agent_os_kernel 3.1.0__py3-none-any.whl

iatp/tests/test_recovery.py

@@ -0,0 +1,281 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+Tests for the IATP Recovery Engine (scak integration).
+"""
+import pytest
+
+from iatp.models import (
+    AgentCapabilities,
+    CapabilityManifest,
+    PrivacyContract,
+    RetentionPolicy,
+    ReversibilityLevel,
+    TrustLevel,
+)
+from iatp.recovery import IATPRecoveryEngine
+
+
+@pytest.mark.asyncio
+async def test_recovery_engine_initialization():
+    """Test that recovery engine initializes correctly."""
+    engine = IATPRecoveryEngine()
+    assert engine is not None
+    assert engine.recovery_history == {}
+
+
+@pytest.mark.asyncio
+async def test_handle_failure_with_reversibility():
+    """Test handling failure with reversible agent."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="reversible-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    error = Exception("Test error")
+    payload = {"test": "data"}
+
+    # Test without compensation callback
+    result = await engine.handle_failure(
+        trace_id="test-trace-1",
+        error=error,
+        manifest=manifest,
+        payload=payload,
+        compensation_callback=None
+    )
+
+    assert result is not None
+    assert "strategy" in result
+    assert "trace_id" in result
+    assert result["trace_id"] == "test-trace-1"
+
+
+@pytest.mark.asyncio
+async def test_handle_failure_with_compensation():
+    """Test handling failure with compensation callback."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="compensating-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    compensation_called = False
+
+    async def compensation_callback():
+        nonlocal compensation_called
+        compensation_called = True
+
+    error = Exception("Test error")
+    payload = {"test": "data"}
+
+    result = await engine.handle_failure(
+        trace_id="test-trace-2",
+        error=error,
+        manifest=manifest,
+        payload=payload,
+        compensation_callback=compensation_callback
+    )
+
+    assert result is not None
+    assert compensation_called is True
+    assert result["success"] is True
+    assert "compensation_executed" in result["actions_taken"]
+
+
+@pytest.mark.asyncio
+async def test_handle_failure_no_reversibility():
+    """Test handling failure with non-reversible agent."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="non-reversible-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        )
+    )
+
+    error = Exception("Test error")
+    payload = {"test": "data"}
+
+    result = await engine.handle_failure(
+        trace_id="test-trace-3",
+        error=error,
+        manifest=manifest,
+        payload=payload,
+        compensation_callback=None
+    )
+
+    assert result is not None
+    assert result["success"] is False
+    # Should give up or recommend retry
+    assert "strategy" in result
+
+
+def test_should_attempt_recovery_reversible():
+    """Test recovery attempt decision for reversible agent."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="reversible-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    error = Exception("Test error")
+
+    should_recover = engine.should_attempt_recovery(error, manifest)
+
+    assert should_recover is True
+
+
+def test_should_attempt_recovery_timeout():
+    """Test recovery attempt decision for timeout error."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="non-reversible-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY,
+            human_review=False,
+        )
+    )
+
+    error = TimeoutError("Request timeout")
+
+    should_recover = engine.should_attempt_recovery(error, manifest)
+
+    # Should attempt recovery for timeout even without reversibility
+    assert should_recover is True
+
+
+def test_get_recovery_history():
+    """Test retrieval of recovery history."""
+    engine = IATPRecoveryEngine()
+
+    # Add some history manually
+    engine.recovery_history["test-trace"] = {
+        "test": "data"
+    }
+
+    history = engine.get_recovery_history("test-trace")
+
+    assert history is not None
+    assert history["test"] == "data"
+
+    # Non-existent trace
+    missing_history = engine.get_recovery_history("non-existent")
+    assert missing_history is None
+
+
+@pytest.mark.asyncio
+async def test_handle_failure_compensation_exception():
+    """Test handling failure when compensation callback raises exception."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="failing-compensation-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    async def failing_compensation():
+        raise Exception("Compensation failed")
+
+    error = Exception("Test error")
+    payload = {"test": "data"}
+
+    result = await engine.handle_failure(
+        trace_id="test-trace-4",
+        error=error,
+        manifest=manifest,
+        payload=payload,
+        compensation_callback=failing_compensation
+    )
+
+    assert result is not None
+    assert result["success"] is False
+    assert any("compensation_failed" in action for action in result["actions_taken"])
+
+
+@pytest.mark.asyncio
+async def test_handle_failure_sync_callback():
+    """Test handling failure with synchronous compensation callback."""
+    engine = IATPRecoveryEngine()
+
+    manifest = CapabilityManifest(
+        agent_id="sync-compensation-agent",
+        trust_level=TrustLevel.TRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False,
+        )
+    )
+
+    compensation_called = False
+
+    def sync_compensation():
+        nonlocal compensation_called
+        compensation_called = True
+
+    error = Exception("Test error")
+    payload = {"test": "data"}
+
+    result = await engine.handle_failure(
+        trace_id="test-trace-5",
+        error=error,
+        manifest=manifest,
+        payload=payload,
+        compensation_callback=sync_compensation
+    )
+
+    assert result is not None
+    assert compensation_called is True
+    assert result["success"] is True

