Fix Prometheus metric f-string and add YAML helper

src/aegis_gitea_mcp/observability.py

@@ -56,7 +56,7 @@ class MetricsRegistry:
             lines.append("# TYPE aegis_tool_calls_total counter")
             for (tool_name, status), count in sorted(self._tool_calls_total.items()):
                 lines.append(
-                    "aegis_tool_calls_total" f'{{tool="{tool_name}",status="{status}"}} {count}'
+                    f'aegis_tool_calls_total{{tool="{tool_name}",status="{status}"}} {count}'
                 )
 
             lines.append(

tests/test_automation.py

@@ -34,6 +34,10 @@ def _set_base_env(
     monkeypatch.setenv("POLICY_FILE_PATH", str(policy_path))
 
 
+def _yaml_with_trailing_newline(content: str) -> str:
+    return content.strip() + "\n"
+
+
 def test_automation_job_denied_when_disabled(
     monkeypatch: pytest.MonkeyPatch, tmp_path: Path, allow_oauth: None
 ) -> None:
@@ -61,7 +65,7 @@ def test_automation_job_executes_when_enabled(
     """Dependency scan job should execute when automation is enabled and policy allows it."""
     policy_path = tmp_path / "policy.yaml"
     policy_path.write_text(
-        """
+        _yaml_with_trailing_newline("""
 defaults:
   read: allow
   write: deny
@@ -69,7 +73,7 @@ tools:
   allow:
     - automation_dependency_hygiene_scan
     - automation_webhook_ingest
-""".strip() + "\n",
+"""),
         encoding="utf-8",
     )
     _set_base_env(monkeypatch, automation_enabled=True, policy_path=policy_path)
@@ -95,14 +99,14 @@ def test_automation_webhook_policy_denied(
     """Webhook ingestion must respect policy deny rules."""
     policy_path = tmp_path / "policy.yaml"
     policy_path.write_text(
-        """
+        _yaml_with_trailing_newline("""
 defaults:
   read: allow
   write: deny
 tools:
   deny:
     - automation_webhook_ingest
-""".strip() + "\n",
+"""),
         encoding="utf-8",
     )
     _set_base_env(monkeypatch, automation_enabled=True, policy_path=policy_path)
@@ -126,14 +130,14 @@ def test_auto_issue_creation_denied_without_write_mode(
     """Auto issue creation job should be denied unless write mode is enabled."""
     policy_path = tmp_path / "policy.yaml"
     policy_path.write_text(
-        """
+        _yaml_with_trailing_newline("""
 defaults:
   read: allow
   write: allow
 tools:
   allow:
     - automation_auto_issue_creation
-""".strip() + "\n",
+"""),
         encoding="utf-8",
     )
     _set_base_env(monkeypatch, automation_enabled=True, policy_path=policy_path)

tests/test_policy.py

@@ -14,6 +14,10 @@ def _set_base_env(monkeypatch: pytest.MonkeyPatch) -> None:
     monkeypatch.setenv("MCP_API_KEYS", "a" * 64)
 
 
+def _yaml_with_trailing_newline(content: str) -> str:
+    return content.strip() + "\n"
+
+
 def test_default_policy_allows_read_and_denies_write(
     monkeypatch: pytest.MonkeyPatch, tmp_path: Path
 ) -> None:
@@ -35,14 +39,14 @@ def test_policy_global_deny(monkeypatch: pytest.MonkeyPatch, tmp_path: Path) ->
     _set_base_env(monkeypatch)
     policy_path = tmp_path / "policy.yaml"
     policy_path.write_text(
-        """
+        _yaml_with_trailing_newline("""
 defaults:
   read: allow
   write: deny
 tools:
   deny:
     - list_repositories
-""".strip() + "\n",
+"""),
         encoding="utf-8",
     )
 
@@ -60,7 +64,7 @@ def test_repository_path_restriction(monkeypatch: pytest.MonkeyPatch, tmp_path:
     _set_base_env(monkeypatch)
     policy_path = tmp_path / "policy.yaml"
     policy_path.write_text(
-        """
+        _yaml_with_trailing_newline("""
 repositories:
   acme/app:
     tools:
@@ -69,7 +73,7 @@ repositories:
     paths:
       allow:
         - src/*
-""".strip() + "\n",
+"""),
         encoding="utf-8",
     )