rdp-proxy/agents/rap-node-agent/internal/mesh/peer_connection_intent_test.go

package mesh

import (
	"encoding/json"
	"testing"
	"time"
)

func TestPeerConnectionIntentsClassifyCorporateDirect(t *testing.T) {
	now := time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC)
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{
				NodeID:           "node-b",
				Endpoint:         "quic://10.24.10.20:19443",
				BestTransport:    "lan_quic",
				BestReachability: "private",
				BestConnectivity: "direct",
				BestPolicyTags:   []string{"corp-lan", "same-site"},
			},
		}},
		RecoveryPlan: PeerRecoveryPlan{
			Mode: PeerRecoveryModeSteady,
			Candidates: []PeerRecoveryCandidate{
				{
					NodeID:          "node-b",
					Endpoint:        "quic://10.24.10.20:19443",
					ConnectionState: PeerConnectionReady,
					Reason:          "maintain_ready",
					Priority:        100,
				},
			},
		},
		Now: now,
	})

	if plan.IntentCount != 1 || plan.MaintainCount != 1 || plan.CorporateLANCount != 1 {
		t.Fatalf("unexpected plan counts: %+v", plan)
	}
	intent := plan.Intents[0]
	if intent.Action != PeerConnectionIntentMaintain || intent.TransportMode != PeerTransportModeCorporateLAN || intent.RequiresRendezvous {
		t.Fatalf("unexpected corporate intent: %+v", intent)
	}
}

func TestPeerConnectionIntentsClassifyOutboundAndRelayAsRendezvousRequired(t *testing.T) {
	now := time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC)
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{
				NodeID:           "node-b",
				Endpoint:         "quic://node-b.example.test:19443",
				BestTransport:    "reverse_quic",
				BestReachability: "outbound_only",
				BestConnectivity: "outbound_only",
			},
			{
				NodeID:           "node-c",
				Endpoint:         "relay://fabric-relay/node-c",
				BestTransport:    "relay_quic",
				BestReachability: "relay",
				BestConnectivity: "relay_required",
			},
		}},
		RecoveryPlan: PeerRecoveryPlan{
			Mode: PeerRecoveryModeRecovery,
			Candidates: []PeerRecoveryCandidate{
				{
					NodeID:          "node-b",
					Endpoint:        "quic://node-b.example.test:19443",
					ConnectionState: PeerConnectionDisconnected,
					Reason:          "recover_warm",
					Priority:        90,
				},
				{
					NodeID:          "node-c",
					Endpoint:        "relay://fabric-relay/node-c",
					ConnectionState: PeerConnectionDisconnected,
					Reason:          "recover_seed",
					Priority:        80,
				},
			},
		},
		Now: now,
	})

	if plan.RecoverCount != 2 || plan.OutboundOnlyCount != 1 || plan.RelayRequiredCount != 1 || plan.RendezvousRequiredCount != 2 {
		t.Fatalf("unexpected rendezvous counts: %+v", plan)
	}
	if plan.Intents[0].Action != PeerConnectionIntentRecover || plan.Intents[1].Action != PeerConnectionIntentRecover {
		t.Fatalf("unexpected actions: %+v", plan.Intents)
	}
}

func TestPeerConnectionIntentsRequireRendezvousForRemotePrivateRegion(t *testing.T) {
	now := time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC)
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PreferredRegion: "ifcm",
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{
				NodeID:           "node-b",
				Endpoint:         "quic://192.168.200.61:19132",
				BestTransport:    "direct_quic",
				BestReachability: "private",
				BestConnectivity: "private_lan",
				BestRegion:       "docker-test",
			},
		}},
		RecoveryPlan: PeerRecoveryPlan{
			Mode: PeerRecoveryModeRecovery,
			Candidates: []PeerRecoveryCandidate{{
				NodeID:          "node-b",
				Endpoint:        "quic://192.168.200.61:19132",
				ConnectionState: PeerConnectionDisconnected,
				Reason:          "recover_warm",
				Priority:        100,
			}},
		},
		Now: now,
	})

	if plan.IntentCount != 1 || plan.RelayRequiredCount != 1 || plan.RendezvousRequiredCount != 1 {
		t.Fatalf("unexpected remote private plan counts: %+v", plan)
	}
	intent := plan.Intents[0]
	if intent.DirectCandidate || !intent.RequiresRendezvous || intent.TransportMode != PeerTransportModeRelayRequired {
		t.Fatalf("unexpected remote private intent: %+v", intent)
	}
}

func TestPeerConnectionIntentsResolveRendezvousWithRelayLease(t *testing.T) {
	now := time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC)
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{
				NodeID:           "node-b",
				Endpoint:         "relay://fabric/node-b",
				BestTransport:    "relay",
				BestReachability: "relay",
				BestConnectivity: "relay_required",
			},
		}},
		RecoveryPlan: PeerRecoveryPlan{
			Mode: PeerRecoveryModeRecovery,
			Candidates: []PeerRecoveryCandidate{
				{
					NodeID:          "node-b",
					Endpoint:        "relay://fabric/node-b",
					ConnectionState: PeerConnectionDisconnected,
					Reason:          "recover_warm",
					Priority:        100,
				},
			},
		},
		RendezvousLeases: []PeerRendezvousLease{
			{
				LeaseID:          "lease-node-b-via-node-r",
				PeerNodeID:       "node-b",
				RelayNodeID:      "node-r",
				RelayEndpoint:    "quic://node-r:19443",
				Transport:        "relay_quic",
				ConnectivityMode: "relay_required",
				Priority:         10,
				ControlPlaneOnly: true,
				IssuedAt:         now.Add(-time.Minute),
				ExpiresAt:        now.Add(time.Minute),
				Metadata:         peerConnectionIntentLeaseMetadata(t, "abc123"),
			},
		},
		Now: now,
	})

