import test from 'node:test'; import assert from 'node:assert/strict'; import fs from 'node:fs'; import os from 'node:os'; import path from 'node:path'; import { createDecisionRecordArtifact, createDecisionRecordFileName, createFileDecisionStore, validateDecisionRecordArtifact, __testables as decisionArtifactTestables, } from '../src/storage/index.mjs'; import { planDecisionExecution } from '../src/core/decision-runner.mjs'; const packageRoot = path.resolve(import.meta.dirname, '..'); const repoRoot = path.resolve(packageRoot, '..', '..'); const capabilityDescriptor = { capabilities: { enforcement: { force_checkpoint: { supported: true, level: 'partial' }, escalate: { supported: true, level: 'full' } }, notification_path: { queue_items: { supported: true, level: 'full' }, spool_handoff: { supported: true, level: 'full' }, sender_binding: { supported: true, level: 'full' }, direct_send: { supported: false, level: 'none' }, truth_model: { delivery_states: ['prepared', 'queued', 'dispatched', 'pending_external_send', 'acked', 'blocked'], ack_requires_proven_send: true, pending_external_send_supported: true } } } }; function createPlannedDecision() { return planDecisionExecution({ decision: { decision: 'force_checkpoint', policy_id: 'no-silence.missed-checkpoint', severity: 'high', reason: 'checkpoint overdue', required_actions: [ { action: 'notify_operator', target: 'operator_channel', mandatory: true }, { action: 'emit_event', target: 'event_stream', mandatory: true } ], operator_notice: { required: true, channel: 'telegram', urgency: 'high', message: 'Required update.', deadline: '2026-01-01T00:00:00.000Z' } }, capabilityDescriptor, }); } function createArtifact(overrides = {}) { const planned = createPlannedDecision(); return createDecisionRecordArtifact({ decision: overrides.decision ?? planned.decision, receipt: overrides.receipt ?? planned.receipt, recordedAt: overrides.recordedAt ?? '2026-05-08T04:00:00.000Z', source: overrides.source ?? { event_id: 'evt_watchdog_001', task_id: 'task-reporting-governance', correlation_id: 'corr-001', }, }); } test('decision artifact validates minimal package-owned contract', () => { const artifact = createArtifact(); assert.equal(artifact.kind, 'DecisionRecordArtifact'); assert.equal(artifact.apiVersion, 'reporting-governance/v1alpha1'); assert.equal(artifact.metadata.policy_id, 'no-silence.missed-checkpoint'); assert.equal(artifact.spec.receipt.delivery_state, 'pending_external_send'); assert.equal(validateDecisionRecordArtifact(artifact), artifact); }); test('decision artifact validator rejects malformed top-level or nested fields', () => { assert.throws(() => validateDecisionRecordArtifact(null), /decision record artifact must be an object/); const artifact = createArtifact({ source: { task_id: 'task-reporting-governance' } }); const wrongKind = structuredClone(artifact); wrongKind.kind = 'NotDecisionRecordArtifact'; assert.throws(() => validateDecisionRecordArtifact(wrongKind), /kind must be DecisionRecordArtifact/); const missingReceipt = structuredClone(artifact); delete missingReceipt.spec.receipt; assert.throws(() => validateDecisionRecordArtifact(missingReceipt), /spec\.receipt must be an object record/); const blankDeliveryState = structuredClone(artifact); blankDeliveryState.spec.receipt.delivery_state = ' '; assert.throws(() => validateDecisionRecordArtifact(blankDeliveryState), /spec\.receipt\.delivery_state must be a non-empty string/); }); test('decision artifact validator enforces metadata and spec consistency', () => { const artifact = createArtifact({ source: { event_id: 'evt_watchdog_001', task_id: 'task-reporting-governance', correlation_id: 'corr-001', }, }); const mismatchedPolicy = structuredClone(artifact); mismatchedPolicy.metadata.policy_id = 'different-policy'; assert.throws(() => validateDecisionRecordArtifact(mismatchedPolicy), /policy_id mismatch between metadata and spec\.decision/); const mismatchedDecision = structuredClone(artifact); mismatchedDecision.metadata.decision = 'rewrite'; assert.throws(() => validateDecisionRecordArtifact(mismatchedDecision), /decision mismatch between metadata and spec\.decision/); const mismatchedTask = structuredClone(artifact); mismatchedTask.metadata.task_id = 'other-task'; assert.throws(() => validateDecisionRecordArtifact(mismatchedTask), /task_id mismatch between metadata and spec\.source/); const mismatchedCorrelation = structuredClone(artifact); mismatchedCorrelation.metadata.correlation_id = 'corr-other'; assert.throws(() => validateDecisionRecordArtifact(mismatchedCorrelation), /correlation_id mismatch