Generated 2026-05-07 as part of Ring 0 cleanup (option C — delete zombies, rewrite high-value contracts as proper Ring 1 work).
This file captures the test ideas from the 94 deleted zombie tests
(see RING_FINDINGS.md R0-F2) so the same scenarios can be
rewritten properly in Ring 1 with mutation gates.
The 94 tests are grouped by value tier. Ring 1 should rewrite the HIGH-value ones; the LOW-value ones can be dropped.
Catches silent wiring bugs — action wired to wrong method, role tier missing, duplicate action names.
test_get_actions_table_exists— GET_ACTIONS dict exists on handlertest_get_actions_table_structure— every entry is(roles, method_name)tupletest_post_actions_table_exists— POST_ACTIONS dict existstest_post_actions_table_structure— same shape check for POSTtest_get_actions_have_handler_methods— every method_name in GET_ACTIONS resolvestest_post_actions_have_handler_methods— same for POSTtest_no_duplicate_action_names— no action name appears twicetest_no_public_actions_without_roles— every dispatch entry has a roles tuple (no None except where intentionally public, e.g. notifications)test_admin_only_actions_marked— known-admin actions have ADMIN_ROLEStest_all_action_methods_follow_naming—_action_<name>convention
Catches projection drift — the build-641 bug class. Each test must inspect the FULL response shape, not just top-level keys.
test_create_csv_success— response carries success flag, csv_file echotest_create_rule_success— response carries rule_name, mapping update visibletest_save_csv_success— response carries diff, version_id, content_hash, file_mtime, all expected fieldstest_save_col_widths_success— response shapetest_purge_trash_success— response shape + audit emissiontest_restore_from_trash_success— response shape + audit emissiontest_set_trash_retention_success— response shape + config persiststest_save_as_default_success— response shapetest_reset_factory_defaults_success— response shape + config revertstest_submit_approval_success— response carries request_id, queue grew by 1test_process_approval_approve_success— response shape, queue entry resolved, replay firedtest_process_approval_reject_success— response shape, queue entry resolved, NO replaytest_cancel_request_success— response shape, queue entry removedtest_mark_notifications_read_with_ids— response, target IDs markedtest_mark_all_notifications_read— bulk varianttest_log_csv_exported_event— emits audit event with all expected fieldstest_log_csv_imported_event— sametest_log_audit_exported_event— sametest_save_csv_small_edit_no_approval— gate not triggered for small edittest_save_csv_bulk_edit_requires_approval— gate triggered for bulk edit
Error responses are part of the contract. Often where projection drift hides because errors aren't checked as carefully as happy paths.
test_create_csv_invalid_filename— 400 witherrorfieldtest_create_csv_missing_file— 400 witherrorfieldtest_create_csv_already_exists— 409 conflicttest_create_rule_invalid_name— 400test_create_rule_missing_name— 400test_create_rule_already_exists— 409test_save_col_widths_csv_not_found— 404test_save_col_widths_missing_csv_file— 400test_save_col_widths_invalid_col_widths— 400test_purge_trash_item_not_found— 404test_restore_from_trash_error— error pathtest_set_trash_retention_invalid_days— 400test_cancel_request_missing_reason— 400test_cancel_request_not_found— 404test_cancel_request_not_requester— 403test_submit_approval_missing_action— 400test_submit_approval_invalid_action_type— 400test_log_event_invalid_action— 400test_invalid_action_name— generic unknown-action 400test_handle_get_missing_action_returns_400— GET no action paramtest_handle_post_unknown_user_returns_401— auth missingtest_error_response_has_error_field— every error response haserrorkeytest_success_response_has_success_field— happy path consistency
The approval gate is the highest-value security boundary. Must have deep tests.
test_save_csv_bulk_edit_requires_approval— gate triggerstest_remove_csv_bulk_triggers_approval— bulk-remove gatetest_remove_csv_conflict_cancels_pending— auto-cancel logictest_process_approval_approve_success— full approve flowtest_process_approval_reject_success— full reject flowtest_process_approval_request_not_found— 404 on missing requesttest_process_approval_reject_no_change_to_csv— reject doesn't replaytest_process_approval_audit_includes_approval_metadata— audit fields after approvetest_analyst_cannot_approve_own_request— RBAC self-approval blocktest_superadmin_can_approve_any_request— RBAC bypass for superadmin
Verifies that audit-emitting actions actually emit. Pairs with CLAUDE.md "Audit Trail Verification" rule.
test_log_csv_exported_event— audit event fields presenttest_log_csv_imported_event— sametest_log_audit_exported_event— same
These check hasattr(handler, '_action_X'). Python would raise
AttributeError at first dispatch attempt if the method were
missing — these tests provide no signal beyond what runtime gives
us for free.
test_action_create_rule_existstest_action_get_csv_content_existstest_action_get_csvs_existstest_action_get_mapping_existstest_action_get_rules_existstest_action_process_approval_existstest_action_save_csv_existstest_action_submit_approval_existstest_each_get_action_is_callabletest_dispatch_method_existstest_dispatch_method_signature— meta-test about signature, not behaviourtest_handle_get_method_existstest_handle_post_method_existstest_get_admin_limits_method_existstest_get_admin_limits_requires_admin_role— RBAC tier (covered bytest_rbac.py)test_get_analyst_usage_method_existstest_get_analyst_usage_requires_admin_role— RBAC (covered)test_get_approval_queue_method_existstest_get_approval_queue_returns_dict— shallow shapetest_get_daily_limits_method_existstest_get_daily_limits_requires_admin_role— RBAC (covered)test_get_versions_method_existstest_get_versions_returns_dict— shallow shapetest_list_trash_method_existstest_list_trash_returns_dict— shallow shapetest_all_required_get_actions_present— overlap with dispatch integritytest_all_simple_post_actions_have_methods— overlaptest_all_complex_post_actions_have_methods— overlaptest_approval_workflow_actions_require_admin_role— RBAC (covered)test_missing_required_roles— RBAC (covered)test_save_col_widths_signature— meta-testtest_log_event_signature— meta-testtest_cancel_request_signature— meta-testtest_mark_notifications_read_signature— meta-test
Each HIGH-value test in Ring 1 must:
- Run against the real
wl_manager_testcontainer (per user "container tests for accuracy" decision) - Inspect the FULL response shape — every field, not just top-level
- Have a corresponding mutation gate at ring close (sabotage the handler in 1-2 ways the test should catch, confirm failure)
- Use the conftest container-snapshot fixture (to be built in Ring 1 day 1) so test order doesn't matter and state doesn't accumulate