molecule-ai/molecule-core
35
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
09010212a0
molecule-core/scripts/ops/test_sweep_cf_decide.py
rabbitblood 6494e9192b refactor(ops): apply simplify findings on #2027 PR 
Code-quality + efficiency review of PR #2079:

- Hoist all_slugs = prod_slugs | staging_slugs out of decide() into the
  caller (was rebuilt on every record — 1k records × ~50-slug union per
  call). decide() signature now (r, all_slugs, ec2_names).
- Compile regexes at module scope (_WS_RE, _E2E_RE, _TENANT_RE) +
  hoist platform-core literal set (_PLATFORM_CORE_NAMES). Same change
  mirrored in the bash heredoc.
- Drop decorative # Rule N: comments (numbering was out of order, 3
  before 2 — actively confusing).
- Move the "edits must mirror" reminder OUTSIDE the CANONICAL DECIDE
  block in the .sh file, eliminating the .replace() comment-skip hack
  in TestParityWithBashScript.
- Drop per-line .strip() in _slice_canonical (would mask a real
  indentation bug; both blocks already at column 0).
- subTest() in TestPlatformCore loops so a single failure no longer
  short-circuits the rest of the items.
- merge_group + concurrency on test-ops-scripts.yml (parity with
  ci.yml gate behaviour).
- Fix don't apostrophe in inline comment that closed the python
  heredoc's single-quote and broke bash -n.

All 25 tests still pass. bash -n clean.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-26 00:28:15 -07:00

