fix(delivery): controlled status cleanup readiness
Some checks failed
CD Pipeline / tests (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
Code Review / ai-code-review (push) Has been cancelled
Ansible / Reboot Recovery Contract / validate (push) Successful in 1m15s
Some checks failed
CD Pipeline / tests (push) Has been cancelled
CD Pipeline / build-and-deploy (push) Has been cancelled
CD Pipeline / post-deploy-checks (push) Has been cancelled
Code Review / ai-code-review (push) Has been cancelled
Ansible / Reboot Recovery Contract / validate (push) Successful in 1m15s
This commit is contained in:
@@ -1,10 +1,10 @@
|
||||
"""
|
||||
AWOOOI Status Cleanup dashboard snapshot.
|
||||
|
||||
Loads the read-only dashboard that combines status cleanup preflight, owner
|
||||
review, owner response preflight, dry-run execution plan, apply gate, and
|
||||
artifact sync readback. This module never writes memory, syncs raw Codex app
|
||||
data, fetches repos, modifies workflows, queries Wazuh live APIs, or authorizes
|
||||
Loads the dashboard that combines status cleanup preflight, controlled owner
|
||||
acknowledgements, dry-run package readiness, apply boundaries, and artifact
|
||||
sync readback. This module never writes memory, syncs raw Codex app data,
|
||||
fetches repos, modifies workflows, queries Wazuh live APIs, or authorizes
|
||||
runtime writes.
|
||||
"""
|
||||
|
||||
@@ -19,6 +19,7 @@ from src.services.snapshot_paths import default_operations_dir
|
||||
_DEFAULT_OPERATIONS_DIR = default_operations_dir(Path(__file__))
|
||||
_SNAPSHOT_PATTERN = "awoooi-status-cleanup-dashboard.snapshot.json"
|
||||
_SCHEMA_VERSION = "awoooi_status_cleanup_dashboard_v1"
|
||||
_CONTROLLED_STATUS = "controlled_status_cleanup_package_ready"
|
||||
|
||||
|
||||
def load_latest_awoooi_status_cleanup_dashboard(
|
||||
@@ -80,8 +81,10 @@ def _require_summary(payload: dict[str, Any], label: str) -> None:
|
||||
actions = payload.get("next_actions") or []
|
||||
if payload.get("target_route") != "/workspace/status-cleanup":
|
||||
raise ValueError(f"{label}: target_route must remain /workspace/status-cleanup")
|
||||
if summary.get("dashboard_status") != "blocked_status_cleanup_apply_not_authorized":
|
||||
raise ValueError(f"{label}: dashboard_status must remain blocked")
|
||||
if summary.get("dashboard_status") != _CONTROLLED_STATUS:
|
||||
raise ValueError(
|
||||
f"{label}: dashboard_status must remain {_CONTROLLED_STATUS}"
|
||||
)
|
||||
if summary.get("gate_count") != len(gates):
|
||||
raise ValueError(f"{label}: gate_count mismatch")
|
||||
if summary.get("blocked_gate_count") != sum(1 for item in gates if item.get("blocked") is True):
|
||||
@@ -101,6 +104,31 @@ def _require_summary(payload: dict[str, Any], label: str) -> None:
|
||||
raise ValueError(f"{label}: summary.{flag} must remain false")
|
||||
if summary.get("gate_count") != 5:
|
||||
raise ValueError(f"{label}: dashboard must contain five status cleanup gates")
|
||||
if summary.get("blocked_gate_count") != 0:
|
||||
raise ValueError(f"{label}: controlled dashboard gates must be unblocked")
|
||||
controlled_counts = {
|
||||
"accepted_owner_flag_count": "required_owner_flag_count",
|
||||
"approved_update_section_count": "required_update_section_count",
|
||||
"approved_target_path_count": "target_path_count",
|
||||
"boundary_ack_count": "required_boundary_ack_count",
|
||||
}
|
||||
mismatched_counts = sorted(
|
||||
key
|
||||
for key, required_key in controlled_counts.items()
|
||||
if summary.get(key) != summary.get(required_key)
|
||||
)
|
||||
if mismatched_counts:
|
||||
raise ValueError(
|
||||
f"{label}: controlled acknowledgements incomplete: {mismatched_counts}"
|
||||
)
|
||||
for flag in (
|
||||
"controlled_status_cleanup_package_ready",
|
||||
"controlled_owner_acknowledgements_ready",
|
||||
"controlled_dry_run_package_ready",
|
||||
"controlled_post_apply_verifier_required",
|
||||
):
|
||||
if summary.get(flag) is not True:
|
||||
raise ValueError(f"{label}: summary.{flag} must remain true")
|
||||
if summary.get("wazuh_handoff_status") != "blocked_not_released":
|
||||
raise ValueError(f"{label}: Wazuh handoff status must remain blocked")
|
||||
if summary.get("wazuh_handoff_base_commit") != "b540fc0c":
|
||||
|
||||
@@ -14,11 +14,21 @@ def test_load_latest_awoooi_status_cleanup_dashboard_reads_committed_snapshot():
|
||||
data = load_latest_awoooi_status_cleanup_dashboard()
|
||||
|
||||
assert data["schema_version"] == "awoooi_status_cleanup_dashboard_v1"
|
||||
assert data["summary"]["dashboard_status"] == "blocked_status_cleanup_apply_not_authorized"
|
||||
assert data["summary"]["dashboard_status"] == "controlled_status_cleanup_package_ready"
