agent_os_kernel 3.1.0__py3-none-any.whl

iatp/tests/test_ed25519_attestation.py

@@ -0,0 +1,211 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""Tests for Ed25519 cryptographic attestation in IATP."""
+
+import pytest
+from iatp.attestation import (
+    AttestationValidator,
+    generate_ed25519_keypair,
+)
+
+
+@pytest.fixture
+def keypair():
+    """Generate a fresh Ed25519 key pair."""
+    return generate_ed25519_keypair()
+
+
+@pytest.fixture
+def validator_with_key(keypair):
+    """Create an AttestationValidator with a registered public key."""
+    _, public_b64 = keypair
+    v = AttestationValidator()
+    v.add_trusted_key("test-key", public_b64)
+    return v
+
+
+class TestGenerateKeypair:
+    def test_returns_two_strings(self):
+        priv, pub = generate_ed25519_keypair()
+        assert isinstance(priv, str)
+        assert isinstance(pub, str)
+
+    def test_keys_are_base64(self):
+        import base64
+        priv, pub = generate_ed25519_keypair()
+        priv_bytes = base64.b64decode(priv)
+        pub_bytes = base64.b64decode(pub)
+        assert len(priv_bytes) == 32  # Ed25519 private key is 32 bytes
+        assert len(pub_bytes) == 32   # Ed25519 public key is 32 bytes
+
+    def test_unique_each_call(self):
+        _, pub1 = generate_ed25519_keypair()
+        _, pub2 = generate_ed25519_keypair()
+        assert pub1 != pub2
+
+
+class TestRealCryptoSignAndVerify:
+    def test_sign_and_verify_roundtrip(self, keypair, validator_with_key):
+        """Create an attestation with real key, verify with real crypto."""
+        priv_b64, _ = keypair
+        v = validator_with_key
+
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabbccdd",
+            config_hash="11223344",
+            signing_key_id="test-key",
+            private_key=priv_b64,
+        )
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert is_valid, f"Verification failed: {error}"
+        assert error is None
+
+    def test_tampered_signature_rejected(self, keypair, validator_with_key):
+        """Tampered signature must be rejected."""
+        import base64
+        priv_b64, _ = keypair
+        v = validator_with_key
+
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabbccdd",
+            config_hash="11223344",
+            signing_key_id="test-key",
+            private_key=priv_b64,
+        )
+
+        # Tamper with the signature (flip a byte)
+        sig_bytes = bytearray(base64.b64decode(attestation.signature))
+        sig_bytes[0] ^= 0xFF
+        attestation.signature = base64.b64encode(bytes(sig_bytes)).decode()
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+        assert "invalid signature" in error.lower()
+
+    def test_tampered_agent_id_rejected(self, keypair, validator_with_key):
+        """Changing the agent_id after signing must be rejected."""
+        priv_b64, _ = keypair
+        v = validator_with_key
+
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabbccdd",
+            config_hash="11223344",
+            signing_key_id="test-key",
+            private_key=priv_b64,
+        )
+
+        # Tamper with agent_id (message changes, signature invalid)
+        attestation.agent_id = "evil-agent"
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+        assert "invalid signature" in error.lower()
+
+    def test_tampered_codebase_hash_rejected(self, keypair, validator_with_key):
+        """Changing the codebase_hash after signing must be rejected."""
+        priv_b64, _ = keypair
+        v = validator_with_key
+
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabbccdd",
+            config_hash="11223344",
+            signing_key_id="test-key",
+            private_key=priv_b64,
+        )
+
+        attestation.codebase_hash = "deadbeef"
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+
+    def test_wrong_key_rejected(self, keypair):
+        """Signature made with one key must fail with a different public key."""
+        priv_b64, _ = keypair
+        _, other_pub = generate_ed25519_keypair()
+
+        v = AttestationValidator()
+        v.add_trusted_key("other-key", other_pub)
+
+        # Sign with original key, register different public key
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabb",
+            config_hash="ccdd",
+            signing_key_id="other-key",
+            private_key=priv_b64,
+        )
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+        assert "invalid signature" in error.lower()
+
+    def test_unsigned_attestation_accepted_without_verify_flag(self, validator_with_key):
+        """When verify_signature=False, unsigned attestations pass."""
+        v = validator_with_key
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabb",
+            config_hash="ccdd",
+            signing_key_id="test-key",
+            private_key=None,  # No signing
+        )
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=False)
+        assert is_valid
+
+    def test_unsigned_attestation_rejected_with_verify_flag(self, validator_with_key):
+        """Unsigned attestation fails when verify_signature=True."""
+        v = validator_with_key
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabb",
+            config_hash="ccdd",
+            signing_key_id="test-key",
+            private_key=None,  # No real signing — base64 of message, not Ed25519
+        )
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+
+    def test_multiple_agents_different_keys(self):
+        """Each agent can have its own key pair."""
+        v = AttestationValidator()
+
+        priv1, pub1 = generate_ed25519_keypair()
+        priv2, pub2 = generate_ed25519_keypair()
+        v.add_trusted_key("key-agent1", pub1)
+        v.add_trusted_key("key-agent2", pub2)
+
+        att1 = v.create_attestation("agent-1", "h1", "c1", "key-agent1", priv1)
+        att2 = v.create_attestation("agent-2", "h2", "c2", "key-agent2", priv2)
+
+        assert v.validate_attestation(att1, verify_signature=True) == (True, None)
+        assert v.validate_attestation(att2, verify_signature=True) == (True, None)
+
+        # Cross-verify should fail (agent-1's attestation with agent-2's key)
+        att1.signing_key_id = "key-agent2"
+        is_valid, _ = v.validate_attestation(att1, verify_signature=True)
+        assert not is_valid
+
+    def test_expired_attestation_rejected_even_with_valid_sig(self, keypair, validator_with_key):
+        """Valid signature doesn't help if attestation is expired."""
+        priv_b64, _ = keypair
+        v = validator_with_key
+
+        attestation = v.create_attestation(
+            agent_id="agent-001",
+            codebase_hash="aabb",
+            config_hash="ccdd",
+            signing_key_id="test-key",
+            private_key=priv_b64,
+            expires_in_hours=-1,  # Already expired
+        )
+
+        is_valid, error = v.validate_attestation(attestation, verify_signature=True)
+        assert not is_valid
+        assert "expired" in error.lower()

