Parent: Unit tests creation for CD001 #27
Description
Add a full unit test suite for the payment tools layer — invoice retrieval for payment, payment processing, vendor payment summaries, and agent notes management.
Tests follow the established pattern with:
- Title
- Basically question
- Steps
- Expected Results
- Impact
Bug-exposing tests are included for each confirmed production defect.
Prompt injection tests document the LLM attack surface via string fields.
📁 Test Files
tests/unit/tools/test_payment.py
TestGetInvoiceForPayment
| Test ID |
Title |
| test_pay_get_001 |
get_invoice_for_payment returns invoice with vendor info |
| test_pay_get_002 |
get_invoice_for_payment raises ValueError when invoice not found |
| test_pay_get_003 |
get_invoice_for_payment enforces namespace isolation |
| test_pay_get_004 |
get_invoice_for_payment raises ValueError for invoice_id=0 |
TestProcessPayment
| Test ID |
Title |
| test_pay_proc_001 |
Approved invoice transitions to paid |
| test_pay_proc_002 |
Non-approved invoice raises ValueError |
| test_pay_proc_003 |
Missing invoice raises ValueError |
| test_pay_proc_004 |
Payment note appended to existing agent_notes |
| test_pay_proc_005 |
process_payment enforces namespace isolation |
| test_pay_proc_006 |
Already paid invoice cannot be paid again |
TestGetVendorPaymentSummary
| Test ID |
Title |
| test_pay_sum_001 |
Returns summary with correct totals |
| test_pay_sum_002 |
Raises ValueError for missing vendor |
| test_pay_sum_003 |
Vendor with no invoices returns empty summary |
| test_pay_sum_004 |
get_vendor_payment_summary enforces namespace isolation |
| test_pay_sum_005 |
by_status amounts are correct across multiple invoices |
TestUpdatePaymentAgentNotes
| Test ID |
Title |
| test_pay_notes_001 |
Notes appended with [Payments Agent] prefix |
| test_pay_notes_002 |
Raises ValueError for missing invoice |
| test_pay_notes_003 |
Sequential appends accumulate correctly |
| test_pay_notes_004 |
update_payment_agent_notes enforces namespace isolation |
TestProcessPaymentBugs ⚠️ (failing — bugs confirmed)
| Test ID |
Title |
| test_pay_proc_007 |
process_payment silently accepts payment_method=None — writes literal "None" |
| test_pay_proc_008 |
process_payment accepts empty string payment_method without validation |
| test_pay_proc_009 |
process_payment silently accepts payment_reference=None — writes literal "None" |
TestUpdatePaymentAgentNotesBugs ⚠️ (failing — bugs confirmed)
| Test ID |
Title |
| test_pay_notes_005 |
update_payment_agent_notes accepts agent_notes=None — writes "[Payments Agent] None" |
| test_pay_notes_006 |
Second ValueError says "Invoice not found" when invoice exists but update failed |
TestIntFieldEdgeCases
| Test ID |
Title |
| test_pay_type_001 |
get_invoice_for_payment raises ValueError for invoice_id=-1 |
| test_pay_type_002 |
get_invoice_for_payment raises ValueError for invoice_id=2147483647 |
| test_pay_type_003 |
get_vendor_payment_summary raises ValueError for vendor_id=-1 |
| test_pay_type_004 |
get_vendor_payment_summary raises ValueError for vendor_id=0 |
| test_pay_type_005 |
process_payment raises ValueError for invoice_id=-1 |
| test_pay_type_006 |
update_payment_agent_notes raises ValueError for invoice_id=-1 |
TestStrFieldEdgeCases
| Test ID |
Title |
| test_pay_type_007 |
Whitespace-only payment_method accepted without validation |
| test_pay_type_008 |
Special characters in payment_reference stored as-is |
| test_pay_type_009 |
SQL injection string in agent_notes stored safely |
| test_pay_type_010 |
Unicode and emoji in agent_notes accepted |
| test_pay_type_011 |
Newlines in agent_notes stored intact |
| test_pay_type_012 |
Very long agent_notes accepted without truncation |
| test_pay_type_013 |
Whitespace-only agent_notes accepted without validation |
| test_pay_type_014 |
Very long payment_reference accepted without truncation |
TestMissingInvoiceFields ⚠️ (partially failing — bugs confirmed)
| Test ID |
Title |
| test_pay_field_001 |
get_invoice_for_payment crashes with AttributeError when invoice_date is None |
| test_pay_field_002 |
get_invoice_for_payment crashes with AttributeError when due_date is None |
| test_pay_field_003 |
process_payment raises ValueError when invoice status is None |
| test_pay_field_004 |
get_vendor_payment_summary returns None for missing invoice_number |
TestPromptInjection 🔒 (security — attack surface documented)
| Test ID |
Title |
| test_pay_inj_001 |
Urgency in agent_notes does not change invoice status |
| test_pay_inj_002 |
"APPROVED" keyword in notes does not bypass code-level status check |
| test_pay_inj_003 |
Injected notes returned verbatim by get_invoice_for_payment — LLM can read them |
| test_pay_inj_004 |
Urgency in invoice description does not bypass status check |
| test_pay_inj_005 |
"APPROVED" in invoice_number does not bypass status check |
| test_pay_inj_006 |
Multiple injections accumulate — attacker can build fake approval history |
Related Bug Tickets
- Bug_102
- Bug_103
- Bug_104
- Bug_105
- Bug_106
- Bug_107
- Bug_108
Parent: Unit tests creation for CD001 #27
Description
Add a full unit test suite for the payment tools layer — invoice retrieval for payment, payment processing, vendor payment summaries, and agent notes management.
Tests follow the established pattern with:
Bug-exposing tests are included for each confirmed production defect.
Prompt injection tests document the LLM attack surface via string fields.
📁 Test Files
tests/unit/tools/test_payment.pyTestGetInvoiceForPayment
TestProcessPayment
TestGetVendorPaymentSummary
TestUpdatePaymentAgentNotes
TestProcessPaymentBugs⚠️ (failing — bugs confirmed)
TestUpdatePaymentAgentNotesBugs⚠️ (failing — bugs confirmed)
TestIntFieldEdgeCases
TestStrFieldEdgeCases
TestMissingInvoiceFields⚠️ (partially failing — bugs confirmed)
TestPromptInjection 🔒 (security — attack surface documented)
Related Bug Tickets