Upload 5 files

tests/test_drift.py

@@ -19,6 +19,7 @@ from __future__ import annotations
 
 import copy
 from dataclasses import asdict
+from typing import Any
 
 import pytest
 
@@ -36,8 +37,8 @@ from osint_core.drift import (
 )
 
 
-def make_telemetry(**overrides):
-    data = {
+def make_telemetry(**overrides: Any) -> TelemetrySnapshot:
+    data: dict[str, Any] = {
         "run_id": "run_test_001",
         "manifest_hash": "manifest_good",
         "dependency_hash": "deps_good",
@@ -61,8 +62,8 @@ def make_telemetry(**overrides):
     return TelemetrySnapshot(**data)
 
 
-def make_baseline(**overrides):
-    data = {
+def make_baseline(**overrides: Any) -> dict[str, Any]:
+    data: dict[str, Any] = {
         "runtime_p95_ms": 500,
         "error_rate_threshold": 2,
         "timeout_threshold": 1,
@@ -85,8 +86,8 @@ def make_baseline(**overrides):
     return data
 
 
-def make_policy_result(**overrides):
-    data = {
+def make_policy_result(**overrides: Any) -> dict[str, Any]:
+    data: dict[str, Any] = {
         "decision": "allow",
         "allowed_modules": ["resource_links"],
         "blocked_modules": [],
@@ -96,7 +97,22 @@ def make_policy_result(**overrides):
     return data
 
 
-def test_drift_vector_defaults_to_zero():
+@pytest.fixture
+def telemetry() -> TelemetrySnapshot:
+    return make_telemetry()
+
+
+@pytest.fixture
+def baseline() -> dict[str, Any]:
+    return make_baseline()
+
+
+@pytest.fixture
+def policy_result() -> dict[str, Any]:
+    return make_policy_result()
+
+
+def test_drift_vector_defaults_to_zero() -> None:
     vector = DriftVector()
 
     assert vector.statistical == 0.0
@@ -107,7 +123,11 @@ def test_drift_vector_defaults_to_zero():
     assert vector.policy == 0.0
 
 
-def test_aggregate_signals_uses_max_score_per_type():
+def test_aggregate_signals_empty_returns_zero_vector() -> None:
+    assert aggregate_signals([]) == DriftVector()
+
+
+def test_aggregate_signals_uses_max_score_per_type() -> None:
     signals = [
         DriftSignal(
             name="weak_adversarial_signal",
@@ -142,7 +162,8 @@ def test_aggregate_signals_uses_max_score_per_type():
     assert vector.policy == 0.0
 
 
-def test_dominant_type_respects_priority_not_raw_score():
+def test_dominant_type_prefers_adversarial_over_statistical() -> None:
+    # Adversarial outranks statistical even if statistical has a higher raw score.
     vector = DriftVector(
         statistical=0.9,
         adversarial=0.4,
@@ -151,6 +172,8 @@ def test_dominant_type_respects_priority_not_raw_score():
 
     assert choose_dominant_drift_type(vector) == DriftType.ADVERSARIAL
 
+
+def test_dominant_type_prefers_policy_over_all() -> None:
     vector = DriftVector(
         statistical=0.9,
         adversarial=0.4,
@@ -160,45 +183,41 @@ def test_dominant_type_respects_priority_not_raw_score():
     assert choose_dominant_drift_type(vector) == DriftType.POLICY
 
 
-def test_recommend_correction_policy_drift_reverts():
-    vector = DriftVector(policy=0.6, statistical=1.0, adversarial=0.2)
-
-    assert recommend_correction(vector) == "REVERT"
-
-
-def test_recommend_correction_structural_drift_reverts():
-    vector = DriftVector(structural=0.5)
-
-    assert recommend_correction(vector) == "REVERT"
-
-
-def test_recommend_correction_behavioral_drift_reverts():
-    vector = DriftVector(behavioral=0.7)
-
-    assert recommend_correction(vector) == "REVERT"
-
-
-def test_recommend_correction_adversarial_drift_constrains():
-    vector = DriftVector(adversarial=0.3, statistical=0.9)
-
-    assert recommend_correction(vector) == "CONSTRAIN"
-
-
-def test_recommend_correction_statistical_drift_adapts_only_when_clean():
-    vector = DriftVector(statistical=0.5)
-
-    assert recommend_correction(vector) == "ADAPT"
-
-
-def test_recommend_correction_defaults_to_observe():
-    vector = DriftVector(statistical=0.1, operational=0.1)
-
-    assert recommend_correction(vector) == "OBSERVE"
+def test_dominant_type_respects_structural_over_behavioral_over_operational() -> None:
+    vector = DriftVector(structural=0.1, behavioral=0.9, operational=1.0)
+    assert choose_dominant_drift_type(vector) == DriftType.STRUCTURAL
+
+    vector = DriftVector(behavioral=0.2, adversarial=0.9, operational=1.0)
+    assert choose_dominant_drift_type(vector) == DriftType.BEHAVIORAL
+
+
+@pytest.mark.parametrize(
+    ("vector", "expected"),
+    [
+        (DriftVector(policy=0.6, statistical=1.0, adversarial=0.2), "REVERT"),
+        (DriftVector(structural=0.5), "REVERT"),
+        (DriftVector(behavioral=0.7), "REVERT"),
+        (DriftVector(adversarial=0.3, statistical=0.9), "CONSTRAIN"),
+        (DriftVector(statistical=0.5), "ADAPT"),
+        (DriftVector(statistical=0.1, operational=0.1), "OBSERVE"),
+    ],
+    ids=[
+        "policy_revert",
+        "structural_revert",
+        "behavioral_revert",
+        "adversarial_constrain",
+        "statistical_adapt",
+        "default_observe",
+    ],
+)
+def test_recommend_correction(vector: DriftVector, expected: str) -> None:
+    assert recommend_correction(vector) == expected
 
