feat: add agent governance audit surfaces

2026-03-29 17:12:44 +08:00
parent 26f86f8484
commit 8bb58be5ff
5 changed files with 469 additions and 2 deletions
--- a/tests/test_main_agent_governance.py
+++ b/tests/test_main_agent_governance.py
@@ -509,6 +509,85 @@ class MainAgentGovernanceTests(unittest.TestCase):
        self.assertEqual(versions_after.status_code, 200, versions_after.text)
        self.assertEqual(versions_after.json()["count"], 3)

+    def test_user_policy_audits_include_personal_and_admin_layers_for_project(self) -> None:
+        self.client.put(
+            "/v2/oneliner/governance/user/global",
+            headers=self.ctx["member_headers"],
+            json={
+                "project_id": self.ctx["project_id"],
+                "title": "Global strategy",
+                "policy": {"tone": {"style": "analytical"}},
+                "reason": "personalize defaults",
+            },
+        )
+        self.client.post(
+            "/v2/admin/oneliner/governance/overrides",
+            headers=self.ctx["admin_headers"],
+            json={
+                "target_user_id": self.ctx["member_id"],
+                "target_project_id": self.ctx["project_id"],
+                "platform": "douyin",
+                "title": "Admin override",
+                "policy": {"actions": {"max_cards": 4}},
+                "reason": "contain drift",
+            },
+        )
+
+        response = self.client.get(
+            "/v2/oneliner/governance/user/audits",
+            headers=self.ctx["member_headers"],
+            params={"project_id": self.ctx["project_id"], "platform": "douyin"},
+        )
+        self.assertEqual(response.status_code, 200, response.text)
+        payload = response.json()
+        self.assertGreaterEqual(payload["count"], 2)
+        scope_kinds = [item["scope_kind"] for item in payload["items"]]
+        self.assertIn("user_global", scope_kinds)
+        self.assertIn("admin_override", scope_kinds)
+        first_item = payload["items"][0]
+        self.assertIn("version", first_item)
+        self.assertIn("scope", first_item)
+
+    def test_admin_policy_audits_include_target_and_system_layers(self) -> None:
+        self.client.put(
+            "/v2/admin/oneliner/governance/system/main-agent",
+            headers=self.ctx["admin_headers"],
+            json={
+                "title": "System main",
+                "policy": {"homepage": {"focus": "ops"}},
+                "reason": "seed system baseline",
+            },
+        )
+        self.client.post(
+            "/v2/admin/oneliner/governance/overrides",
+            headers=self.ctx["admin_headers"],
+            json={
+                "target_user_id": self.ctx["member_id"],
+                "target_project_id": self.ctx["project_id"],
+                "platform": "douyin",
+                "title": "Admin override",
+                "policy": {"actions": {"max_cards": 5}},
+                "reason": "focus target account",
+            },
+        )
+
+        response = self.client.get(
+            "/v2/admin/oneliner/governance/audits",
+            headers=self.ctx["admin_headers"],
+            params={
+                "target_user_id": self.ctx["member_id"],
+                "target_project_id": self.ctx["project_id"],
+                "platform": "douyin",
+                "include_system": "1",
+            },
+        )
+        self.assertEqual(response.status_code, 200, response.text)
+        payload = response.json()
+        self.assertGreaterEqual(payload["count"], 2)
+        scope_kinds = [item["scope_kind"] for item in payload["items"]]
+        self.assertIn("system_main", scope_kinds)
+        self.assertIn("admin_override", scope_kinds)
+
    def test_non_admin_cannot_change_system_defaults(self) -> None:
        response = self.client.put(
            "/v2/admin/oneliner/governance/system/main-agent",