superlocalmemory 2.8.5 → 3.0.0

package/src/compliance/tests/test_abac_engine.py

@@ -1,124 +0,0 @@
-# SPDX-License-Identifier: MIT
-# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
-"""Tests for ABAC policy engine.
-"""
-import tempfile
-import os
-import sys
-import json
-from pathlib import Path
-
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
-
-
-class TestABACEngine:
-    def setup_method(self):
-        self.tmp_dir = tempfile.mkdtemp()
-        self.policy_path = os.path.join(self.tmp_dir, "abac_policies.json")
-
-    def teardown_method(self):
-        import shutil
-        shutil.rmtree(self.tmp_dir, ignore_errors=True)
-
-    def _write_policies(self, policies):
-        with open(self.policy_path, "w") as f:
-            json.dump(policies, f)
-
-    def test_creation_no_policy_file(self):
-        """Engine works with no policy file — allow all."""
-        from compliance.abac_engine import ABACEngine
-        engine = ABACEngine(config_path="/nonexistent/path.json")
-        assert engine is not None
-
-    def test_missing_policy_allows_all(self):
-        """No policy file → all access allowed (backward compat)."""
-        from compliance.abac_engine import ABACEngine
-        engine = ABACEngine(config_path="/nonexistent/path.json")
-        result = engine.evaluate(subject={"agent_id": "user"}, resource={"access_level": "public"}, action="read")
-        assert result["allowed"] is True
-
-    def test_load_policies_from_json(self):
-        """Can load policies from JSON file."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "deny-private", "effect": "deny", "subjects": {"agent_id": "*"}, "resources": {"access_level": "private"}, "actions": ["read"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        assert len(engine.policies) == 1
-
-    def test_deny_policy_blocks_access(self):
-        """Deny policy prevents access to matching resources."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "deny-private", "effect": "deny", "subjects": {"agent_id": "*"}, "resources": {"access_level": "private"}, "actions": ["read"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        result = engine.evaluate(subject={"agent_id": "agent_a"}, resource={"access_level": "private"}, action="read")
-        assert result["allowed"] is False
-        assert result["policy_name"] == "deny-private"
-
-    def test_allow_policy_grants_access(self):
-        """Allow policy explicitly permits access."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "allow-admin", "effect": "allow", "subjects": {"agent_id": "admin"}, "resources": {"access_level": "*"}, "actions": ["read", "write", "delete"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        result = engine.evaluate(subject={"agent_id": "admin"}, resource={"access_level": "private"}, action="write")
-        assert result["allowed"] is True
-
-    def test_subject_matching_specific_agent(self):
-        """Policy matches specific agent_id."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "deny-untrusted", "effect": "deny", "subjects": {"agent_id": "untrusted_bot"}, "resources": {"access_level": "*"}, "actions": ["read"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        # untrusted_bot denied
-        r1 = engine.evaluate(subject={"agent_id": "untrusted_bot"}, resource={"access_level": "public"}, action="read")
-        assert r1["allowed"] is False
-        # trusted_agent allowed (no matching deny policy)
-        r2 = engine.evaluate(subject={"agent_id": "trusted_agent"}, resource={"access_level": "public"}, action="read")
-        assert r2["allowed"] is True
-
-    def test_resource_matching_by_project(self):
-        """Policy matches by project name."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "deny-secret-project", "effect": "deny", "subjects": {"agent_id": "*"}, "resources": {"project": "secret_project"}, "actions": ["read"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        r1 = engine.evaluate(subject={"agent_id": "user"}, resource={"project": "secret_project"}, action="read")
-        assert r1["allowed"] is False
-        r2 = engine.evaluate(subject={"agent_id": "user"}, resource={"project": "public_project"}, action="read")
-        assert r2["allowed"] is True
-
-    def test_action_matching(self):
-        """Policy only applies to specified actions."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "deny-delete", "effect": "deny", "subjects": {"agent_id": "*"}, "resources": {"access_level": "*"}, "actions": ["delete"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        r1 = engine.evaluate(subject={"agent_id": "user"}, resource={"access_level": "public"}, action="delete")
-        assert r1["allowed"] is False
-        r2 = engine.evaluate(subject={"agent_id": "user"}, resource={"access_level": "public"}, action="read")
-        assert r2["allowed"] is True
-
-    def test_deny_takes_precedence(self):
-        """When both allow and deny match, deny wins."""
-        from compliance.abac_engine import ABACEngine
-        self._write_policies([
-            {"name": "allow-all", "effect": "allow", "subjects": {"agent_id": "*"}, "resources": {"access_level": "*"}, "actions": ["read"]},
-            {"name": "deny-private", "effect": "deny", "subjects": {"agent_id": "*"}, "resources": {"access_level": "private"}, "actions": ["read"]}
-        ])
-        engine = ABACEngine(config_path=self.policy_path)
-        result = engine.evaluate(subject={"agent_id": "user"}, resource={"access_level": "private"}, action="read")
-        assert result["allowed"] is False
-
-    def test_evaluate_returns_reason(self):
-        """Evaluation result includes reason."""
-        from compliance.abac_engine import ABACEngine
-        engine = ABACEngine(config_path="/nonexistent/path.json")
-        result = engine.evaluate(subject={"agent_id": "user"}, resource={}, action="read")
-        assert "reason" in result

