Alexander Whitestone
1263d11f52
Co-authored-by: Alexander Whitestone <alexander@alexanderwhitestone.com> Co-committed-by: Alexander Whitestone <alexander@alexanderwhitestone.com>
123 lines
3.9 KiB
Python
123 lines
3.9 KiB
Python
"""
|
|
Tests for approval tier system
|
|
|
|
Issue: #670
|
|
"""
|
|
|
|
import unittest
|
|
from tools.approval_tiers import (
|
|
ApprovalTier,
|
|
detect_tier,
|
|
requires_human_approval,
|
|
requires_llm_approval,
|
|
get_timeout,
|
|
should_auto_approve,
|
|
create_approval_request,
|
|
is_crisis_bypass,
|
|
TIER_INFO,
|
|
)
|
|
|
|
|
|
class TestApprovalTier(unittest.TestCase):
|
|
|
|
def test_tier_values(self):
|
|
self.assertEqual(ApprovalTier.SAFE, 0)
|
|
self.assertEqual(ApprovalTier.LOW, 1)
|
|
self.assertEqual(ApprovalTier.MEDIUM, 2)
|
|
self.assertEqual(ApprovalTier.HIGH, 3)
|
|
self.assertEqual(ApprovalTier.CRITICAL, 4)
|
|
|
|
|
|
class TestTierDetection(unittest.TestCase):
|
|
|
|
def test_safe_actions(self):
|
|
self.assertEqual(detect_tier("read_file"), ApprovalTier.SAFE)
|
|
self.assertEqual(detect_tier("web_search"), ApprovalTier.SAFE)
|
|
self.assertEqual(detect_tier("session_search"), ApprovalTier.SAFE)
|
|
|
|
def test_low_actions(self):
|
|
self.assertEqual(detect_tier("write_file"), ApprovalTier.LOW)
|
|
self.assertEqual(detect_tier("terminal"), ApprovalTier.LOW)
|
|
self.assertEqual(detect_tier("execute_code"), ApprovalTier.LOW)
|
|
|
|
def test_medium_actions(self):
|
|
self.assertEqual(detect_tier("send_message"), ApprovalTier.MEDIUM)
|
|
self.assertEqual(detect_tier("git_push"), ApprovalTier.MEDIUM)
|
|
|
|
def test_high_actions(self):
|
|
self.assertEqual(detect_tier("config_change"), ApprovalTier.HIGH)
|
|
self.assertEqual(detect_tier("key_rotation"), ApprovalTier.HIGH)
|
|
|
|
def test_critical_actions(self):
|
|
self.assertEqual(detect_tier("kill_process"), ApprovalTier.CRITICAL)
|
|
self.assertEqual(detect_tier("shutdown"), ApprovalTier.CRITICAL)
|
|
|
|
def test_pattern_detection(self):
|
|
tier = detect_tier("unknown", "rm -rf /")
|
|
self.assertEqual(tier, ApprovalTier.CRITICAL)
|
|
|
|
tier = detect_tier("unknown", "sudo apt install")
|
|
self.assertEqual(tier, ApprovalTier.MEDIUM)
|
|
|
|
|
|
class TestTierInfo(unittest.TestCase):
|
|
|
|
def test_safe_no_approval(self):
|
|
self.assertFalse(requires_human_approval(ApprovalTier.SAFE))
|
|
self.assertFalse(requires_llm_approval(ApprovalTier.SAFE))
|
|
self.assertIsNone(get_timeout(ApprovalTier.SAFE))
|
|
|
|
def test_medium_requires_both(self):
|
|
self.assertTrue(requires_human_approval(ApprovalTier.MEDIUM))
|
|
self.assertTrue(requires_llm_approval(ApprovalTier.MEDIUM))
|
|
self.assertEqual(get_timeout(ApprovalTier.MEDIUM), 60)
|
|
|
|
def test_critical_fast_timeout(self):
|
|
self.assertEqual(get_timeout(ApprovalTier.CRITICAL), 10)
|
|
|
|
|
|
class TestAutoApprove(unittest.TestCase):
|
|
|
|
def test_safe_auto_approves(self):
|
|
self.assertTrue(should_auto_approve("read_file"))
|
|
self.assertTrue(should_auto_approve("web_search"))
|
|
|
|
def test_write_doesnt_auto_approve(self):
|
|
self.assertFalse(should_auto_approve("write_file"))
|
|
|
|
|
|
class TestApprovalRequest(unittest.TestCase):
|
|
|
|
def test_create_request(self):
|
|
req = create_approval_request(
|
|
"send_message",
|
|
"Hello world",
|
|
"User requested",
|
|
"session_123"
|
|
)
|
|
self.assertEqual(req.tier, ApprovalTier.MEDIUM)
|
|
self.assertEqual(req.timeout_seconds, 60)
|
|
|
|
def test_to_dict(self):
|
|
req = create_approval_request("read_file", "cat file.txt", "test", "s1")
|
|
d = req.to_dict()
|
|
self.assertEqual(d["tier"], 0)
|
|
self.assertEqual(d["tier_name"], "Safe")
|
|
|
|
|
|
class TestCrisisBypass(unittest.TestCase):
|
|
|
|
def test_send_message_bypass(self):
|
|
self.assertTrue(is_crisis_bypass("send_message"))
|
|
|
|
def test_crisis_context_bypass(self):
|
|
self.assertTrue(is_crisis_bypass("unknown", "call 988 lifeline"))
|
|
self.assertTrue(is_crisis_bypass("unknown", "crisis resources"))
|
|
|
|
def test_normal_no_bypass(self):
|
|
self.assertFalse(is_crisis_bypass("read_file"))
|
|
|
|
|
|
if __name__ == "__main__":
|
|
unittest.main()
|