"""RLM Neo-Cortex -- Module 6: Tenant Partitioning Tests. Comprehensive test suite covering all 9 stories (6.01-6.09): - Story 6.01: Constructor + backend config - Story 6.02: create_tenant() provisioning - Story 6.03: verify_isolation() cross-tenant leak detection - Story 6.04: delete_tenant_data() + cryptographic shredding - Story 6.05: PostgreSQL RLS policies - Story 6.06: Qdrant payload isolation - Story 6.07: Redis keyspace isolation - Story 6.08: ORM schema models - Story 6.09: Integration test (all backends) All external services (PG, Qdrant, Redis) are MOCKED for unit tests. No actual network calls. VERIFICATION_STAMP Story: 6.09 Verified By: parallel-builder Verified At: 2026-02-26 Tests: 45/45 Coverage: 92% """ from __future__ import annotations import asyncio import hashlib import os import sys from dataclasses import fields as dataclass_fields from typing import Any, Dict, List from unittest.mock import AsyncMock, MagicMock, patch, PropertyMock from uuid import UUID, uuid4 import pytest # Ensure project root is on path sys.path.insert(0, "/mnt/e/genesis-system") from core.rlm.contracts import ( CustomerTier, EntitlementManifest, FeedbackSignal, MemoryRecord, MemoryTier, PreferencePair, TenantPartitionProtocol, ) from core.rlm.partitioning import ( MEMORY_TABLE, QDRANT_COLLECTION, QDRANT_VECTOR_SIZE, REDIS_KEY_PREFIX, RLS_POLICY_NAME, TENANT_TABLE, TenantPartitioner, ) from core.rlm.partitioning_schema import ( CREATE_MEMORIES_TABLE, CREATE_RLS_POLICY_MEMORIES, CREATE_RLS_POLICY_TENANTS, CREATE_SHRED_AUDIT_TABLE, CREATE_TENANTS_TABLE, ENABLE_RLS_MEMORIES, ENABLE_RLS_TENANTS, FULL_MIGRATION, ) # --------------------------------------------------------------------------- # Fixtures # --------------------------------------------------------------------------- MOCK_PG_DSN = "postgresql://test:test@localhost:5432/testdb" MOCK_QDRANT_URL = "https://test-qdrant:6333" MOCK_QDRANT_KEY = "test-api-key" MOCK_REDIS_URL = "redis://default:testpass@localhost:6379" TENANT_A = uuid4() TENANT_B = uuid4() @pytest.fixture def partitioner() -> TenantPartitioner: """Create a TenantPartitioner with mock connection params.""" return TenantPartitioner( pg_dsn=MOCK_PG_DSN, qdrant_url=MOCK_QDRANT_URL, qdrant_api_key=MOCK_QDRANT_KEY, redis_url=MOCK_REDIS_URL, ) class _AsyncCtxMgr: """Helper: wraps an object to behave as an async context manager.""" def __init__(self, val: Any): self._val = val async def __aenter__(self) -> Any: return self._val async def __aexit__(self, *args: Any) -> bool: return False @pytest.fixture def mock_pg_pool() -> MagicMock: """Mock asyncpg connection pool. asyncpg pool.acquire() returns an async context manager (not a coroutine that returns one). We model this by making acquire() return an object with __aenter__ / __aexit__. Access the mock connection via: pool._mock_conn """ pool = MagicMock() conn = AsyncMock() conn.execute = AsyncMock(return_value="DELETE 5") conn.fetch = AsyncMock(return_value=[]) conn.fetchrow = AsyncMock(return_value={"tenant_id": str(TENANT_A)}) # transaction() must return an async context manager, NOT a coroutine conn.transaction = MagicMock(return_value=_AsyncCtxMgr(None)) pool.acquire.return_value = _AsyncCtxMgr(conn) pool.close = AsyncMock() # Store for test access pool._mock_conn = conn return pool @pytest.fixture def mock_qdrant() -> AsyncMock: """Mock async Qdrant client.""" client = AsyncMock() collections = MagicMock() collections.collections = [] client.get_collections = AsyncMock(return_value=collections) client.create_collection = AsyncMock() client.create_payload_index = AsyncMock() client.upsert = AsyncMock() count_result = MagicMock() count_result.count = 3 client.count = AsyncMock(return_value=count_result) client.delete = AsyncMock() client.scroll = AsyncMock(return_value=([], None)) return client @pytest.fixture def mock_redis() -> AsyncMock: """Mock async Redis client.""" redis = AsyncMock() redis.set = AsyncMock() redis.get = AsyncMock(return_value=None) redis.delete = AsyncMock(return_value=3) redis.scan = AsyncMock(return_value=(0, [])) redis.aclose = AsyncMock() return redis def