Merge pull request #14 from devonartis/fix/dead-internal-paths

Refs devonartis/agentwrit#31

Author: devonartis

src/agentwrit/__init__.py

@@ -4,8 +4,6 @@
 entry point, Agent is an ephemeral per-task principal created by the app.
 All agent authority flows from the app's scope ceiling set by the operator.
 
-Spec: .plans/specs/NEW_SPECS_TO_USED.md
-ADRs: .plans/specs/SPEC_ADR.md (SDK-001 through SDK-012)
 """
 
 from __future__ import annotations

tests/sdk-core/evidence/story10_natural_expiry.txt

@@ -8,7 +8,7 @@ WHY:      Broker must enforce TTL even if the agent disappears
 EXPECTED: Token valid immediately, invalid after expiry,
           broker returns 'token is invalid or expired'
 =================================================================
-  agent_id:   spiffe://agentauth.local/agent/short-lived-service/quick-task-001/3602e8aa5e82ef38
+  agent_id:   spiffe://agentwrit.local/agent/short-lived-service/quick-task-001/7cf9a9d996cdd63d
   scope:      ['read:data:temp-resource']
   token:      eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
   expires_in: 5s (requested 5s)

tests/sdk-core/evidence/story11_rfc7807_error.txt

@@ -8,25 +8,25 @@ WHY:      Developers need actionable error info, not raw HTTP
 EXPECTED: AuthorizationError contains ProblemDetail with
           type, title, status, detail, and error_code
 =================================================================
-  Agent A: spiffe://agentauth.local/agent/error-test/trigger-403/060f75ca7d5a32db
+  Agent A: spiffe://agentwrit.local/agent/error-test/trigger-403/2eefc09f1143bb0e
   Agent A scope: ['read:data:only-this']
 
   Triggering 403 by delegating scope agent doesn't have...
   Caught: AuthorizationError
   exception.status_code: 403
 
   ProblemDetail fields:
-    type:       urn:agentauth:error:scope_violation
+    type:       urn:agentwrit:error:scope_violation
     title:      Forbidden
     status:     403
     detail:     delegated scope exceeds delegator scope
     instance:   /v1/delegate
     error_code: scope_violation
-    request_id: bd4b257e53efe7f2
+    request_id: 44e1b6e877801b01
     hint:       None
 
   PASS: status_code is 403
-  PASS: type is present: urn:agentauth:error:scope_violation
+  PASS: type is present: urn:agentwrit:error:scope_violation
   PASS: title is present: Forbidden
   PASS: detail is present: delegated scope exceeds delegator scope
   PASS: error_code is present: scope_violation

tests/sdk-core/evidence/story12_multi_agent_isolation.txt

@@ -8,15 +8,15 @@ WHY:      Compromised agent A cannot access agent B's data
 EXPECTED: 3 unique SPIFFE IDs, 3 non-overlapping scopes,
           scope_is_subset confirms no cross-access
 =================================================================
-  Agent: spiffe://agentauth.local/agent/multi-agent-service/read-customers/0c1591e7c0c444dd
+  Agent: spiffe://agentwrit.local/agent/multi-agent-service/read-customers/2fe3952df998df75
     task_id: read-customers
     scope:   ['read:data:customers-west']
     token:   eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
-  Agent: spiffe://agentauth.local/agent/multi-agent-service/read-inventory/1544cfa5533fbe1c
+  Agent: spiffe://agentwrit.local/agent/multi-agent-service/read-inventory/a4533026580f7a0f
     task_id: read-inventory
     scope:   ['read:data:inventory-warehouse-3']
     token:   eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
-  Agent: spiffe://agentauth.local/agent/multi-agent-service/write-reports/c3f99bc97cde4bb1
+  Agent: spiffe://agentwrit.local/agent/multi-agent-service/write-reports/f9af4372b1008b83
     task_id: write-reports
     scope:   ['write:data:quarterly-report-q3']
     token:   eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
@@ -34,13 +34,13 @@ EXPECTED: 3 unique SPIFFE IDs, 3 non-overlapping scopes,
 
   Validating each agent's token:
     agent[0] (read-customers): valid=True
-      sub:   spiffe://agentauth.local/agent/multi-agent-service/read-customers/0c1591e7c0c444dd
+      sub:   spiffe://agentwrit.local/agent/multi-agent-service/read-customers/2fe3952df998df75
       scope: ['read:data:customers-west']
     agent[1] (read-inventory): valid=True
-      sub:   spiffe://agentauth.local/agent/multi-agent-service/read-inventory/1544cfa5533fbe1c
+      sub:   spiffe://agentwrit.local/agent/multi-agent-service/read-inventory/a4533026580f7a0f
       scope: ['read:data:inventory-warehouse-3']
     agent[2] (write-reports): valid=True
-      sub:   spiffe://agentauth.local/agent/multi-agent-service/write-reports/c3f99bc97cde4bb1
+      sub:   spiffe://agentwrit.local/agent/multi-agent-service/write-reports/f9af4372b1008b83
       scope: ['write:data:quarterly-report-q3']
 
