@neurcode-ai/governance-runtime 0.1.3 → 0.1.5

package/src/index.test.ts

@@ -1,502 +0,0 @@
-import assert from 'node:assert/strict';
-import test from 'node:test';
-import {
-  compileDeterministicConstraints,
-  buildPlanVerificationMessage,
-  evaluatePlanVerification,
-  extractPlannedFilePaths,
-  resolvePlanVerdict,
-  type PlanDiffFile,
-} from './index';
-
-const SAMPLE_PLAN = [
-  { path: 'src/a.ts', action: 'MODIFY' },
-  { path: 'src/b.ts', action: 'CREATE' },
-  { path: 'docs/readme.md', action: 'BLOCK' },
-];
-
-function makeChangedFiles(paths: string[]): PlanDiffFile[] {
-  return paths.map((path) => ({
-    path,
-    changeType: 'modify',
-    added: 1,
-    removed: 0,
-    hunks: [
-      {
-        oldStart: 1,
-        oldLines: 0,
-        newStart: 1,
-        newLines: 1,
-        lines: [
-          {
-            type: 'added',
-            content: 'const x = 1;',
-          },
-        ],
-      },
-    ],
-  }));
-}
-
-test('extractPlannedFilePaths includes only CREATE/MODIFY actions', () => {
-  const paths = extractPlannedFilePaths(SAMPLE_PLAN);
-  assert.deepEqual(paths, ['src/a.ts', 'src/b.ts']);
-});
-
-test('resolvePlanVerdict reproduces legacy threshold rules', () => {
-  assert.equal(
-    resolvePlanVerdict({
-      bloatCount: 0,
-      adherenceScore: 100,
-      totalPlannedFiles: 2,
-      plannedFilesModified: 2,
-      constraintViolations: [],
-    }),
-    'PASS'
-  );
-
-  assert.equal(
-    resolvePlanVerdict({
-      bloatCount: 1,
-      adherenceScore: 100,
-      totalPlannedFiles: 2,
-      plannedFilesModified: 2,
-      constraintViolations: [],
-    }),
-    'WARN'
-  );
-
-  assert.equal(
-    resolvePlanVerdict({
-      bloatCount: 2,
-      adherenceScore: 40,
-      totalPlannedFiles: 5,
-      plannedFilesModified: 2,
-      constraintViolations: [],
-    }),
-    'FAIL'
-  );
-
-  assert.equal(
-    resolvePlanVerdict({
-      bloatCount: 0,
-      adherenceScore: 0,
-      totalPlannedFiles: 0,
-      plannedFilesModified: 0,
-      constraintViolations: [],
-    }),
-    'FAIL'
-  );
-});
-
-test('evaluatePlanVerification computes adherence and bloat deterministically', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: makeChangedFiles(['src/a.ts', 'src/unplanned.ts']),
-    diffStats: {
-      totalAdded: 2,
-      totalRemoved: 0,
-      totalFiles: 2,
-    },
-  });
-
-  assert.equal(result.adherenceScore, 50);
-  assert.equal(result.totalPlannedFiles, 2);
-  assert.equal(result.plannedFilesModified, 1);
-  assert.equal(result.bloatCount, 1);
-  assert.deepEqual(result.bloatFiles, ['src/unplanned.ts']);
-  assert.equal(result.verdict, 'WARN');
-  assert.equal(result.scopeGuardPassed, false);
-  assert.equal(result.diffSummary.added, 2);
-  assert.equal(result.diffSummary.removed, 0);
-});
-
-test('evaluatePlanVerification fails on no-useEffect constraint violations', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'useEffect(() => { console.log(1); }, []);',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    intentConstraints: 'No useEffect',
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.message, /Constraint violation/i);
-});
-
-test('compileDeterministicConstraints builds rules from intent and policy text', () => {
-  const compiled = compileDeterministicConstraints({
-    intentConstraints: 'Do not use useEffect; avoid console.log in this change',
-    policyRules: ['No debugger statements', 'No process.env usage in frontend code'],
-  });
-
-  const ruleIds = compiled.rules.map((rule) => rule.id);
-  assert.ok(ruleIds.includes('intent:no_useeffect'));
-  assert.ok(ruleIds.includes('intent:no_console_log'));
-  assert.ok(ruleIds.includes('policy:no_debugger'));
-  assert.ok(ruleIds.includes('policy:no_process_env'));
-});
-
-test('compileDeterministicConstraints supports path-scoped rules', () => {
-  const compiled = compileDeterministicConstraints({
-    policyRules: ['No console.log in src/server/** except src/server/tests/**'],
-  });
-  const scopedRule = compiled.rules.find((rule) => rule.id === 'policy:no_console_log');
-  assert.ok(scopedRule, 'expected path-scoped console.log rule');
-  assert.deepEqual(scopedRule?.pathIncludePatterns, ['src/server/**']);
-  assert.deepEqual(scopedRule?.pathExcludePatterns, ['src/server/tests/**']);
-});
-
-test('evaluatePlanVerification enforces compiled policy rules deterministically', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'console.log("debug");',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    policyRules: ['No console.log in committed code'],
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.constraintViolations[0], /console\.log/i);
-});
-
-test('evaluatePlanVerification enforces path-scoped exclusions to reduce false positives', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/server/app.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'console.log("server");',
-              },
-            ],
-          },
-        ],
-      },
-      {
-        path: 'src/server/tests/app.test.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'console.log("test");',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    policyRules: ['No console.log in src/server/** except src/server/tests/**'],
-  });
-
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.constraintViolations[0], /src\/server\/app\.ts/i);
-});
-
-test('evaluatePlanVerification supports deterministic invocation limits with full-file context', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'const marker = true;',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    intentConstraints: 'foo invoked only 1 times in src/a.ts',
-    fileContents: {
-      'src/a.ts': 'foo();\nfoo();\n',
-    },
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.constraintViolations[0], /limit 1/i);
-});