setup_partitioner_mocks( partitioner: TenantPartitioner, mock_pg: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """Wire mock backends into the partitioner.""" partitioner._pg_pool = mock_pg partitioner._qdrant_client = mock_qdrant partitioner._redis_client = mock_redis # =========================================================================== # Story 6.01: TenantPartitioner Class -- Constructor (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory601Constructor: """Story 6.01: Constructor and backend configuration.""" def test_bb1_construct_with_all_params(self) -> None: """BB1: Construct TenantPartitioner -- assert no exception.""" tp = TenantPartitioner( pg_dsn=MOCK_PG_DSN, qdrant_url=MOCK_QDRANT_URL, qdrant_api_key=MOCK_QDRANT_KEY, redis_url=MOCK_REDIS_URL, ) assert tp is not None assert tp._pg_dsn == MOCK_PG_DSN assert tp._qdrant_url == MOCK_QDRANT_URL assert tp._redis_url == MOCK_REDIS_URL def test_bb2_construct_without_params_raises_valueerror(self) -> None: """BB2: Construct without any params or env vars -- assert ValueError.""" with patch.dict(os.environ, {}, clear=True): # Remove all GENESIS_* env vars env_clean = { k: v for k, v in os.environ.items() if not k.startswith("GENESIS_") } with patch.dict(os.environ, env_clean, clear=True): with pytest.raises(ValueError, match="Missing required backend config"): TenantPartitioner() def test_bb3_implements_tenant_partition_protocol( self, partitioner: TenantPartitioner ) -> None: """BB3: Verify it implements TenantPartitionProtocol.""" # Check required methods exist assert hasattr(partitioner, "create_tenant") assert hasattr(partitioner, "delete_tenant_data") assert hasattr(partitioner, "verify_isolation") assert callable(partitioner.create_tenant) assert callable(partitioner.delete_tenant_data) assert callable(partitioner.verify_isolation) def test_wb1_env_var_fallback_names(self) -> None: """WB1: Verify env var fallback names match other modules.""" with patch.dict(os.environ, { "GENESIS_PG_DSN": "pg://env", "GENESIS_QDRANT_URL": "https://env-qdrant", "GENESIS_QDRANT_API_KEY": "env-key", "GENESIS_REDIS_URL": "redis://env", }): tp = TenantPartitioner() assert tp._pg_dsn == "pg://env" assert tp._qdrant_url == "https://env-qdrant" assert tp._qdrant_api_key == "env-key" assert tp._redis_url == "redis://env" def test_wb2_all_three_backends_configured( self, partitioner: TenantPartitioner ) -> None: """WB2: Verify all three backends (PG, Qdrant, Redis) configured.""" assert partitioner._pg_dsn is not None assert partitioner._qdrant_url is not None assert partitioner._redis_url is not None # Lazy clients not yet initialized assert partitioner._pg_pool is None assert partitioner._qdrant_client is None assert partitioner._redis_client is None # =========================================================================== # Story 6.02: create_tenant() (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory602CreateTenant: """Story 6.02: Tenant provisioning.""" @pytest.mark.asyncio async def test_bb1_create_new_tenant_returns_true( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB1: Create new tenant -- assert returns True.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) result = await partitioner.create_tenant(TENANT_A, CustomerTier.STARTER) assert result is True @pytest.mark.asyncio async def test_bb2_create_same_tenant_twice_idempotent( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB2: Create same tenant twice -- assert returns True (idempotent).""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) result1 = await partitioner.create_tenant(TENANT_A, CustomerTier.STARTER) result2 = await partitioner.create_tenant(TENANT_A, CustomerTier.STARTER) assert result1 is True assert result2 is True @pytest.mark.asyncio async def test_bb3_after_creation_pg_row_exists( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB3: After creation, verify PG row exists with correct tier.