set('tenantpilot.hardening.intune_write_gate.enabled', true); config()->set('tenantpilot.hardening.intune_write_gate.freshness_threshold_hours', 24); }); test('gate evaluation with not_configured status makes zero HTTP calls', function () { Http::fake(); $tenant = Tenant::factory()->create([ 'rbac_status' => 'not_configured', 'rbac_last_checked_at' => null, ]); $gate = app(WriteGateInterface::class); try { $gate->evaluate($tenant, 'restore.execute'); } catch (ProviderAccessHardeningRequired) { // Expected } Http::assertNothingSent(); }); test('gate evaluation with unhealthy status makes zero HTTP calls', function () { Http::fake(); $tenant = Tenant::factory()->create([ 'rbac_status' => 'failed', 'rbac_last_checked_at' => now(), ]); $gate = app(WriteGateInterface::class); try { $gate->evaluate($tenant, 'restore.execute'); } catch (ProviderAccessHardeningRequired) { // Expected } Http::assertNothingSent(); }); test('gate evaluation with stale status makes zero HTTP calls', function () { Http::fake(); $tenant = Tenant::factory()->create([ 'rbac_status' => 'ok', 'rbac_last_checked_at' => now()->subHours(48), ]); $gate = app(WriteGateInterface::class); try { $gate->evaluate($tenant, 'restore.execute'); } catch (ProviderAccessHardeningRequired) { // Expected } Http::assertNothingSent(); }); test('gate evaluation with ok fresh status makes zero HTTP calls', function () { Http::fake(); $tenant = Tenant::factory()->create([ 'rbac_status' => 'ok', 'rbac_last_checked_at' => now()->subMinutes(30), ]); $gate = app(WriteGateInterface::class); // Should pass without exception $gate->evaluate($tenant, 'restore.execute'); Http::assertNothingSent(); });