-
-test('evaluatePlanVerification supports at-least invocation constraints', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'const marker = true;',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    intentConstraints: 'foo should be called at least 2 times in src/a.ts',
-    fileContents: {
-      'src/a.ts': 'foo();\n',
-    },
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.constraintViolations[0], /minimum 2/i);
-});
-
-test('compileDeterministicConstraints supports exact invocation constraints', () => {
-  const compiled = compileDeterministicConstraints({
-    intentConstraints: 'bar should be called exactly 3 times in src/a.ts',
-  });
-
-  const rule = compiled.rules.find((item) => item.id.includes('exact_invocations_bar'));
-  assert.ok(rule, 'expected exact invocation rule');
-  assert.equal(rule?.minMatchesPerFile, 3);
-  assert.equal(rule?.maxMatchesPerFile, 3);
-});
-
-test('compileDeterministicConstraints supports repo-scoped invocation constraints', () => {
-  const compiled = compileDeterministicConstraints({
-    intentConstraints: 'foo should be called at most 2 times across repository',
-  });
-
-  const rule = compiled.rules.find((item) => item.id.includes('invocations_foo_repo'));
-  assert.ok(rule, 'expected repo-scoped invocation rule');
-  assert.equal(rule?.evaluationScope, 'repo');
-  assert.equal(rule?.maxMatchesPerFile, 2);
-});
-
-test('evaluatePlanVerification enforces repo-scoped invocation constraints', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'const marker = true;',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    intentConstraints: 'foo called at most 1 times across repository',
-    fileContents: {
-      'src/a.ts': 'foo();\n',
-      'src/b.ts': 'foo();\n',
-    },
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.ok(result.constraintViolations.some((item) => /across repository scope/i.test(item)));
-});
-
-test('evaluatePlanVerification detects exported API signature drift constraints', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/api.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 1,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 1,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'removed',
-                content: 'export function createUser(name: string): User {',
-              },
-              {
-                type: 'added',
-                content: 'export function createUser(name: string, email: string): User {',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    intentConstraints: 'Do not change public API signatures',
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.ok(result.constraintViolations.some((item) => /signature delta/i.test(item)));
-});
-
-test('evaluatePlanVerification detects network-call invariants deterministically', () => {
-  const result = evaluatePlanVerification({
-    planFiles: SAMPLE_PLAN,
-    changedFiles: [
-      {
-        path: 'src/a.ts',
-        changeType: 'modify',
-        added: 1,
-        removed: 0,
-        hunks: [
-          {
-            oldStart: 1,
-            oldLines: 0,
-            newStart: 1,
-            newLines: 1,
-            lines: [
-              {
-                type: 'added',
-                content: 'await fetch("https://api.example.com");',
-              },
-            ],
-          },
-        ],
-      },
-    ],
-    policyRules: ['No network calls in committed code'],
-  });
-
-  assert.equal(result.verdict, 'FAIL');
-  assert.equal(result.constraintViolations.length, 1);
-  assert.match(result.constraintViolations[0], /network-call/i);
-});
-
-test('compileDeterministicConstraints expands advanced architectural invariants', () => {
-  const compiled = compileDeterministicConstraints({
-    intentConstraints: [
-      'Preserve backward compatibility for public endpoints',
-      'Maintain async event ordering and do not process messages out of order',
-      'Do not remove required fields from event payload schema',
-      'Enforce multi-tenant isolation and avoid cross-tenant access',
-      'Do not invalidate global cache keys',
-      'Preserve idempotency guarantees for retryable writes',
-      'Avoid destructive schema migrations such as DROP COLUMN',
-    ].join('; '),
-  });
-
-  const ruleIds = compiled.rules.map((rule) => rule.id);
-  assert.ok(ruleIds.includes('intent:backward_compatibility'));
-  assert.ok(ruleIds.includes('intent:async_ordering'));
-  assert.ok(ruleIds.includes('intent:event_schema_consistency'));
-  assert.ok(ruleIds.includes('intent:multi_tenant_isolation'));
-  assert.ok(ruleIds.includes('intent:cache_invariant'));
-  assert.ok(ruleIds.includes('intent:idempotency'));
-  assert.ok(ruleIds.includes('intent:migration_safety'));
-});
-
-test('compileDeterministicConstraints attaches provenance metadata', () => {
-  const compiled = compileDeterministicConstraints({
-    intentConstraints: 'Preserve backward compatibility for public endpoints in src/api/**',
-  });
-
-  const rule = compiled.rules.find((item) => item.id === 'intent:backward_compatibility');
-  assert.ok(rule, 'expected backward compatibility rule');
-  assert.ok(rule?.provenance, 'expected provenance metadata');
-  assert.equal(rule?.provenance?.why.length ? true : false, true);
-  assert.ok((rule?.provenance?.evidence || []).length > 0);
-  assert.ok((rule?.provenance?.trustBoundaries || []).includes('public-api'));
-  assert.ok((rule?.provenance?.contributingGraphPaths || []).includes('src/api/**'));
-});
-
-test('buildPlanVerificationMessage handles incomplete 0/0 plans', () => {
-  const message = buildPlanVerificationMessage({
-    constraintViolations: [],
-    totalPlannedFiles: 0,
-    plannedFilesModified: 0,
-    verdict: 'FAIL',
-    adherenceScore: 0,
-    bloatCount: 0,
-  });
-
-  assert.match(message, /0\/0/);
-});