teleo-infrastructure/tests/test_kb_apply_prereqs.py
twentyOne2x fed5cb0805 Add guarded canonical claim application
- Normalize rich proposals into atomic reviewed canonical graph bundles with exact row verification.
- Harden reviewer/apply roles, upgrade ACLs, and prove generic plus Helmer lifecycles in isolated PostgreSQL.
- Publish repo-native VPS/GCP/Cory skills and live-readonly GCP inventory without changing the live VPS runtime.

`.agents/skills/crabbox/SKILL.md`
`.agents/skills/teleo-gcp-parity-ops/SKILL.md`
`.agents/skills/teleo-kb-db-change-workflow/SKILL.md`
`.agents/skills/teleo-leo-onboarding/SKILL.md`
`.agents/skills/teleo-vps-runtime-ops/SKILL.md`
`.agents/skills/working-leo-cory-outcomes/SKILL.md`
`docs/reports/leo-working-state-20260709/approve-claim-clone-canary-current.json`
`docs/reports/leo-working-state-20260709/approve-claim-clone-canary-current.md`
`docs/reports/leo-working-state-20260709/current-truth-index.md`
`docs/reports/leo-working-state-20260709/gcp-cloud-sql-t3-live-readonly-current.json`
`docs/reports/leo-working-state-20260709/gcp-cloud-sql-t3-live-readonly-current.md`
`docs/reports/leo-working-state-20260709/gcp-cloudsql-studio-parity-gate-current.json`
`docs/reports/leo-working-state-20260709/gcp-cloudsql-studio-parity-gate-current.md`
`docs/reports/leo-working-state-20260709/gcp-parallel-delegation-current.json`
`docs/reports/leo-working-state-20260709/helmer-approve-claim-clone-canary-current.json`
`docs/reports/leo-working-state-20260709/helmer-approve-claim-normalization-current.json`
`docs/reports/leo-working-state-20260709/skill-pack-manifest.json`
`docs/reports/leo-working-state-20260709/skill-pack-readme.md`
`docs/reports/leo-working-state-20260709/working-leo-current-state-20260709.md`
`docs/reports/leo-working-state-20260709/working-leo-definition-20260709.md`
`docs/reports/leo-working-state-20260709/working-leo-execution-plan-current.md`
`scripts/apply_proposal.py`
`scripts/apply_worker.py`
`scripts/approve_proposal.py`
`scripts/kb_apply_prereqs.sql`
`scripts/kb_proposal_normalize.py`
`scripts/probe_gcp_db_parity.py`
`scripts/run_approve_claim_clone_canary.py`
`scripts/run_approve_claim_isolated_container_canary.sh`
`tests/test_apply_proposal.py`
`tests/test_apply_worker.py`
`tests/test_approve_proposal.py`
`tests/test_kb_apply_prereqs.py`
`tests/test_kb_proposal_normalize.py`
`tests/test_kb_proposal_routes.py`
`tests/test_probe_gcp_db_parity.py`
`tests/test_repo_skill_pack.py`
2026-07-10 17:49:37 +02:00

498 lines
19 KiB
Python

from __future__ import annotations
import shutil
import subprocess
import time
import uuid
from collections.abc import Iterator
from pathlib import Path
import pytest
REPO_ROOT = Path(__file__).resolve().parents[1]
MIGRATION = REPO_ROOT / "scripts" / "kb_apply_prereqs.sql"
POSTGRES_IMAGE = "postgres:16-alpine"
DATABASE = "teleo_clone"
BOOTSTRAP_SQL = r"""
create role kb_gate_owner nologin inherit;
create role kb_review login inherit;
create role kb_apply login inherit;
create role broad_writer nologin;
create role rogue_owner nologin;
create role rogue_grantee nologin;
create schema kb_stage;
create table public.agents (
id uuid primary key,
handle text not null unique,
kind text not null
);
create table public.strategies (
id uuid primary key,
agent_id uuid not null,
active boolean not null default true
);
create table public.strategy_nodes (id uuid primary key);
create table public.claim_evidence (
id uuid primary key,
claim_id uuid not null,
source_id uuid not null,
role text not null
);
create table public.claim_edges (id uuid primary key);
create table public.claims (id uuid primary key);
create table public.sources (
id uuid primary key,
hash text not null
);
create table public.reasoning_tools (id uuid primary key);
insert into public.agents (id, handle, kind)
values ('11111111-1111-1111-1111-111111111111', 'm3ta', 'human');
create table kb_stage.kb_proposals (
id uuid primary key,
proposal_type text not null,
status text not null,
payload jsonb not null,
reviewed_by_handle text,
