mxguru1
/

hsaq-tools

Model card Files Files and versions

xet

Community

mxguru1 commited on 10 days ago

Commit

a56cb6b

verified ·

1 Parent(s): e3937a5

Add Vault adapter smoke tests (7 assertions: bootstrap, migration idempotency, insert, dedup, fetch, hit/miss, gate rejection)

Browse files

Files changed (1) hide show

smoke_test_vault.py +177 -0

smoke_test_vault.py ADDED Viewed

	@@ -0,0 +1,177 @@

+"""
+Smoke test for vault_adapter.
+Coverage:
+  1. Open Vault on a tempdir, schema_migrations bootstrap works.
+  2. Apply migration 003 — idempotent (re-apply is a no-op).
+  3. Insert KV profile rows, count matches, gate audit log populated.
+  4. Re-insert the same rows — duplicates silently dropped (idempotent).
+  5. Fetch by invalidation key returns the inserted rows.
+  6. has_kv_profile() works on hit and miss.
+  7. PermissionGate rejection actually blocks writes.
+"""
+import sys
+import tempfile
+from pathlib import Path
+sys.path.insert(0, str(Path(__file__).resolve().parent))
+import vault_adapter as va
+import kv_profiler as kvp
+def hr(title: str) -> None:
+    print(f"\n{'=' * 6} {title} {'=' * 6}")
+# Build a minimal ProfileRow-shaped object for testing without needing a real
+# model. We use kvp.ProfileRow directly since it's the canonical shape.
+def make_row(layer_idx: int, k: int, v: int, quantizer: str, drift: float,
+             model_hash: str = "testhash") -> kvp.ProfileRow:
+    return kvp.ProfileRow(
+        model_hash=model_hash,
+        calibration_hash="calhash0",
+        pipeline_version="1.0.0",
+        layer_idx=layer_idx,
+        k_bits=k,
+        v_bits=v,
+        quantizer=quantizer,
+        drift_attn_output=drift,
+        drift_metric="mse_normalised",
+        bytes_per_kv_token=128.0,
+        max_seq_len_observed=1024,
+        num_kv_heads=8,
+        head_dim=128,
+        profiled_at="2026-05-18T12:00:00+00:00",
+        profiled_by_agent_id="smoke-test",
+        profiled_by_agent_tier=1,
+    )
+tmp = Path(tempfile.mkdtemp(prefix="vault_smoke_"))
+db_path = tmp / "vault.db"
+migration_path = Path(__file__).resolve().parent / "vault_migration_003_kv_sensitivity_profile.sql"
+print(f"  tmpdir: {tmp}")
+print(f"  migration: {migration_path}")
+assert migration_path.exists(), f"migration file not found at {migration_path}"
+# ===========================================================================
+# 1. Open Vault — schema_migrations bootstrap
+# ===========================================================================
+hr("1. open Vault on tempdir, schema_migrations bootstraps")
+vault = va.VaultAdapter(db_path)
+cur = vault.conn.execute(
+    "SELECT name FROM sqlite_master WHERE type='table' AND name='schema_migrations'"
+)
+assert cur.fetchone() is not None, "schema_migrations not created"
+print(f"  schema_migrations exists ✓")
+# ===========================================================================
+# 2. Apply migration 003 — idempotent
+# ===========================================================================
+hr("2. apply migration 003 (idempotent)")
+applied = vault.apply_migration(migration_path)
+print(f"  first apply: {'YES' if applied else 'NO'}")
+assert applied, "first apply should have run"
+applied2 = vault.apply_migration(migration_path)
+print(f"  second apply: {'YES' if applied2 else 'NO'}")
+assert not applied2, "second apply should have been skipped"
+print(f"  applied migrations: {vault.applied_migrations()}")
+assert "003" in vault.applied_migrations()
+# ===========================================================================
+# 3. Insert KV profile rows
+# ===========================================================================
+hr("3. insert KV profile rows")
+rows = [
+    make_row(layer_idx=i, k=4, v=4, quantizer="hqq_g64", drift=0.01 + i * 0.001)
+    for i in range(5)
+] + [
+    make_row(layer_idx=i, k=8, v=8, quantizer="hqq_g64", drift=0.001 + i * 0.0001)
+    for i in range(5)
+]
+print(f"  inserting {len(rows)} rows")
+result = vault.insert_kv_profile_rows(rows)
+print(f"  requested={result.requested} inserted={result.inserted} table={result.table}")
+assert result.requested == 10
+assert result.inserted == 10
+assert len(vault.gate.audit_log) >= 1, "permission gate audit log not populated"
+print(f"  gate audit log: {vault.gate.audit_log}")
+# ===========================================================================
+# 4. Re-insert same rows — idempotent dedup
+# ===========================================================================
+hr("4. re-insert same rows (idempotent)")
+result2 = vault.insert_kv_profile_rows(rows)
+print(f"  requested={result2.requested} inserted={result2.inserted}")
+assert result2.requested == 10
+assert result2.inserted == 0, "duplicate insert should have inserted 0 new rows"
+# ===========================================================================
+# 5. Fetch by invalidation key
+# ===========================================================================
+hr("5. fetch_kv_profile_rows")
+fetched = vault.fetch_kv_profile_rows("testhash", "calhash0", "1.0.0")
+print(f"  fetched {len(fetched)} rows")
+assert len(fetched) == 10
+assert all("drift_attn_output" in r for r in fetched)
+assert fetched[0]["model_hash"] == "testhash"
+# Wrong invalidation key returns empty
+missing = vault.fetch_kv_profile_rows("testhash", "calhash0", "9.9.9")
+print(f"  wrong pipeline_version: {len(missing)} rows")
+assert len(missing) == 0
+# ===========================================================================
+# 6. has_kv_profile
+# ===========================================================================
+hr("6. has_kv_profile hit/miss")
+assert vault.has_kv_profile("testhash", "calhash0", "1.0.0") is True
+print(f"  hit: True ✓")
+assert vault.has_kv_profile("doesnotexist", "calhash0", "1.0.0") is False
+print(f"  miss: False ✓")
+# ===========================================================================
+# 7. PermissionGate rejection
+# ===========================================================================
+hr("7. PermissionGate rejection actually blocks writes")
+class BlockingGate(va.PermissionGate):
+    def check_write(self, table: str, agent_id: str, agent_tier: int) -> None:
+        if agent_tier < 5:
+            raise va.PermissionDenied(
+                f"agent {agent_id} tier {agent_tier} below min tier 5 for {table}"
+            )
+        super().check_write(table, agent_id, agent_tier)
+vault2 = va.VaultAdapter(db_path, permission_gate=BlockingGate())
+new_row = make_row(layer_idx=99, k=2, v=2, quantizer="hqq_g64", drift=0.5,
+                   model_hash="willnotinsert")
+try:
+    vault2.insert_kv_profile_rows([new_row])
+    print(f"  FAIL: should have raised PermissionDenied")
+    sys.exit(1)
+except va.PermissionDenied as e:
+    print(f"  caught PermissionDenied: {e} ✓")
+# Verify nothing actually got in
+missing = vault2.fetch_kv_profile_rows("willnotinsert", "calhash0", "1.0.0")
+assert len(missing) == 0
+print(f"  row not in DB after rejection: ✓")
+vault2.close()
+vault.close()
+print("\nAll assertions passed.")