iatp/tests/test_models.py

@@ -0,0 +1,130 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+Unit tests for IATP models.
+"""
+from iatp.models import (
+    AgentCapabilities,
+    CapabilityManifest,
+    PrivacyContract,
+    RetentionPolicy,
+    ReversibilityLevel,
+    TrustLevel,
+)
+
+
+def test_capability_manifest_creation():
+    """Test creating a capability manifest."""
+    manifest = CapabilityManifest(
+        agent_id="test-agent",
+        agent_version="1.0.0",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+            undo_window="24h",
+            sla_latency="1000ms"
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            storage_location="us-east",
+            human_review=False
+        )
+    )
+
+    assert manifest.agent_id == "test-agent"
+    assert manifest.trust_level == TrustLevel.TRUSTED
+    assert manifest.capabilities.idempotency is True
+    assert manifest.privacy_contract.retention == RetentionPolicy.EPHEMERAL
+
+
+def test_capability_manifest_with_scopes():
+    """Test creating a capability manifest with RBAC scopes."""
+    manifest = CapabilityManifest(
+        agent_id="coder-agent",
+        agent_version="1.0.0",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+        ),
+        scopes=["repo:read", "repo:write"]
+    )
+
+    assert manifest.agent_id == "coder-agent"
+    assert manifest.scopes == ["repo:read", "repo:write"]
+
+
+def test_capability_manifest_default_scopes():
+    """Test that scopes defaults to empty list."""
+    manifest = CapabilityManifest(
+        agent_id="agent-without-scopes",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+        )
+    )
+
+    assert manifest.scopes == []
+
+
+def test_trust_score_verified_partner():
+    """Test trust score for verified partner."""
+    manifest = CapabilityManifest(
+        agent_id="verified-agent",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False
+        )
+    )
+
+    score = manifest.calculate_trust_score()
+    assert score >= 8  # Verified partner with good privacy should score high
+
+
+def test_trust_score_untrusted():
+    """Test trust score for untrusted agent."""
+    manifest = CapabilityManifest(
+        agent_id="sketchy-agent",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.FOREVER,
+            human_review=True
+        )
+    )
+
+    score = manifest.calculate_trust_score()
+    assert score <= 3  # Untrusted agent with bad privacy should score low
+
+
+def test_privacy_contract_defaults():
+    """Test privacy contract default values."""
+    contract = PrivacyContract(
+        retention=RetentionPolicy.TEMPORARY
+    )
+
+    assert contract.human_review is False
+    assert contract.encryption_at_rest is True
+    assert contract.encryption_in_transit is True
+
+
+def test_agent_capabilities_defaults():
+    """Test agent capabilities default values."""
+    capabilities = AgentCapabilities()
+
+    assert capabilities.idempotency is False
+    assert capabilities.reversibility == ReversibilityLevel.NONE
+    assert capabilities.undo_window is None