 
-def test_policy_violation_creates_policy_signal_and_revert_recommendation():
-    telemetry = make_telemetry()
-    baseline = make_baseline()
+def test_policy_violation_creates_policy_signal_and_revert_recommendation(
+    telemetry: TelemetrySnapshot,
+    baseline: dict[str, Any],
+) -> None:
     policy_result = make_policy_result(
         decision="constrain",
         blocked_modules=["port_scan"],
@@ -224,13 +243,14 @@ def test_policy_violation_creates_policy_signal_and_revert_recommendation():
     assert any(signal.drift_type == DriftType.POLICY for signal in assessment.signals)
 
 
-def test_authorization_gate_trigger_creates_policy_signal():
+def test_authorization_gate_trigger_creates_policy_signal(
+    baseline: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(
         modules_requested=["http_headers"],
         modules_blocked=["http_headers"],
         authorized_target=False,
     )
-    baseline = make_baseline()
     policy_result = make_policy_result(
         decision="constrain",
         blocked_modules=["http_headers"],
@@ -253,14 +273,15 @@ def test_authorization_gate_trigger_creates_policy_signal():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_adversarial_patterns_create_constrain_recommendation():
+def test_adversarial_patterns_create_constrain_recommendation(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(
         input_rejected=True,
         rejection_reason="Input contains a blocked pattern.",
         sanitized_input_trace="https://example.com/?next=http://169.254.169.254/latest",
     )
-    baseline = make_baseline()
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -273,10 +294,31 @@ def test_adversarial_patterns_create_constrain_recommendation():
     assert assessment.recommended_correction == "CONSTRAIN"
 
 
-def test_operational_runtime_drift_detected():
+def test_input_rejected_without_trace_does_not_trigger_adversarial_drift(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
+    telemetry = make_telemetry(
+        input_rejected=True,
+        rejection_reason="",
+        sanitized_input_trace="",
+    )
+
+    assessment = assess_drift(
+        telemetry=telemetry,
+        baseline=baseline,
+        policy_result=policy_result,
+    )
+
+    assert assessment.drift_vector.adversarial == 0.0
+    assert not any(s.drift_type == DriftType.ADVERSARIAL for s in assessment.signals)
+
+
+def test_operational_runtime_drift_detected(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(duration_ms=1200)
-    baseline = make_baseline(runtime_p95_ms=500)
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -288,10 +330,11 @@ def test_operational_runtime_drift_detected():
     assert any(signal.name == "runtime_boundary_exceeded" for signal in assessment.signals)
 
 
-def test_operational_error_drift_detected():
+def test_operational_error_drift_detected(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(error_count=3)
-    baseline = make_baseline(error_rate_threshold=2)
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -303,10 +346,28 @@ def test_operational_error_drift_detected():
     assert any(signal.name == "error_threshold_exceeded" for signal in assessment.signals)
 
