bundle"],
|
|
staged_rollout_telemetry=result["staged_rollout_telemetry"],
|
|
release_claims_matrix=result["release_claims_matrix"],
|
|
release_checklist=result["release_checklist"],
|
|
),
|
|
review_manifest=review_manifest_snapshot(
|
|
explicit_review_export=explicit_review_export_snapshot(
|
|
final_review_bundle=result["final_review_bundle"],
|
|
staged_rollout_telemetry=result["staged_rollout_telemetry"],
|
|
release_claims_matrix=result["release_claims_matrix"],
|
|
release_checklist=result["release_checklist"],
|
|
)
|
|
),
|
|
)
|
|
)
|
|
)
|
|
assert "recent_targets" not in rollout_text
|
|
assert "sb://raw-id" not in rollout_text
|