76 lines
3.3 KiB
PHP
76 lines
3.3 KiB
PHP
<?php
|
|
|
|
use App\Services\Providers\ProviderOperationRegistry;
|
|
use App\Support\Providers\Boundary\ProviderBoundaryCatalog;
|
|
use App\Support\Providers\Boundary\ProviderBoundaryOwner;
|
|
|
|
it('blocks undocumented provider terms in platform-core seams', function (): void {
|
|
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
|
|
seamKey: 'provider.identity_resolution',
|
|
filePath: 'app/Services/Providers/ProviderIdentityResolution.php',
|
|
proposedOwner: ProviderBoundaryOwner::PlatformCore,
|
|
providerSpecificTerms: ['client_request_id'],
|
|
);
|
|
|
|
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
|
|
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PLATFORM_CORE_PROVIDER_LEAK)
|
|
->and($result['suggested_follow_up'])->toBe('follow-up-spec');
|
|
});
|
|
|
|
it('requires review for documented current-release exceptions on platform-core seams', function (): void {
|
|
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
|
|
seamKey: 'provider.identity_resolution',
|
|
filePath: 'app/Services/Providers/ProviderIdentityResolver.php',
|
|
proposedOwner: 'platform_core',
|
|
providerSpecificTerms: ['entra_tenant_id'],
|
|
);
|
|
|
|
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_REVIEW_REQUIRED)
|
|
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE)
|
|
->and($result['suggested_follow_up'])->toBe('follow-up-spec');
|
|
});
|
|
|
|
it('allows provider-specific terms inside provider-owned seams', function (): void {
|
|
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
|
|
seamKey: 'provider.gateway_runtime',
|
|
filePath: 'app/Services/Providers/ProviderGateway.php',
|
|
proposedOwner: ProviderBoundaryOwner::ProviderOwned,
|
|
providerSpecificTerms: ['client_request_id', 'client_secret'],
|
|
);
|
|
|
|
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_ALLOWED)
|
|
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_NONE);
|
|
});
|
|
|
|
it('keeps operation definitions separate from provider bindings', function (): void {
|
|
$registry = app(ProviderOperationRegistry::class);
|
|
|
|
$definition = $registry->get('provider.connection.check');
|
|
$binding = $registry->bindingFor('provider.connection.check', 'microsoft');
|
|
|
|
expect($definition)->toMatchArray([
|
|
'operation_type' => 'provider.connection.check',
|
|
'module' => 'health_check',
|
|
'label' => 'Provider connection check',
|
|
'required_capability' => \App\Support\Auth\Capabilities::PROVIDER_RUN,
|
|
]);
|
|
|
|
expect($binding)->toMatchArray([
|
|
'provider' => 'microsoft',
|
|
'binding_status' => ProviderOperationRegistry::BINDING_ACTIVE,
|
|
]);
|
|
});
|
|
|
|
it('blocks provider binding metadata when it is proposed as platform-core truth', function (): void {
|
|
$result = app(ProviderBoundaryCatalog::class)->evaluateChange(
|
|
seamKey: 'provider.operation_registry',
|
|
filePath: 'app/Services/Providers/ProviderOperationRegistry.php',
|
|
proposedOwner: ProviderBoundaryOwner::PlatformCore,
|
|
providerSpecificTerms: ['microsoft'],
|
|
introducesNewBinding: true,
|
|
);
|
|
|
|
expect($result['status'])->toBe(ProviderBoundaryCatalog::STATUS_BLOCKED)
|
|
->and($result['violation_code'])->toBe(ProviderBoundaryCatalog::VIOLATION_PROVIDER_BINDING_AS_PRIMARY_TRUTH);
|
|
});
|