 
-def test_structural_manifest_mismatch_reverts():
+def test_operational_timeout_drift_detected(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
+    telemetry = make_telemetry(timeout_count=2)
+    baseline = make_baseline(timeout_threshold=1)
+
+    assessment = assess_drift(
+        telemetry=telemetry,
+        baseline=baseline,
+        policy_result=policy_result,
+    )
+
+    assert assessment.drift_vector.operational > 0.0
+    assert any(signal.name == "timeout_threshold_exceeded" for signal in assessment.signals)
+
+
+def test_structural_manifest_mismatch_reverts(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(manifest_hash="manifest_changed")
-    baseline = make_baseline(expected_manifest_hash="manifest_good")
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -319,10 +380,11 @@ def test_structural_manifest_mismatch_reverts():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_structural_dependency_mismatch_reverts():
+def test_structural_dependency_mismatch_reverts(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(dependency_hash="deps_changed")
-    baseline = make_baseline(expected_dependency_hash="deps_good")
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -334,7 +396,27 @@ def test_structural_dependency_mismatch_reverts():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_behavioral_same_input_different_output_reverts():
+def test_structural_runtime_python_version_mismatch_reverts(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
+    telemetry = make_telemetry(runtime_python_version="3.13.1")
+
+    assessment = assess_drift(
+        telemetry=telemetry,
+        baseline=baseline,
+        policy_result=policy_result,
+    )
+
+    assert assessment.drift_vector.structural > 0.0
+    assert assessment.recommended_correction == "REVERT"
+    assert any(signal.name == "runtime_python_version_changed" for signal in assessment.signals)
+
+
+def test_behavioral_same_input_different_output_reverts(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(
         indicator_hash="hmac_abc123",
         output_hash="output_changed",
@@ -342,7 +424,6 @@ def test_behavioral_same_input_different_output_reverts():
     baseline = make_baseline(
         known_output_hashes={"hmac_abc123": "output_good"},
     )
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -355,10 +436,11 @@ def test_behavioral_same_input_different_output_reverts():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_behavioral_invalid_schema_reverts():
+def test_behavioral_invalid_schema_reverts(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(output_schema_valid=False)
-    baseline = make_baseline()
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -370,12 +452,14 @@ def test_behavioral_invalid_schema_reverts():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_statistical_shift_can_adapt_when_no_higher_priority_signal():
+def test_statistical_shift_can_adapt_when_no_higher_priority_signal(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(indicator_type="ip")
     baseline = make_baseline(
         input_type_distribution={"domain": 0.9, "username": 0.1},
     )
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -388,7 +472,30 @@ def test_statistical_shift_can_adapt_when_no_higher_priority_signal():
     assert assessment.recommended_correction == "ADAPT"
 
 
-def test_policy_drift_overrides_statistical_adaptation():
+def test_statistical_module_usage_shift_detected(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
+    telemetry = make_telemetry(
+        modules_executed=["resource_links", "dns_lookup"],
+    )
+    baseline = make_baseline(
+        module_usage_distribution={"resource_links": 1.0},
+    )
+
+    assessment = assess_drift(
+        telemetry=telemetry,
+        baseline=baseline,
+        policy_result=policy_result,
+    )
+
+    assert assessment.drift_vector.statistical > 0.0
+    assert any(signal.name == "module_usage_distribution_shifted" for signal in assessment.signals)
+
+
+def test_policy_drift_overrides_statistical_adaptation(
+    baseline: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(indicator_type="ip")
     baseline = make_baseline(
         input_type_distribution={"domain": 0.9, "username": 0.1},
@@ -417,7 +524,10 @@ def test_policy_drift_overrides_statistical_adaptation():
     assert assessment.recommended_correction == "REVERT"
 
 
-def test_adversarial_drift_overrides_statistical_adaptation():
+def test_adversarial_drift_overrides_statistical_adaptation(
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry = make_telemetry(
         indicator_type="ip",
         sanitized_input_trace="http://169.254.169.254/latest",
@@ -425,7 +535,6 @@ def test_adversarial_drift_overrides_statistical_adaptation():
     baseline = make_baseline(
         input_type_distribution={"domain": 0.9, "username": 0.1},
     )
-    policy_result = make_policy_result()
 
     assessment = assess_drift(
         telemetry=telemetry,
@@ -439,7 +548,7 @@ def test_adversarial_drift_overrides_statistical_adaptation():
     assert assessment.recommended_correction == "CONSTRAIN"
 
 
-def test_estimate_confidence_increases_with_signal_count_and_tier():
+def test_estimate_confidence_increases_with_signal_count_and_tier() -> None:
     low_signal = DriftSignal(
         name="weak",
         drift_type=DriftType.STATISTICAL,
@@ -459,14 +568,16 @@ def test_estimate_confidence_increases_with_signal_count_and_tier():
 
     assert estimate_confidence([]) == 0.0
     assert estimate_confidence([high_signal]) > estimate_confidence([low_signal])
-    assert estimate_confidence([low_signal, high_signal]) >= estimate_confidence([high_signal])
 
+    # Contract: adding a signal should strictly increase confidence.
+    assert estimate_confidence([low_signal, high_signal]) > estimate_confidence([high_signal])
 
-def test_assess_drift_is_pure_and_does_not_mutate_inputs():
-    telemetry = make_telemetry()
-    baseline = make_baseline()
-    policy_result = make_policy_result()
 
