Adriano
b5b96f959c
Sei interventi MEDIA priorità sul sistema. 323 test pass, mypy strict
pulito, ruff clean.
1. Docker HEALTHCHECK + cerbero-bite healthcheck:
- nuovo subcommand che esce 0 se kill_switch=0 e last_health_check
entro --max-staleness-s (default 600s);
- HEALTHCHECK direttiva nel Dockerfile (60s interval, 5s timeout,
start_period 120s, retries 3);
- healthcheck definition nel docker-compose.yml.
2. Audit hash chain anti-truncation:
- migration 0002: nuova colonna system_state.last_audit_hash;
- AuditLog accetta callback on_append, dependencies.py la wire al
repository.set_last_audit_hash;
- Orchestrator.boot verifica che il tail file matcha l'anchor
persistito; mismatch → kill switch CRITICAL.
3. return_4h bootstrap da deribit get_historical:
- quando dvol_history è vuoto _fetch_return_4h cade su
deribit.historical_close (1h candle 4h fa);
- alert LOW se anche il fallback fallisce.
4. execution.environment + execution.eur_to_usd in strategy.yaml:
- ExecutionConfig promosso a typed schema con i due campi
consumati al boot;
- CLI start preferisce i valori da config; CLI flag overridano
solo quando differenti dai default.
5. Cycle correlation ID:
- structlog.contextvars.bind_contextvars in run_entry/run_monitor/
run_health propaga cycle_id e cycle nei log strutturati.
6. SIGTERM/SIGINT clean shutdown:
- run_forever installa loop.add_signal_handler per SIGTERM e
SIGINT; il segnale set()ta un asyncio.Event che termina il
blocco principale, scheduler.shutdown e ctx.aclose finalizzano.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
126 lines
3.6 KiB
Python
126 lines
3.6 KiB
Python
"""Tests for the audit chain anti-truncation anchor."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from datetime import UTC, datetime
|
|
from pathlib import Path
|
|
|
|
import pytest
|
|
from pytest_httpx import HTTPXMock
|
|
|
|
from cerbero_bite.config import golden_config
|
|
from cerbero_bite.config.mcp_endpoints import load_endpoints
|
|
from cerbero_bite.runtime import build_runtime
|
|
from cerbero_bite.runtime.orchestrator import Orchestrator
|
|
from cerbero_bite.state import connect
|
|
|
|
pytestmark = pytest.mark.httpx_mock(assert_all_responses_were_requested=False)
|
|
|
|
|
|
def _now() -> datetime:
|
|
return datetime(2026, 4, 27, 14, 0, tzinfo=UTC)
|
|
|
|
|
|
def _build(tmp_path: Path) -> Orchestrator:
|
|
ctx = build_runtime(
|
|
cfg=golden_config(),
|
|
endpoints=load_endpoints(env={}),
|
|
token="t",
|
|
db_path=tmp_path / "state.sqlite",
|
|
audit_path=tmp_path / "audit.log",
|
|
retry_max=1,
|
|
clock=_now,
|
|
)
|
|
return Orchestrator(
|
|
ctx,
|
|
expected_environment="testnet",
|
|
eur_to_usd=__import__("decimal").Decimal("1.075"),
|
|
)
|
|
|
|
|
|
def _wire_boot_dependencies(httpx_mock: HTTPXMock) -> None:
|
|
httpx_mock.add_response(
|
|
url="http://mcp-deribit:9011/tools/environment_info",
|
|
json={
|
|
"exchange": "deribit",
|
|
"environment": "testnet",
|
|
"source": "env",
|
|
"env_value": "true",
|
|
"base_url": "https://test.deribit.com/api/v2",
|
|
"max_leverage": 3,
|
|
},
|
|
is_reusable=True,
|
|
)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-deribit:9011/tools/get_positions",
|
|
json=[],
|
|
is_reusable=True,
|
|
)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-macro:9013/tools/get_macro_calendar",
|
|
json={"events": []},
|
|
is_reusable=True,
|
|
)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-sentiment:9014/tools/get_cross_exchange_funding",
|
|
json={"snapshot": {}},
|
|
is_reusable=True,
|
|
)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-hyperliquid:9012/tools/get_funding_rate",
|
|
json={"asset": "ETH", "current_funding_rate": 0.0001},
|
|
is_reusable=True,
|
|
)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-portfolio:9018/tools/get_total_portfolio_value",
|
|
json={"total_value_eur": 1000.0},
|
|
is_reusable=True,
|
|
)
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_audit_anchor_persisted_after_append(tmp_path: Path) -> None:
|
|
orch = _build(tmp_path)
|
|
orch.context.audit_log.append(
|
|
event="TEST",
|
|
payload={"x": 1},
|
|
now=_now(),
|
|
)
|
|
conn = connect(tmp_path / "state.sqlite")
|
|
try:
|
|
state = orch.context.repository.get_system_state(conn)
|
|
finally:
|
|
conn.close()
|
|
assert state is not None
|
|
assert state.last_audit_hash == orch.context.audit_log.last_hash
|
|
|
|
|
|
@pytest.mark.asyncio
|
|
async def test_boot_detects_audit_truncation(
|
|
tmp_path: Path, httpx_mock: HTTPXMock
|
|
) -> None:
|
|
orch = _build(tmp_path)
|
|
# Append three lines so we have something to truncate.
|
|
for i in range(3):
|
|
orch.context.audit_log.append(
|
|
event=f"E{i}", payload={"i": i}, now=_now()
|
|
)
|
|
|
|
# Truncate the file: keep only the first line.
|
|
audit_path = tmp_path / "audit.log"
|
|
head = audit_path.read_text(encoding="utf-8").splitlines(keepends=True)[0]
|
|
audit_path.write_text(head, encoding="utf-8")
|
|
|
|
# Rebuild orchestrator (the AuditLog tail-reads the file again).
|
|
orch = _build(tmp_path)
|
|
|
|
_wire_boot_dependencies(httpx_mock)
|
|
httpx_mock.add_response(
|
|
url="http://mcp-telegram:9017/tools/notify_system_error",
|
|
json={"ok": True},
|
|
is_reusable=True,
|
|
)
|
|
|
|
await orch.boot()
|
|
assert orch.context.kill_switch.is_armed() is True
|