test: add send audit idempotency diagnostics
This commit is contained in:
@@ -58,7 +58,7 @@ N13/N14/N15 are pre-business validation results. They can help identify UI eleme
|
||||
|
||||
## Current loop
|
||||
|
||||
Current loop: `R6f fake/sandbox send connector contract complete; next R6g send audit and idempotency replay diagnostics`.
|
||||
Current loop: `R6g send audit and idempotency replay diagnostics complete; next R6h central production gate policy for send message`.
|
||||
|
||||
Active continuous execution plan: `docs/superpowers/plans/2026-07-10-r6f-r14-continuous-execution-plan.md`.
|
||||
|
||||
@@ -239,5 +239,14 @@ Continuous execution plan R6f-R14 is approved and execution has started:
|
||||
- Plan file: `docs/superpowers/plans/2026-07-10-r6f-r14-continuous-execution-plan.md`.
|
||||
- Scope: 15 ordered rounds covering send-message connector/gate hardening, send-file preview/idempotency/package, receive-file download preview, receive-message reconciliation, end-to-end business smoke, and release-candidate report.
|
||||
- Execution rule after approval: one round at a time, status-card update, verification, commit, push, then continue automatically until an evidence-only blocker requires user action.
|
||||
- Last completed round: R6f fake/sandbox send connector contract.
|
||||
- Next active round: R6g send audit and idempotency replay diagnostics.
|
||||
- Last completed round: R6g send audit and idempotency replay diagnostics.
|
||||
- Next active round: R6h central production gate policy for send message.
|
||||
|
||||
R6g send audit and idempotency replay diagnostics is complete:
|
||||
|
||||
- Added `scripts\verify-send-audit-idempotency.ps1`.
|
||||
- Added `scripts\test-verify-send-audit-idempotency.ps1`; the first run failed before the verifier existed, then passed after implementation.
|
||||
- Diagnostic output reports sanitized `audit_records`, `idempotency_records`, `duplicate_detected`, `conflict_detected`, `raw_body_present`, and `raw_idempotency_key_present`.
|
||||
- Added `TestISphereSendMessageAuditRedactionIsStable` proving file-backed audit JSONL does not store raw message body or raw idempotency key.
|
||||
- Standard verification still reports 9 tools and `production_send_enabled=false`.
|
||||
- Next node: R6h central production gate policy for send message.
|
||||
|
||||
@@ -275,6 +275,16 @@ $env:ISPHERE_SEND_IDEMPOTENCY_PATH = "E:\coding\codex\isphere-ai-bridge\runs\sen
|
||||
|
||||
If `ISPHERE_SEND_IDEMPOTENCY_PATH` is set, the send preview path records hashed idempotency state. Reusing the same idempotency key for the same target/content sets `duplicate_detected=true`; reusing it for different content or target returns blocked metadata with `conflict_detected=true`. Raw message body and raw idempotency key are not stored in the JSONL state.
|
||||
|
||||
R6g adds a local diagnostic for replaying the redacted audit/idempotency files without opening iSphere:
|
||||
|
||||
```powershell
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -File scripts\verify-send-audit-idempotency.ps1 `
|
||||
-AuditPath $env:ISPHERE_SEND_AUDIT_PATH `
|
||||
-IdempotencyPath $env:ISPHERE_SEND_IDEMPOTENCY_PATH
|
||||
```
|
||||
|
||||
The diagnostic prints sanitized counts and booleans: `audit_records`, `idempotency_records`, `duplicate_detected`, `conflict_detected`, `raw_body_present`, and `raw_idempotency_key_present`. It exits non-zero if a raw message body field or raw idempotency-key field is found.
|
||||
|
||||
## 10. Current tool surface and next-stage route
|
||||
|
||||
The current runbook verifies nine tools:
|
||||
|
||||
@@ -170,7 +170,7 @@ git push gitea main
|
||||
- Consumes: `ISPHERE_SEND_AUDIT_PATH`, `ISPHERE_SEND_IDEMPOTENCY_PATH`.
|
||||
- Produces script output keys: `audit_records`, `idempotency_records`, `duplicate_detected`, `conflict_detected`, `raw_body_present`, `raw_idempotency_key_present`.
|
||||
|
||||
- [ ] **Step 1: Write fixture test script**
|
||||
- [x] **Step 1: Write fixture test script**
|
||||
|
||||
`scripts/test-verify-send-audit-idempotency.ps1` creates temporary JSONL audit/idempotency files with one normal record, one duplicate, and one conflict.
|
||||
|
||||
@@ -180,7 +180,7 @@ powershell -NoProfile -ExecutionPolicy Bypass -File scripts\test-verify-send-aud
|
||||
|
||||
Expected before implementation: FAIL because `verify-send-audit-idempotency.ps1` does not exist.
|
||||
|
||||
- [ ] **Step 2: Implement diagnostic script**
|
||||
- [x] **Step 2: Implement diagnostic script**
|
||||
|
||||
`scripts/verify-send-audit-idempotency.ps1` accepts:
|
||||
|
||||
@@ -193,11 +193,11 @@ param(
|
||||
|
||||
It prints sanitized JSON with counts and booleans only; it exits non-zero if raw `content_text` or raw `idempotency_key` appears.
|
||||
|
||||
- [ ] **Step 3: Add tool-level test for audit redaction regression**
|
||||
- [x] **Step 3: Add tool-level test for audit redaction regression**
|
||||
|
||||
Add `TestISphereSendMessageAuditRedactionIsStable` asserting JSONL audit files do not contain the submitted message body or raw idempotency key.
|
||||
|
||||
- [ ] **Step 4: Verify and commit**
|
||||
- [x] **Step 4: Verify and commit**
|
||||
|
||||
```powershell
|
||||
git diff --check
|
||||
@@ -213,6 +213,14 @@ git push gitea main
|
||||
|
||||
**Acceptance gate:** Diagnostics can prove audit/idempotency shape without opening iSphere.
|
||||
|
||||
**R6g Result:**
|
||||
|
||||
- Added `scripts/test-verify-send-audit-idempotency.ps1` and confirmed the red test failed before the verifier existed.
|
||||
- Added `scripts/verify-send-audit-idempotency.ps1` to summarize redacted audit/idempotency JSONL files with sanitized counts and booleans.
|
||||
- Diagnostic detects duplicate same-key/same-target/content replay, conflict same-key/different-content replay, and raw field leaks.
|
||||
- Added `TestISphereSendMessageAuditRedactionIsStable` to prove file-backed audit JSONL does not store raw message body or raw idempotency key.
|
||||
- No iSphere login, real send, helper action, hook, upload, or network replay was introduced.
|
||||
|
||||
---
|
||||
|
||||
### R6h: Central production gate policy for send message
|
||||
|
||||
Reference in New Issue
Block a user