+def test_assess_drift_is_pure_and_does_not_mutate_inputs(
+    telemetry: TelemetrySnapshot,
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     telemetry_before = copy.deepcopy(asdict(telemetry))
     baseline_before = copy.deepcopy(baseline)
     policy_before = copy.deepcopy(policy_result)
@@ -482,11 +593,11 @@ def test_assess_drift_is_pure_and_does_not_mutate_inputs():
     assert policy_result == policy_before
 
 
-def test_clean_execution_observes_without_significant_drift():
-    telemetry = make_telemetry()
-    baseline = make_baseline()
-    policy_result = make_policy_result()
-
+def test_clean_execution_observes_without_significant_drift(
+    telemetry: TelemetrySnapshot,
+    baseline: dict[str, Any],
+    policy_result: dict[str, Any],
+) -> None:
     assessment = assess_drift(
         telemetry=telemetry,
         baseline=baseline,
@@ -497,4 +608,4 @@ def test_clean_execution_observes_without_significant_drift():
     assert assessment.signals == []
     assert assessment.dominant_type is None
     assert assessment.recommended_correction == "OBSERVE"
-    assert assessment.confidence == 0.0
+    assert assessment.confidence == pytest.approx(0.0)

tests/test_intent.py

@@ -0,0 +1,291 @@
+"""
+tests/test_intent.py
+====================
+
+Contract tests for osint_core.intent.
+
+Core invariants:
+- Intent packets are immutable.
+- Intent packets do not store raw indicators.
+- Scope boundaries are explicit and validated.
+- Forbidden operations cannot appear in allowed operations.
+- Packets can be signed and verified.
+- Signature tampering is detected.
+- Risk and rollback helpers are deterministic.
+"""
+
+from __future__ import annotations
+
+from dataclasses import FrozenInstanceError, replace
+
+import pytest
+
+from osint_core.intent import (
+    DEFAULT_FORBIDDEN_OPERATIONS,
+    IntentErrorCode,
+    IntentPacket,
+    IntentValidationError,
+    canonical_json,
+    create_intent_packet,
+    default_rollback_for_risk,
+    derive_risk_label,
+    find_raw_indicator_fields,
+    hash_manifest_payload,
+    intent_fingerprint,
+    make_scope,
+    risk_score,
+    sign_payload,
+    unsigned_intent_fingerprint,
+    validate_intent,
+    validate_scope,
+    verify_intent_signature,
+)
+
+
+TEST_SECRET = "test-intent-signing-secret"
+TARGET_HASH = "a" * 64
+MANIFEST_HASH = "b" * 64
+
+
+def make_valid_scope(**overrides):
+    data = {
+        "target_hash": TARGET_HASH,
+        "indicator_type": "domain",
+        "allowed_operations": ["resource_links"],
+        "success_criteria": ["links_generated"],
+    }
+    data.update(overrides)
+    return make_scope(**data)
+
+
+def make_valid_packet(**overrides):
+    scope = overrides.pop("scope", make_valid_scope())
+    data = {
+        "action": "enrich_indicator",
+        "purpose": "Generate passive OSINT source links for a validated indicator.",
+        "scope": scope,
+        "requested_modules": ["resource_links"],
+        "expected_side_effects": ["report_created", "audit_event_created"],
+        "rollback_strategy": "observe_only",
+        "risk_label": "low",
+        "manifest_hash": MANIFEST_HASH,
+        "signing_secret": TEST_SECRET,
+    }
+    data.update(overrides)
+    return create_intent_packet(**data)
+
+
+def test_make_scope_adds_default_forbidden_operations():
+    scope = make_valid_scope()
+    for operation in DEFAULT_FORBIDDEN_OPERATIONS:
+        assert operation in scope.forbidden_operations
+    assert scope.target_hash == TARGET_HASH
+    assert scope.indicator_type == "domain"
+    assert scope.allowed_operations == ("resource_links",)
+
+
+def test_scope_rejects_missing_target_hash():
+    result = validate_scope(make_valid_scope(target_hash="c" * 64))
+    assert result.ok is True
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(target_hash="")
+    assert exc.value.code == IntentErrorCode.MISSING_FIELD
+
+
+def test_scope_rejects_non_hash_target_identity():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(target_hash="example.com")
+    assert exc.value.code == IntentErrorCode.INVALID_SCOPE
+
+
+def test_scope_rejects_empty_allowed_operations():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(allowed_operations=[])
+    assert exc.value.code == IntentErrorCode.MISSING_FIELD
+
+
+def test_scope_rejects_forbidden_operation_overlap():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(allowed_operations=["resource_links", "port_scan"])
+    assert exc.value.code == IntentErrorCode.FORBIDDEN_OPERATION_REQUESTED
+
+
+def test_scope_rejects_invalid_time_horizon():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(time_horizon_seconds=0)
+    assert exc.value.code == IntentErrorCode.INVALID_SCOPE
+
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_scope(time_horizon_seconds=90_000)
+    assert exc.value.code == IntentErrorCode.INVALID_SCOPE
+
+
+def test_create_intent_packet_signs_and_verifies():
+    packet = make_valid_packet()
+    assert isinstance(packet, IntentPacket)
+    assert packet.signature is not None
+    assert verify_intent_signature(packet, secret=TEST_SECRET) is True
+
+
+def test_intent_packet_is_immutable():
+    packet = make_valid_packet()
+    with pytest.raises(FrozenInstanceError):
+        packet.purpose = "mutated"  # type: ignore[misc]
+
+
+def test_unsigned_payload_excludes_signature():