between metadata and spec\.source/); }); test('decision artifact validator rejects non-canonical recorded_at timestamp', () => { const artifact = createArtifact({ source: { task_id: 'task-reporting-governance' } }); artifact.metadata.recorded_at = '2026-05-08T12:00:00+08:00'; assert.throws(() => validateDecisionRecordArtifact(artifact), /recorded_at must be a canonical ISO-8601 UTC timestamp with millisecond precision/); }); test('decision artifact validator rejects invalid or mismatched event source linkage', () => { const artifact = createArtifact(); const missingSourceEvent = structuredClone(artifact); missingSourceEvent.spec.source.event_id = null; assert.throws(() => validateDecisionRecordArtifact(missingSourceEvent), /event_id must be present in both metadata and spec\.source/); const mismatchedSourceEvent = structuredClone(artifact); mismatchedSourceEvent.spec.source.event_id = 'evt_watchdog_002'; assert.throws(() => validateDecisionRecordArtifact(mismatchedSourceEvent), /event_id mismatch between metadata and spec\.source/); const malformedSourceEvent = structuredClone(artifact); malformedSourceEvent.spec.source.event_id = ' '; assert.throws(() => validateDecisionRecordArtifact(malformedSourceEvent), /spec\.source\.event_id must be a non-empty string/); }); test('decision artifact validator accepts stable path-like event refs used by runtime artifacts', () => { const artifact = createArtifact({ source: { event_id: 'state/long-task-watchdog-events/2026-05-07T142633Z-reporting-governance-plugin-watchdog-watchdog-fired.json', task_id: 'task-reporting-governance', correlation_id: 'corr-001', }, }); assert.equal(validateDecisionRecordArtifact(artifact), artifact); assert.equal(artifact.metadata.event_id, 'state/long-task-watchdog-events/2026-05-07T142633Z-reporting-governance-plugin-watchdog-watchdog-fired.json'); }); test('decision artifact validator enforces receipt status enum and required fields for pending failed and partial states', () => { const pendingArtifact = createArtifact(); pendingArtifact.spec.receipt.status = 'planned'; pendingArtifact.spec.receipt.delivery_state = 'pending_external_send'; assert.equal(validateDecisionRecordArtifact(pendingArtifact), pendingArtifact); const failedArtifact = createArtifact({ receipt: { policy_id: 'no-silence.missed-checkpoint', decision: 'force_checkpoint', status: 'failed', delivery_state: 'failed', enforcement_intent: [], blocked_actions: [], operator_notice_required: true, notes: ['sender failed'], failure_reason: 'sender_exit_nonzero' } }); assert.equal(validateDecisionRecordArtifact(failedArtifact), failedArtifact); const failedMissingReason = structuredClone(failedArtifact); delete failedMissingReason.spec.receipt.failure_reason; assert.throws(() => validateDecisionRecordArtifact(failedMissingReason), /failure_reason is required when status=failed/); const partialArtifact = createArtifact({ receipt: { policy_id: 'no-silence.missed-checkpoint', decision: 'force_checkpoint', status: 'degraded', delivery_state: 'partial', enforcement_intent: [{ action: 'emit_event', mandatory: true }], blocked_actions: [{ action: 'notify_operator', mandatory: true, reason: 'binding unavailable' }], operator_notice_required: true, notes: ['event emitted but notice not sent'] } }); assert.equal(validateDecisionRecordArtifact(partialArtifact), partialArtifact); const partialMissingBlocked = structuredClone(partialArtifact); partialMissingBlocked.spec.receipt.blocked_actions = []; assert.throws(() => validateDecisionRecordArtifact(partialMissingBlocked), /blocked_actions must be non-empty when delivery_state=partial/); const partialMissingIntent = structuredClone(partialArtifact); partialMissingIntent.spec.receipt.enforcement_intent = []; assert.throws(() => validateDecisionRecordArtifact(partialMissingIntent), /enforcement_intent must be non-empty when delivery_state=partial/); }); test('decision artifact validator rejects unsupported receipt state combinations', () => { const artifact = createArtifact(); artifact.spec.receipt.status = 'acked'; artifact.spec.receipt.delivery_state = 'pending_external_send'; assert.throws(() => validateDecisionRecordArtifact(artifact), /status=acked is incompatible with delivery_state=pending_external_send/); const badStatus = createArtifact(); badStatus.spec.receipt.status = 'mystery'; assert.throws(() => validateDecisionRecordArtifact(badStatus), /spec\.receipt\.status must be one of/); }); test('decision artifact filename is stable and readable', () => { const artifact = createArtifact({ source: { task_id: 'task-reporting-governance' } }); const