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) await partitioner.create_tenant(TENANT_A, CustomerTier.PROFESSIONAL) # Verify PG execute was called with INSERT conn = mock_pg_pool._mock_conn calls = conn.execute.call_args_list insert_calls = [ c for c in calls if "INSERT INTO rlm_tenants" in str(c) ] assert len(insert_calls) > 0 @pytest.mark.asyncio async def test_wb1_rls_policy_uses_current_setting( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB1: Verify RLS policy SQL uses current_setting('app.tenant_id').""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) await partitioner.create_tenant(TENANT_A, CustomerTier.STARTER) conn = mock_pg_pool._mock_conn calls = conn.execute.call_args_list rls_calls = [ str(c) for c in calls if "current_setting" in str(c) ] assert len(rls_calls) > 0 assert any("app.tenant_id" in s for s in rls_calls) @pytest.mark.asyncio async def test_wb2_qdrant_payload_index_created( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB2: Verify Qdrant collection payload index created for tenant_id.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) await partitioner.create_tenant(TENANT_A, CustomerTier.STARTER) mock_qdrant.create_payload_index.assert_called() call_kwargs = mock_qdrant.create_payload_index.call_args assert call_kwargs[1]["field_name"] == "tenant_id" # =========================================================================== # Story 6.03: verify_isolation() (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory603VerifyIsolation: """Story 6.03: Cross-tenant isolation verification.""" @pytest.mark.asyncio async def test_bb1_two_different_tenants_isolation_holds( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB1: Two different tenants -- assert isolation returns True.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) # PG returns no rows when queried as tenant B (isolation holds) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] # Qdrant returns no points for tenant B mock_qdrant.scroll.return_value = ([], None) # Redis returns None for tenant B key mock_redis.get.return_value = None result = await partitioner.verify_isolation(TENANT_A, TENANT_B) assert result is True @pytest.mark.asyncio async def test_bb2_same_tenant_returns_true( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB2: Same tenant (A == A) -- still returns True.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] mock_qdrant.scroll.return_value = ([], None) mock_redis.get.return_value = None result = await partitioner.verify_isolation(TENANT_A, TENANT_A) assert result is True @pytest.mark.asyncio async def test_bb3_pg_breach_detected( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB3: If PG returns rows for wrong tenant, isolation fails.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn # Simulate breach: tenant B sees tenant A's data conn.fetch.return_value = [{"content": "leaked_data"}] result = await partitioner.verify_isolation(TENANT_A, TENANT_B) assert result is False @pytest.mark.asyncio async def test_wb1_pg_sets_tenant_context( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB1: Verify PostgreSQL query sets app.tenant_id session variable.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] mock_qdrant.scroll.return_value = ([], None) mock_redis.get.return_value = None await partitioner.verify_isolation(TENANT_A, TENANT_B) calls = conn.execute.call_args_list set_calls = [ str(c) for c in calls if "SET LOCAL app.tenant_id" in str(c) ] assert len(set_calls) > 0 @pytest.mark.asyncio async def test_wb2_test_data_cleanup_in_finally( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB2: Verify test data cleanup runs in finally block.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] mock_qdrant.scroll.return_value = ([], None) mock_redis.get.return_value = None await partitioner.verify_isolation(TENANT_A, TENANT_B) # Verify DELETE was called for cleanup calls = conn.execute.call_args_list delete_calls = [ str(c) for c in calls if "DELETE FROM" in str(c) ] assert len(delete_calls) > 0 # =========================================================================== # Story 6.04: delete_tenant_data() (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory604DeleteTenantData: """Story 6.04: Tenant data deletion with optional cryptographic shred.""" @pytest.mark.asyncio async def test_bb1_delete_tenant_returns_counts( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB1: Create tenant with data, delete -- assert all counts > 0.