iatp/tests/test_security.py

@@ -0,0 +1,222 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+Unit tests for IATP security module.
+"""
+from iatp.models import (
+    AgentCapabilities,
+    CapabilityManifest,
+    PrivacyContract,
+    RetentionPolicy,
+    ReversibilityLevel,
+    TrustLevel,
+)
+from iatp.security import PrivacyScrubber, SecurityValidator
+
+
+def test_detect_credit_card():
+    """Test credit card detection with Luhn validation."""
+    validator = SecurityValidator()
+
+    # Test various credit card formats (using valid test card numbers)
+    # 4532015112830366 is a valid test Visa card that passes Luhn check
+    payload1 = {"data": "My card is 4532-0151-1283-0366"}
+    sensitive1 = validator.detect_sensitive_data(payload1)
+    assert "credit_card" in sensitive1
+
+    payload2 = {"data": "My card is 4532 0151 1283 0366"}
+    sensitive2 = validator.detect_sensitive_data(payload2)
+    assert "credit_card" in sensitive2
+
+    payload3 = {"data": "My card is 4532015112830366"}
+    sensitive3 = validator.detect_sensitive_data(payload3)
+    assert "credit_card" in sensitive3
+
+    # Test with invalid card number (should not be detected)
+    payload4 = {"data": "My card is 1234-5678-9012-3456"}
+    sensitive4 = validator.detect_sensitive_data(payload4)
+    assert "credit_card" not in sensitive4
+
+
+def test_detect_ssn():
+    """Test SSN detection."""
+    validator = SecurityValidator()
+
+    payload = {"data": "My SSN is 123-45-6789"}
+    sensitive = validator.detect_sensitive_data(payload)
+    assert "ssn" in sensitive
+
+
+def test_detect_email():
+    """Test email detection."""
+    validator = SecurityValidator()
+
+    payload = {"data": "Contact me at test@example.com"}
+    sensitive = validator.detect_sensitive_data(payload)
+    assert "email" in sensitive
+
+
+def test_validate_privacy_policy_blocks_credit_card_forever():
+    """Test that credit cards are blocked for permanent retention."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="bad-agent",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.FOREVER
+        )
+    )
+
+    payload = {"credit_card": "4532-0151-1283-0366"}  # Valid test card
+    is_valid, error = validator.validate_privacy_policy(manifest, payload)
+
+    assert not is_valid
+    assert "Privacy Violation" in error
+    assert "credit card" in error.lower()
+
+
+def test_validate_privacy_policy_allows_credit_card_ephemeral():
+    """Test that credit cards are allowed for ephemeral retention."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="good-agent",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL
+        )
+    )
+
+    payload = {"credit_card": "4532-0151-1283-0366"}  # Valid test card
+    is_valid, error = validator.validate_privacy_policy(manifest, payload)
+
+    assert is_valid
+    assert error is None
+
+
+def test_validate_privacy_policy_blocks_ssn_non_ephemeral():
+    """Test that SSN is blocked for non-ephemeral retention."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="medium-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.TEMPORARY
+        )
+    )
+
+    payload = {"ssn": "123-45-6789"}
+    is_valid, error = validator.validate_privacy_policy(manifest, payload)
+
+    assert not is_valid
+    assert "SSN" in error
+
+
+def test_generate_warning_low_trust():
+    """Test warning generation for low trust agents."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="sketchy-agent",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.FOREVER,
+            human_review=True
+        )
+    )
+
+    warning = validator.generate_warning_message(manifest, {})
+
+    assert warning is not None
+    assert "Low trust score" in warning
+    assert "does not support transaction reversal" in warning
+    assert "stores data indefinitely" in warning
+    assert "may have humans review your data" in warning
+
+
+def test_generate_warning_trusted_agent():
+    """Test that no warning is generated for trusted agents."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="trusted-agent",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            human_review=False
+        )
+    )
+
+    warning = validator.generate_warning_message(manifest, {})
+    assert warning is None
+
+
+def test_should_quarantine_untrusted():
+    """Test quarantine decision for untrusted agents."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="untrusted-agent",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL
+        )
+    )
+
+    assert validator.should_quarantine(manifest)
+
+
+def test_should_quarantine_no_reversibility_permanent():
+    """Test quarantine for no reversibility and permanent storage."""
+    validator = SecurityValidator()
+    manifest = CapabilityManifest(
+        agent_id="risky-agent",
+        trust_level=TrustLevel.STANDARD,
+        capabilities=AgentCapabilities(
+            reversibility=ReversibilityLevel.NONE
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.FOREVER
+        )
+    )
+
+    assert validator.should_quarantine(manifest)
+
+
+def test_scrub_credit_card():
+    """Test scrubbing credit card from payload."""
+    payload = {
+        "user": "john",
+        "payment": {
+            "card": "4532-0151-1283-0366",  # Valid test card
+            "cvv": "123"
+        }
+    }
+
+    scrubbed = PrivacyScrubber.scrub_payload(payload)
+
+    scrubbed_str = str(scrubbed)
+    assert "4532-0151-1283-0366" not in scrubbed_str
+    assert "[CREDIT_CARD_REDACTED]" in scrubbed_str
+
+
+def test_scrub_ssn():
+    """Test scrubbing SSN from payload."""
+    payload = {
+        "user": "john",
+        "ssn": "123-45-6789"
+    }
+
+    scrubbed = PrivacyScrubber.scrub_payload(payload)
+
+    scrubbed_str = str(scrubbed)
+    assert "123-45-6789" not in scrubbed_str
+    assert "[SSN_REDACTED]" in scrubbed_str

