133 lines
8.0 KiB
PowerShell
133 lines
8.0 KiB
PowerShell
param(
|
|
[string]$ApiBaseUrl = "http://192.168.200.61:18121/api/v1",
|
|
[string]$ClusterID = "cfc0743d-d960-49fb-9de8-96e063d5e4aa",
|
|
[string]$ActorUserID = "f67d943f-5397-4b3a-a229-695fe67ad700",
|
|
[string]$RequestedNodeName = "test-1",
|
|
[string]$DefaultNodeName = "test-2",
|
|
[string]$MatrixNodeName = "test-1",
|
|
[string]$ResultPath = "artifacts\c19z140-remote-workspace-real-adapter-not-approved-outcome-continuation-block-audit-record-compatibility-smoke-result.json"
|
|
)
|
|
|
|
Set-StrictMode -Version Latest
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
$repoRoot = (Resolve-Path (Join-Path $PSScriptRoot "..\..")).ProviderPath
|
|
$sourceResultPath = "artifacts\c19z140-remote-workspace-real-adapter-not-approved-outcome-continuation-block-audit-record-source-result.json"
|
|
$requiredAuditFields = @("schema_version", "source_enforcement_schema", "audit_status", "audit_marker", "audit_event_type", "attempted_action", "attempt_allowed", "block_reason", "next_allowed_entrypoint", "blocks_not_approved_extension", "branch_state", "continuation_policy", "enablement_status", "runtime_gate_state", "runtime_effect", "allows_process_start", "allows_payload_traffic", "guardrail_summary", "audit_notes")
|
|
$requiredGuardrailFields = @("activation_blocked", "process_start_allowed", "health_probe_enabled", "payload_traffic", "allows_process_start", "allows_payload_traffic")
|
|
$requiredAuditNotes = @("blocked_continuation_audit_recorded", "not_approved_branch_remains_closed", "new_explicit_enablement_request_required", "real_runtime_gate_not_enabled", "process_start_disabled", "payload_forwarding_disabled")
|
|
|
|
function Get-PropertyValue {
|
|
param([object]$Item, [string]$Name, [object]$Default = $null)
|
|
if ($null -eq $Item) { return $Default }
|
|
if ($Item -is [System.Collections.IDictionary]) {
|
|
if ($Item.Contains($Name)) { return $Item[$Name] }
|
|
return $Default
|
|
}
|
|
$property = $Item.PSObject.Properties[$Name]
|
|
if ($null -eq $property) { return $Default }
|
|
return $property.Value
|
|
}
|
|
|
|
function Test-ObjectHasFields {
|
|
param([object]$Item, [string[]]$Fields)
|
|
if ($null -eq $Item) { return $false }
|
|
foreach ($field in $Fields) {
|
|
if ($Item -is [System.Collections.IDictionary]) {
|
|
if (-not $Item.Contains($field)) { return $false }
|
|
continue
|
|
}
|
|
if ($null -eq $Item.PSObject.Properties[$field]) { return $false }
|
|
}
|
|
return $true
|
|
}
|
|
|
|
function Test-ArrayContainsAll {
|
|
param([object[]]$Actual, [string[]]$Expected)
|
|
foreach ($item in $Expected) {
|
|
if ($Actual -notcontains $item) { return $false }
|
|
}
|
|
return $true
|
|
}
|
|
|
|
& powershell -ExecutionPolicy Bypass -File (Join-Path $PSScriptRoot "c19z139-remote-workspace-real-adapter-not-approved-outcome-continuation-block-audit-record-smoke.ps1") `
|
|
-ApiBaseUrl $ApiBaseUrl `
|
|
-ClusterID $ClusterID `
|
|
-ActorUserID $ActorUserID `
|
|
-RequestedNodeName $RequestedNodeName `
|
|
-DefaultNodeName $DefaultNodeName `
|
|
-MatrixNodeName $MatrixNodeName `
|
|
-ResultPath $sourceResultPath | Out-Null
|
|
|
|
$sourceFile = Join-Path $repoRoot $sourceResultPath
|
|
$sourceResult = Get-Content -Raw -Path $sourceFile | ConvertFrom-Json
|
|
$audit = Get-PropertyValue -Item $sourceResult -Name "not_approved_outcome_continuation_block_audit_record" -Default $null
|
|
$guardrails = Get-PropertyValue -Item $audit -Name "guardrail_summary" -Default $null
|
|
$auditNotes = @(Get-PropertyValue -Item $audit -Name "audit_notes" -Default @())
|
|
|
|
$auditFieldsCompatible = Test-ObjectHasFields -Item $audit -Fields $requiredAuditFields
|
|
$auditValuesCompatible = (
|
|
[string](Get-PropertyValue -Item $audit -Name "schema_version" -Default "") -eq "rap.remote_workspace_real_adapter_not_approved_outcome_continuation_block_audit_record.v1" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "source_enforcement_schema" -Default "") -eq "rap.remote_workspace_real_adapter_not_approved_outcome_continuation_block_enforcement.v1" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "audit_status" -Default "") -eq "blocked_continuation_audit_recorded" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "audit_event_type" -Default "") -eq "not_approved_continuation_block" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "attempted_action" -Default "") -eq "continue_not_approved_branch_without_new_explicit_enablement_request" -and
