kitos/Aegis
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(workflow): enforce domain state machine in dual validation path

Browse Source 
validate_as_red/blue_lead now delegate to TestEntity. check_dual_validation routes through entity instead of assigning test.state directly. Side effects dispatched via domain events. Entity raises InvalidOperationError for backward compat. Removed 4 dead V1 xfail tests, fixed 2 real test issues. 224 passed, 0 xfailed.
This commit is contained in:
Kitos
2026-02-18 15:49:59 +01:00
parent 576705d61d
commit 1338d52cd0
3 changed files with 89 additions and 190 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
backend/app/services/test_workflow_service.py
View File

@@ -333,26 +333,14 @@ def validate_as_red_lead(
) -> Test:
"""Record Red Lead's validation decision.
*validation_status* must be ``"approved"`` or ``"rejected"``.
After recording the decision, :func:`check_dual_validation` is called
to potentially advance the test to ``validated`` or ``rejected``.
Delegates validation rules and state mutation entirely to
:meth:`TestEntity.validate_red`. If both leads have voted the
entity will also advance the test to ``validated`` or ``rejected``.
"""
current = test.state.value if isinstance(test.state, TestState) else test.state
if test.state not in (TestState.in_review,):
raise InvalidOperationError(
f"Cannot validate red side while test is in '{current}' state (must be in_review)"
)
if validation_status not in ("approved", "rejected"):
raise InvalidOperationError(
"validation_status must be 'approved' or 'rejected'"
)
now = datetime.utcnow()
test.red_validation_status = validation_status
test.red_validated_by = user.id
test.red_validated_at = now
test.red_validation_notes = notes
entity = TestEntity.from_orm(test)
entity.validate_red(validation_status, by=user.id, notes=notes)
entity.apply_to(test)
db.flush()
log_action(
db,
@@ -367,7 +355,7 @@ def validate_as_red_lead(
},
)
check_dual_validation(db, test)
_dispatch_dual_validation_effects(db, test, entity)
return test
@@ -380,26 +368,14 @@ def validate_as_blue_lead(
) -> Test:
"""Record Blue Lead's validation decision.
*validation_status* must be ``"approved"`` or ``"rejected"``.
After recording the decision, :func:`check_dual_validation` is called
to potentially advance the test to ``validated`` or ``rejected``.
Delegates validation rules and state mutation entirely to
:meth:`TestEntity.validate_blue`. If both leads have voted the
entity will also advance the test to ``validated`` or ``rejected``.
"""
current = test.state.value if isinstance(test.state, TestState) else test.state
if test.state not in (TestState.in_review,):
raise InvalidOperationError(
f"Cannot validate blue side while test is in '{current}' state (must be in_review)"
)
if validation_status not in ("approved", "rejected"):
raise InvalidOperationError(
"validation_status must be 'approved' or 'rejected'"
)
now = datetime.utcnow()
test.blue_validation_status = validation_status
test.blue_validated_by = user.id
test.blue_validated_at = now
test.blue_validation_notes = notes
entity = TestEntity.from_orm(test)
entity.validate_blue(validation_status, by=user.id, notes=notes)
entity.apply_to(test)
db.flush()
log_action(
db,
@@ -414,43 +390,52 @@ def validate_as_blue_lead(
},
)
check_dual_validation(db, test)
_dispatch_dual_validation_effects(db, test, entity)
return test
def check_dual_validation(db: Session, test: Test) -> Test:
"""Evaluate both leads' decisions and advance the test if both have voted.
- Both **approved** → ``validated``
- Either **rejected** → ``rejected``
- Otherwise no state change (waiting for the other lead).
Commits only when the state actually changes.
All state mutation is delegated to :meth:`TestEntity.check_dual_validation`.
This function never assigns ``test.state`` directly.
"""
red_status = test.red_validation_status
blue_status = test.blue_validation_status
entity = TestEntity.from_orm(test)
entity.check_dual_validation()
entity.apply_to(test)
if red_status == "rejected" or blue_status == "rejected":
test.state = TestState.rejected
try:
notify_test_state_change(db, test, "rejected")
except Exception as e:
logger.warning("Notification failed for test %s (rejected): %s", test.id, e, exc_info=True)
elif red_status == "approved" and blue_status == "approved":
test.state = TestState.validated
# Invalidate cached scores — a validation changes org-level numbers
try:
from app.services.score_cache import invalidate
invalidate()
except Exception as e:
logger.warning("Score cache invalidation failed: %s", e, exc_info=True)
try:
notify_test_state_change(db, test, "validated")
except Exception as e:
logger.warning("Notification failed for test %s (validated): %s", test.id, e, exc_info=True)
_dispatch_dual_validation_effects(db, test, entity)
return test
def _dispatch_dual_validation_effects(
db: Session, test: Test, entity: TestEntity
) -> None:
"""Dispatch side effects (notifications, cache) based on domain events."""
for event in entity.events:
if event.name == "dual_validation_approved":
try:
from app.services.score_cache import invalidate
invalidate()
except Exception as e:
logger.warning("Score cache invalidation failed: %s", e, exc_info=True)
try:
notify_test_state_change(db, test, "validated")
except Exception as e:
logger.warning(
"Notification failed for test %s (validated): %s",
test.id, e, exc_info=True,
)
elif event.name == "dual_validation_rejected":
try:
notify_test_state_change(db, test, "rejected")
except Exception as e:
logger.warning(
"Notification failed for test %s (rejected): %s",
test.id, e, exc_info=True,
)
def handle_remediation_completed(db: Session, test: Test, user: User) -> Test | None:
"""Create a re-test when remediation is completed.