PyPI - ai-testing-swarm - Versions diffs - 0.1.11__tar.gz → 0.1.13__tar.gz - Mend

ai-testing-swarm 0.1.11tar.gz → 0.1.13tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ai-testing-swarm
-Version: 0.1.11
+Version: 0.1.13
 Summary: AI-powered testing swarm
 Author-email: Arif Shah <ashah7775@gmail.com>
 License: MIT

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "ai-testing-swarm"
-version = "0.1.11"
+version = "0.1.13"
 description = "AI-powered testing swarm"
 readme = "README.md"
 requires-python = ">=3.9"

ai_testing_swarm-0.1.13/src/ai_testing_swarm/__init__.py ADDED Viewed

	@@ -0,0 +1 @@
1	+ __version__ = "0.1.13"

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/src/ai_testing_swarm/agents/llm_reasoning_agent.py RENAMED Viewed

@@ -73,13 +73,33 @@ class LLMReasoningAgent:
         # =========================================================
         # 3️⃣ HTTP-LEVEL HARD RULES (NO AI)
         # =========================================================
+        # Method misuse tests: 404/405 are expected (endpoint not available for that method)
+        if status_code in (404, 405):
+            if (
+                isinstance(test_name, str)
+                and test_name.startswith("wrong_method_")
+            ) or (mutation and mutation.get("strategy") == "method_misuse"):
+                return {
+                    "type": "method_not_allowed" if status_code == 405 else "not_found",
+                    "confidence": 1.0,
+                    "explanation": f"HTTP {status_code} for wrong-method negative test (expected)"
+                }
         if status_code == 405:
+            # 405 outside method-misuse tests can still be informative
             return {
                 "type": "method_not_allowed",
                 "confidence": 1.0,
                 "explanation": "HTTP 405 Method Not Allowed"
             }
+        if status_code == 404:
+            return {
+                "type": "not_found",
+                "confidence": 0.9,
+                "explanation": "HTTP 404 Not Found"
+            }
         if status_code in (401, 403):
             return {
                 "type": "auth_issue",
@@ -100,6 +120,30 @@ class LLMReasoningAgent:
         if mutation:
             strategy = mutation.get("strategy")
+            # Header tampering / content negotiation tests
+            if status_code == 406 and strategy == "headers":
+                return {
+                    "type": "content_negotiation",
+                    "confidence": 1.0,
+                    "explanation": "406 Not Acceptable after Accept/header mutation (expected)"
+                }
+            # Header tampering accepted (2xx) can be risky depending on the mutation
+            if 200 <= status_code < 300 and strategy == "headers":
+                return {
+                    "type": "headers_accepted",
+                    "confidence": 0.8,
+                    "explanation": "Header mutation still returned 2xx (review if expected)"
+                }
+            # Wrong-method negative test accepted => risk
+            if 200 <= status_code < 300 and strategy == "method_misuse":
+                return {
+                    "type": "method_risk",
+                    "confidence": 1.0,
+                    "explanation": "Wrong HTTP method was accepted with 2xx (unexpected)"
+                }
             if status_code == 400 and strategy == "missing_param":
                 return {
                     "type": "missing_param",
@@ -107,6 +151,14 @@ class LLMReasoningAgent:
                     "explanation": "400 response after required parameter removal"
                 }
+            # Missing param accepted (2xx) is often weak validation (risky)
+            if 200 <= status_code < 300 and strategy == "missing_param":
+                return {
+                    "type": "missing_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Parameter removal still returned 2xx (potential missing validation)"
+                }
             if status_code == 400 and strategy == "null_param":
                 return {
                     "type": "missing_param",
@@ -114,6 +166,13 @@ class LLMReasoningAgent:
                     "explanation": "400 response after nullifying parameter"
                 }
+            if 200 <= status_code < 300 and strategy == "null_param":
+                return {
+                    "type": "null_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Nullified parameter still returned 2xx (potential weak validation)"
+                }
             if status_code == 400 and strategy == "invalid_param":
                 return {
                     "type": "invalid_param",
@@ -121,6 +180,13 @@ class LLMReasoningAgent:
                     "explanation": "400 response after invalid parameter mutation"
                 }
+            if 200 <= status_code < 300 and strategy == "invalid_param":
+                return {
+                    "type": "invalid_param_accepted",
+                    "confidence": 1.0,
+                    "explanation": "Invalid parameter still returned 2xx (potential weak validation)"
+                }
             # ✅ FIX: security payload blocked → SAFE
             if status_code >= 400 and status_code < 500 and strategy == "security":
                 return {