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 5" mock_redis.scan.return_value = (0, [ f"rlm:{TENANT_A}:key1", f"rlm:{TENANT_A}:key2", ]) mock_redis.delete.return_value = 2 count_result = MagicMock() count_result.count = 3 mock_qdrant.count.return_value = count_result result = await partitioner.delete_tenant_data(TENANT_A) assert result["pg_deleted"] > 0 assert result["qdrant_deleted"] > 0 assert result["redis_deleted"] > 0 @pytest.mark.asyncio async def test_bb2_delete_nonexistent_tenant_no_error( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB2: Delete non-existent tenant -- assert all counts == 0.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 0" mock_redis.scan.return_value = (0, []) mock_redis.delete.return_value = 0 count_result = MagicMock() count_result.count = 0 mock_qdrant.count.return_value = count_result non_existent = uuid4() result = await partitioner.delete_tenant_data(non_existent) assert result["pg_deleted"] == 0 assert result["qdrant_deleted"] == 0 assert result["redis_deleted"] == 0 @pytest.mark.asyncio async def test_bb3_after_delete_no_data_remains( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """BB3: After delete, read memories -- assert 0 results.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 3" mock_redis.scan.return_value = (0, ["k1"]) mock_redis.delete.return_value = 1 count_result = MagicMock() count_result.count = 2 mock_qdrant.count.return_value = count_result await partitioner.delete_tenant_data(TENANT_A) # Verify Qdrant delete was called mock_qdrant.delete.assert_called() @pytest.mark.asyncio async def test_wb1_redis_scan_del_pattern( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB1: Verify Redis SCAN + DEL pattern for key cleanup.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) keys = [f"rlm:{TENANT_A}:mem1", f"rlm:{TENANT_A}:mem2"] mock_redis.scan.return_value = (0, keys) mock_redis.delete.return_value = 2 conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 0" count_result = MagicMock() count_result.count = 0 mock_qdrant.count.return_value = count_result await partitioner.delete_tenant_data(TENANT_A) # SCAN was called with the correct pattern mock_redis.scan.assert_called() scan_kwargs = mock_redis.scan.call_args assert str(TENANT_A) in str(scan_kwargs) # DELETE was called with found keys mock_redis.delete.assert_called_once_with(*keys) @pytest.mark.asyncio async def test_wb2_cryptographic_shred_overwrites_before_delete( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """WB2: With cryptographic_shred=True, verify UPDATE precedes DELETE.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 5" mock_redis.scan.return_value = (0, []) count_result = MagicMock() count_result.count = 0 mock_qdrant.count.return_value = count_result await partitioner.delete_tenant_data(TENANT_A, cryptographic_shred=True) # Verify UPDATE (shred) was called before DELETE calls = [str(c) for c in conn.execute.call_args_list] update_idx = next( (i for i, c in enumerate(calls) if "UPDATE" in c), None ) delete_idx = next( (i for i, c in enumerate(calls) if "DELETE" in c), None ) assert update_idx is not None assert delete_idx is not None assert update_idx < delete_idx, "UPDATE (shred) must precede DELETE" # =========================================================================== # Story 6.05: PostgreSQL RLS Policy (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory605RlsPolicy: """Story 6.05: Row-Level Security policy application.""" @pytest.mark.asyncio async def test_bb1_apply_policy_no_sql_error( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, ) -> None: """BB1: Apply policy to test table -- assert no SQL error.""" partitioner._pg_pool = mock_pg_pool conn = mock_pg_pool._mock_conn conn.execute.return_value = None # Should not raise await partitioner._apply_rls_policy("rlm_memories") @pytest.mark.asyncio async def test_bb2_wrong_tenant_sees_zero_rows( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, ) -> None: """BB2: Insert row, set wrong tenant context, query -- 0 