reviewed_by_agent_id uuid,
reviewed_at timestamptz,
review_note text,
applied_by_handle text,
applied_by_agent_id uuid,
applied_at timestamptz,
updated_at timestamptz not null default now()
);
create table kb_stage.kb_review_principals (
db_role name primary key,
reviewed_by_handle text not null,
reviewed_by_agent_id uuid not null references public.agents(id),
active boolean not null default true,
created_at timestamptz not null default now()
);
create table kb_stage.kb_proposal_approvals (
proposal_id uuid primary key references kb_stage.kb_proposals(id),
proposal_type text not null,
payload jsonb not null,
reviewed_by_handle text not null,
reviewed_by_agent_id uuid not null references public.agents(id),
reviewed_by_db_role name not null,
reviewed_at timestamptz not null,
review_note text not null
);
create function kb_stage.approve_strict_proposal(uuid, text, text)
returns jsonb language sql security definer
as $function$ select '{}'::jsonb $function$;
create function kb_stage.approve_strict_proposal(uuid, text, jsonb, text, text)
returns jsonb language sql security definer
as $function$ select '{}'::jsonb $function$;
create function kb_stage.assert_approved_proposal(
uuid, text, jsonb, text, uuid, timestamptz, text
) returns void language sql security definer
as $function$ select $function$;
create function kb_stage.finish_approved_proposal(
uuid, text, jsonb, text, uuid, timestamptz, text, text
) returns jsonb language sql security definer
as $function$ select '{}'::jsonb $function$;
grant all privileges on all tables in schema public
to kb_gate_owner, kb_apply, kb_review;
grant all privileges on all tables in schema kb_stage
to public, kb_gate_owner, kb_apply, kb_review;
grant all privileges on all functions in schema kb_stage
to public, kb_gate_owner, kb_apply, kb_review;
grant update (review_note) on kb_stage.kb_proposals to kb_apply;
grant select (review_note) on kb_stage.kb_proposals to public;
"""
def _psql(container: str, sql: str, *, check: bool = True) -> subprocess.CompletedProcess[str]:
completed = subprocess.run(
[
"docker",
"exec",
"-i",
container,
"psql",
"-X",
"-v",
"ON_ERROR_STOP=1",
"-U",
"postgres",
"-d",
DATABASE,
"-At",
"-F",
"|",
],
input=sql,
text=True,
capture_output=True,
check=False,
)
if check and completed.returncode != 0:
raise AssertionError(
f"psql failed with exit {completed.returncode}\nstdout:\n{completed.stdout}\nstderr:\n{completed.stderr}"
)
return completed
def _apply_migration(container: str, *, check: bool = True) -> subprocess.CompletedProcess[str]:
return _psql(container, MIGRATION.read_text(), check=check)
@pytest.fixture(scope="module")
def migrated_postgres() -> Iterator[str]:
if shutil.which("docker") is None:
pytest.skip("Docker is required for the disposable PostgreSQL migration canary")
container = f"kb-apply-prereqs-{uuid.uuid4().hex[:12]}"
started = subprocess.run(
[
"docker",
"run",
"--rm",
"-d",
"--name",
container,
"-e",
"POSTGRES_PASSWORD=postgres",
"-e",
f"POSTGRES_DB={DATABASE}",
POSTGRES_IMAGE,
],
text=True,
capture_output=True,
check=False,
)
if started.returncode != 0:
pytest.fail(f"could not start disposable PostgreSQL: {started.stderr}")
try:
for _ in range(120):
logs = subprocess.run(
["docker", "logs", container],
text=True,
capture_output=True,
check=False,
)
query = _psql(container, "select 1;", check=False)
ready_transitions = (logs.stdout + logs.stderr).count("database system is ready to accept connections")
if ready_transitions >= 2 and query.returncode == 0:
break
time.sleep(0.25)
else:
pytest.fail("disposable PostgreSQL did not become ready")
_psql(container, BOOTSTRAP_SQL)
_apply_migration(container)
yield container
finally:
subprocess.run(
["docker", "rm", "-f", container],
capture_output=True,
check=False,
)
def _lines(completed: subprocess.CompletedProcess[str]) -> set[str]:
return {line for line in completed.stdout.splitlines() if line}
def _catalog_snapshot(container: str) -> str:
return _psql(
container,
r"""
select 'role|' || rolname || '|' || rolcanlogin || '|' || rolinherit || '|' || rolsuper
