test: cover agent allowlist enforcement in record_usage#74
Merged
mikewheeleer merged 1 commit intoJun 24, 2026
Merged
Conversation
Closes Agentpay-Org#16. The allowlist gate in record_usage (and set_allowlist_enabled / set_agent_allowed / is_agent_allowed) had no enforcement coverage. Add focused tests: disabled gate allows any agent; enabled + unlisted → AgentNotAllowed (Agentpay-Org#10); enabled + allowed → succeeds; allowed-then-revoked re-blocks; is_allowlist_enabled / is_agent_allowed round-trips; disabling the gate restores access; and multiple agents with mixed status. Test-only change — no contract logic modified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #16.
Summary
The allowlist logic in
record_usage(andset_allowlist_enabled/set_agent_allowed/is_agent_allowed) had no enforcement coverage — nothing asserted that an off-allowlist agent is rejected withAgentNotAllowed(#10) or that disabling the gate restores access. This closes that gap.Tests added (test-only; no contract logic changed)
test_allowlist_disabled_allows_any_agent— default (off) allows any agent.test_allowlist_enabled_rejects_unlisted_agent— on + unlisted →#10.test_allowlist_enabled_allows_listed_agent— on + listed → succeeds.test_allowlist_revocation_reblocks_agent— allowed then revoked →#10.test_allowlist_disable_restores_access— toggling the gate off restores access (usestry_record_usage).test_allowlist_status_round_trips—is_allowlist_enabled/is_agent_allowedround-trips.test_allowlist_mixed_agents— multiple agents, mixed status, handled independently.#[should_panic(expected = "Error(Contract, #10)")]matches the existing test conventions. A module section comment documents the covered behaviour.Verification
cargo fmt --all -- --check,cargo build,cargo testall green — 58 passed; 0 failed.Security notes
The tests prove the gate cannot be bypassed: an unlisted agent is rejected, revocation re-blocks, and the gate is off only by explicit default.