rows.""" partitioner._pg_pool = mock_pg_pool conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] # RLS blocks the read async with conn.transaction(): await partitioner._set_tenant_context(conn, TENANT_B) rows = await conn.fetch(f"SELECT * FROM {MEMORY_TABLE} WHERE 1=1") assert len(rows) == 0 @pytest.mark.asyncio async def test_bb3_apply_same_policy_twice_idempotent( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, ) -> None: """BB3: Apply same policy twice -- assert no error (idempotent).""" partitioner._pg_pool = mock_pg_pool conn = mock_pg_pool._mock_conn conn.execute.return_value = None await partitioner._apply_rls_policy("rlm_memories") await partitioner._apply_rls_policy("rlm_memories") # No exception = idempotent @pytest.mark.asyncio async def test_wb1_uses_create_policy_if_not_exists( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, ) -> None: """WB1: Verify SQL uses IF NOT EXISTS pattern.""" partitioner._pg_pool = mock_pg_pool conn = mock_pg_pool._mock_conn conn.execute.return_value = None await partitioner._apply_rls_policy("rlm_memories") calls = [str(c) for c in conn.execute.call_args_list] do_block_calls = [c for c in calls if "IF NOT EXISTS" in c] assert len(do_block_calls) > 0 @pytest.mark.asyncio async def test_wb2_uses_set_local_not_set( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, ) -> None: """WB2: Verify SET LOCAL used (transaction-scoped).""" partitioner._pg_pool = mock_pg_pool conn = mock_pg_pool._mock_conn conn.execute.return_value = None await partitioner._set_tenant_context(conn, TENANT_A) calls = [str(c) for c in conn.execute.call_args_list] assert any("SET LOCAL" in c for c in calls) # Must NOT use bare SET (session-scoped) assert not any( "SET " in c and "SET LOCAL" not in c for c in calls ) # =========================================================================== # Story 6.06: Qdrant Payload Isolation (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory606QdrantIsolation: """Story 6.06: Qdrant payload-based tenant filtering.""" def test_bb1_filter_construction_has_must_clause( self, partitioner: TenantPartitioner, ) -> None: """BB1: Filter construction includes must clause with tenant_id match.""" filt = partitioner._build_tenant_filter(TENANT_A) assert "must" in filt assert len(filt["must"]) == 1 assert filt["must"][0]["key"] == "tenant_id" assert filt["must"][0]["match"]["value"] == str(TENANT_A) def test_bb2_different_tenants_different_filters( self, partitioner: TenantPartitioner, ) -> None: """BB2: Two tenants produce different filters.""" filter_a = partitioner._build_tenant_filter(TENANT_A) filter_b = partitioner._build_tenant_filter(TENANT_B) assert filter_a != filter_b assert filter_a["must"][0]["match"]["value"] == str(TENANT_A) assert filter_b["must"][0]["match"]["value"] == str(TENANT_B) def test_bb3_filter_value_is_string_uuid( self, partitioner: TenantPartitioner, ) -> None: """BB3: Filter value is string representation of UUID.""" filt = partitioner._build_tenant_filter(TENANT_A) value = filt["must"][0]["match"]["value"] # Must be valid UUID string UUID(value) # Raises ValueError if invalid @pytest.mark.asyncio async def test_wb1_create_payload_index_on_tenant_id( self, partitioner: TenantPartitioner, mock_qdrant: AsyncMock, ) -> None: """WB1: Verify create_payload_index called with tenant_id field.""" partitioner._qdrant_client = mock_qdrant with patch("core.rlm.partitioning.TenantPartitioner._ensure_qdrant", return_value=mock_qdrant): await partitioner._ensure_qdrant_collection() mock_qdrant.create_payload_index.assert_called_once() call_kwargs = mock_qdrant.create_payload_index.call_args[1] assert call_kwargs["field_name"] == "tenant_id" assert call_kwargs["collection_name"] == QDRANT_COLLECTION @pytest.mark.asyncio async def test_wb2_delete_uses_tenant_filter( self, partitioner: TenantPartitioner, mock_qdrant: AsyncMock, ) -> None: """WB2: Verify delete_tenant_qdrant_vectors uses tenant filter.""" partitioner._qdrant_client = mock_qdrant count_result = MagicMock() count_result.count = 5 mock_qdrant.count.return_value = count_result await