+    packet = make_valid_packet()
+    payload = packet.unsigned_payload()
+    assert "signature" not in payload
+    assert packet.signature is not None
+
+
+def test_signature_tampering_is_detected():
+    packet = make_valid_packet()
+    tampered = replace(packet, purpose="Changed purpose after signing.")
+    with pytest.raises(IntentValidationError) as exc:
+        verify_intent_signature(tampered, secret=TEST_SECRET)
+    assert exc.value.code == IntentErrorCode.SIGNATURE_MISMATCH
+
+
+def test_unsigned_packet_fails_verification():
+    packet = create_intent_packet(
+        action="enrich_indicator",
+        purpose="Generate passive links.",
+        scope=make_valid_scope(),
+        requested_modules=["resource_links"],
+        expected_side_effects=["report_created"],
+        rollback_strategy="observe_only",
+        risk_label="low",
+        manifest_hash=MANIFEST_HASH,
+        sign=False,
+    )
+    assert packet.signature is None
+    with pytest.raises(IntentValidationError) as exc:
+        verify_intent_signature(packet, secret=TEST_SECRET)
+    assert exc.value.code == IntentErrorCode.UNSIGNED_PACKET
+
+
+def test_packet_rejects_invalid_action():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_packet(action="delete_everything")  # type: ignore[arg-type]
+    assert exc.value.code == IntentErrorCode.INVALID_ACTION
+
+
+def test_packet_rejects_invalid_risk_label():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_packet(risk_label="extreme")  # type: ignore[arg-type]
+    assert exc.value.code == IntentErrorCode.INVALID_RISK
+
+
+def test_packet_rejects_invalid_rollback_strategy():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_packet(rollback_strategy="YOLO")  # type: ignore[arg-type]
+    assert exc.value.code == IntentErrorCode.INVALID_ROLLBACK
+
+
+def test_packet_rejects_invalid_manifest_hash():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_packet(manifest_hash="not-a-hash")
+    assert exc.value.code == IntentErrorCode.MISSING_FIELD
+
+
+def test_packet_rejects_empty_purpose():
+    with pytest.raises(IntentValidationError) as exc:
+        make_valid_packet(purpose="   ")
+    assert exc.value.code == IntentErrorCode.MISSING_FIELD
+
+
+def test_raw_indicator_field_detection():
+    payload = {
+        "safe": {"target_hash": TARGET_HASH},
+        "unsafe": {
+            "raw_indicator": "example.com",
+            "nested": {"email": "user@example.com"},
+        },
+    }
+    findings = find_raw_indicator_fields(payload)
+    assert "unsafe.raw_indicator" in findings
+    assert "unsafe.nested.email" in findings
+
+
+def test_validate_intent_rejects_raw_indicator_like_fields():
+    packet = make_valid_packet()
+    unsafe_dict = packet.to_dict()
+    unsafe_dict["raw_indicator"] = "example.com"
+    findings = find_raw_indicator_fields(unsafe_dict)
+    assert "raw_indicator" in findings
+
+
+def test_canonical_json_is_deterministic():
+    assert canonical_json({"b": 2, "a": 1}) == canonical_json({"a": 1, "b": 2})
+
+
+def test_sign_payload_is_deterministic_for_same_payload_and_secret():
+    payload = {"a": 1, "b": 2}
+    assert sign_payload(payload, TEST_SECRET) == sign_payload(payload, TEST_SECRET)
+    assert sign_payload(payload, TEST_SECRET) != sign_payload(payload, "different-secret")
+
+
+def test_hash_manifest_payload_is_stable():
+    payload = {"artifact": "test", "version": "1.0.0"}
+    assert hash_manifest_payload(payload) == hash_manifest_payload(payload)
+    assert len(hash_manifest_payload(payload)) == 64
+
+
+def test_intent_fingerprints_are_stable_and_distinct():
+    packet = make_valid_packet()
+    signed_fp = intent_fingerprint(packet)
+    unsigned_fp = unsigned_intent_fingerprint(packet)
+    assert len(signed_fp) == 64
+    assert len(unsigned_fp) == 64
+    assert signed_fp != unsigned_fp
+
+
+def test_validate_intent_accepts_valid_packet():
+    result = validate_intent(make_valid_packet())
+    assert result.ok is True
+    assert result.errors == ()
+    assert result.error_codes == ()
+
+
+def test_risk_score_mapping():
+    assert risk_score("low") == 0.25
+    assert risk_score("medium") == 0.5
+    assert risk_score("high") == 0.75
+    assert risk_score("critical") == 1.0
+
+
+def test_default_rollback_for_risk():
+    assert default_rollback_for_risk("low") == "observe_only"
+    assert default_rollback_for_risk("medium") == "disable_module"
+    assert default_rollback_for_risk("high") == "sandbox"
+    assert default_rollback_for_risk("critical") == "revert"
+
+
+def test_derive_risk_label_for_low_risk_passive_modules():
+    assert derive_risk_label(
+        requested_modules=["resource_links"],
+        authorized_target=False,
+    ) == "low"
+
+
+def test_derive_risk_label_for_conditional_authorized_modules():
+    assert derive_risk_label(
+        requested_modules=["http_headers"],
+        authorized_target=True,
+    ) == "medium"
+
+
+def test_derive_risk_label_for_conditional_unauthorized_modules():
+    assert derive_risk_label(
+        requested_modules=["http_headers"],
+        authorized_target=False,
+    ) == "high"
+
+
+def test_derive_risk_label_for_forbidden_modules():
+    assert derive_risk_label(
+        requested_modules=["nmap"],
+        authorized_target=True,
+    ) == "critical"

