feat: Add CD001-TOOLS-001 — Tools Unit Tests (CD001, #27)

[steadhac]

Add a comprehensive unit test suite for the fraud detection, vendor management, and
invoice management tool layers used by the fraud detection agent. Tests cover all
core functions across 3 tool modules — risk profiling, vendor status updates, invoice
status updates, and agent notes management.

Bug-exposing tests document confirmed production defects: None inputs written as literal
"None", arbitrary risk/status/trust level values accepted without validation, and
unclosed DB sessions on exception.

Tests follow the established pattern with:

• Title / Basically question / Steps / Expected Results / Impact
• Bug-exposing tests included for each confirmed production defect.

📁 Test Files
tests/unit/tools/test_fraud.py
tests/unit/tools/test_vendor.py
tests/unit/tools/test_invoice.py

TestGetVendorRiskProfile

Test ID	Title
test_fraud_risk_001	get_vendor_risk_profile returns risk profile dict
test_fraud_risk_002	Invoice stats grouped correctly by status
test_fraud_risk_003	Raises ValueError for missing vendor
test_fraud_risk_004	Namespace isolation enforced
test_fraud_risk_006	Vendor with no invoices returns zero totals
test_fraud_risk_007	Negative amount invoice reduces total
test_fraud_risk_008	vendor_id=0 raises ValueError
test_fraud_risk_009	vendor_id negative raises ValueError
test_fraud_risk_010	Very large amount summed correctly

TestGetVendorInvoices

Test ID	Title
test_fraud_inv_001	Returns invoice list for vendor
test_fraud_inv_002	Returns empty list when no invoices
test_fraud_inv_003	Nonexistent vendor silently returns empty list
test_fraud_inv_004	Namespace isolation enforced

TestUpdateVendorRisk

Test ID	Title
test_fraud_upd_001	Risk level updated correctly
test_fraud_upd_002	Notes prefixed with [Fraud Agent]
test_fraud_upd_003	Raises ValueError for missing vendor
test_fraud_upd_004	Namespace isolation enforced
test_fraud_upd_005	Arbitrary risk level accepted
test_fraud_upd_006 ⚠️	None agent_notes inserts literal "None"
test_fraud_upd_007	Negative amount invoice accepted without validation
test_fraud_upd_008 ⚠️	Empty string risk_level accepted without validation
test_fraud_upd_009 ⚠️	Uppercase risk_level accepted without validation
test_fraud_upd_010 ⚠️	Trailing space risk_level accepted without validation
test_fraud_upd_011 ⚠️	None risk_level accepted without validation
test_fraud_upd_012 ⚠️	Leading space risk_level accepted without validation
test_fraud_upd_013 ⚠️	Mixed case risk_level accepted without validation

TestFlagInvoiceForReview

Test ID	Title
test_fraud_flag_001	Appends fraud review note to invoice
test_fraud_flag_002	reject action updates invoice status to rejected
test_fraud_flag_003	reject does not affect approved invoice
test_fraud_flag_004	Raises ValueError for missing invoice
test_fraud_flag_005	Arbitrary recommended_action accepted
test_fraud_flag_006	reject action on processing invoice
test_fraud_flag_007	invoice_id=0 raises ValueError
test_fraud_flag_008	invoice_id negative raises ValueError
test_fraud_flag_009 ⚠️	Empty recommended_action accepted without validation
test_fraud_flag_010 ⚠️	Uppercase recommended_action accepted without validation
test_fraud_flag_011	reject action on paid invoice leaves status unchanged
test_fraud_flag_012 ⚠️	Empty flag_reason accepted without validation
test_fraud_flag_013 ⚠️	None flag_reason accepted without validation
test_fraud_flag_014 ⚠️	Whitespace-only flag_reason accepted without validation
test_fraud_flag_015 ⚠️	Over-limit flag_reason accepted without validation
test_fraud_flag_016	Injection string in flag_reason stored verbatim
test_fraud_flag_017 ⚠️	None recommended_action accepted without validation
test_fraud_flag_018 ⚠️	Leading space recommended_action accepted without validation

TestUpdateFraudAgentNotes

Test ID	Title
test_fraud_notes_001	Notes prefixed with [Fraud Agent] and appended
test_fraud_notes_002	Raises ValueError for missing vendor
test_fraud_notes_003 ⚠️	None notes inserts literal "None"
test_fraud_notes_004	vendor_id=0 raises ValueError
test_fraud_notes_005	vendor_id negative raises ValueError
test_fraud_notes_006 ⚠️	Whitespace-only notes accepted without validation
test_fraud_notes_007 ⚠️	Over-limit notes accepted without validation
test_fraud_notes_008 ⚠️	Newlines-only notes accepted without validation
test_fraud_notes_009 ⚠️	Tab-only notes accepted without validation
test_fraud_notes_010	Injection string in notes stored verbatim
test_fraud_notes_011	Exactly at limit accepted
test_fraud_notes_012	Just under limit accepted

TestGetVendorRiskProfileDefects ⚠️

Test ID	Title
test_fraud_risk_005 ⚠️	DB session not closed on exception

TestGetVendorDetails

Test ID	Title
test_vnd_get_001	Returns vendor dict with all fields
test_vnd_get_002	Raises ValueError for missing vendor
test_vnd_get_003	Namespace isolation enforced
test_vnd_get_005	vendor_id=0 raises ValueError
test_vnd_get_006	vendor_id negative raises ValueError