from pg_catalog.pg_roles
where rolname in ('kb_gate_owner', 'kb_review', 'kb_apply')
order by rolname;
select 'owner|' || namespace.nspname || '|' || relation.relname || '|' || owner_role.rolname
from pg_catalog.pg_class relation
join pg_catalog.pg_namespace namespace on namespace.oid = relation.relnamespace
join pg_catalog.pg_roles owner_role on owner_role.oid = relation.relowner
where (namespace.nspname, relation.relname) in (
('public', 'agents'), ('public', 'strategies'), ('public', 'strategy_nodes'),
('public', 'claim_evidence'), ('public', 'claim_edges'), ('public', 'claims'),
('public', 'sources'), ('public', 'reasoning_tools'),
('kb_stage', 'kb_proposals'), ('kb_stage', 'kb_review_principals'),
('kb_stage', 'kb_proposal_approvals')
)
order by namespace.nspname, relation.relname;
select 'function|' || procedure.proname || '(' || pg_catalog.oidvectortypes(procedure.proargtypes) ||
')|' || owner_role.rolname || '|' || procedure.prosecdef || '|' || procedure.proconfig::text
from pg_catalog.pg_proc procedure
join pg_catalog.pg_namespace namespace on namespace.oid = procedure.pronamespace
join pg_catalog.pg_roles owner_role on owner_role.oid = procedure.proowner
where namespace.nspname = 'kb_stage'
and procedure.proname in (
'approve_strict_proposal', 'assert_approved_proposal', 'finish_approved_proposal'
)
order by procedure.proname, procedure.proargtypes::text;
select 'table_acl|' || namespace.nspname || '|' || relation.relname || '|' ||
case when acl.grantee = 0 then 'PUBLIC' else grantee_role.rolname end || '|' ||
pg_catalog.upper(acl.privilege_type) || '|' || acl.is_grantable
from pg_catalog.pg_class relation
join pg_catalog.pg_namespace namespace on namespace.oid = relation.relnamespace
cross join lateral pg_catalog.aclexplode(
coalesce(relation.relacl, pg_catalog.acldefault('r', relation.relowner))
) acl
left join pg_catalog.pg_roles grantee_role on grantee_role.oid = acl.grantee
where (namespace.nspname, relation.relname) in (
('public', 'agents'), ('public', 'strategies'), ('public', 'strategy_nodes'),
('public', 'claim_evidence'), ('public', 'claim_edges'), ('public', 'claims'),
('public', 'sources'), ('public', 'reasoning_tools'),
('kb_stage', 'kb_proposals'), ('kb_stage', 'kb_review_principals'),
('kb_stage', 'kb_proposal_approvals')
)
and acl.grantee <> relation.relowner
and (acl.grantee = 0 or grantee_role.rolname in ('kb_gate_owner', 'kb_review', 'kb_apply'))
order by namespace.nspname, relation.relname, grantee_role.rolname, acl.privilege_type;
select 'function_acl|' || procedure.proname || '(' ||
pg_catalog.oidvectortypes(procedure.proargtypes) || ')|' ||
case when acl.grantee = 0 then 'PUBLIC' else pg_catalog.pg_get_userbyid(acl.grantee) end ||
'|' || pg_catalog.upper(acl.privilege_type) || '|' || acl.is_grantable
from pg_catalog.pg_proc procedure
join pg_catalog.pg_namespace namespace on namespace.oid = procedure.pronamespace
cross join lateral pg_catalog.aclexplode(
coalesce(procedure.proacl, pg_catalog.acldefault('f', procedure.proowner))
) acl
where namespace.nspname = 'kb_stage'
and procedure.proname in (
'approve_strict_proposal', 'assert_approved_proposal', 'finish_approved_proposal'
)
and acl.grantee <> procedure.proowner
order by procedure.proname, procedure.proargtypes::text, acl.grantee;
""",
).stdout
def test_upgrade_normalizes_exact_role_ownership_and_acl_matrix(migrated_postgres: str) -> None:
role_rows = _lines(
_psql(
migrated_postgres,
"""
select rolname || '|' || rolcanlogin || '|' || rolinherit || '|' || rolsuper || '|' ||
rolcreatedb || '|' || rolcreaterole || '|' || rolreplication || '|' || rolbypassrls
from pg_catalog.pg_roles
where rolname in ('kb_gate_owner', 'kb_review', 'kb_apply')
order by rolname;
""",
)
)
assert role_rows == {
"kb_apply|true|false|false|false|false|false|false",
"kb_gate_owner|false|false|false|false|false|false|false",
"kb_review|true|false|false|false|false|false|false",
}
assert (
_psql(
migrated_postgres,
"""
select count(*)
from pg_catalog.pg_auth_members membership