|
|
-not [bool](Get-PropertyValue -Item $audit -Name "attempt_allowed" -Default $true) -and
|
|
[string](Get-PropertyValue -Item $audit -Name "block_reason" -Default "") -eq "new_explicit_enablement_request_required" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "next_allowed_entrypoint" -Default "") -eq "new_explicit_enablement_request_only" -and
|
|
[bool](Get-PropertyValue -Item $audit -Name "blocks_not_approved_extension" -Default $false) -and
|
|
[string](Get-PropertyValue -Item $audit -Name "branch_state" -Default "") -eq "not_approved_branch_closed" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "continuation_policy" -Default "") -eq "do_not_continue_without_new_explicit_enablement_request" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "enablement_status" -Default "") -eq "not_enabled" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "runtime_gate_state" -Default "") -eq "validated_contract_only_not_enabled" -and
|
|
[string](Get-PropertyValue -Item $audit -Name "runtime_effect" -Default "") -eq "contract_only_no_runtime_enablement" -and
|
|
-not [bool](Get-PropertyValue -Item $audit -Name "allows_process_start" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $audit -Name "allows_payload_traffic" -Default $true)
|
|
)
|
|
$auditNotesCompatible = Test-ArrayContainsAll -Actual $auditNotes -Expected $requiredAuditNotes
|
|
$guardrailsCompatible = (
|
|
(Test-ObjectHasFields -Item $guardrails -Fields $requiredGuardrailFields) -and
|
|
[bool](Get-PropertyValue -Item $guardrails -Name "activation_blocked" -Default $false) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "process_start_allowed" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "health_probe_enabled" -Default $true) -and
|
|
[string](Get-PropertyValue -Item $guardrails -Name "payload_traffic" -Default "") -eq "none" -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "allows_process_start" -Default $true) -and
|
|
-not [bool](Get-PropertyValue -Item $guardrails -Name "allows_payload_traffic" -Default $true)
|
|
)
|
|
|
|
$checks = [ordered]@{
|
|
source_smoke_passed = ([bool]$sourceResult.passed)
|
|
source_schema_expected = ([string]$sourceResult.schema_version -eq "c19z139.remote_workspace_real_adapter_not_approved_outcome_continuation_block_audit_record_smoke.v1")
|
|
audit_present = ($null -ne $audit)
|
|
audit_fields_compatible = $auditFieldsCompatible
|
|
audit_values_compatible = $auditValuesCompatible
|
|
audit_notes_compatible = $auditNotesCompatible
|
|
guardrails_compatible = $guardrailsCompatible
|
|
}
|
|
$failed = @($checks.GetEnumerator() | Where-Object { -not $_.Value } | ForEach-Object { $_.Key })
|
|
|
|
$result = [ordered]@{
|
|
schema_version = "c19z140.remote_workspace_real_adapter_not_approved_outcome_continuation_block_audit_record_compatibility_smoke.v1"
|
|
source_result_path = $sourceFile
|
|
cluster_id = $ClusterID
|
|
required_audit_fields = $requiredAuditFields
|
|
required_guardrail_fields = $requiredGuardrailFields
|
|
required_audit_notes = $requiredAuditNotes
|
|
not_approved_outcome_continuation_block_audit_record = $audit
|
|
checks = $checks
|
|
failed_checks = $failed
|
|
passed = ($failed.Count -eq 0)
|
|
}
|
|
|
|
$fullResultPath = Join-Path $repoRoot $ResultPath
|
|
$resultDir = Split-Path -Parent $fullResultPath
|
|
if ($resultDir) { New-Item -ItemType Directory -Force -Path $resultDir | Out-Null }
|
|
$result | ConvertTo-Json -Depth 100 | Set-Content -Encoding UTF8 -Path $fullResultPath
|
|
|
|
if (-not $result.passed) {
|
|
throw "C19Z140 remote workspace real-adapter not-approved outcome continuation block audit record compatibility smoke failed. Result: $fullResultPath Failed: $($failed -join ', ')"
|
|
}
|
|
|
|
Write-Host "C19Z140 remote workspace real-adapter not-approved outcome continuation block audit record compatibility smoke passed. Result: $fullResultPath"
|
|
$result
|