53 lines
1.6 KiB
TypeScript
53 lines
1.6 KiB
TypeScript
import { describe, expect, it } from 'vitest';
|
|
import { createRuntimeAuditLogEntry } from './runtime-audit.js';
|
|
|
|
describe('createRuntimeAuditLogEntry', (): void => {
|
|
it('serializes only allowlisted runtime audit metadata', (): void => {
|
|
const entry = createRuntimeAuditLogEntry({
|
|
providerId: 'fleet',
|
|
operation: 'session.send',
|
|
outcome: 'succeeded',
|
|
actorId: 'actor-1',
|
|
tenantId: 'tenant-1',
|
|
channelId: 'discord',
|
|
correlationId: 'correlation-1',
|
|
resourceId: 'session-1',
|
|
durationMs: 12,
|
|
});
|
|
|
|
expect(entry).toMatchObject({
|
|
sessionId: 'runtime:fleet',
|
|
userId: 'actor-1',
|
|
level: 'info',
|
|
category: 'tool_use',
|
|
content: 'runtime.provider.audit',
|
|
metadata: {
|
|
providerId: 'fleet',
|
|
operation: 'session.send',
|
|
outcome: 'succeeded',
|
|
correlationId: 'correlation-1',
|
|
resourceId: expect.stringMatching(/^sha256:/),
|
|
durationMs: 12,
|
|
},
|
|
});
|
|
expect(JSON.stringify(entry)).not.toContain('approvalRef');
|
|
});
|
|
|
|
it('hashes every resource ID without blocking a runtime audit or persisting its raw value', (): void => {
|
|
const entry = createRuntimeAuditLogEntry({
|
|
providerId: 'fleet',
|
|
operation: 'session.send',
|
|
outcome: 'succeeded',
|
|
actorId: 'actor-1',
|
|
tenantId: 'tenant-1',
|
|
channelId: 'discord',
|
|
correlationId: 'correlation-1',
|
|
resourceId: 'credential-canary:secret-value',
|
|
durationMs: 12,
|
|
});
|
|
|
|
expect(entry.metadata).toMatchObject({ resourceId: expect.stringMatching(/^sha256:/) });
|
|
expect(JSON.stringify(entry)).not.toContain('secret-value');
|
|
});
|
|
});
|