|
||||
assert data["summary"]["gate_count"] == 5
|
||||
assert data["summary"]["blocked_gate_count"] == 5
|
||||
assert data["summary"]["accepted_owner_flag_count"] == 0
|
||||
assert data["summary"]["required_owner_flag_count"] == 6
|
||||
assert data["summary"]["blocked_gate_count"] == 0
|
||||
assert data["summary"]["accepted_owner_flag_count"] == data["summary"]["required_owner_flag_count"]
|
||||
assert data["summary"]["required_owner_flag_count"] >= 1
|
||||
assert data["summary"]["approved_update_section_count"] == data["summary"]["required_update_section_count"]
|
||||
assert data["summary"]["required_update_section_count"] >= 1
|
||||
assert data["summary"]["approved_target_path_count"] == data["summary"]["target_path_count"]
|
||||
assert data["summary"]["target_path_count"] >= 1
|
||||
assert data["summary"]["boundary_ack_count"] == data["summary"]["required_boundary_ack_count"]
|
||||
assert data["summary"]["required_boundary_ack_count"] >= 1
|
||||
assert data["summary"]["controlled_status_cleanup_package_ready"] is True
|
||||
assert data["summary"]["controlled_owner_acknowledgements_ready"] is True
|
||||
assert data["summary"]["controlled_dry_run_package_ready"] is True
|
||||
assert data["summary"]["controlled_post_apply_verifier_required"] is True
|
||||
assert data["summary"]["apply_allowed"] is False
|
||||
assert data["summary"]["memory_write_authorized"] is False
|
||||
assert data["summary"]["wazuh_api_live_query_authorized"] is False
|
||||
@@ -64,6 +74,7 @@ def test_load_latest_awoooi_status_cleanup_dashboard_reads_committed_snapshot():
|
||||
"execution_plan",
|
||||
"apply_gate",
|
||||
}
|
||||
assert {item["blocked"] for item in data["gate_cards"]} == {False}
|
||||
|
||||
|
||||
def test_awoooi_status_cleanup_dashboard_rejects_memory_write_authorization(tmp_path):
|
||||
@@ -93,6 +104,24 @@ def test_awoooi_status_cleanup_dashboard_rejects_live_metadata_gate(tmp_path):
|
||||
load_latest_awoooi_status_cleanup_dashboard(tmp_path)
|
||||
|
||||
|
||||
def test_awoooi_status_cleanup_dashboard_rejects_controlled_ack_count_drift(tmp_path):
|
||||
snapshot = _snapshot()
|
||||
snapshot["summary"]["accepted_owner_flag_count"] = 5
|
||||
_write_snapshot(tmp_path, snapshot)
|
||||
|
||||
with pytest.raises(ValueError, match="controlled acknowledgements incomplete"):
|
||||
load_latest_awoooi_status_cleanup_dashboard(tmp_path)
|
||||
|
||||
|
||||
def test_awoooi_status_cleanup_dashboard_rejects_controlled_flag_drift(tmp_path):
|
||||
snapshot = _snapshot()
|
||||
snapshot["summary"]["controlled_status_cleanup_package_ready"] = False
|
||||
_write_snapshot(tmp_path, snapshot)
|
||||
|
||||
with pytest.raises(ValueError, match="controlled_status_cleanup_package_ready"):
|
||||
load_latest_awoooi_status_cleanup_dashboard(tmp_path)
|
||||
|
||||
|
||||
def test_awoooi_status_cleanup_dashboard_rejects_missing_risk_control(tmp_path):
|
||||
snapshot = _snapshot()
|
||||
snapshot["risk_controls"] = [
|
||||
|
||||
@@ -16,8 +16,10 @@ def test_awoooi_status_cleanup_dashboard_endpoint_returns_snapshot():
|
||||
assert response.status_code == 200
|
||||
data = response.json()
|
||||
assert data["schema_version"] == "awoooi_status_cleanup_dashboard_v1"
|
||||
assert data["summary"]["dashboard_status"] == "blocked_status_cleanup_apply_not_authorized"
|
||||
assert data["summary"]["dashboard_status"] == "controlled_status_cleanup_package_ready"
|
||||
assert data["summary"]["gate_count"] == 5
|
||||
assert data["summary"]["blocked_gate_count"] == 0
|
||||
assert data["summary"]["controlled_status_cleanup_package_ready"] is True
|
||||
assert data["summary"]["apply_allowed"] is False
|
||||
assert data["summary"]["memory_write_authorized"] is False
|
||||
assert data["summary"]["wazuh_api_live_query_authorized"] is False
|
||||
|
||||
@@ -35,6 +35,10 @@ def test_delivery_closure_workbench_endpoint_returns_product_summary():
|
||||
sources = {source["id"]: source for source in data["source_statuses"]}
|
||||
assert sorted(lanes) == ["backup", "gitea", "github", "release", "runtime"]
|
||||
assert lanes["release"]["metric"]["kind"] == "blocked_gate"
|
||||
assert lanes["release"]["status"] == "controlled_status_cleanup_package_ready"
|
||||
assert lanes["release"]["blocker_count"] == 0
|
||||
assert lanes["release"]["metric"]["blocked"] == 0
|
||||
assert lanes["release"]["metric"]["total"] == 5
|
||||
assert lanes["github"]["metric"]["kind"] == "private_backup_verified"
|
||||
assert lanes["gitea"]["metric"]["kind"] == "workflow_count"
|
||||
assert lanes["runtime"]["metric"]["kind"] == "surface_count"
|
||||
|
||||
Reference in New Issue
Block a user