tests/test_orchestrator.py

@@ -0,0 +1,286 @@
+"""
+Tests for osint_core.orchestrator module
+"""
+
+import pytest
+
+from osint_core.orchestrator import (
+    OrchestratorAgent,
+    ExecutionStatus,
+    create_orchestrator,
+    list_skills,
+    get_skill,
+    SKILLS_REGISTRY,
+)
+from osint_core.policy import PolicyDecision
+
+
+def test_create_orchestrator():
+    """Test orchestrator agent creation"""
+    agent = create_orchestrator()
+    assert isinstance(agent, OrchestratorAgent)
+    assert agent.role == "orchestrator"
+    assert len(agent.skills) > 0
+
+
+def test_list_skills():
+    """Test skills registry listing"""
+    skills = list_skills()
+    assert isinstance(skills, dict)
+    assert "resource_links" in skills
+    assert "dns_records" in skills
+    assert "http_headers" in skills
+
+
+def test_get_skill():
+    """Test individual skill retrieval"""
+    skill = get_skill("resource_links")
+    assert skill is not None
+    assert skill.name == "Resource Links"
+    assert skill.canonical_name == "resource_links"
+    assert skill.requires_authorization is False
+
+    # Test conditional skill
+    http_skill = get_skill("http_headers")
+    assert http_skill is not None
+    assert http_skill.requires_authorization is True
+
+
+def test_get_nonexistent_skill():
+    """Test retrieval of non-existent skill"""
+    skill = get_skill("nonexistent_skill")
+    assert skill is None
+
+
+def test_create_context_valid_input():
+    """Test execution context creation with valid input"""
+    agent = create_orchestrator()
+    context = agent.create_context(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert context.run_id.startswith("run_")
+    assert context.indicator_type == "domain"
+    assert context.normalized_indicator == "example.com"
+    assert len(context.indicator_hash) == 64  # SHA256 hex
+    assert context.requested_modules == ["resource_links"]
+    assert context.authorized_target is False
+    assert context.passive_only is True
+    assert len(context.errors) == 0
+
+
+def test_create_context_invalid_input():
+    """Test execution context creation with invalid input"""
+    agent = create_orchestrator()
+    context = agent.create_context(
+        raw_indicator="<script>alert('xss')</script>",
+        indicator_type_hint="Auto",
+        requested_modules=["resource_links"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert context.indicator_type == "unknown"
+    assert context.normalized_indicator == ""
+    assert len(context.errors) > 0
+
+
+def test_execute_workflow_with_valid_domain():
+    """Test full workflow execution with valid domain"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links", "dns_records"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert workflow.validation_result.ok is True
+    assert workflow.context.indicator_type == "domain"
+    assert workflow.policy_evaluation.decision == PolicyDecision.ALLOW
+    assert len(workflow.policy_evaluation.allowed_modules) == 2
+    assert "resource_links" in workflow.policy_evaluation.allowed_modules
+    assert "dns_records" in workflow.policy_evaluation.allowed_modules
+    assert len(workflow.skill_results) == 2
+    assert workflow.duration_ms > 0
+
+
+def test_execute_workflow_blocks_unauthorized_modules():
+    """Test that unauthorized modules are blocked"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links", "http_headers"],
+        authorized_target=False,  # Not authorized
+        passive_only=True,
+    )
+
+    assert workflow.validation_result.ok is True
+    assert workflow.policy_evaluation.decision == PolicyDecision.CONSTRAIN
+    assert "resource_links" in workflow.policy_evaluation.allowed_modules
+    assert "http_headers" in workflow.policy_evaluation.blocked_modules
+    # Only resource_links should be executed
+    assert len([r for r in workflow.skill_results if r.status == ExecutionStatus.COMPLETED]) == 1
+
+
+def test_execute_workflow_allows_authorized_modules():
+    """Test that authorized modules are allowed when authorized"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["http_headers"],
+        authorized_target=True,  # Authorized
+        passive_only=False,  # Not passive-only mode
+    )
+
+    assert workflow.validation_result.ok is True
+    assert "http_headers" in workflow.policy_evaluation.allowed_modules
