311 lines
11 KiB
JavaScript
311 lines
11 KiB
JavaScript
import test from 'node:test';
|
|
import assert from 'node:assert/strict';
|
|
import fs from 'node:fs';
|
|
import os from 'node:os';
|
|
import path from 'node:path';
|
|
|
|
import {
|
|
createDecisionRecordArtifact,
|
|
createDecisionRecordFileName,
|
|
createFileDecisionStore,
|
|
validateDecisionRecordArtifact,
|
|
__testables as decisionArtifactTestables,
|
|
} from '../src/storage/index.mjs';
|
|
import { planDecisionExecution } from '../src/core/decision-runner.mjs';
|
|
|
|
const packageRoot = path.resolve(import.meta.dirname, '..');
|
|
const repoRoot = path.resolve(packageRoot, '..', '..');
|
|
|
|
const capabilityDescriptor = {
|
|
capabilities: {
|
|
enforcement: {
|
|
force_checkpoint: { supported: true, level: 'partial' },
|
|
escalate: { supported: true, level: 'full' }
|
|
},
|
|
notification_path: {
|
|
queue_items: { supported: true, level: 'full' },
|
|
spool_handoff: { supported: true, level: 'full' },
|
|
sender_binding: { supported: true, level: 'full' },
|
|
direct_send: { supported: false, level: 'none' },
|
|
truth_model: {
|
|
delivery_states: ['prepared', 'queued', 'dispatched', 'pending_external_send', 'acked', 'blocked'],
|
|
ack_requires_proven_send: true,
|
|
pending_external_send_supported: true
|
|
}
|
|
}
|
|
}
|
|
};
|
|
|
|
function createPlannedDecision() {
|
|
return planDecisionExecution({
|
|
decision: {
|
|
decision: 'force_checkpoint',
|
|
policy_id: 'no-silence.missed-checkpoint',
|
|
severity: 'high',
|
|
reason: 'checkpoint overdue',
|
|
required_actions: [
|
|
{ action: 'notify_operator', target: 'operator_channel', mandatory: true },
|
|
{ action: 'emit_event', target: 'event_stream', mandatory: true }
|
|
],
|
|
operator_notice: {
|
|
required: true,
|
|
channel: 'telegram',
|
|
urgency: 'high',
|
|
message: 'Required update.',
|
|
deadline: '2026-01-01T00:00:00.000Z'
|
|
}
|
|
},
|
|
capabilityDescriptor,
|
|
});
|
|
}
|
|
|
|
test('decision artifact validates minimal package-owned contract', () => {
|
|
const planned = createPlannedDecision();
|
|
const artifact = createDecisionRecordArtifact({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
source: {
|
|
event_id: 'evt_watchdog_001',
|
|
task_id: 'task-reporting-governance',
|
|
correlation_id: 'corr-001',
|
|
},
|
|
});
|
|
|
|
assert.equal(artifact.kind, 'DecisionRecordArtifact');
|
|
assert.equal(artifact.apiVersion, 'reporting-governance/v1alpha1');
|
|
assert.equal(artifact.metadata.policy_id, 'no-silence.missed-checkpoint');
|
|
assert.equal(artifact.spec.receipt.delivery_state, 'pending_external_send');
|
|
assert.equal(validateDecisionRecordArtifact(artifact), artifact);
|
|
});
|
|
|
|
test('decision artifact validator rejects malformed top-level or nested fields', () => {
|
|
assert.throws(() => validateDecisionRecordArtifact(null), /decision record artifact must be an object/);
|
|
|
|
const planned = createPlannedDecision();
|
|
const artifact = createDecisionRecordArtifact({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
});
|
|
|
|
const wrongKind = structuredClone(artifact);
|
|
wrongKind.kind = 'NotDecisionRecordArtifact';
|
|
assert.throws(() => validateDecisionRecordArtifact(wrongKind), /kind must be DecisionRecordArtifact/);
|
|
|
|
const missingReceipt = structuredClone(artifact);
|
|
delete missingReceipt.spec.receipt;
|
|
assert.throws(() => validateDecisionRecordArtifact(missingReceipt), /spec\.receipt must be an object record/);
|
|
|
|
const blankDeliveryState = structuredClone(artifact);
|
|
blankDeliveryState.spec.receipt.delivery_state = ' ';
|
|
assert.throws(() => validateDecisionRecordArtifact(blankDeliveryState), /spec\.receipt\.delivery_state must be a non-empty string/);
|
|
});
|
|
|
|
test('decision artifact validator enforces metadata and spec consistency', () => {