TestGetVendorContactInfo

Test ID	Title
test_vnd_contact_001	Returns contact fields
test_vnd_contact_002	Raises ValueError for missing vendor
test_vnd_contact_003	Namespace isolation enforced
test_vnd_contact_004	vendor_id=0 raises ValueError
test_vnd_contact_005	vendor_id negative raises ValueError
test_vnd_contact_006	Sensitive fields not exposed

TestUpdateVendorStatus

Test ID	Title
test_vnd_upd_001	Vendor status updated correctly
test_vnd_upd_002	Previous state captured before update
test_vnd_upd_003	Agent notes appended with prefix
test_vnd_upd_004	Raises ValueError for missing vendor
test_vnd_upd_005	Namespace isolation enforced
test_vnd_upd_006 ⚠️	Arbitrary status accepted without validation
test_vnd_upd_007 ⚠️	Arbitrary trust_level accepted without validation
test_vnd_upd_008 ⚠️	None agent_notes inserts literal "None"
test_vnd_upd_009 ⚠️	Arbitrary risk_level accepted without validation
test_vnd_upd_010	vendor_id=0 raises ValueError
test_vnd_upd_011	vendor_id negative raises ValueError
test_vnd_upd_status_invalid_rejected	Invalid status value rejected
test_vnd_upd_trust_level_invalid_rejected	Invalid trust_level value rejected
test_vnd_upd_risk_level_invalid_rejected	Invalid risk_level value rejected

TestGetVendorDetailsDefects ⚠️

Test ID	Title
test_vnd_get_004 ⚠️	DB session not closed on exception

TestUpdateVendorAgentNotes

Test ID	Title
test_vnd_notes_001	Notes appended with vendor prefix
test_vnd_notes_002	Raises ValueError for missing vendor
test_vnd_notes_003	Sequential appends accumulate all notes
test_vnd_notes_004 ⚠️	None agent_notes inserts literal "None"
test_vnd_notes_005	vendor_id=0 raises ValueError
test_vnd_notes_006	vendor_id negative raises ValueError
test_vnd_notes_007 ⚠️	Whitespace-only notes accepted without validation
test_vnd_notes_008 ⚠️	Over-limit notes accepted without validation
test_vnd_notes_009 ⚠️	Newlines-only notes accepted without validation
test_vnd_notes_010 ⚠️	Tab-only notes accepted without validation
test_vnd_notes_011	Injection string in notes stored verbatim
test_vnd_notes_012	Exactly at limit accepted
test_vnd_notes_013	Just under limit accepted
test_vnd_notes_isolation	Namespace isolation enforced

TestGetInvoiceDetails

Test ID	Title
test_inv_get_001	Returns invoice dict with all fields
test_inv_get_002	Raises ValueError for missing invoice
test_inv_get_003	Namespace isolation enforced
test_inv_get_005	Zero amount invoice returned correctly
test_inv_get_006	Negative amount invoice returned as-is
test_inv_get_007	invoice_id=0 raises ValueError
test_inv_get_008	invoice_id negative raises ValueError
test_inv_get_009	Very large amount returned correctly

TestUpdateInvoiceStatus

Test ID	Title
test_inv_upd_001	Invoice status updated correctly
test_inv_upd_002	Agent notes appended with prefix
test_inv_upd_003	Raises ValueError for missing invoice
test_inv_upd_004	Namespace isolation enforced
test_inv_upd_005	Arbitrary status accepted
test_inv_upd_006 ⚠️	None agent_notes inserts literal "None"
test_inv_upd_007	invoice_id=0 raises ValueError
test_inv_upd_008	invoice_id negative raises ValueError
test_inv_upd_009 ⚠️	Empty status accepted without validation
test_inv_upd_010 ⚠️	Uppercase status accepted without validation
test_inv_upd_011 ⚠️	Trailing space status accepted without validation
test_inv_upd_012 ⚠️	None status accepted without validation
test_inv_upd_013 ⚠️	Leading space status accepted without validation
test_inv_upd_014 ⚠️	Mixed case status accepted without validation

TestUpdateInvoiceAgentNotes

Test ID	Title
test_inv_notes_001	Notes appended with invoice prefix
test_inv_notes_002	Raises ValueError for missing invoice
test_inv_notes_003	Sequential appends accumulate all notes
test_inv_notes_004 ⚠️	None agent_notes inserts literal "None"
test_inv_notes_005	invoice_id=0 raises ValueError
test_inv_notes_006	invoice_id negative raises ValueError
test_inv_notes_007 ⚠️	Whitespace-only notes accepted without validation
test_inv_notes_008 ⚠️	Over-limit notes accepted without validation
test_inv_notes_009 ⚠️	Newlines-only notes accepted without validation
test_inv_notes_010 ⚠️	Tab-only notes accepted without validation
test_inv_notes_011	Injection string in notes stored verbatim
test_inv_notes_012	Exactly at limit accepted
test_inv_notes_013	Just under limit accepted

TestGetInvoiceDetailsDefects ⚠️

Test ID	Title
test_inv_get_004 ⚠️	DB session not closed on exception

[nitinawari]

@saikishu @steadhac This PR sets up the changes required for the invoice and vendor issues. I’ll be able to properly test and work on those issues locally only after this is merged, and will follow up with separate PRs.