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/src/ai_testing_swarm/agents/release_gate_agent.py RENAMED Viewed

@@ -90,12 +90,17 @@ class ReleaseGateAgent:
         "infra",            # infra / network / 5xx
         "security_risk",    # malicious payload succeeded (2xx/3xx)
         "server_error",
-        "method_not_allowed",
+        # NOTE: method_not_allowed is expected for negative tests (wrong method)
     }
     # ⚠️ Ambiguous behavior (release with caution)
     RISKY_FAILURES = {
         "unknown",
+        "missing_param_accepted",
+        "null_param_accepted",
+        "invalid_param_accepted",
+        "headers_accepted",
+        "method_risk",
     }
     # ✅ EXPECTED & HEALTHY system behavior
@@ -104,6 +109,9 @@ class ReleaseGateAgent:
         "missing_param",
         "invalid_param",
         "security",         # 🔥 IMPORTANT: security blocked = SAFE
+        "method_not_allowed",
+        "not_found",
+        "content_negotiation",
     }
     def decide(self, results: list) -> str:

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/src/ai_testing_swarm/orchestrator.py RENAMED Viewed

@@ -14,6 +14,18 @@ EXPECTED_FAILURES = {
     "missing_param",
     "invalid_param",
     "security",
+    "method_not_allowed",
+    "not_found",
+    "content_negotiation",
+}
+RISKY_FAILURES = {
+    "unknown",
+    "missing_param_accepted",
+    "null_param_accepted",
+    "invalid_param_accepted",
+    "headers_accepted",
+    "method_risk",
 }
 class SwarmOrchestrator:
@@ -61,7 +73,9 @@ class SwarmOrchestrator:
                 "confidence": classification.get("confidence", 1.0),
                 "failure_type": classification.get("type"),
                 "status": (
-                    "PASSED" if classification.get("type") in EXPECTED_FAILURES else "FAILED"
+                    "PASSED" if classification.get("type") in EXPECTED_FAILURES
+                    else "RISK" if classification.get("type") in RISKY_FAILURES
+                    else "FAILED"
                 ),
             })
             # Optional learning step

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/src/ai_testing_swarm.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ai-testing-swarm
-Version: 0.1.11
+Version: 0.1.13
 Summary: AI-powered testing swarm
 Author-email: Arif Shah <ashah7775@gmail.com>
 License: MIT

{ai_testing_swarm-0.1.11 → ai_testing_swarm-0.1.13}/src/ai_testing_swarm.egg-info/SOURCES.txt RENAMED Viewed

@@ -26,4 +26,5 @@ src/ai_testing_swarm/core/safety.py
 src/ai_testing_swarm/reporting/__init__.py
 src/ai_testing_swarm/reporting/report_writer.py
 tests/test_openapi_loader.py
+tests/test_policy_expected_negatives.py
 tests/test_swarm_api.py

ai_testing_swarm-0.1.13/tests/test_policy_expected_negatives.py ADDED Viewed

@@ -0,0 +1,34 @@
+from ai_testing_swarm.agents.llm_reasoning_agent import LLMReasoningAgent
+from ai_testing_swarm.agents.release_gate_agent import ReleaseGateAgent
+def test_wrong_method_405_is_expected_not_blocking():
+    reasoner = LLMReasoningAgent()
+    exec_result = {
+        "name": "wrong_method_POST",
+        "mutation": {"strategy": "method_misuse"},
+        "response": {"status_code": 405, "elapsed_ms": 10, "body_snippet": ""},
+    }
+    cls = reasoner.reason(exec_result)
+    assert cls["type"] == "method_not_allowed"
+    # Gate should not reject release if happy path passes and only expected negatives exist
+    gate = ReleaseGateAgent()
+    decision = gate.decide([
+        {"name": "happy_path", "failure_type": "success", "response": {"status_code": 200}},
+        {"name": "wrong_method_POST", "failure_type": cls["type"], "response": {"status_code": 405}},
+    ])
+    assert decision in ("APPROVE_RELEASE", "APPROVE_RELEASE_WITH_RISKS")
+def test_accept_header_406_is_expected():
+    reasoner = LLMReasoningAgent()
+    exec_result = {
+        "name": "headers_accept_text",
+        "mutation": {"strategy": "headers"},
+        "response": {"status_code": 406, "elapsed_ms": 10, "body_snippet": ""},
+    }
+    cls = reasoner.reason(exec_result)
+    assert cls["type"] == "content_negotiation"