|
|
const planned = createPlannedDecision();
|
|
const artifact = createDecisionRecordArtifact({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
source: {
|
|
task_id: 'task-reporting-governance',
|
|
correlation_id: 'corr-001',
|
|
},
|
|
});
|
|
|
|
const mismatchedPolicy = structuredClone(artifact);
|
|
mismatchedPolicy.metadata.policy_id = 'different-policy';
|
|
assert.throws(() => validateDecisionRecordArtifact(mismatchedPolicy), /policy_id mismatch between metadata and spec\.decision/);
|
|
|
|
const mismatchedDecision = structuredClone(artifact);
|
|
mismatchedDecision.metadata.decision = 'rewrite';
|
|
assert.throws(() => validateDecisionRecordArtifact(mismatchedDecision), /decision mismatch between metadata and spec\.decision/);
|
|
|
|
const mismatchedTask = structuredClone(artifact);
|
|
mismatchedTask.metadata.task_id = 'other-task';
|
|
assert.throws(() => validateDecisionRecordArtifact(mismatchedTask), /task_id mismatch between metadata and spec\.source/);
|
|
|
|
const mismatchedCorrelation = structuredClone(artifact);
|
|
mismatchedCorrelation.metadata.correlation_id = 'corr-other';
|
|
assert.throws(() => validateDecisionRecordArtifact(mismatchedCorrelation), /correlation_id mismatch between metadata and spec\.source/);
|
|
});
|
|
|
|
test('decision artifact validator rejects malformed recorded_at timestamp', () => {
|
|
const planned = createPlannedDecision();
|
|
const artifact = createDecisionRecordArtifact({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
});
|
|
|
|
artifact.metadata.recorded_at = 'not-a-timestamp';
|
|
assert.throws(() => validateDecisionRecordArtifact(artifact), /recorded_at must be a valid ISO-8601 timestamp/);
|
|
});
|
|
|
|
test('decision artifact filename is stable and readable', () => {
|
|
const planned = createPlannedDecision();
|
|
const artifact = createDecisionRecordArtifact({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
});
|
|
|
|
const fileName = createDecisionRecordFileName(artifact);
|
|
assert.match(fileName, /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/);
|
|
});
|
|
|
|
test('decision artifact filename sanitizes unsafe policy and decision segments', () => {
|
|
const artifact = {
|
|
kind: 'DecisionRecordArtifact',
|
|
apiVersion: 'reporting-governance/v1alpha1',
|
|
metadata: {
|
|
record_id: 'dec_test',
|
|
recorded_at: '2026-05-08T04:00:00.000Z',
|
|
policy_id: '../policy with spaces?',
|
|
decision: 'force checkpoint!',
|
|
correlation_id: null,
|
|
task_id: null,
|
|
event_id: null,
|
|
},
|
|
spec: {
|
|
decision: {
|
|
policy_id: '../policy with spaces?',
|
|
decision: 'force checkpoint!',
|
|
},
|
|
receipt: {
|
|
delivery_state: 'pending_external_send',
|
|
},
|
|
source: {
|
|
event_id: null,
|
|
task_id: null,
|
|
correlation_id: null,
|
|
},
|
|
},
|
|
};
|
|
|
|
const fileName = createDecisionRecordFileName(artifact);
|
|
assert.equal(fileName, '2026-05-08T04-00-00-000Z-policy-with-spaces-force-checkpoint-dec_test.json');
|
|
});
|
|
|
|
test('sanitizeFileSegment collapses malicious or blank segments to safe file names', () => {
|
|
assert.equal(decisionArtifactTestables.sanitizeFileSegment('../../etc/passwd', 'fallback'), 'etc-passwd');
|
|
assert.equal(decisionArtifactTestables.sanitizeFileSegment(' ', 'fallback'), 'fallback');
|
|
assert.equal(decisionArtifactTestables.sanitizeFileSegment('policy:force/checkpoint', 'fallback'), 'policy-force-checkpoint');
|
|
});
|
|
|
|
test('file decision store writes and reloads a validated decision artifact inside repo root', async (t) => {
|
|
const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-'));
|
|
t.after(() => fs.rmSync(sandbox, { recursive: true, force: true }));
|
|
|
|
const fakeRepoRoot = path.join(sandbox, 'repo');
|
|
fs.mkdirSync(fakeRepoRoot, { recursive: true });
|
|
|
|
