feat(V2): X-Bot-Tag header obbligatorio + endpoint /admin/audit con filtri

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

tests/unit/common/test_audit_helpers.py

@@ -101,3 +101,67 @@ async def test_audit_call_no_params_no_target():
         tool_fn=tool_fn,
     )
     assert result == {"ok": True}
+
+
+@pytest.mark.asyncio
+async def test_audit_call_propagates_bot_tag(monkeypatch):
+    """bot_tag letto da request.state e propagato a audit_write_op."""
+    from cerbero_mcp.common.audit_helpers import audit_call
+
+    logged = []
+
+    def fake_audit(**kw):
+        logged.append(kw)
+
+    monkeypatch.setattr("cerbero_mcp.common.audit_helpers.audit_write_op", fake_audit)
+
+    class FakeRequest:
+        class _State:
+            environment = "testnet"
+            bot_tag = "scanner-alpha"
+        state = _State()
+
+    async def tool_fn():
+        return {"order_id": "abc"}
+
+    await audit_call(
+        request=FakeRequest(),  # type: ignore[arg-type]
+        exchange="deribit",
+        action="place_order",
+        target_field="instrument_name",
+        params=FakeReq(instrument_name="BTC-PERPETUAL", qty=0.1),
+        tool_fn=tool_fn,
+    )
+    assert len(logged) == 1
+    assert logged[0]["bot_tag"] == "scanner-alpha"
+    assert logged[0]["actor"] == "testnet"
+
+
+@pytest.mark.asyncio
+async def test_audit_call_bot_tag_none_when_missing(monkeypatch):
+    """Se request.state.bot_tag non esiste, audit riceve None senza errore."""
+    from cerbero_mcp.common.audit_helpers import audit_call
+
+    logged = []
+
+    def fake_audit(**kw):
+        logged.append(kw)
+
+    monkeypatch.setattr("cerbero_mcp.common.audit_helpers.audit_write_op", fake_audit)
+
+    class FakeRequest:
+        class _State:
+            environment = "testnet"
+        state = _State()
+
+    async def tool_fn():
+        return {"ok": True}
+
+    await audit_call(
+        request=FakeRequest(),  # type: ignore[arg-type]
+        exchange="bybit",
+        action="cancel_all_orders",
+        tool_fn=tool_fn,
+    )
+    assert len(logged) == 1
+    assert logged[0]["bot_tag"] is None

