吸收数字员工高风险缺口安全壳总收口

This commit is contained in:
baiyanyun
2026-06-15 23:33:11 +08:00
parent 3a41eb40d0
commit d0b7223b53
3 changed files with 146 additions and 14 deletions

View File

@@ -2557,6 +2557,53 @@ class DigitalEmployeeSyncApplicationServiceImplTest {
assertThat(billingCharge.getReasonCodes()).contains("billing_actual_disabled");
}
@Test
void createAdminActionRejectsRemainingHighRiskClosureActions() {
Map<String, String> disabledActions = Map.ofEntries(
Map.entry("edit_policy_remote", "edit_policy_remote_disabled"),
Map.entry("auto_merge_policy", "auto_merge_policy_disabled"),
Map.entry("auto_decide_approval", "auto_decision_disabled"),
Map.entry("route_recover_execute", "route_recovery_disabled"),
Map.entry("cleanup_file_batch", "batch_cleanup_disabled"),
Map.entry("remote_delete_artifact", "remote_delete_disabled"),
Map.entry("real_push_notification", "real_push_disabled"),
Map.entry("external_send_daily_report", "external_send_disabled"),
Map.entry("third_party_send", "third_party_channel_disabled"),
Map.entry("run_schedule_now", "run_schedule_now_disabled"),
Map.entry("start_scheduler", "start_scheduler_disabled"),
Map.entry("hard_interrupt", "hard_interrupt_disabled"),
Map.entry("activate_plan", "high_risk_governance_action_disabled"),
Map.entry("cancel_run", "high_risk_governance_action_disabled"),
Map.entry("cancel_task", "high_risk_governance_action_disabled"),
Map.entry("accept_remote_approval_batch", "high_risk_governance_action_disabled"),
Map.entry("start_service", "start_service_disabled"),
Map.entry("stop_service", "stop_service_disabled"),
Map.entry("lease_takeover", "lease_takeover_disabled"),
Map.entry("execute_auto_recovery", "auto_recovery_execution_disabled"),
Map.entry("install_skill", "install_action_disabled"),
Map.entry("upgrade_skill", "upgrade_action_disabled"),
Map.entry("edit_permission_scope", "permission_edit_disabled"),
Map.entry("merge_memory_auto", "merge_action_disabled"),
Map.entry("push_remote_memory_policy", "remote_memory_policy_disabled"),
Map.entry("run_shell_repair", "run_shell_repair_disabled"),
Map.entry("modify_system_config", "modify_system_config_disabled"),
Map.entry("restart_unlisted_service", "restart_unlisted_service_disabled"),
Map.entry("delete_file_repair", "delete_file_repair_disabled"),
Map.entry("real_billing_charge", "billing_actual_disabled"),
Map.entry("archive_sandbox_file", "sandbox_archive_file_disabled"),
Map.entry("execute_auto_repair", "auto_repair_execution_disabled")
);
disabledActions.forEach((action, reasonCode) -> {
DigitalEmployeeAdminActionResultDto result = service.createAdminAction(
adminActionRequest("high_risk_closure", action, action)
);
assertThat(result.getOk()).isFalse();
assertThat(result.getStatus()).isEqualTo("rejected");
assertThat(result.getReasonCodes()).contains(reasonCode);
});
}
@Test
void queryPendingAdminActionsFiltersTenantClientDeviceAndMasksKey() {
when(adminActionRepository.queryActions(eq(101L), eq("client-key-001"), eq("device-001"), eq("pending"), eq(1L), eq(20L)))