226 lines
9.1 KiB
Python
Raw Blame History

"""Tests for the sweep-cf-orphans.sh decision function (#2027).
Run locally: ``python3 -m unittest scripts/ops/test_sweep_cf_decide.py -v``
Why this exists: the inline Python heredoc in sweep-cf-orphans.sh decides
which Cloudflare DNS records to delete. A misclassification could nuke a
live workspace's DNS record. These tests cover the rule priority order +
the safety gate, plus a parity check that asserts the inline block in the
shell script matches the importable module byte-for-byte (so the two
cannot drift silently).
"""
from __future__ import annotations
import os
import unittest
import sweep_cf_decide as M
# Caller responsibility (per the new decide signature): compute the union once.
ALL_SLUGS = {"acme", "globex", "initech", "e2e-test-runner", "soak", "playground"}
LIVE_EC2 = {"ws-d3605ef2-f7d", "ws-aaaaaaaa-bbb", "ws-cafef00d-dec"}
def rec(name: str, rid: str = "rid-x", typ: str = "A") -> dict:
return {"name": name, "id": rid, "type": typ}
def call(record: dict) -> tuple:
return M.decide(record, ALL_SLUGS, LIVE_EC2)
class TestPlatformCore(unittest.TestCase):
"""Apex, www, api, app, _verification keys must NEVER be touched."""
def test_apex_kept(self):
action, reason, *_ = call(rec("moleculesai.app"))
self.assertEqual((action, reason), ("keep", "apex"))
def test_underscore_records_kept(self):
for n in ("_vercel.moleculesai.app", "_railway-verify.moleculesai.app"):
with self.subTest(name=n):
action, reason, *_ = call(rec(n))
self.assertEqual((action, reason), ("keep", "verification/key"))
def test_dkim_kept(self):
action, reason, *_ = call(rec("send._domainkey.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "verification/key"))
def test_platform_subdomains_kept(self):
for n in (
"api.moleculesai.app",
"app.moleculesai.app",
"doc.moleculesai.app",
"send.moleculesai.app",
"status.moleculesai.app",
"www.moleculesai.app",
"staging-api.moleculesai.app",
):
with self.subTest(name=n):
action, reason, *_ = call(rec(n))
self.assertEqual((action, reason), ("keep", "platform-core"))
class TestWsRule(unittest.TestCase):
"""ws-* DNS records keep iff a live EC2 with the same prefix exists."""
def test_live_ws_kept(self):
action, reason, *_ = call(rec("ws-d3605ef2-f7d.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "live-ec2"))
def test_live_ws_kept_on_staging(self):
action, reason, *_ = call(rec("ws-aaaaaaaa-bbb.staging.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "live-ec2"))
def test_dead_ws_deleted(self):
action, reason, *_ = call(rec("ws-deadbeef-fff.moleculesai.app"))
self.assertEqual((action, reason), ("delete", "orphan-ws"))
def test_dead_ws_on_staging_deleted(self):
action, reason, *_ = call(rec("ws-deadbeef-fff.staging.moleculesai.app"))
self.assertEqual((action, reason), ("delete", "orphan-ws"))
class TestE2ERule(unittest.TestCase):
def test_live_e2e_kept(self):
action, reason, *_ = call(rec("e2e-test-runner.staging.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "live-e2e-tenant"))
def test_dead_e2e_deleted(self):
action, reason, *_ = call(rec("e2e-ghost-1234.staging.moleculesai.app"))
self.assertEqual((action, reason), ("delete", "orphan-e2e-tenant"))
def test_dead_e2e_on_prod_deleted(self):
action, reason, *_ = call(rec("e2e-ghost.moleculesai.app"))
self.assertEqual((action, reason), ("delete", "orphan-e2e-tenant"))
class TestTenantSubdomainRule(unittest.TestCase):
def test_live_prod_tenant_kept(self):
action, reason, *_ = call(rec("acme.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "live-tenant"))
def test_live_staging_tenant_kept(self):
action, reason, *_ = call(rec("soak.staging.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "live-tenant"))
def test_unknown_subdomain_kept_for_safety(self):
action, reason, *_ = call(rec("hermes-final-2.moleculesai.app"))
self.assertEqual((action, reason), ("keep", "unknown-subdomain-kept-for-safety"))
class TestNotASweepPattern(unittest.TestCase):
def test_external_domain_kept(self):
# Domain-spoofing attempt — must NOT match any of the moleculesai.app rules.
action, reason, *_ = call(rec("api.openai.com.evil.internal"))
self.assertEqual((action, reason), ("keep", "not-a-pattern-we-sweep"))
def test_unrelated_apex_kept(self):
action, reason, *_ = call(rec("example.com"))
self.assertEqual((action, reason), ("keep", "not-a-pattern-we-sweep"))
class TestRulePriority(unittest.TestCase):
"""Platform-core check must precede the tenant-subdomain regex —
e.g. ``api.moleculesai.app`` matches the tenant pattern but must
classify as platform-core."""
def test_api_subdomain_classified_as_platform_not_tenant(self):
action, reason, *_ = call(rec("api.moleculesai.app"))
self.assertEqual(reason, "platform-core")
def test_underscore_record_classified_before_tenant(self):
action, reason, *_ = call(rec("_vercel.moleculesai.app"))
self.assertEqual(reason, "verification/key")
class TestSafetyGate(unittest.TestCase):
"""The bash gate refuses to delete >MAX_DELETE_PCT (default 50%)."""
def test_under_threshold_passes(self):
self.assertTrue(M.safety_gate(total=100, delete_count=49))
self.assertTrue(M.safety_gate(total=100, delete_count=50))
def test_over_threshold_fails(self):
self.assertFalse(M.safety_gate(total=100, delete_count=51))
self.assertFalse(M.safety_gate(total=10, delete_count=10))
def test_zero_total_passes_trivially(self):
# No records → nothing to delete → gate trivially OK (no div-by-zero).
self.assertTrue(M.safety_gate(total=0, delete_count=0))
def test_custom_threshold(self):
self.assertTrue(M.safety_gate(total=100, delete_count=70, max_delete_pct=75))
self.assertFalse(M.safety_gate(total=100, delete_count=76, max_delete_pct=75))
class TestEmptyLiveSets(unittest.TestCase):
"""If the CP admin API returns no orgs (auth broken, network blip),
every tenant-shaped record looks orphan. decide() alone has no
defense — that's safety_gate's job. This test pins the contract so
a future "make decide() defensive" change doesn't silently bypass
the gate."""
def test_dead_e2e_orphans_when_live_set_empty(self):
action, reason, *_ = M.decide(
rec("e2e-test-runner.staging.moleculesai.app"),
set(), set(),
)
self.assertEqual((action, reason), ("delete", "orphan-e2e-tenant"))
def test_live_ws_still_kept_when_ec2_set_empty(self):
action, reason, *_ = M.decide(
rec("ws-cafef00d-dec.moleculesai.app"),
ALL_SLUGS, set(),
)
self.assertEqual((action, reason), ("delete", "orphan-ws"))
class TestParityWithBashScript(unittest.TestCase):
"""The decision logic exists in two places: the canonical block in
sweep_cf_decide.py and the inline heredoc in sweep-cf-orphans.sh.
This test asserts the two match between the
``# CANONICAL DECIDE BEGIN`` / ``# CANONICAL DECIDE END`` markers,
so an edit to one without the other fails CI loudly. The mirror-
reminder comment lives OUTSIDE the markers in the .sh file so we
don't need to special-case it here."""
@staticmethod
def _slice_canonical(text: str) -> list[str]:
"""Return the lines between the canonical markers, exclusive.
Markers are matched line-anchored (a stripped-line literal match)
so the docstring's prose mention is ignored."""
lines = text.splitlines()
begin_idx = end_idx = None
for i, line in enumerate(lines):
stripped = line.strip()
if begin_idx is None and stripped == "# CANONICAL DECIDE BEGIN":
begin_idx = i
elif begin_idx is not None and stripped == "# CANONICAL DECIDE END":
end_idx = i
break
if begin_idx is None or end_idx is None:
raise AssertionError(
"missing CANONICAL DECIDE BEGIN/END markers — "
"first 30 lines were:\n" + "\n".join(lines[:30])
)
return lines[begin_idx + 1:end_idx]
def test_blocks_match(self):
here = os.path.dirname(__file__)
with open(os.path.join(here, "sweep_cf_decide.py"), "r", encoding="utf-8") as f:
py_block = self._slice_canonical(f.read())
with open(os.path.join(here, "sweep-cf-orphans.sh"), "r", encoding="utf-8") as f:
sh_block = self._slice_canonical(f.read())
self.assertEqual(
py_block,
sh_block,
"CANONICAL DECIDE block has drifted between sweep_cf_decide.py "
"and sweep-cf-orphans.sh — re-sync them.",
)
if __name__ == "__main__":
unittest.main()
Reference in New Issue View Git Blame Copy Permalink