tests/unit/test_admin.py

@@ -0,0 +1,155 @@
+from __future__ import annotations
+
+import json
+from pathlib import Path
+
+import pytest
+from fastapi.testclient import TestClient
+
+
+@pytest.fixture
+def tmp_audit_file(tmp_path, monkeypatch):
+    file_path = tmp_path / "audit.jsonl"
+    monkeypatch.setenv("AUDIT_LOG_FILE", str(file_path))
+    return file_path
+
+
+@pytest.fixture
+def app(monkeypatch, tmp_audit_file):
+    from tests.unit.test_settings import _minimal_env
+    for k, v in _minimal_env().items():
+        monkeypatch.setenv(k, v)
+    from cerbero_mcp.__main__ import _make_app
+    from cerbero_mcp.settings import Settings
+    return _make_app(Settings())
+
+
+def _write_records(file_path: Path, records: list[dict]) -> None:
+    with file_path.open("w") as f:
+        for r in records:
+            f.write(json.dumps(r) + "\n")
+
+
+def _bearer_test():
+    return {"Authorization": "Bearer t_test_123"}
+
+
+def test_admin_audit_no_file(app):
+    """Senza AUDIT_LOG_FILE settato, ritorna empty + warning."""
+    import os
+    os.environ.pop("AUDIT_LOG_FILE", None)
+    c = TestClient(app)
+    r = c.get("/admin/audit", headers=_bearer_test())
+    assert r.status_code == 200
+    body = r.json()
+    assert body["count"] == 0
+    assert "warning" in body
+
+
+def test_admin_audit_no_bearer_returns_401(app):
+    c = TestClient(app)
+    r = c.get("/admin/audit")
+    assert r.status_code == 401
+
+
+def test_admin_audit_no_bot_tag_required(app, tmp_audit_file):
+    """Endpoint admin NON richiede X-Bot-Tag (solo bearer)."""
+    _write_records(tmp_audit_file, [])
+    c = TestClient(app)
+    r = c.get("/admin/audit", headers=_bearer_test())
+    assert r.status_code == 200
+
+
+def test_admin_audit_returns_records(app, tmp_audit_file):
+    records = [
+        {
+            "audit_event": "write_op",
+            "asctime": "2026-05-01 10:00:00,000",
+            "actor": "testnet", "bot_tag": "alpha",
+            "exchange": "deribit", "action": "place_order",
+            "target": "BTC-PERPETUAL",
+            "payload": {"qty": 0.1},
+            "result": {"order_id": "abc"},
+        },
+        {
+            "audit_event": "write_op",
+            "asctime": "2026-05-01 11:00:00,000",
+            "actor": "mainnet", "bot_tag": "beta",
+            "exchange": "bybit", "action": "cancel_order",
+            "target": "ord-1",
+            "payload": {},
+        },
+    ]
+    _write_records(tmp_audit_file, records)
+    c = TestClient(app)
+    r = c.get("/admin/audit", headers=_bearer_test())
+    assert r.status_code == 200
+    body = r.json()
+    assert body["count"] == 2
+
+
+def test_admin_audit_filter_by_actor(app, tmp_audit_file):
+    records = [
+        {"audit_event": "write_op", "asctime": "2026-05-01 10:00:00,000",
+         "actor": "testnet", "bot_tag": "a", "exchange": "deribit", "action": "place_order"},
+        {"audit_event": "write_op", "asctime": "2026-05-01 11:00:00,000",
+         "actor": "mainnet", "bot_tag": "b", "exchange": "bybit", "action": "place_order"},
+    ]
+    _write_records(tmp_audit_file, records)
+    c = TestClient(app)
+    r = c.get("/admin/audit?actor=mainnet", headers=_bearer_test())
+    assert r.status_code == 200
+    body = r.json()
+    assert body["count"] == 1
+    assert body["records"][0]["actor"] == "mainnet"
+
+
+def test_admin_audit_filter_by_date_range(app, tmp_audit_file):
+    records = [
+        {"audit_event": "write_op", "asctime": "2026-04-30 10:00:00,000",
+         "actor": "testnet", "exchange": "deribit", "action": "place_order"},
+        {"audit_event": "write_op", "asctime": "2026-05-01 10:00:00,000",
+         "actor": "testnet", "exchange": "deribit", "action": "place_order"},
+        {"audit_event": "write_op", "asctime": "2026-05-02 10:00:00,000",
+         "actor": "testnet", "exchange": "deribit", "action": "place_order"},
+    ]
+    _write_records(tmp_audit_file, records)
+    c = TestClient(app)
+    r = c.get("/admin/audit?from=2026-05-01&to=2026-05-01T23:59:59", headers=_bearer_test())
+    assert r.status_code == 200
+    assert r.json()["count"] == 1
+
+
+def test_admin_audit_filter_by_bot_tag(app, tmp_audit_file):
+    records = [
+        {"audit_event": "write_op", "asctime": "2026-05-01 10:00:00,000",
+         "actor": "testnet", "bot_tag": "alpha", "exchange": "deribit", "action": "place_order"},
+        {"audit_event": "write_op", "asctime": "2026-05-01 11:00:00,000",
+         "actor": "testnet", "bot_tag": "beta", "exchange": "deribit", "action": "place_order"},
+    ]
+    _write_records(tmp_audit_file, records)
+    c = TestClient(app)
+    r = c.get("/admin/audit?bot_tag=alpha", headers=_bearer_test())
+    assert r.status_code == 200
+    assert r.json()["count"] == 1
+    assert r.json()["records"][0]["bot_tag"] == "alpha"
+
+
+def test_admin_audit_invalid_date(app, tmp_audit_file):
+    _write_records(tmp_audit_file, [])
+    c = TestClient(app)
+    r = c.get("/admin/audit?from=not-a-date", headers=_bearer_test())
+    assert r.status_code == 400
+
+
+def test_admin_audit_limit(app, tmp_audit_file):
+    records = [
+        {"audit_event": "write_op", "asctime": f"2026-05-01 10:{i:02d}:00,000",
+         "actor": "testnet", "exchange": "deribit", "action": "place_order"}
+        for i in range(50)
+    ]
+    _write_records(tmp_audit_file, records)
+    c = TestClient(app)
+    r = c.get("/admin/audit?limit=10", headers=_bearer_test())
+    assert r.status_code == 200
+    assert r.json()["count"] == 10

