feat: funciones Python datascience, finance, cybersecurity y pipelines

Datascience: aggregate_by_group, deduplicate_entities/relations, detect_drift,
diff_entities/relations, extract_entities/relations_llm, hotness_score, melt,
merge_graphs, pivot, build_entity/relation_schema_prompt.
Finance: avellaneda_stoikov_quotes, generate_gbm_prices, generate_taker_order,
hawkes_intensity + módulo finance.py.
Cybersecurity: envelope_encrypt/decrypt + módulo cybersecurity.py.
Pipelines: extraction_pipeline, monte_carlo_market, run_market_sim.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

python/functions/cybersecurity/envelope_encrypt_test.py

@@ -0,0 +1,101 @@
+"""Tests para envelope_encrypt y envelope_decrypt."""
+
+import secrets
+import sys
+import os
+
+sys.path.insert(0, os.path.join(os.path.dirname(__file__), ".."))
+
+from cybersecurity import envelope_encrypt, envelope_decrypt
+
+
+def test_encrypt_decrypt_roundtrip():
+    master_key = secrets.token_bytes(32)
+    plaintext = b"datos de prueba para envelope encryption"
+    ciphertext = envelope_encrypt(plaintext, master_key)
+    result = envelope_decrypt(ciphertext, master_key)
+    assert result == plaintext
+
+
+def test_datos_vacios():
+    master_key = secrets.token_bytes(32)
+    ciphertext = envelope_encrypt(b"", master_key)
+    result = envelope_decrypt(ciphertext, master_key)
+    assert result == b""
+
+
+def test_datos_grandes():
+    master_key = secrets.token_bytes(32)
+    plaintext = secrets.token_bytes(1024 * 1024)  # 1 MB
+    ciphertext = envelope_encrypt(plaintext, master_key)
+    result = envelope_decrypt(ciphertext, master_key)
+    assert result == plaintext
+
+
+def test_decrypt_datos_no_cifrados_passthrough():
+    master_key = secrets.token_bytes(32)
+    plain = b"archivo no cifrado, sin magic bytes"
+    result = envelope_decrypt(plain, master_key)
+    assert result == plain
+
+
+def test_key_incorrecta():
+    master_key = secrets.token_bytes(32)
+    wrong_key = secrets.token_bytes(32)
+    ciphertext = envelope_encrypt(b"secreto", master_key)
+    try:
+        envelope_decrypt(ciphertext, wrong_key)
+        assert False, "deberia haber lanzado excepcion"
+    except Exception:
+        pass  # esperado: InvalidTag de cryptography
+
+
+def test_envelope_truncado():
+    master_key = secrets.token_bytes(32)
+    ciphertext = envelope_encrypt(b"datos", master_key)
+    truncated = ciphertext[:6]  # header incompleto
+    try:
+        envelope_decrypt(truncated, master_key)
+        assert False, "deberia haber lanzado ValueError"
+    except ValueError:
+        pass
+
+
+def test_magic_invalido():
+    master_key = secrets.token_bytes(32)
+    # Construir datos con magic valido para pasar el check del passthrough
+    # pero con header corrupto
+    bad_envelope = b"OVE1" + b"\x00" * 20  # magic correcto pero header invalido
+    try:
+        envelope_decrypt(bad_envelope, master_key)
+        assert False, "deberia haber lanzado excepcion"
+    except Exception:
+        pass
+
+
+def test_ciphertext_tiene_magic_correcto():
+    master_key = secrets.token_bytes(32)
+    ciphertext = envelope_encrypt(b"test", master_key)
+    assert ciphertext[:4] == b"OVE1"
+
+
+def test_ciphertext_es_distinto_cada_vez():
+    master_key = secrets.token_bytes(32)
+    plaintext = b"mismo mensaje"
+    ct1 = envelope_encrypt(plaintext, master_key)
+    ct2 = envelope_encrypt(plaintext, master_key)
+    # IVs aleatorios garantizan ciphertexts distintos
+    assert ct1 != ct2
+
+
+if __name__ == "__main__":
+    test_encrypt_decrypt_roundtrip()
+    test_datos_vacios()
+    test_datos_grandes()
+    test_decrypt_datos_no_cifrados_passthrough()
+    test_key_incorrecta()
+    test_envelope_truncado()
+    test_magic_invalido()
+    test_ciphertext_tiene_magic_correcto()
+    test_ciphertext_es_distinto_cada_vez()
+    print("Todos los tests pasaron.")