iatp/tests/test_sidecar.py

@@ -0,0 +1,167 @@
+# Copyright (c) Microsoft Corporation.
+# Licensed under the MIT License.
+"""
+Integration tests for the IATP Sidecar.
+"""
+import pytest
+from fastapi.testclient import TestClient
+
+from iatp.models import (
+    AgentCapabilities,
+    CapabilityManifest,
+    PrivacyContract,
+    RetentionPolicy,
+    ReversibilityLevel,
+    TrustLevel,
+)
+from iatp.sidecar import create_sidecar
+
+
+@pytest.fixture
+def trusted_manifest():
+    """Create a trusted agent manifest for testing."""
+    return CapabilityManifest(
+        agent_id="test-trusted-agent",
+        agent_version="1.0.0",
+        trust_level=TrustLevel.VERIFIED_PARTNER,
+        capabilities=AgentCapabilities(
+            idempotency=True,
+            reversibility=ReversibilityLevel.FULL,
+            undo_window="24h",
+            sla_latency="1000ms"
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.EPHEMERAL,
+            storage_location="us-east",
+            human_review=False
+        )
+    )
+
+
+@pytest.fixture
+def untrusted_manifest():
+    """Create an untrusted agent manifest for testing."""
+    return CapabilityManifest(
+        agent_id="test-untrusted-agent",
+        agent_version="0.1.0",
+        trust_level=TrustLevel.UNTRUSTED,
+        capabilities=AgentCapabilities(
+            idempotency=False,
+            reversibility=ReversibilityLevel.NONE
+        ),
+        privacy_contract=PrivacyContract(
+            retention=RetentionPolicy.FOREVER,
+            storage_location="unknown",
+            human_review=True
+        )
+    )
+
+
+def test_health_check(trusted_manifest):
+    """Test the health check endpoint."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=trusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    response = client.get("/health")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["status"] == "healthy"
+    assert data["agent_id"] == "test-trusted-agent"
+
+
+def test_get_manifest(trusted_manifest):
+    """Test getting the capability manifest."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=trusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    response = client.get("/.well-known/agent-manifest")
+    assert response.status_code == 200
+    data = response.json()
+    assert data["agent_id"] == "test-trusted-agent"
+    assert data["trust_level"] == "verified_partner"
+    assert data["capabilities"]["idempotency"] is True
+
+
+def test_invalid_json_payload(trusted_manifest):
+    """Test that invalid JSON is rejected."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=trusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    response = client.post(
+        "/proxy",
+        content="invalid json",
+        headers={"Content-Type": "application/json"}
+    )
+    assert response.status_code == 400
+    data = response.json()
+    assert "Invalid JSON" in data["error"]
+
+
+def test_blocked_credit_card_permanent_storage(untrusted_manifest):
+    """Test that credit cards are blocked for permanent storage."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=untrusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    response = client.post(
+        "/proxy",
+        json={
+            "task": "purchase",
+            "card": "4532-0151-1283-0366"  # Valid test card
+        }
+    )
+    assert response.status_code == 403
+    data = response.json()
+    assert "Privacy Violation" in data["error"]
+    assert data["blocked"] is True
+
+
+def test_warning_without_override(untrusted_manifest):
+    """Test that untrusted agents trigger warnings."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=untrusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    response = client.post(
+        "/proxy",
+        json={"task": "test", "data": {}}
+    )
+    assert response.status_code == 449
+    data = response.json()
+    assert "warning" in data
+    assert "requires_override" in data
+    assert data["requires_override"] is True
+
+
+def test_trace_id_injection(trusted_manifest):
+    """Test that trace IDs are properly handled."""
+    sidecar = create_sidecar(
+        agent_url="http://localhost:9999",
+        manifest=trusted_manifest
+    )
+    client = TestClient(sidecar.app)
+
+    # Provide a custom trace ID
+    custom_trace_id = "custom-trace-123"
+    response = client.post(
+        "/proxy",
+        json={"task": "test"},
+        headers={"X-Agent-Trace-ID": custom_trace_id}
+    )
+
+    # Even if backend fails, trace ID should be in error response
+    data = response.json()
+    assert "trace_id" in data