78 lines
2.8 KiB
TypeScript
78 lines
2.8 KiB
TypeScript
import { expect, test } from '@playwright/test'
|
|
import { API_KEY_HEADER, createTestAgent, deleteTestAgent } from './helpers'
|
|
|
|
test.describe('Agent Attribution API', () => {
|
|
const cleanup: number[] = []
|
|
|
|
test.afterEach(async ({ request }) => {
|
|
for (const id of cleanup) {
|
|
await deleteTestAgent(request, id).catch(() => {})
|
|
}
|
|
cleanup.length = 0
|
|
})
|
|
|
|
test('allows self-scope access using x-agent-name attribution header', async ({ request }) => {
|
|
const { id, name } = await createTestAgent(request)
|
|
cleanup.push(id)
|
|
|
|
const res = await request.get(`/api/agents/${id}/attribution`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': name },
|
|
})
|
|
expect(res.status()).toBe(200)
|
|
const body = await res.json()
|
|
expect(body.agent_name).toBe(name)
|
|
expect(body.access_scope).toBe('self')
|
|
})
|
|
|
|
test('denies cross-agent attribution access by default', async ({ request }) => {
|
|
const primary = await createTestAgent(request)
|
|
const other = await createTestAgent(request)
|
|
cleanup.push(primary.id, other.id)
|
|
|
|
const res = await request.get(`/api/agents/${primary.id}/attribution`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': other.name },
|
|
})
|
|
|
|
expect(res.status()).toBe(403)
|
|
})
|
|
|
|
test('allows privileged override for admin caller', async ({ request }) => {
|
|
const primary = await createTestAgent(request)
|
|
const other = await createTestAgent(request)
|
|
cleanup.push(primary.id, other.id)
|
|
|
|
const res = await request.get(`/api/agents/${primary.id}/attribution?privileged=1`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': other.name },
|
|
})
|
|
expect(res.status()).toBe(200)
|
|
const body = await res.json()
|
|
expect(body.access_scope).toBe('privileged')
|
|
})
|
|
|
|
test('validates section parameter and timeframe hours', async ({ request }) => {
|
|
const { id, name } = await createTestAgent(request)
|
|
cleanup.push(id)
|
|
|
|
const sectionRes = await request.get(`/api/agents/${id}/attribution?section=identity&hours=48`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': name },
|
|
})
|
|
expect(sectionRes.status()).toBe(200)
|
|
const sectionBody = await sectionRes.json()
|
|
expect(sectionBody.timeframe.hours).toBe(48)
|
|
expect(sectionBody.identity).toBeDefined()
|
|
expect(sectionBody.audit).toBeUndefined()
|
|
expect(sectionBody.mutations).toBeUndefined()
|
|
expect(sectionBody.cost).toBeUndefined()
|
|
|
|
const invalidSection = await request.get(`/api/agents/${id}/attribution?section=unknown`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': name },
|
|
})
|
|
expect(invalidSection.status()).toBe(400)
|
|
|
|
const invalidHours = await request.get(`/api/agents/${id}/attribution?hours=0`, {
|
|
headers: { ...API_KEY_HEADER, 'x-agent-name': name },
|
|
})
|
|
expect(invalidHours.status()).toBe(400)
|
|
})
|
|
})
|