package/src/compliance/tests/test_abac_mcp_integration.py

@@ -1,118 +0,0 @@
-# SPDX-License-Identifier: MIT
-# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
-"""Tests for ABAC enforcement via MCP tool integration.
-"""
-import tempfile
-import os
-import sys
-import json
-from pathlib import Path
-
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
-
-
-class TestABACMCPIntegration:
-    def setup_method(self):
-        self.tmp_dir = tempfile.mkdtemp()
-        self.db_path = os.path.join(self.tmp_dir, "memory.db")
-
-    def teardown_method(self):
-        import shutil
-
-        shutil.rmtree(self.tmp_dir, ignore_errors=True)
-
-    def test_middleware_creation(self):
-        from compliance.abac_middleware import ABACMiddleware
-
-        mw = ABACMiddleware(self.db_path)
-        assert mw is not None
-
-    def test_check_read_access_default_allow(self):
-        """Default (no policies) allows all reads."""
-        from compliance.abac_middleware import ABACMiddleware
-
-        mw = ABACMiddleware(self.db_path)
-        result = mw.check_access(
-            agent_id="any_agent",
-            action="read",
-            resource={"access_level": "public"},
-        )
-        assert result["allowed"] is True
-
-    def test_check_write_access_default_allow(self):
-        from compliance.abac_middleware import ABACMiddleware
-
-        mw = ABACMiddleware(self.db_path)
-        result = mw.check_access(
-            agent_id="any_agent", action="write", resource={}
-        )
-        assert result["allowed"] is True
-
-    def test_check_access_with_deny_policy(self):
-        """Deny policy blocks access when enforced."""
-        from compliance.abac_middleware import ABACMiddleware
-
-        policy_path = os.path.join(self.tmp_dir, "abac_policies.json")
-        with open(policy_path, "w") as f:
-            json.dump(
-                [
-                    {
-                        "name": "deny-bots",
-                        "effect": "deny",
-                        "subjects": {"agent_id": "untrusted_bot"},
-                        "resources": {"access_level": "*"},
-                        "actions": ["read", "write"],
-                    }
-                ],
-                f,
-            )
-        mw = ABACMiddleware(self.db_path, policy_path=policy_path)
-        result = mw.check_access(
-            agent_id="untrusted_bot",
-            action="read",
-            resource={"access_level": "public"},
-        )
-        assert result["allowed"] is False
-
-    def test_denied_access_logged(self):
-        """Denied access is recorded for audit trail."""
-        from compliance.abac_middleware import ABACMiddleware
-
-        policy_path = os.path.join(self.tmp_dir, "abac_policies.json")
-        with open(policy_path, "w") as f:
-            json.dump(
-                [
-                    {
-                        "name": "deny-all-write",
-                        "effect": "deny",
-                        "subjects": {"agent_id": "*"},
-                        "resources": {"access_level": "*"},
-                        "actions": ["write"],
-                    }
-                ],
-                f,
-            )
-        mw = ABACMiddleware(self.db_path, policy_path=policy_path)
-        mw.check_access(agent_id="user", action="write", resource={})
-        assert mw.denied_count >= 1
-
-    def test_build_agent_context(self):
-        """build_agent_context creates proper context dict for store."""
-        from compliance.abac_middleware import ABACMiddleware
-
-        mw = ABACMiddleware(self.db_path)
-        ctx = mw.build_agent_context(agent_id="claude_agent", protocol="mcp")
-        assert ctx["agent_id"] == "claude_agent"
-        assert ctx["protocol"] == "mcp"
-
-    def test_graceful_when_compliance_unavailable(self):
-        """Middleware works even if ABACEngine import fails."""
-        from compliance.abac_middleware import ABACMiddleware
-
-        mw = ABACMiddleware(
-            self.db_path, policy_path="/nonexistent/path.json"
-        )
-        result = mw.check_access(
-            agent_id="user", action="read", resource={}
-        )
-        assert result["allowed"] is True