tests/unit/test_auth.py

@@ -67,7 +67,10 @@ def test_testnet_token_sets_env_testnet():
         return {"env": request.state.environment}
 
     c = TestClient(fa)
-    r = c.get("/mcp-deribit/peek", headers={"Authorization": "Bearer tk_test"})
+    r = c.get(
+        "/mcp-deribit/peek",
+        headers={"Authorization": "Bearer tk_test", "X-Bot-Tag": "test-bot"},
+    )
     assert r.status_code == 200
     assert r.json() == {"env": "testnet"}
 
@@ -83,7 +86,10 @@ def test_mainnet_token_sets_env_mainnet():
         return {"env": request.state.environment}
 
     c = TestClient(fa)
-    r = c.get("/mcp-deribit/peek", headers={"Authorization": "Bearer tk_live"})
+    r = c.get(
+        "/mcp-deribit/peek",
+        headers={"Authorization": "Bearer tk_live", "X-Bot-Tag": "test-bot"},
+    )
     assert r.status_code == 200
     assert r.json() == {"env": "mainnet"}
 
@@ -96,3 +102,73 @@ def test_uses_compare_digest():
 
     src = inspect.getsource(auth)
     assert "compare_digest" in src, "auth.py deve usare secrets.compare_digest"
+
+
+# ── X-Bot-Tag header ─────────────────────────────────────────────────────────
+
+def test_missing_bot_tag_returns_400():
+    from cerbero_mcp.auth import install_auth_middleware
+    fa = FastAPI()
+    install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
+
+    @fa.get("/mcp-deribit/health")
+    def h():
+        return {"ok": True}
+
+    c = TestClient(fa)
+    r = c.get("/mcp-deribit/health", headers={"Authorization": "Bearer t"})
+    assert r.status_code == 400
+    assert "X-Bot-Tag" in r.json()["error"]["message"]
+
+
+def test_bot_tag_accepted_and_set_on_state():
+    from cerbero_mcp.auth import install_auth_middleware
+    fa = FastAPI()
+    install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
+
+    @fa.get("/mcp-deribit/peek")
+    def peek(request: Request):
+        return {
+            "env": request.state.environment,
+            "bot_tag": request.state.bot_tag,
+        }
+
+    c = TestClient(fa)
+    r = c.get(
+        "/mcp-deribit/peek",
+        headers={"Authorization": "Bearer t", "X-Bot-Tag": "scanner-alpha"},
+    )
+    assert r.status_code == 200
+    assert r.json() == {"env": "testnet", "bot_tag": "scanner-alpha"}
+
+
+def test_bot_tag_too_long_returns_400():
+    from cerbero_mcp.auth import install_auth_middleware
+    fa = FastAPI()
+    install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
+
+    @fa.get("/mcp-deribit/health")
+    def h():
+        return {"ok": True}
+
+    c = TestClient(fa)
+    r = c.get(
+        "/mcp-deribit/health",
+        headers={"Authorization": "Bearer t", "X-Bot-Tag": "x" * 65},
+    )
+    assert r.status_code == 400
+
+
+def test_bot_tag_not_required_on_health():
+    """Health endpoint deve restare senza auth e senza bot tag."""
+    from cerbero_mcp.auth import install_auth_middleware
+    fa = FastAPI()
+    install_auth_middleware(fa, testnet_token="t", mainnet_token="m")
+
+    @fa.get("/health")
+    def h():
+        return {"ok": True}
+
+    c = TestClient(fa)
+    r = c.get("/health")
+    assert r.status_code == 200