Skip to content

test: cover agent allowlist enforcement in record_usage #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mikewheeleer merged 1 commit into from
Jun 24, 2026
Merged

test: cover agent allowlist enforcement in record_usage #74

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
129 changes: 129 additions & 0 deletions contracts/escrow/src/test.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -697,3 +697,132 @@ fn test_pause_pause_unpause_ends_unpaused() {

assert!(!client.is_paused());
}

// ---------------------------------------------------------------------------
// Agent allowlist enforcement (#16)
//
// These tests cover the `record_usage` allowlist gate end to end: the gate is
// off by default (any agent allowed), on + unlisted → AgentNotAllowed (#10),
// on + listed → succeeds, and revocation re-blocks. They also exercise the
// `is_allowlist_enabled` / `is_agent_allowed` round-trips, toggling the gate
// while usage already exists, and multiple agents with mixed status.
// ---------------------------------------------------------------------------

/// With the allowlist disabled (the default), any agent can record usage.
#[test]
fn test_allowlist_disabled_allows_any_agent() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
assert!(!client.is_allowlist_enabled());

let agent = Address::generate(&env);
let service_id = Symbol::new(&env, "weather_api");
let record = client.record_usage(&agent, &service_id, &5u32);
assert_eq!(record.requests, 5);
}

/// With the allowlist enabled and the agent not listed, record_usage panics
/// with AgentNotAllowed (#10).
#[test]
#[should_panic(expected = "Error(Contract, #10)")]
fn test_allowlist_enabled_rejects_unlisted_agent() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
client.set_allowlist_enabled(&true);

let agent = Address::generate(&env);
let service_id = Symbol::new(&env, "weather_api");
client.record_usage(&agent, &service_id, &1u32);
}

/// With the allowlist enabled and the agent explicitly allowed, record_usage
/// succeeds.
#[test]
fn test_allowlist_enabled_allows_listed_agent() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
client.set_allowlist_enabled(&true);

let agent = Address::generate(&env);
client.set_agent_allowed(&agent, &true);
assert!(client.is_agent_allowed(&agent));

let service_id = Symbol::new(&env, "weather_api");
let record = client.record_usage(&agent, &service_id, &3u32);
assert_eq!(record.requests, 3);
}

/// An agent allowed then revoked is rejected again with #10.
#[test]
#[should_panic(expected = "Error(Contract, #10)")]
fn test_allowlist_revocation_reblocks_agent() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
client.set_allowlist_enabled(&true);

let agent = Address::generate(&env);
let service_id = Symbol::new(&env, "weather_api");
client.set_agent_allowed(&agent, &true);
client.record_usage(&agent, &service_id, &2u32);

// Revoke and try again — must be rejected.
client.set_agent_allowed(&agent, &false);
assert!(!client.is_agent_allowed(&agent));
client.record_usage(&agent, &service_id, &1u32);
}

/// Disabling the gate after enabling it restores access for any agent.
#[test]
fn test_allowlist_disable_restores_access() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
let agent = Address::generate(&env);
let service_id = Symbol::new(&env, "weather_api");

client.set_allowlist_enabled(&true);
// Gate on, agent unlisted → blocked (try_ to avoid unwinding the test).
assert!(client.try_record_usage(&agent, &service_id, &1u32).is_err());

// Turn the gate back off; the unlisted agent can record again.
client.set_allowlist_enabled(&false);
let record = client.record_usage(&agent, &service_id, &7u32);
assert_eq!(record.requests, 7);
}

/// is_allowlist_enabled / is_agent_allowed round-trip cleanly.
#[test]
fn test_allowlist_status_round_trips() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);

assert!(!client.is_allowlist_enabled());
client.set_allowlist_enabled(&true);
assert!(client.is_allowlist_enabled());

let agent = Address::generate(&env);
assert!(!client.is_agent_allowed(&agent));
client.set_agent_allowed(&agent, &true);
assert!(client.is_agent_allowed(&agent));
client.set_agent_allowed(&agent, &false);
assert!(!client.is_agent_allowed(&agent));
}

/// With the gate on, multiple agents of mixed status are handled independently:
/// the allowed one records, the unlisted one is blocked.
#[test]
fn test_allowlist_mixed_agents() {
let env = Env::default();
let (client, _admin) = setup_initialized(&env);
let service_id = Symbol::new(&env, "weather_api");

let allowed = Address::generate(&env);
let blocked = Address::generate(&env);
client.set_allowlist_enabled(&true);
client.set_agent_allowed(&allowed, &true);

let record = client.record_usage(&allowed, &service_id, &4u32);
assert_eq!(record.requests, 4);
assert!(client
.try_record_usage(&blocked, &service_id, &1u32)
.is_err());
}
Loading