+    assert len(workflow.policy_evaluation.blocked_modules) == 0
+
+
+def test_execute_workflow_with_invalid_input():
+    """Test workflow execution with invalid input"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="!!!invalid!!!",
+        indicator_type_hint="Auto",
+        requested_modules=["resource_links"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert workflow.validation_result.ok is False
+    assert len(workflow.skill_results) == 0
+    assert workflow.correction_verb == "REVERT"
+
+
+def test_execute_workflow_blocks_wrong_indicator_type():
+    """Test that skills requiring specific indicator types are blocked"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="username123",
+        indicator_type_hint="Username",
+        requested_modules=["dns_records"],  # Requires domain
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert workflow.validation_result.ok is True
+    assert workflow.context.indicator_type == "username"
+    assert "dns_records" in workflow.policy_evaluation.allowed_modules
+    # DNS skill should be blocked because username is not compatible
+    dns_result = next((r for r in workflow.skill_results if r.skill_name == "DNS Records"), None)
+    assert dns_result is not None
+    assert dns_result.status == ExecutionStatus.BLOCKED
+
+
+def test_drift_detection_with_policy_violations():
+    """Test drift detection when policy violations occur"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["http_headers"],  # Requires auth
+        authorized_target=False,  # No auth
+        passive_only=True,
+    )
+
+    # Should detect policy drift
+    assert workflow.drift_vector["policy"] > 0
+    assert workflow.correction_verb in ["CONSTRAIN", "REVERT"]
+
+
+def test_correction_verb_choices():
+    """Test that correction verbs follow the priority rules"""
+    agent = create_orchestrator()
+
+    # Low drift should result in OBSERVE
+    workflow1 = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links"],
+        authorized_target=False,
+        passive_only=True,
+    )
+    assert workflow1.correction_verb == "OBSERVE"
+
+    # Policy violation should result in CONSTRAIN or REVERT
+    workflow2 = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["http_headers"],
+        authorized_target=False,
+        passive_only=True,
+    )
+    assert workflow2.correction_verb in ["CONSTRAIN", "REVERT"]
+
+
+def test_skill_execution_timing():
+    """Test that skill execution tracks duration"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert workflow.duration_ms > 0
+    for result in workflow.skill_results:
+        if result.status == ExecutionStatus.COMPLETED:
+            assert result.duration_ms >= 0
+
+
+def test_skills_registry_structure():
+    """Test that skills registry has correct structure"""
+    for skill_name, skill in SKILLS_REGISTRY.items():
+        assert skill.canonical_name == skill_name
+        assert isinstance(skill.name, str)
+        assert isinstance(skill.description, str)
+        assert isinstance(skill.required_indicator_types, list)
+        assert isinstance(skill.tools, list)
+        assert isinstance(skill.requires_authorization, bool)
+        assert skill.category in ["validation", "passive_lookup", "conditional_fetch", "analysis"]
+
+
+def test_url_parsing_skill():
+    """Test URL parsing skill with URL indicator"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="https://example.com/path",
+        indicator_type_hint="URL",
+        requested_modules=["local_url_parse"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert workflow.validation_result.ok is True
+    assert workflow.context.indicator_type == "url"
+    assert len(workflow.skill_results) == 1
+    result = workflow.skill_results[0]
+    assert result.status == ExecutionStatus.COMPLETED
+    assert "scheme" in result.data
+
+
+def test_multiple_modules_execution():
+    """Test execution of multiple modules in parallel"""
+    agent = create_orchestrator()
+    workflow = agent.execute_workflow(
+        raw_indicator="example.com",
+        indicator_type_hint="Domain",
+        requested_modules=["resource_links", "dns_records"],
+        authorized_target=False,
+        passive_only=True,
+    )
+
+    assert len(workflow.skill_results) == 2
+    completed = [r for r in workflow.skill_results if r.status == ExecutionStatus.COMPLETED]
+    assert len(completed) == 2