	if plan.IntentCount != 1 || plan.RelayControlCount != 1 || plan.RendezvousResolvedCount != 1 || plan.RendezvousRequiredCount != 0 {
		t.Fatalf("unexpected relay-control plan counts: %+v", plan)
	}
	intent := plan.Intents[0]
	if intent.TransportMode != PeerTransportModeRelayControl ||
		intent.Endpoint != "quic://node-r:19443" ||
		intent.RelayNodeID != "node-r" ||
		intent.RendezvousLeaseID != "lease-node-b-via-node-r" ||
		intent.BestPeerCertSHA256 != "abc123" ||
		!intent.RelayCandidate ||
		!intent.RendezvousResolved ||
		intent.RequiresRendezvous {
		t.Fatalf("unexpected resolved rendezvous intent: %+v", intent)
	}
}

func TestPeerConnectionIntentsSkipExpiredRendezvousLeaseAndReselect(t *testing.T) {
	now := time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC)
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{
				NodeID:           "node-b",
				Endpoint:         "relay://fabric/node-b",
				BestTransport:    "relay",
				BestReachability: "relay",
				BestConnectivity: "relay_required",
			},
		}},
		RecoveryPlan: PeerRecoveryPlan{
			Mode: PeerRecoveryModeRecovery,
			Candidates: []PeerRecoveryCandidate{
				{
					NodeID:          "node-b",
					Endpoint:        "relay://fabric/node-b",
					ConnectionState: PeerConnectionWaiting,
					Reason:          "recover_warm",
					Priority:        100,
				},
			},
		},
		RendezvousLeases: []PeerRendezvousLease{
			{
				LeaseID:          "lease-expired-preferred",
				PeerNodeID:       "node-b",
				RelayNodeID:      "node-r-old",
				RelayEndpoint:    "quic://node-r-old:19443",
				Transport:        "relay_quic",
				ConnectivityMode: "relay_required",
				Priority:         1,
				ControlPlaneOnly: true,
				IssuedAt:         now.Add(-10 * time.Minute),
				ExpiresAt:        now.Add(-time.Second),
			},
			{
				LeaseID:          "lease-active-reselected",
				PeerNodeID:       "node-b",
				RelayNodeID:      "node-r-new",
				RelayEndpoint:    "quic://node-r-new:19443",
				Transport:        "relay_quic",
				ConnectivityMode: "relay_required",
				Priority:         20,
				ControlPlaneOnly: true,
				IssuedAt:         now.Add(-time.Minute),
				ExpiresAt:        now.Add(time.Minute),
			},
		},
		Now: now,
	})

	if plan.RendezvousResolvedCount != 1 || plan.RelayControlCount != 1 || plan.RendezvousRequiredCount != 0 {
		t.Fatalf("unexpected reselected plan counts: %+v", plan)
	}
	intent := plan.Intents[0]
	if intent.RendezvousLeaseID != "lease-active-reselected" ||
		intent.RelayNodeID != "node-r-new" ||
		intent.Endpoint != "quic://node-r-new:19443" {
		t.Fatalf("expired lease was not skipped: %+v", intent)
	}
}

func peerConnectionIntentLeaseMetadata(t *testing.T, certSHA256 string) json.RawMessage {
	t.Helper()
	payload, err := json.Marshal(map[string]string{"peer_cert_sha256": certSHA256})
	if err != nil {
		t.Fatalf("marshal metadata: %v", err)
	}
	return payload
}

func TestPeerConnectionIntentsClassifyPrivateEndpointWithoutCandidateHints(t *testing.T) {
	plan := PlanPeerConnectionIntents(PeerConnectionIntentPlanConfig{
		PeerCache: PeerCacheSnapshot{Entries: []PeerCacheEntry{
			{NodeID: "node-b", Endpoint: "quic://192.168.10.20:19443"},
		}},
		RecoveryPlan: PeerRecoveryPlan{Candidates: []PeerRecoveryCandidate{
			{
				NodeID:          "node-b",
				Endpoint:        "quic://192.168.10.20:19443",
				ConnectionState: PeerConnectionDisconnected,
				Reason:          "recover_peer",
				Priority:        10,
			},
		}},
		Now: time.Date(2026, 4, 28, 12, 0, 0, 0, time.UTC),
	})

	if plan.PrivateLANCount != 1 || plan.Intents[0].TransportMode != PeerTransportModePrivateLAN || !plan.Intents[0].DirectCandidate {
		t.Fatalf("unexpected private endpoint classification: %+v", plan)
	}
}