Benjamin Admin
a4123ace71
This exposes the existing Smart Onboarding Advisor through a runtime endpoint; it does not add new
reasoning logic. Tightly scoped: adapter boundary + endpoint, no big frontend, no persistence, no
empirical learning, no new scanners, no LLM.
POST /onboarding/advisor-start : (company + certifications + target + scanner_findings[ProducedSignal])
-> Normalizer -> Silent Knowledge Pass -> Advisor -> { silent_intake_summary, inferred_assumptions,
rejected_assumptions, top_5_questions, capability_delta, top_measures, evidence_requests,
completeness_summary, auto_detected, headline }
GET /onboarding/targets : the supported target ids (CRA, TISAX, MDR, Environmental)
compliance/services/onboarding_service.py is the app-caller: it loads the curated knowledge (hypothesis
library, signal vocabulary + map, the target's required capabilities) once and calls the pure, tested
orchestration (normalize_signals -> silent_intake -> advisor_start). The scanner ADAPTER boundary is the
ProducedSignal format the request carries — existing scanners emit it, no new scanners. Thin handler
(<30 LOC), registered in the auto-load list. No DB. Additive to the OpenAPI contract (contract test is
additive-friendly; baseline regenerates on CI/py3.12). First deployable runtime feature -> dev deploy +
smoke. mypy --strict clean, 22 onboarding tests pass, check-loc 0.
54 lines
2.2 KiB
Python
54 lines
2.2 KiB
Python
"""POST /onboarding/advisor-start — the runtime endpoint that exposes the existing Advisor.
|
|
|
|
Exercises the router in isolation (no DB, no full app): scanner findings (ProducedSignal) -> normalize
|
|
-> Silent Pass -> Advisor -> the advisory payload. No new reasoning logic — just the wiring.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from fastapi import FastAPI
|
|
from fastapi.testclient import TestClient
|
|
|
|
from compliance.api.onboarding_routes import router
|
|
|
|
_app = FastAPI()
|
|
_app.include_router(router)
|
|
_client = TestClient(_app)
|
|
|
|
_BODY = {
|
|
"company": "synthetic", "industry": "machine_builder", "products": ["parking payment system"],
|
|
"markets": ["EU"], "certifications": ["ISO27001", "ISO9001"], "known_evidence": ["CE process"],
|
|
"target": "CRA",
|
|
"scanner_findings": [
|
|
{"signal_id": "cyclonedx_found", "source_type": "repository", "evidence": "sbom", "provenance": "sbom.cdx.json"},
|
|
{"signal_id": "vdp_found", "source_type": "website", "provenance": "/.well-known/security.txt"},
|
|
{"signal_id": "risk_assessment_pdf", "source_type": "document", "provenance": "risk.pdf"},
|
|
{"signal_id": "cloud_hosted", "source_type": "product"},
|
|
],
|
|
}
|
|
|
|
|
|
def test_targets_endpoint_lists_supported():
|
|
r = _client.get("/onboarding/targets")
|
|
assert r.status_code == 200
|
|
assert "CRA" in r.json()["targets"]
|
|
|
|
|
|
def test_advisor_start_returns_full_payload():
|
|
r = _client.post("/onboarding/advisor-start", json=_BODY)
|
|
assert r.status_code == 200, r.text
|
|
d = r.json()
|
|
for field in ["silent_intake_summary", "inferred_assumptions", "rejected_assumptions",
|
|
"top_5_questions", "capability_delta", "top_measures", "evidence_requests",
|
|
"completeness_summary"]:
|
|
assert field in d
|
|
assert len(d["top_5_questions"]) <= 5
|
|
assert d["auto_detected"] # Silent Pass recognised things from the scanners
|
|
assert "sbom_creation" not in {q["capability_id"] for q in d["top_5_questions"]} # detected -> not asked
|
|
|
|
|
|
def test_unknown_target_is_404():
|
|
body = dict(_BODY, target="NOPE")
|
|
r = _client.post("/onboarding/advisor-start", json=body)
|
|
assert r.status_code == 404
|