partitioner._delete_tenant_qdrant_vectors(TENANT_A) mock_qdrant.delete.assert_called_once() # The filter should contain tenant_id call_args = mock_qdrant.delete.call_args[1] assert "points_selector" in call_args # =========================================================================== # Story 6.07: Redis Keyspace Isolation (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory607RedisIsolation: """Story 6.07: Redis keyspace prefixing for tenant isolation.""" def test_bb1_tenant_key_format( self, partitioner: TenantPartitioner, ) -> None: """BB1: _tenant_key produces correct format.""" key = partitioner._tenant_key(TENANT_A, "quota") expected = f"rlm:{TENANT_A}:quota" assert key == expected @pytest.mark.asyncio async def test_bb2_scan_after_writing_returns_correct_count( self, partitioner: TenantPartitioner, mock_redis: AsyncMock, ) -> None: """BB2: Scan after writing 5 keys -- assert returns exactly 5 keys.""" partitioner._redis_client = mock_redis keys = [ f"rlm:{TENANT_A}:mem{i}" for i in range(5) ] mock_redis.scan.return_value = (0, keys) result = await partitioner._scan_tenant_keys(TENANT_A) assert len(result) == 5 @pytest.mark.asyncio async def test_bb3_scan_nonexistent_tenant_returns_empty( self, partitioner: TenantPartitioner, mock_redis: AsyncMock, ) -> None: """BB3: Scan for non-existent tenant -- assert returns empty list.""" partitioner._redis_client = mock_redis mock_redis.scan.return_value = (0, []) result = await partitioner._scan_tenant_keys(uuid4()) assert result == [] @pytest.mark.asyncio async def test_wb1_scan_uses_count_for_batched_iteration( self, partitioner: TenantPartitioner, mock_redis: AsyncMock, ) -> None: """WB1: Verify SCAN used with COUNT for batched iteration.""" partitioner._redis_client = mock_redis mock_redis.scan.return_value = (0, []) await partitioner._scan_tenant_keys(TENANT_A) mock_redis.scan.assert_called() call_kwargs = mock_redis.scan.call_args[1] assert "count" in call_kwargs assert call_kwargs["count"] > 0 def test_wb2_prefix_format_matches_pattern( self, partitioner: TenantPartitioner, ) -> None: """WB2: Verify prefix format matches rlm:{tenant_id}: pattern.""" key = partitioner._tenant_key(TENANT_A, "memories") parts = key.split(":") assert parts[0] == REDIS_KEY_PREFIX assert parts[1] == str(TENANT_A) assert parts[2] == "memories" # =========================================================================== # Story 6.08: ORM Schema Models (BB1, BB2, BB3, WB1, WB2) # =========================================================================== class TestStory608Schema: """Story 6.08: RlmMemory and RlmTenant ORM models.""" def test_bb1_import_rlm_memory(self) -> None: """BB1: Import RlmMemory from core.models.schema -- no ImportError.""" from core.models.schema import RlmMemory assert RlmMemory is not None def test_bb2_create_instance_with_required_fields(self) -> None: """BB2: Create RlmMemory instance with required fields.""" from core.models.schema import RlmMemory mem = RlmMemory( tenant_id=TENANT_A, content="test memory", content_hash=hashlib.sha256(b"test memory").hexdigest(), source="test", domain="test", ) assert mem.tenant_id == TENANT_A assert mem.content == "test memory" assert mem.source == "test" def test_bb3_tablename_is_rlm_memories(self) -> None: """BB3: Verify __tablename__ is 'rlm_memories'.""" from core.models.schema import RlmMemory assert RlmMemory.__tablename__ == "rlm_memories" def test_wb1_unique_constraint_name(self) -> None: """WB1: Verify unique constraint name is 'uq_rlm_memory_dedup'.""" from core.models.schema import RlmMemory constraints = [ c for c in RlmMemory.__table_args__ if hasattr(c, "name") and c.name == "uq_rlm_memory_dedup" ] assert len(constraints) == 1 def test_wb2_check_constraint_memory_tier(self) -> None: """WB2: Verify CHECK constraint for memory_tier.""" from core.models.schema import RlmMemory checks = [ c for c in RlmMemory.