join pg_catalog.pg_roles member_role on member_role.oid = membership.member
join pg_catalog.pg_roles granted_role on granted_role.oid = membership.roleid
where member_role.rolname in ('kb_gate_owner', 'kb_review', 'kb_apply')
or granted_role.rolname in ('kb_gate_owner', 'kb_review', 'kb_apply');
""",
).stdout.strip()
== "0"
)
schema_rows = _lines(
_psql(
migrated_postgres,
"""
select protected_role.rolname || '|' || protected_schema.nspname || '|' ||
pg_catalog.has_schema_privilege(protected_role.rolname, protected_schema.nspname, 'USAGE') || '|' ||
pg_catalog.has_schema_privilege(protected_role.rolname, protected_schema.nspname, 'CREATE')
from (values ('kb_gate_owner'), ('kb_review'), ('kb_apply')) protected_role(rolname)
cross join (values ('public'), ('kb_stage')) protected_schema(nspname);
""",
)
)
assert schema_rows == {
f"{role}|{schema}|true|false"
for role in ("kb_gate_owner", "kb_review", "kb_apply")
for schema in ("public", "kb_stage")
}
function_rows = _lines(
_psql(
migrated_postgres,
"""
select procedure.proname || '(' || pg_catalog.oidvectortypes(procedure.proargtypes) || ')|' ||
owner_role.rolname || '|' || procedure.prosecdef || '|' || procedure.proconfig::text
from pg_catalog.pg_proc procedure
join pg_catalog.pg_namespace namespace on namespace.oid = procedure.pronamespace
join pg_catalog.pg_roles owner_role on owner_role.oid = procedure.proowner
where namespace.nspname = 'kb_stage'
and procedure.proname in (
'approve_strict_proposal', 'assert_approved_proposal', 'finish_approved_proposal'
);
""",
)
)
assert function_rows == {
'approve_strict_proposal(uuid, text, jsonb, text, text)|kb_gate_owner|true|{"search_path=pg_catalog, pg_temp"}',
"assert_approved_proposal(uuid, text, jsonb, text, uuid, timestamp with time zone, text)|"
'kb_gate_owner|true|{"search_path=pg_catalog, pg_temp"}',
"finish_approved_proposal(uuid, text, jsonb, text, uuid, timestamp with time zone, text, text)|"
'kb_gate_owner|true|{"search_path=pg_catalog, pg_temp"}',
}
assert (
_psql(
migrated_postgres,
"select pg_catalog.to_regprocedure('kb_stage.approve_strict_proposal(uuid,text,text)') is null;",
).stdout.strip()
== "t"
)
assert (
_psql(
migrated_postgres,
"""
select count(*)
from pg_catalog.pg_attribute attribute
join pg_catalog.pg_class relation on relation.oid = attribute.attrelid
join pg_catalog.pg_namespace namespace on namespace.oid = relation.relnamespace
cross join lateral pg_catalog.aclexplode(attribute.attacl) acl
left join pg_catalog.pg_roles grantee_role on grantee_role.oid = acl.grantee
where (namespace.nspname, relation.relname) in (
('public', 'agents'), ('public', 'strategies'), ('public', 'strategy_nodes'),
('public', 'claim_evidence'), ('public', 'claim_edges'), ('public', 'claims'),
('public', 'sources'), ('public', 'reasoning_tools'),
('kb_stage', 'kb_proposals'), ('kb_stage', 'kb_review_principals'),
('kb_stage', 'kb_proposal_approvals')
)
and (acl.grantee = 0 or grantee_role.rolname in ('kb_gate_owner', 'kb_review', 'kb_apply'));
""",
).stdout.strip()
== "0"
)
for runtime_role, target_role in (
("kb_apply", "broad_writer"),
("kb_apply", "kb_gate_owner"),
("kb_review", "kb_gate_owner"),
):
denied = _psql(
migrated_postgres,
f"set session authorization {runtime_role}; set role {target_role};",
check=False,
)
assert denied.returncode != 0
assert "permission denied to set role" in denied.stderr
snapshot_lines = set(_catalog_snapshot(migrated_postgres).splitlines())
expected_table_acls = {
"table_acl|public|agents|kb_gate_owner|SELECT|false",
"table_acl|public|agents|kb_apply|SELECT|false",
"table_acl|public|agents|kb_review|SELECT|false",
"table_acl|public|strategies|kb_apply|SELECT|false",
"table_acl|public|strategies|kb_apply|INSERT|false",
"table_acl|public|strategies|kb_apply|UPDATE|false",
"table_acl|public|strategy_nodes|kb_apply|SELECT|false",
"table_acl|public|strategy_nodes|kb_apply|INSERT|false",
"table_acl|public|strategy_nodes|kb_apply|UPDATE|false",
"table_acl|public|claim_evidence|kb_apply|SELECT|false",