package/src/compliance/tests/test_audit_db.py

@@ -1,123 +0,0 @@
-# SPDX-License-Identifier: MIT
-# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
-"""Tests for audit database with hash chain tamper detection.
-"""
-import sqlite3
-import tempfile
-import os
-import sys
-import hashlib
-import json
-from pathlib import Path
-
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
-
-
-class TestAuditDB:
-    def setup_method(self):
-        self.tmp_dir = tempfile.mkdtemp()
-        self.db_path = os.path.join(self.tmp_dir, "audit.db")
-
-    def teardown_method(self):
-        import shutil
-        shutil.rmtree(self.tmp_dir, ignore_errors=True)
-
-    def test_creation(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        assert db is not None
-
-    def test_schema_created(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        conn = sqlite3.connect(self.db_path)
-        tables = {r[0] for r in conn.execute("SELECT name FROM sqlite_master WHERE type='table'").fetchall()}
-        conn.close()
-        assert "audit_events" in tables
-
-    def test_log_event(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        eid = db.log_event(event_type="memory.created", actor="user", resource_id=1, details={"action": "create"})
-        assert isinstance(eid, int)
-        assert eid > 0
-
-    def test_hash_chain_first_entry(self):
-        """First entry's prev_hash should be a known genesis value."""
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        conn = sqlite3.connect(self.db_path)
-        row = conn.execute("SELECT prev_hash, entry_hash FROM audit_events WHERE id=1").fetchone()
-        conn.close()
-        assert row[0] == "genesis"
-        assert row[1] is not None and len(row[1]) == 64  # SHA-256 hex
-
-    def test_hash_chain_links(self):
-        """Each entry's prev_hash should equal the previous entry's entry_hash."""
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=2)
-        db.log_event("memory.deleted", actor="user", resource_id=1)
-        conn = sqlite3.connect(self.db_path)
-        rows = conn.execute("SELECT id, prev_hash, entry_hash FROM audit_events ORDER BY id").fetchall()
-        conn.close()
-        assert rows[1][1] == rows[0][2]  # Entry 2's prev = Entry 1's hash
-        assert rows[2][1] == rows[1][2]  # Entry 3's prev = Entry 2's hash
-
-    def test_verify_chain_valid(self):
-        """verify_chain returns True for untampered chain."""
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-        result = db.verify_chain()
-        assert result["valid"] is True
-        assert result["entries_checked"] == 2
-
-    def test_verify_chain_detects_tampering(self):
-        """verify_chain returns False if an entry was modified."""
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-        # Tamper with the first entry
-        conn = sqlite3.connect(self.db_path)
-        conn.execute("UPDATE audit_events SET actor='hacker' WHERE id=1")
-        conn.commit()
-        conn.close()
-        result = db.verify_chain()
-        assert result["valid"] is False
-
-    def test_query_by_type(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="user", resource_id=1)
-        db.log_event("memory.created", actor="user", resource_id=2)
-        results = db.query_events(event_type="memory.created")
-        assert len(results) == 2
-
-    def test_query_by_actor(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-        results = db.query_events(actor="agent_a")
-        assert len(results) == 1
-
-    def test_query_by_time_range(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        results = db.query_events(limit=10)
-        assert len(results) >= 1
-        assert "created_at" in results[0]
-
-    def test_empty_chain_is_valid(self):
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.db_path)
-        result = db.verify_chain()
-        assert result["valid"] is True
-        assert result["entries_checked"] == 0