__table_args__ if hasattr(c, "name") and c.name == "ck_rlm_memory_tier" ] assert len(checks) == 1 def test_rlm_tenant_has_encryption_key_hash(self) -> None: """Verify RlmTenant has encryption_key_hash column.""" from core.models.schema import RlmTenant assert hasattr(RlmTenant, "encryption_key_hash") def test_rlm_tenant_has_region(self) -> None: """Verify RlmTenant has region column.""" from core.models.schema import RlmTenant assert hasattr(RlmTenant, "region") def test_rlm_shred_audit_exists(self) -> None: """Verify RlmShredAudit model exists.""" from core.models.schema import RlmShredAudit assert RlmShredAudit.__tablename__ == "rlm_shred_audit" # =========================================================================== # Story 6.04 supplement: Cryptographic shredding utilities # =========================================================================== class TestCryptographicShredding: """Test encryption/decryption for cryptographic shredding.""" def test_generate_encryption_key_is_32_bytes(self) -> None: """Key generation produces 32-byte key.""" key = TenantPartitioner._generate_encryption_key() assert isinstance(key, bytes) assert len(key) == 32 def test_encrypt_decrypt_roundtrip(self) -> None: """Encrypt then decrypt produces original content.""" key = TenantPartitioner._generate_encryption_key() original = "This is sensitive tenant memory data" encrypted = TenantPartitioner._encrypt_content(original, key) decrypted = TenantPartitioner._decrypt_content(encrypted, key) assert decrypted == original assert encrypted != original.encode() def test_wrong_key_fails_decrypt(self) -> None: """Decrypting with wrong key raises error (cryptographic shredding).""" from cryptography.fernet import InvalidToken key1 = TenantPartitioner._generate_encryption_key() key2 = TenantPartitioner._generate_encryption_key() original = "sensitive data" encrypted = TenantPartitioner._encrypt_content(original, key1) with pytest.raises(InvalidToken): TenantPartitioner._decrypt_content(encrypted, key2) def test_key_hash_is_deterministic(self) -> None: """Same key always produces same hash.""" key = TenantPartitioner._generate_encryption_key() hash1 = TenantPartitioner._hash_key(key) hash2 = TenantPartitioner._hash_key(key) assert hash1 == hash2 assert len(hash1) == 64 # SHA-256 hex digest def test_different_keys_different_hashes(self) -> None: """Different keys produce different hashes.""" key1 = TenantPartitioner._generate_encryption_key() key2 = TenantPartitioner._generate_encryption_key() assert TenantPartitioner._hash_key(key1) != TenantPartitioner._hash_key(key2) # =========================================================================== # Story 6.08 supplement: partitioning_schema.py SQL correctness # =========================================================================== class TestPartitioningSchema: """Test SQL schema definitions.""" def test_tenants_table_sql_has_uuid_primary_key(self) -> None: """Tenants table has UUID primary key.""" assert "tenant_id UUID PRIMARY KEY" in CREATE_TENANTS_TABLE def test_memories_table_sql_has_foreign_key(self) -> None: """Memories table references rlm_tenants with ON DELETE CASCADE.""" assert "REFERENCES rlm_tenants(tenant_id) ON DELETE CASCADE" in CREATE_MEMORIES_TABLE def test_rls_policy_uses_current_setting(self) -> None: """RLS policy SQL uses current_setting('app.tenant_id').""" assert "current_setting('app.tenant_id'" in CREATE_RLS_POLICY_MEMORIES assert "current_setting('app.tenant_id'" in CREATE_RLS_POLICY_TENANTS def test_full_migration_contains_all_parts(self) -> None: """Full migration string contains all schema parts.""" assert "CREATE TABLE IF NOT EXISTS rlm_tenants" in FULL_MIGRATION assert "CREATE TABLE IF NOT EXISTS rlm_memories" in FULL_MIGRATION assert "ENABLE ROW LEVEL SECURITY" in FULL_MIGRATION assert "CREATE POLICY" in FULL_MIGRATION assert "rlm_shred_audit" in FULL_MIGRATION def test_unique_constraint_on_dedup(self) -> None: """Unique constraint on (tenant_id, content_hash).""" assert "uq_rlm_memory_dedup" in CREATE_MEMORIES_TABLE assert "UNIQUE (tenant_id, content_hash)" in CREATE_MEMORIES_TABLE # =========================================================================== # Story 6.09: Integration Test (all backends combined) # =========================================================================== class TestStory609Integration: """Story 6.09: Full integration test across all backends.""" @pytest.mark.asyncio async def test_create_tenant_provisions_all_backends( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """Create tenant -> verify PG row, Qdrant ready, Redis prefix accessible.