feat(gui): module télémétrie d'usage (client, RGPD-safe, non bloquant)

Phase A de la mission télémétrie d'usage par client.

- gui_v6/usage_telemetry.py :
  - page_count_for(path) : PDF→fitz, image→1, autres→None ; best-effort, ne
    lève jamais, ne lit que l'extension (jamais le nom).
  - build_usage_payload(...) : compteurs (document/succeeded/failed/total_pages)
    + documents filtrés aux seules clés autorisées (ordinal/page_count/status/
    duration_ms/extension) → aucun nom/chemin de fichier ne peut fuir.
  - UsageTelemetryClient(session injectée) : report() non bloquant (capture
    tout, False en cas d'échec réseau) vers POST /api/v1/usage/report.
  - spool JSONL local (spool_payload/flush_spool) pour rejouer les échecs.

Module isolé, non câblé au runner pour l'instant (le branchement fin-de-run
viendra après le backend, hors validation visuelle GUI en cours). Aucun
build/push sans GO Dom. 10 tests unitaires (payload sans nom de fichier,
réseau indispo ne crashe pas, compteurs, page_count PDF mockable).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-15 17:13:57 +02:00
parent a9e8b2c2e6
commit ab2ca8a552
2 changed files with 304 additions and 0 deletions

View File

@@ -0,0 +1,137 @@
"""Télémétrie d'usage GUI V6 — payload RGPD-safe + envoi non bloquant.
Aucun nom/chemin de fichier ne doit sortir. L'échec réseau ne doit jamais
faire échouer le traitement.
"""
from __future__ import annotations
import json
import pytest
from gui_v6.usage_telemetry import (
UsageTelemetryClient,
build_usage_payload,
flush_spool,
new_run_id,
page_count_for,
spool_payload,
)
# --- page_count_for ---------------------------------------------------------
def test_page_count_image_is_one():
assert page_count_for("scan.PNG") == 1
assert page_count_for("photo.jpeg") == 1
def test_page_count_unknown_is_none():
assert page_count_for("note.txt") is None
assert page_count_for("doc.docx") is None
def test_page_count_pdf_uses_counter_and_never_raises():
assert page_count_for("x.pdf", pdf_counter=lambda p: 7) == 7
def boom(_p):
raise RuntimeError("corrompu")
assert page_count_for("x.pdf", pdf_counter=boom) is None
# --- build_usage_payload ----------------------------------------------------
def test_payload_counts_and_no_filename_leak():
documents = [
{"ordinal": 0, "page_count": 5, "status": "success", "extension": "pdf",
"filename": "LETTRE 23070126.pdf", "path": "/home/dom/secret.pdf"},
{"ordinal": 1, "page_count": 3, "status": "success"},
{"ordinal": 2, "page_count": None, "status": "failed"},
]
payload = build_usage_payload(
run_id="r1", app_name="gui_v6", app_version="6.0.0-g1",
license_ref="LIC-1", machine_id="m1", documents=documents,
)
assert payload["document_count"] == 3
assert payload["succeeded_count"] == 2
assert payload["failed_count"] == 1
assert payload["total_pages"] == 8
assert payload["license_ref"] == "LIC-1"
# RGPD : aucun nom/chemin ne doit survivre, à aucun niveau
blob = json.dumps(payload, ensure_ascii=False).lower()
assert "filename" not in blob
assert "secret" not in blob
assert "lettre" not in blob
for doc in payload["documents"]:
assert set(doc).issubset({"ordinal", "page_count", "status", "duration_ms", "extension"})
def test_new_run_id_unique():
assert new_run_id() != new_run_id()
# --- UsageTelemetryClient ---------------------------------------------------
class _FakeResp:
def __init__(self, status_code):
self.status_code = status_code
class _FakeSession:
def __init__(self, status_code=200, raise_exc=None):
self.status_code = status_code
self.raise_exc = raise_exc
self.calls = []
def post(self, url, json=None, timeout=None):
self.calls.append({"url": url, "json": json, "timeout": timeout})
if self.raise_exc is not None:
raise self.raise_exc
return _FakeResp(self.status_code)
def test_report_ok_on_2xx():
sess = _FakeSession(status_code=200)
client = UsageTelemetryClient("http://localhost:8000", session=sess)
assert client.report({"run_id": "r1"}) is True
assert sess.calls[0]["url"].endswith("/api/v1/usage/report")
assert sess.calls[0]["json"] == {"run_id": "r1"}
def test_report_false_on_network_error_without_raising():
sess = _FakeSession(raise_exc=ConnectionError("réseau coupé"))
client = UsageTelemetryClient("http://localhost:8000", session=sess)
assert client.report({"run_id": "r1"}) is False # ne lève pas
def test_report_false_on_non_2xx():
sess = _FakeSession(status_code=403)
client = UsageTelemetryClient("http://localhost:8000", session=sess)
assert client.report({"run_id": "r1"}) is False
# --- spool JSONL (rejeu des échecs) -----------------------------------------
def test_spool_and_flush(tmp_path):
spool = tmp_path / "usage_spool.jsonl"
spool_payload(spool, {"run_id": "a"})
spool_payload(spool, {"run_id": "b"})
assert spool.read_text(encoding="utf-8").count("\n") == 2
# tout part : le spool est vidé
sent = []
ok_client = UsageTelemetryClient("http://x", session=_FakeSession(200))
flush_spool(spool, ok_client)
assert not spool.exists() or spool.read_text(encoding="utf-8").strip() == ""
def test_flush_keeps_failures(tmp_path):
spool = tmp_path / "usage_spool.jsonl"
spool_payload(spool, {"run_id": "a"})
down_client = UsageTelemetryClient("http://x", session=_FakeSession(raise_exc=OSError("down")))
flush_spool(spool, down_client)
# l'échec reste en file pour un prochain essai
assert spool.exists()
assert "a" in spool.read_text(encoding="utf-8")