package/src/compliance/tests/test_audit_logger.py

@@ -1,98 +0,0 @@
-# SPDX-License-Identifier: MIT
-# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
-"""Tests for audit logger EventBus listener.
-"""
-import tempfile, os, sys, sqlite3
-from datetime import datetime
-from pathlib import Path
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
-
-class TestAuditLogger:
-    def setup_method(self):
-        self.tmp_dir = tempfile.mkdtemp()
-        self.audit_db_path = os.path.join(self.tmp_dir, "audit.db")
-
-    def teardown_method(self):
-        import shutil
-        shutil.rmtree(self.tmp_dir, ignore_errors=True)
-
-    def test_creation(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        assert logger is not None
-
-    def test_logs_memory_created(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({"event_type": "memory.created", "memory_id": 1, "payload": {}, "timestamp": datetime.now().isoformat(), "source_agent": "user"})
-        conn = sqlite3.connect(self.audit_db_path)
-        rows = conn.execute("SELECT * FROM audit_events WHERE event_type='memory.created'").fetchall()
-        conn.close()
-        assert len(rows) == 1
-
-    def test_logs_memory_recalled(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({"event_type": "memory.recalled", "memory_id": 2, "payload": {"query": "test"}, "timestamp": datetime.now().isoformat(), "source_agent": "agent_a"})
-        conn = sqlite3.connect(self.audit_db_path)
-        rows = conn.execute("SELECT * FROM audit_events WHERE event_type='memory.recalled'").fetchall()
-        conn.close()
-        assert len(rows) == 1
-
-    def test_logs_memory_deleted(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({"event_type": "memory.deleted", "memory_id": 3, "payload": {}, "timestamp": datetime.now().isoformat(), "source_agent": "user"})
-        conn = sqlite3.connect(self.audit_db_path)
-        rows = conn.execute("SELECT * FROM audit_events WHERE event_type='memory.deleted'").fetchall()
-        conn.close()
-        assert len(rows) == 1
-
-    def test_hash_chain_maintained(self):
-        """Multiple events maintain hash chain integrity."""
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        for i in range(5):
-            logger.handle_event({"event_type": "memory.created", "memory_id": i, "payload": {}, "timestamp": datetime.now().isoformat(), "source_agent": "user"})
-        from compliance.audit_db import AuditDB
-        db = AuditDB(self.audit_db_path)
-        result = db.verify_chain()
-        assert result["valid"] is True
-        assert result["entries_checked"] == 5
-
-    def test_logs_lifecycle_transitions(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({"event_type": "lifecycle.transitioned", "memory_id": 1, "payload": {"from_state": "active", "to_state": "warm"}, "timestamp": datetime.now().isoformat(), "source_agent": "scheduler"})
-        conn = sqlite3.connect(self.audit_db_path)
-        rows = conn.execute("SELECT * FROM audit_events").fetchall()
-        conn.close()
-        assert len(rows) == 1
-
-    def test_ignores_unknown_gracefully(self):
-        """Unknown event types logged without error."""
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({"event_type": "unknown.event", "payload": {}, "timestamp": datetime.now().isoformat(), "source_agent": "test"})
-        assert logger.events_logged >= 1
-
-    def test_graceful_on_malformed_event(self):
-        """Malformed events don't crash the logger."""
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        logger.handle_event({})  # Empty event
-        logger.handle_event({"event_type": "test"})  # Missing fields
-        # Should not crash
-
-    def test_register_with_eventbus(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        result = logger.register_with_eventbus()
-        assert isinstance(result, bool)
-
-    def test_get_status(self):
-        from compliance.audit_logger import AuditLogger
-        logger = AuditLogger(self.audit_db_path)
-        status = logger.get_status()
-        assert "events_logged" in status
-        assert "registered" in status