"table_acl|public|claim_evidence|kb_apply|INSERT|false",
"table_acl|public|claim_edges|kb_apply|SELECT|false",
"table_acl|public|claim_edges|kb_apply|INSERT|false",
"table_acl|public|claims|kb_apply|SELECT|false",
"table_acl|public|claims|kb_apply|INSERT|false",
"table_acl|public|sources|kb_apply|SELECT|false",
"table_acl|public|sources|kb_apply|INSERT|false",
"table_acl|public|reasoning_tools|kb_apply|SELECT|false",
"table_acl|public|reasoning_tools|kb_apply|INSERT|false",
"table_acl|kb_stage|kb_proposals|kb_gate_owner|SELECT|false",
"table_acl|kb_stage|kb_proposals|kb_gate_owner|UPDATE|false",
"table_acl|kb_stage|kb_proposals|kb_apply|SELECT|false",
"table_acl|kb_stage|kb_proposals|kb_review|SELECT|false",
}
assert {line for line in snapshot_lines if line.startswith("table_acl|")} == expected_table_acls
assert {line for line in snapshot_lines if line.startswith("function_acl|")} == {
"function_acl|approve_strict_proposal(uuid, text, jsonb, text, text)|kb_review|EXECUTE|false",
"function_acl|assert_approved_proposal(uuid, text, jsonb, text, uuid, timestamp with time zone, text)|"
"kb_apply|EXECUTE|false",
"function_acl|finish_approved_proposal(uuid, text, jsonb, text, uuid, timestamp with time zone, text, text)|"
"kb_apply|EXECUTE|false",
}
def test_migration_rerun_preserves_catalog_snapshot(migrated_postgres: str) -> None:
before = _catalog_snapshot(migrated_postgres)
_apply_migration(migrated_postgres)
assert _catalog_snapshot(migrated_postgres) == before
def _assert_migration_fails(container: str, expected_error: str) -> None:
completed = _apply_migration(container, check=False)
assert completed.returncode != 0
assert expected_error in completed.stderr
def test_migration_fails_closed_on_protected_role_membership(migrated_postgres: str) -> None:
_psql(migrated_postgres, "grant broad_writer to kb_apply;")
try:
_assert_migration_fails(migrated_postgres, "unexpected protected role membership")
finally:
_psql(migrated_postgres, "revoke broad_writer from kb_apply;")
def test_migration_fails_closed_on_ownership_drift(migrated_postgres: str) -> None:
_psql(migrated_postgres, "alter table kb_stage.kb_proposal_approvals owner to rogue_owner;")
try:
_assert_migration_fails(migrated_postgres, "unexpected protected table owner")
finally:
_psql(migrated_postgres, "alter table kb_stage.kb_proposal_approvals owner to kb_gate_owner;")
def test_migration_fails_closed_on_unexpected_table_grantee(migrated_postgres: str) -> None:
_psql(migrated_postgres, "grant select on kb_stage.kb_proposal_approvals to rogue_grantee;")
try:
_assert_migration_fails(migrated_postgres, "unexpected protected table grantee")
finally:
_psql(migrated_postgres, "revoke all on kb_stage.kb_proposal_approvals from rogue_grantee;")
def test_migration_fails_closed_on_unexpected_column_grantee(migrated_postgres: str) -> None:
_psql(
migrated_postgres,
"grant select (review_note) on kb_stage.kb_proposal_approvals to rogue_grantee;",
)
try:
_assert_migration_fails(migrated_postgres, "unexpected protected table grantee")
finally:
_psql(
migrated_postgres,
"revoke select (review_note) on kb_stage.kb_proposal_approvals from rogue_grantee;",
)
def test_migration_fails_closed_on_unexpected_function_grantee(migrated_postgres: str) -> None:
signature = "kb_stage.assert_approved_proposal(uuid,text,jsonb,text,uuid,timestamptz,text)"
_psql(migrated_postgres, f"grant execute on function {signature} to rogue_grantee;")
try:
_assert_migration_fails(migrated_postgres, "unexpected protected function grantee")
finally:
_psql(migrated_postgres, f"revoke all on function {signature} from rogue_grantee;")
def test_migration_fails_closed_on_unexpected_gate_overload(migrated_postgres: str) -> None:
_psql(
migrated_postgres,
"""
create function kb_stage.assert_approved_proposal(text)
returns void language sql security definer as $function$ select $function$;
""",
)
try:
_assert_migration_fails(migrated_postgres, "unexpected protected function overload")
finally:
_psql(migrated_postgres, "drop function kb_stage.assert_approved_proposal(text);")