iatp/tests/test_policy_engine.py

@@ -0,0 +1,347 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+Tests for the IATP Policy Engine.
+"""
+from iatp.models import (
+    AgentCapabilities,
+    CapabilityManifest,
+    PrivacyContract,
+    RetentionPolicy,
+    ReversibilityLevel,
+    TrustLevel,
+)
+from iatp.policy_engine import IATPPolicyEngine
+
+
+def test_policy_engine_initialization():
+    """Test that policy engine initializes with default policies."""
+    engine = IATPPolicyEngine()
+    assert engine is not None
+    assert len(engine.rules) > 0
+
+
+def test_validate_manifest_ephemeral_allowed():
+    """Test that ephemeral retention is allowed."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="test-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    is_allowed, error_msg, warning_msg = engine.validate_manifest(manifest)
+
+    assert is_allowed is True
+    assert error_msg is None
+    # May have warning for other reasons, but should not block
+
+
+def test_validate_manifest_permanent_warning():
+    """Test that permanent retention generates a warning but doesn't block."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="permanent-storage-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.PERMANENT,
+            human_review=True,
+        )
+    )
+
+    is_allowed, error_msg, warning_msg = engine.validate_manifest(manifest)
+
+    # Should be allowed but may have warnings
+    # (Actual blocking based on sensitive data happens in SecurityValidator)
+    assert is_allowed is True
+    # May have warning about no reversibility
+    if warning_msg:
+        assert "reversal" in warning_msg.lower() or "warning" in warning_msg.lower()
+
+
+def test_validate_manifest_no_reversibility_warning():
+    """Test that no reversibility generates warning."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="limited-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.NONE,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        )
+    )
+
+    is_allowed, error_msg, warning_msg = engine.validate_manifest(manifest)
+
+    assert is_allowed is True
+    assert error_msg is None
+    # Warning about no reversibility
+    if warning_msg:
+        assert "reversal" in warning_msg.lower() or "warning" in warning_msg.lower()
+
+
+def test_add_custom_rule():
+    """Test adding custom policy rules."""
+    engine = IATPPolicyEngine()
+
+    custom_rule = {
+        "name": "CustomTestRule",
+        "description": "Test custom rule",
+        "action": "deny",
+        "conditions": {"trust_level": ["untrusted"]}
+    }
+
+    engine.add_custom_rule(custom_rule)
+
+    # Test with untrusted agent
+    manifest = CapabilityManifest(
+        agent_id="untrusted-agent",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    is_allowed, error_msg, warning_msg = engine.validate_manifest(manifest)
+
+    # Should be blocked by custom rule or existing rules
+    assert is_allowed is False or warning_msg is not None
+
+
+def test_validate_handshake_compatible():
+    """Test handshake validation with compatible agent."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="compatible-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_capabilities=["reversibility", "idempotency"]
+    )
+
+    assert is_compatible is True
+    assert error_msg is None
+
+
+def test_validate_handshake_missing_capabilities():
+    """Test handshake validation with missing capabilities."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="limited-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        )
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_capabilities=["reversibility"]
+    )
+
+    assert is_compatible is False
+    assert error_msg is not None
+    assert "reversibility" in error_msg.lower()
+
+
+def test_manifest_to_context():
+    """Test conversion of manifest to policy context."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="test-agent",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.PARTIAL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=True,
+            encryption_at_rest=True,
+            encryption_in_transit=True,
+        )
+    )
+
+    context = engine._manifest_to_context(manifest)
+
+    assert context["agent_id"] == "test-agent"
+    assert context["trust_level"] == "verified_partner"
+    assert context["retention_policy"] == "ephemeral"
+    assert context["reversibility"] == "partial"
+    assert context["idempotency"] is True
+    assert context["human_review"] is True
+    assert context["encryption_at_rest"] is True
+    assert context["encryption_in_transit"] is True
+
+
+def test_validate_handshake_with_required_scopes():
+    """Test handshake validation with required scopes."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="coder-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        ),
+        scopes=["repo:read", "repo:write"]
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_scopes=["repo:write"]
+    )
+
+    assert is_compatible is True
+    assert error_msg is None
+
+
+def test_validate_handshake_missing_scopes():
+    """Test handshake validation with missing required scopes."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="reviewer-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        ),
+        scopes=["repo:read"]  # Only has read access
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_scopes=["repo:write"]  # But needs write access
+    )
+
+    assert is_compatible is False
+    assert error_msg is not None
+    assert "repo:write" in error_msg
+
+
+def test_validate_handshake_multiple_scopes():
+    """Test handshake validation with multiple required scopes."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="admin-agent",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        ),
+        scopes=["repo:read", "repo:write", "admin:manage"]
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_scopes=["repo:read", "repo:write"]
+    )
+
+    assert is_compatible is True
+    assert error_msg is None
+
+
+def test_validate_handshake_no_scopes_required():
+    """Test handshake validation when no scopes are required."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="basic-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        ),
+        scopes=[]  # No scopes
+    )
+
+    is_compatible, error_msg = engine.validate_handshake(
+        manifest,
+        required_scopes=None  # No scopes required
+    )
+
+    assert is_compatible is True
+    assert error_msg is None
+
+
+def test_manifest_to_context_with_scopes():
+    """Test conversion of manifest with scopes to policy context."""
+    engine = IATPPolicyEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="scoped-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        ),
+        scopes=["repo:read", "repo:write"]
+    )
+
+    context = engine._manifest_to_context(manifest)
+
+    assert context["scopes"] == ["repo:read", "repo:write"]