tests/test_scheduler.py

@@ -0,0 +1,128 @@
+from osint_core.scheduler import (
+    INVARIANT_CHECKS,
+    DecisionPacket,
+    ScheduleReason,
+    ShortcutDebt,
+    SystemState,
+    fits_deadline,
+    safe_utility,
+    schedule_decision,
+    total_required_time_ms,
+)
+
+
+def make_packet(**overrides):
+    data = {
+        "intent_id": "intent_123",
+        "action": "enrich_indicator",
+        "risk_label": "low",
+        "confidence": 0.90,
+        "reversibility": 0.90,
+        "deadline_ms": 1000,
+        "verification_cost_ms": 100,
+        "execution_cost_ms": 100,
+        "rollback_cost_ms": 100,
+        "expected_utility_decay": 0.10,
+        "required_checks": INVARIANT_CHECKS,
+        "rollback_plan": "observe_only",
+        "uncertainty_notes": (),
+    }
+    data.update(overrides)
+    return DecisionPacket(**data)
+
+
+def test_total_required_time_and_deadline_fit():
+    packet = make_packet()
+    assert total_required_time_ms(packet) == 300
+    assert fits_deadline(packet) is True
+
+
+def test_fast_path_for_low_risk_reversible_action():
+    decision = schedule_decision(make_packet(risk_label="low"))
+    assert decision.route == "FAST"
+    assert decision.allowed is True
+    assert decision.reason == ScheduleReason.FAST_PATH_AVAILABLE
+
+
+def test_deliberative_path_for_high_risk_action_that_fits_deadline():
+    packet = make_packet(
+        risk_label="high",
+        confidence=0.90,
+        reversibility=0.70,
+        rollback_plan="sandbox",
+        rollback_cost_ms=200,
+        deadline_ms=1000,
+    )
+    decision = schedule_decision(packet)
+    assert decision.route == "DELIBERATIVE"
+    assert decision.allowed is True
+
+
+def test_invariant_checks_cannot_be_skipped():
+    packet = make_packet(required_checks=("scope_validated",))
+    decision = schedule_decision(packet)
+    assert decision.route == "FAIL_CLOSED"
+    assert decision.allowed is False
+    assert decision.reason == ScheduleReason.INVARIANT_VIOLATION
+    assert "hash_salt_present" in decision.skipped_checks
+
+
+def test_high_risk_without_rollback_fails_closed():
+    packet = make_packet(
+        risk_label="critical",
+        rollback_plan="",
+        rollback_cost_ms=0,
+    )
+    decision = schedule_decision(packet)
+    assert decision.route == "FAIL_CLOSED"
+    assert decision.reason == ScheduleReason.MISSING_ROLLBACK
+
+
+def test_deadline_too_tight_routes_to_containment_when_reversible():
+    packet = make_packet(
+        deadline_ms=100,
+        verification_cost_ms=100,
+        execution_cost_ms=100,
+        rollback_cost_ms=100,
+        reversibility=0.90,
+    )
+    decision = schedule_decision(packet)
+    assert decision.route == "CONTAINMENT"
+    assert decision.reason == ScheduleReason.DEADLINE_TOO_TIGHT
+    assert decision.authority_scale == 0.25
+
+
+def test_deadline_too_tight_and_not_reversible_fails_closed():
+    packet = make_packet(
+        deadline_ms=100,
+        reversibility=0.20,
+    )
+    decision = schedule_decision(packet)
+    assert decision.route == "FAIL_CLOSED"
+    assert decision.reason == ScheduleReason.NO_SAFE_ACTION_FITS
+
+
+def test_shortcut_debt_forces_containment():
+    state = SystemState(shortcut_debt=ShortcutDebt(emergency_overrides=2), shortcut_debt_limit=0.70)
+    decision = schedule_decision(make_packet(), state)
+    assert decision.route == "CONTAINMENT"
+    assert decision.reason == ScheduleReason.SHORTCUT_DEBT_TOO_HIGH
+
+
+def test_contested_trust_state_forces_containment():
+    state = SystemState(trust_state="contested")
+    decision = schedule_decision(make_packet(), state)
+    assert decision.route == "CONTAINMENT"
+    assert decision.reason == ScheduleReason.TRUST_STATE_DEGRADED
+
+
+def test_low_confidence_high_risk_forces_containment():
+    packet = make_packet(risk_label="high", confidence=0.20, rollback_plan="sandbox")
+    decision = schedule_decision(packet)
+    assert decision.route == "CONTAINMENT"
+    assert decision.reason == ScheduleReason.LOW_CONFIDENCE
+
+
+def test_safe_utility_is_bounded():
+    score = safe_utility(make_packet())
+    assert 0.0 <= score <= 1.0