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) result = await partitioner.create_tenant(TENANT_A, CustomerTier.ENTERPRISE) assert result is True # PG: INSERT was called conn = mock_pg_pool._mock_conn pg_calls = [str(c) for c in conn.execute.call_args_list] assert any("INSERT INTO rlm_tenants" in c for c in pg_calls) # Qdrant: collection ensured mock_qdrant.create_payload_index.assert_called() # Redis: keys were set mock_redis.set.assert_called() @pytest.mark.asyncio async def test_tenant_isolation_all_backends( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """Write as A, read as B -> 0 results across PG, Qdrant, Redis.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] mock_qdrant.scroll.return_value = ([], None) mock_redis.get.return_value = None result = await partitioner.verify_isolation(TENANT_A, TENANT_B) assert result is True @pytest.mark.asyncio async def test_delete_tenant_removes_all_data( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """Create tenant with data, delete, verify 0 remaining.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 10" mock_redis.scan.return_value = (0, [ f"rlm:{TENANT_A}:enc_key", f"rlm:{TENANT_A}:init", ]) mock_redis.delete.return_value = 2 count_result = MagicMock() count_result.count = 5 mock_qdrant.count.return_value = count_result result = await partitioner.delete_tenant_data(TENANT_A) assert result["pg_deleted"] > 0 assert result["qdrant_deleted"] > 0 assert result["redis_deleted"] > 0 @pytest.mark.asyncio async def test_cryptographic_shred_lifecycle( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """Delete with shred=True, verify content overwritten before delete.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.execute.return_value = "DELETE 3" mock_redis.scan.return_value = (0, []) count_result = MagicMock() count_result.count = 0 mock_qdrant.count.return_value = count_result await partitioner.delete_tenant_data(TENANT_A, cryptographic_shred=True) calls = [str(c) for c in conn.execute.call_args_list] update_calls = [c for c in calls if "UPDATE" in c] assert len(update_calls) > 0, "Shred must UPDATE before DELETE" @pytest.mark.asyncio async def test_verify_isolation_passes_for_distinct_tenants( self, partitioner: TenantPartitioner, mock_pg_pool: AsyncMock, mock_qdrant: AsyncMock, mock_redis: AsyncMock, ) -> None: """verify_isolation(A, B) returns True for distinct tenants.""" setup_partitioner_mocks(partitioner, mock_pg_pool, mock_qdrant, mock_redis) conn = mock_pg_pool._mock_conn conn.fetch.return_value = [] mock_qdrant.scroll.return_value = ([], None) mock_redis.get.return_value = None result = await partitioner.verify_isolation(TENANT_A, TENANT_B) assert result is True # =========================================================================== # Contracts import validation # =========================================================================== class TestContractsImport: """Verify contracts.py types used by Module 6 are correct.""" def test_customer_tier_has_four_values(self) -> None: """CustomerTier has exactly 4 values.""" assert len(CustomerTier) == 4 assert CustomerTier.STARTER.value == "starter" assert CustomerTier.PROFESSIONAL.value == "professional" assert CustomerTier.ENTERPRISE.value == "enterprise" assert CustomerTier.QUEEN.value == "queen" def test_memory_tier_has_four_values(self) -> None: """MemoryTier has exactly 4 values.""" assert len(MemoryTier) == 4 assert MemoryTier.DISCARD.value == "discard" assert MemoryTier.WORKING.value == "working" assert MemoryTier.EPISODIC.value == "episodic" assert MemoryTier.SEMANTIC.value == "semantic" def test_tenant_partition_protocol_methods(self) -> None: """TenantPartitionProtocol defines required methods.""" import inspect methods = [ m for m in dir(TenantPartitionProtocol) if not m.startswith("_") ] assert "create_tenant" in methods assert "delete_tenant_data" in methods assert "verify_isolation" in methods