feat(review-workflow): enforce single terminal review decision per review run (#211)
This commit is contained in:
+5
-23
@@ -112,15 +112,10 @@ class TestAPIPayload(unittest.TestCase):
|
||||
|
||||
|
||||
class TestMutationAuthorityLock(unittest.TestCase):
|
||||
"""#199 (refs #194): the CLI refuses to run under a profile that differs
|
||||
from the session profile lock exported by the launching MCP session."""
|
||||
"""#199 (refs #194): the CLI refuses to run under active MCP sessions."""
|
||||
|
||||
@patch("review_pr.get_profile")
|
||||
def test_cli_blocked_on_session_lock_mismatch(self, mock_get_profile):
|
||||
# An author-bound session exported the lock; the CLI resolves a
|
||||
# reviewer profile (GITEA_MCP_PROFILE side-channel override) — reject
|
||||
# before any API call.
|
||||
mock_get_profile.return_value = {"profile_name": "prgs-reviewer"}
|
||||
def test_cli_disabled_on_session_lock(self):
|
||||
# When running inside an MCP session, direct review submission via CLI is disabled entirely.
|
||||
import io
|
||||
buf = io.StringIO()
|
||||
with patch.dict(os.environ,
|
||||
@@ -129,22 +124,9 @@ class TestMutationAuthorityLock(unittest.TestCase):
|
||||
rc = review_pr.main([
|
||||
"--pr-number", "81", "--event", "APPROVE",
|
||||
])
|
||||
self.assertEqual(rc, 3)
|
||||
self.assertEqual(rc, 2)
|
||||
msg = buf.getvalue().lower()
|
||||
self.assertIn("cli override rejected", msg)
|
||||
|
||||
@patch("review_pr.get_profile")
|
||||
@patch("review_pr.api_request")
|
||||
@patch("review_pr.get_auth_header", return_value=FAKE_CREDS)
|
||||
def test_cli_allowed_on_profile_match(self, _auth, mock_api, mock_get_profile):
|
||||
mock_get_profile.return_value = {"profile_name": "prgs-reviewer"}
|
||||
mock_api.side_effect = [FAKE_PR_DATA, {}]
|
||||
with patch.dict(os.environ,
|
||||
{"GITEA_SESSION_PROFILE_LOCK": "prgs-reviewer"}):
|
||||
rc = review_pr.main([
|
||||
"--pr-number", "81", "--event", "APPROVE",
|
||||
])
|
||||
self.assertEqual(rc, 0)
|
||||
self.assertIn("disabled within mcp sessions", msg)
|
||||
|
||||
@patch("review_pr.api_request")
|
||||
@patch("review_pr.get_auth_header", return_value=FAKE_CREDS)
|
||||
|
||||
Reference in New Issue
Block a user