package/src/compliance/tests/test_mcp_audit.py

@@ -1,128 +0,0 @@
-# SPDX-License-Identifier: MIT
-# Copyright (c) 2026 SuperLocalMemory (superlocalmemory.com)
-"""Tests for audit_trail MCP tool handler.
-
-Validates the MCP wrapper around AuditDB — tests empty trail, event logging,
-event_type and actor filtering, and hash chain verification.
-"""
-import asyncio
-import os
-import shutil
-import sys
-import tempfile
-from pathlib import Path
-
-import pytest
-
-sys.path.insert(0, str(Path(__file__).resolve().parent.parent.parent))
-
-
-class TestMCPAuditTrail:
-    """Tests for the audit_trail tool handler."""
-
-    def setup_method(self):
-        self.tmp_dir = tempfile.mkdtemp()
-        self.db_path = os.path.join(self.tmp_dir, "audit.db")
-
-    def teardown_method(self):
-        shutil.rmtree(self.tmp_dir, ignore_errors=True)
-
-    def _run(self, coro):
-        return asyncio.get_event_loop().run_until_complete(coro)
-
-    def test_empty_trail(self):
-        """Fresh audit DB should return count=0."""
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail())
-        assert result["success"] is True
-        assert result["count"] == 0
-        assert result["events"] == []
-
-    def test_verify_empty_chain(self):
-        """Hash chain verification on empty DB should be valid."""
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail(verify_chain=True))
-        assert result["success"] is True
-        assert result["chain_valid"] is True
-        assert result["chain_entries"] == 0
-
-    def test_query_with_events(self):
-        """After logging events, query should return them."""
-        from compliance.audit_db import AuditDB
-
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-        db.log_event("memory.created", actor="user", resource_id=2)
-
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail())
-        assert result["success"] is True
-        assert result["count"] == 3
-
-    def test_filter_by_event_type(self):
-        """Filtering by event_type should narrow results."""
-        from compliance.audit_db import AuditDB
-
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail(event_type="memory.created"))
-        assert result["count"] == 1
-        assert result["events"][0]["event_type"] == "memory.created"
-
-    def test_filter_by_actor(self):
-        """Filtering by actor should narrow results."""
-        from compliance.audit_db import AuditDB
-
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="agent_a", resource_id=1)
-
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail(actor="agent_a"))
-        assert result["count"] == 1
-        assert result["events"][0]["actor"] == "agent_a"
-
-    def test_verify_chain_with_events(self):
-        """Hash chain with events should verify successfully."""
-        from compliance.audit_db import AuditDB
-
-        db = AuditDB(self.db_path)
-        db.log_event("memory.created", actor="user", resource_id=1)
-        db.log_event("memory.recalled", actor="user", resource_id=1)
-        db.log_event("memory.updated", actor="user", resource_id=1)
-
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail(verify_chain=True))
-        assert result["success"] is True
-        assert result["chain_valid"] is True
-        assert result["chain_entries"] == 3
-
-    def test_limit_parameter(self):
-        """Limit parameter should cap returned events."""
-        from compliance.audit_db import AuditDB
-
-        db = AuditDB(self.db_path)
-        for i in range(10):
-            db.log_event("memory.created", actor="user", resource_id=i)
-
-        import mcp_tools_v28 as tools
-        tools.DEFAULT_AUDIT_DB = self.db_path
-
-        result = self._run(tools.audit_trail(limit=3))
-        assert result["count"] == 3