 ═══ STORY 12: PASS ═══

tests/sdk-core/evidence/story13_renew_released.txt

@@ -5,22 +5,22 @@ ACCEPTANCE TEST: STORY 13 — RENEW A RELEASED AGENT
 WHO:      Developer code that tries to renew a dead agent
 WHAT:     Agent was released, then renew() is called
 WHY:      SDK must fail fast with a clear error, not hit broker
-EXPECTED: AgentAuthError raised with message about release
+EXPECTED: AgentWritError raised with message about release
 =================================================================
-  agent_id:   spiffe://agentauth.local/agent/lifecycle-test/renew-after-release/383cb9ef845a1c6d
+  agent_id:   spiffe://agentwrit.local/agent/lifecycle-test/renew-after-release/c4733268162b1a1a
   scope:      ['read:data:test-resource']
   expires_in: 300s
 
   release() called — agent is now dead
 
   Attempting renew() on released agent...
-  Caught: AgentAuthError
+  Caught: AgentWritError
   Message: agent has been released and cannot be renewed
 
   PASS: Error message mentions 'released'
 
   Attempting delegate() on released agent...
-  Caught: AgentAuthError
+  Caught: AgentWritError
   Message: agent has been released and cannot delegate
 
   PASS: Error message mentions 'released'

tests/sdk-core/evidence/story15_health_check.txt

@@ -11,13 +11,13 @@ EXPECTED: HealthStatus with status='ok', version, uptime,
   health() returned:
     status:              ok
     version:             2.0.0
-    uptime:              153912s
+    uptime:              146s
     db_connected:        True
-    audit_events_count:  3046
+    audit_events_count:  96
 
   PASS: Broker status is 'ok'
   PASS: Version reported: 2.0.0
-  PASS: Uptime is 153912s (broker is running)
+  PASS: Uptime is 146s (broker is running)
   PASS: Database is connected
 
 ═══ STORY 15: PASS ═══

tests/sdk-core/evidence/story1_create_agent.txt

@@ -8,7 +8,7 @@ WHY:      Every agent must have a verifiable identity and scope
 EXPECTED: Agent has a SPIFFE ID containing the orch_id,
           and scope matches exactly what was requested
 =================================================================
-  agent_id:   spiffe://agentauth.local/agent/data-service/lookup-artis/0162615af9783c2c
+  agent_id:   spiffe://agentwrit.local/agent/data-service/lookup-artis/8d345a20521992c8
   scope:      ['read:data:customer-artis']
   token:      eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
   expires_in: 300s

tests/sdk-core/evidence/story2_renew_token.txt

@@ -8,7 +8,7 @@ WHY:      Tokens expire — renewal keeps the agent alive
 EXPECTED: New token issued, old token revoked,
           agent identity (SPIFFE ID) unchanged
 =================================================================
-  agent_id:      spiffe://agentauth.local/agent/export-service/export-job-001/afe74b0eb9deb34d
+  agent_id:      spiffe://agentwrit.local/agent/export-service/export-job-001/115c91bed2324aa0
   old token:     eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
   old expires_in: 300s
 

tests/sdk-core/evidence/story3_release_token.txt

@@ -7,7 +7,7 @@ WHAT:     Agent calls release() to revoke its own token
 WHY:      Dead tokens cannot be misused if leaked
 EXPECTED: Token revoked at broker, second release() is safe
 =================================================================
-  agent_id:   spiffe://agentauth.local/agent/cleanup-service/cleanup-job-001/f5046a50e548fc1c
+  agent_id:   spiffe://agentwrit.local/agent/cleanup-service/cleanup-job-001/1e5a9b06e79c23dc
   token:      eyJhbGciOiJFZERTQSIsInR5cCI6Ik...
   expires_in: 300s
 

tests/sdk-core/evidence/story4_validate_token.txt

@@ -8,18 +8,18 @@ WHY:      Zero-trust — never assume a token is valid
 EXPECTED: Broker returns valid=true with claims that
           match the agent's scope, identity, and task
 =================================================================
-  agent_id: spiffe://agentauth.local/agent/reporting-service/quarterly-report/d100ed335e95cd8a
+  agent_id: spiffe://agentwrit.local/agent/reporting-service/quarterly-report/f49ff998df436800
   scope:    ['read:data:report-q3', 'write:data:summary-q3']
 
   validate() returned: valid=True
-    iss:     agentauth
-    sub:     spiffe://agentauth.local/agent/reporting-service/quarterly-report/d100ed335e95cd8a
+    iss:     
+    sub:     spiffe://agentwrit.local/agent/reporting-service/quarterly-report/f49ff998df436800
     scope:   ['read:data:report-q3', 'write:data:summary-q3']
     orch_id: reporting-service
     task_id: quarterly-report
-    jti:     fa81df2f42570e0eff9ad5c9b9488993
-    exp:     1775583493
-    iat:     1775583193
+    jti:     de250a1c0bfb2123c3b0cc52d7da360f
+    exp:     1776198669
+    iat:     1776198369
 
   PASS: Claims scope matches requested ['read:data:report-q3', 'write:data:summary-q3']
   PASS: Claims sub matches agent_id