const planned = createPlannedDecision();
|
|
const store = createFileDecisionStore({
|
|
decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'),
|
|
repoRootOverride: fakeRepoRoot,
|
|
});
|
|
|
|
const written = store.write({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
source: {
|
|
event_id: 'evt_watchdog_001',
|
|
task_id: 'task-reporting-governance',
|
|
correlation_id: 'corr-001',
|
|
},
|
|
});
|
|
|
|
assert.equal(fs.existsSync(written.artifactPath), true);
|
|
assert.match(path.basename(written.artifactPath), /^2026-05-08T04-00-00-000Z-no-silence\.missed-checkpoint-force_checkpoint-dec_[a-f0-9-]+\.json$/);
|
|
|
|
const loaded = store.load(written.artifactPath);
|
|
assert.equal(loaded.artifact.metadata.event_id, 'evt_watchdog_001');
|
|
assert.equal(loaded.artifact.spec.receipt.delivery_state, 'pending_external_send');
|
|
});
|
|
|
|
test('file decision store load rejects corrupted or malformed artifacts', async (t) => {
|
|
const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-'));
|
|
t.after(() => fs.rmSync(sandbox, { recursive: true, force: true }));
|
|
|
|
const fakeRepoRoot = path.join(sandbox, 'repo');
|
|
const decisionsDir = path.join(fakeRepoRoot, 'state', 'decisions');
|
|
fs.mkdirSync(decisionsDir, { recursive: true });
|
|
|
|
const store = createFileDecisionStore({
|
|
decisionsDir,
|
|
repoRootOverride: fakeRepoRoot,
|
|
});
|
|
|
|
const malformedJsonPath = path.join(decisionsDir, 'broken.json');
|
|
fs.writeFileSync(malformedJsonPath, '{not-json\n', 'utf8');
|
|
assert.throws(() => store.load(malformedJsonPath));
|
|
|
|
const corruptedArtifactPath = path.join(decisionsDir, 'corrupted.json');
|
|
fs.writeFileSync(corruptedArtifactPath, `${JSON.stringify({
|
|
kind: 'DecisionRecordArtifact',
|
|
apiVersion: 'reporting-governance/v1alpha1',
|
|
metadata: {
|
|
recorded_at: '',
|
|
policy_id: 'no-silence.missed-checkpoint',
|
|
decision: 'force_checkpoint',
|
|
},
|
|
spec: {
|
|
decision: {
|
|
policy_id: 'no-silence.missed-checkpoint',
|
|
decision: 'force_checkpoint',
|
|
},
|
|
receipt: {
|
|
delivery_state: 'pending_external_send',
|
|
},
|
|
source: {
|
|
event_id: null,
|
|
task_id: null,
|
|
correlation_id: null,
|
|
},
|
|
},
|
|
}, null, 2)}\n`, 'utf8');
|
|
assert.throws(() => store.load(corruptedArtifactPath), /metadata\.recorded_at must be a non-empty string/);
|
|
});
|
|
|
|
test('file decision store produces distinct filenames for same decision written twice', async (t) => {
|
|
const sandbox = fs.mkdtempSync(path.join(os.tmpdir(), 'reporting-governance-decision-store-'));
|
|
t.after(() => fs.rmSync(sandbox, { recursive: true, force: true }));
|
|
|
|
const fakeRepoRoot = path.join(sandbox, 'repo');
|
|
fs.mkdirSync(fakeRepoRoot, { recursive: true });
|
|
|
|
const planned = createPlannedDecision();
|
|
const store = createFileDecisionStore({
|
|
decisionsDir: path.join(fakeRepoRoot, 'state', 'decisions'),
|
|
repoRootOverride: fakeRepoRoot,
|
|
});
|
|
|
|
const first = store.write({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
});
|
|
const second = store.write({
|
|
decision: planned.decision,
|
|
receipt: planned.receipt,
|
|
recordedAt: '2026-05-08T04:00:00.000Z',
|
|
});
|
|
|
|
assert.notEqual(first.artifact.metadata.record_id, second.artifact.metadata.record_id);
|
|
assert.notEqual(path.basename(first.artifactPath), path.basename(second.artifactPath));
|
|
assert.equal(fs.readdirSync(path.join(fakeRepoRoot, 'state', 'decisions')).filter((name) => name.endsWith('.json')).length, 2);
|
|
});
|
|
|
|
test('file decision store rejects decision directory escaping repo root', () => {
|
|
assert.throws(
|
|
() => createFileDecisionStore({
|
|
decisionsDir: path.resolve(repoRoot, '..', 'escape'),
|
|
repoRootOverride: repoRoot,
|
|
}),
|
|
/decision store decisionsDir must stay within repo root/
|
|
);
|
|
});
|