fileName = createDecisionRecordFileName(artifact); assert.match(fileName, /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/); }); test('decision artifact filename sanitizes unsafe policy and decision segments', () => { const artifact = { kind: 'DecisionRecordArtifact', apiVersion: 'reporting-governance/v1alpha1', metadata: { record_id: 'dec_test', recorded_at: '2026-05-08T04:00:00.000Z', policy_id: '../policy with spaces?', decision: 'force checkpoint!', correlation_id: null, task_id: null, event_id: 'evt_1234', }, spec: { decision: { policy_id: '../policy with spaces?', decision: 'force checkpoint!', }, receipt: { policy_id: '../policy with spaces?', decision: 'force checkpoint!', status: 'planned', delivery_state: 'pending_external_send', enforcement_intent: [], blocked_actions: [], operator_notice_required: false, notes: [], }, source: { event_id: 'evt_1234', task_id: null, correlation_id: null, }, }, }; const fileName = createDecisionRecordFileName(artifact); assert.equal(fileName, '2026-05-08T04-00-00-000Z-policy-with-spaces-force-checkpoint-dec_test.json'); }); test('sanitizeFileSegment collapses malicious or blank segments to safe file names', () => { assert.equal(decisionArtifactTestables.sanitizeFileSegment('../../etc/passwd', 'fallback'), 'etc-passwd'); assert.equal(decisionArtifactTestables.sanitizeFileSegment(' ', 'fallback'), 'fallback'); assert.equal(decisionArtifactTestables.sanitizeFileSegment('policy:force/checkpoint', 'fallback'), 'policy-force-checkpoint'); }); test('file decision store writes and reloads a validated decision artifact inside repo root', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); fs.mkdirSync(fakeRepoRoot, { recursive: true }); const planned = createPlannedDecision(); const store = createFileDecisionStore({ decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'), repoRootOverride: fakeRepoRoot, }); const written = store.write({ decision: planned.decision, receipt: planned.receipt, recordedAt: '2026-05-08T04:00:00.000Z', source: { event_id: 'evt_watchdog_001', task_id: 'task-reporting-governance', correlation_id: 'corr-001', }, }); assert.equal(fs.existsSync(written.artifactPath), true); assert.match(path.basename(written.artifactPath), /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/); const loaded = store.load(written.artifactPath); assert.equal(loaded.artifact.metadata.event_id, 'evt_watchdog_001'); assert.equal(loaded.artifact.spec.receipt.delivery_state, 'pending_external_send'); }); test('file decision store round-trips failed receipt through write load and consume', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); fs.mkdirSync(fakeRepoRoot, { recursive: true }); const planned = createPlannedDecision(); const store = createFileDecisionStore({ decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'), repoRootOverride: fakeRepoRoot, }); const written = store.write({ decision: planned.decision, receipt: { ...planned.receipt, status: 'failed', delivery_state: 'failed', notes: [...planned.receipt.notes, 'bridge send failed'], failure_reason: 'bridge_send_failed' }, recordedAt: '2026-05-08T04:00:00.000Z', source: { event_id: 'evt_watchdog_failed_001', task_id: 'task-reporting-governance', correlation_id: 'corr-failed-001', }, }); const consumed = store.consume(written.artifactPath, ({ artifact, artifactPath }) => ({ artifactPath, receiptStatus: artifact.spec.receipt.status, deliveryState: artifact.spec.receipt.delivery_state, failureReason: artifact.spec.receipt.failure_reason, eventId: artifact.spec.source.event_id, })); assert.equal(consumed.receiptStatus, 'failed'); assert.equal(consumed.deliveryState, 'failed'); assert.equal(consumed.failureReason, 'bridge_send_failed'); assert.equal(consumed.eventId, 'evt_watchdog_failed_001'); assert.equal(consumed.artifactPath, written.artifactPath); }); test('file decision store round-trips partial receipt with source linkage through write load and consume', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); fs.mkdirSync(fakeRepoRoot, { recursive: true }); const planned = createPlannedDecision(); const store = createFileDecisionStore({ decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'), repoRootOverride: fakeRepoRoot, }); const partialReceipt = { ...planned.receipt, status: 'degraded', delivery_state: 'partial', enforcement_intent: [{ action: 'emit_event', mandatory: true }], blocked_actions: [{ action: 'notify_operator', mandatory: true, reason: 'sender binding unavailable' }], notes: [...planned.receipt.notes, 'event emitted but operator notice still blocked'] }; const written = store.write({ decision: planned.decision, receipt: partialReceipt, recordedAt: '2026-05-08T04:00:00.000Z', source: { event_id: 'state/operator-notify-bridge-receipts/notify_abc-partial.json', task_id: 'task-reporting-governance', correlation_id: 'corr-partial-001', }, }); const consumed = store.consume(written.artifactPath, ({ artifact }) => ({ taskId: artifact.spec.source.task_id, correlationId: artifact.spec.source.correlation_id, eventId: artifact.spec.source.event_id, receiptStatus: artifact.spec.receipt.status, deliveryState: artifact.spec.receipt.delivery_state, blockedActions: artifact.spec.receipt.blocked_actions, enforcementIntent: artifact.spec.receipt.enforcement_intent, })); assert.equal(consumed.taskId, 'task-reporting-governance'); assert.equal(consumed.correlationId, 'corr-partial-001'); assert.equal(consumed.eventId, 'state/operator-notify-bridge-receipts/notify_abc-partial.json'); assert.equal(consumed.receiptStatus, 'degraded'); assert.equal(consumed.deliveryState, 'partial'); assert.equal(consumed.blockedActions.length, 1); assert.equal(consumed.enforcementIntent.length, 1); }); test('file decision store load rejects corrupted or malformed artifacts', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); const decisionsDir = path.join(fakeRepoRoot, 'state', 'decisions'); fs.mkdirSync(decisionsDir, { recursive: true }); const store = createFileDecisionStore({ decisionsDir, repoRootOverride: fakeRepoRoot, }); const malformedJsonPath = path.join(decisionsDir, 'broken.json'); fs.writeFileSync(malformedJsonPath, '{not-json\n', 'utf8'); assert.throws(() => store.load(malformedJsonPath)); const corruptedArtifactPath = path.join(decisionsDir, 'corrupted.json'); fs.writeFileSync(corruptedArtifactPath, `${JSON.stringify({ kind: 'DecisionRecordArtifact', apiVersion: 'reporting-governance/v1alpha1', metadata: { recorded_at: '', policy_id: 'no-silence.missed-checkpoint', decision: 'force_checkpoint', event_id: 'evt_watchdog_001', }, spec: { decision: { policy_id: 'no-silence.missed-checkpoint', decision: 'force_checkpoint', }, receipt: { policy_id: 'no-silence.missed-checkpoint', decision: 'force_checkpoint', status: 'planned', delivery_state: 'pending_external_send', enforcement_intent: [], blocked_actions: [], operator_notice_required: false, notes: [], }, source: { event_id: 'evt_watchdog_001', task_id: null, correlation_id: null, }, }, }, null, 2)}\n`, 'utf8'); assert.throws(() => store.load(corruptedArtifactPath), /metadata\.recorded_at must be a non-empty string/); }); test('file decision store consume rejects non-function consumer', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); fs.mkdirSync(fakeRepoRoot, { recursive: true }); const planned = createPlannedDecision(); const store = createFileDecisionStore({ decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'), repoRootOverride: fakeRepoRoot, }); const written = store.write({ decision: planned.decision, receipt: planned.receipt, recordedAt: '2026-05-08T04:00:00.000Z', source: { task_id: 'task-reporting-governance' } }); assert.throws(() => store.consume(written.artifactPath, null), /decision store consumer must be a function/); }); test('file decision store produces distinct filenames for same decision written twice', async (t) => { const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-')); t.after(() => fs.rmSync(sandbox, { recursive: true, force: true })); const fakeRepoRoot = path.join(sandbox, 'repo'); fs.mkdirSync(fakeRepoRoot, { recursive: true }); const planned = createPlannedDecision(); const store = createFileDecisionStore({ decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'), repoRootOverride: fakeRepoRoot, }); const first = store.write({ decision: planned.decision, receipt: planned.receipt, recordedAt: '2026-05-08T04:00:00.000Z', source: { task_id: 'task-reporting-governance' } }); const second = store.write({ decision: planned.decision, receipt: planned.receipt, recordedAt: '2026-05-08T04:00:00.000Z', source: { task_id: 'task-reporting-governance' } }); assert.notEqual(first.artifact.metadata.record_id, second.artifact.metadata.record_id); assert.notEqual(path.basename(first.artifactPath), path.basename(second.artifactPath)); assert.equal(fs.readdirSync(path.join(fakeRepoRoot, 'state', 'decisions')).filter((name) => name.endsWith('.json')).length, 2); }); test('file decision store rejects decision directory escaping repo root', () => { assert.throws( () => createFileDecisionStore({ decisionsDir: path.resolve(repoRoot, '..', 'escape'), repoRootOverride: repoRoot, }), /decision store decisionsDir must stay within repo root/ ); });