23f7624596
ADR-166 MCP Bridge Security Lock / Static-source security lock (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / Compose default binds loopback + Mongo has auth (push) Failing after 2s
CodeQL Advanced / Analyze (rust) (push) Failing after 0s
ADR-166 MCP Bridge Security Lock / plugin-agent-federation bindHost default (push) Failing after 1s
ADR-166 MCP Bridge Security Lock / Runtime behavior — 401 + terminal gate + fail-closed (push) Failing after 4s
business-pods-smoke / smoke (push) Failing after 1s
all-plugins-smoke / smoke-all (push) Failing after 2s
CI/CD Pipeline / Security & Code Quality (push) Failing after 1s
CI/CD Pipeline / Test Suite (ubuntu-latest) (push) Failing after 1s
CI/CD Pipeline / Build & Package (macos-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (ubuntu-latest) (push) Has been skipped
CI/CD Pipeline / Build & Package (windows-latest) (push) Has been skipped
CI/CD Pipeline / Documentation & Examples (push) Failing after 1s
Clone Tracker (14-day rolling) / Snapshot clones for ruflo ecosystem (push) Failing after 1s
CodeQL Advanced / Analyze (actions) (push) Failing after 1s
CodeQL Advanced / Analyze (javascript-typescript) (push) Failing after 1s
federation-peer-rust / stable-noop (push) Failing after 1s
metaharness-ci / score (push) Failing after 1s
metaharness-ci / router-compat (push) Failing after 0s
metaharness-ci / similarity-tests (push) Failing after 0s
no-agentbbs-smoke / smoke-without-agentbbs (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (windows-latest) (push) Has been skipped
codex-integration-audit / Codex integration audit (push) Failing after 1s
helpers-manifest-guard / guard (push) Failing after 1s
🔗 Cross-Agent Integration Tests / 🤝 Agent Coordination Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🧠 Memory Sharing Integration (push) Has been skipped
🔗 Cross-Agent Integration Tests / 🛡️ Fault Tolerance Tests (push) Has been skipped
🔗 Cross-Agent Integration Tests / ⚡ Performance Integration Tests (push) Has been skipped
metaharness-ci / mcp-scan (push) Failing after 1s
metaharness-ci / eject-dryrun (push) Failing after 1s
metaharness-ci / metaharness-real-data (push) Failing after 0s
no-cli-optdep-bloat-2561 / guard (push) Failing after 1s
no-metaharness-smoke / smoke-without-metaharness (push) Failing after 1s
no-phantom-agentic-flow-subpath / guard (push) Failing after 1s
🔄 Automated Rollback Manager / 🚨 Failure Detection (push) Failing after 1s
V3 CI/CD Pipeline / Plugin hooks smoke / ubuntu-latest / Node 22 (push) Failing after 1s
V3 CI/CD Pipeline / ruflo-graph-intelligence build + test smoke (#2044, ADR-123) (push) Failing after 1s
CVE Audit Gate / Audit root (critical-blocking) (push) Failing after 2s
cost-tracker-smoke / smoke (push) Failing after 3s
oia-audit-weekly / audit (push) Failing after 2s
ruflo-agent-smoke / ruflo-agent structural smoke (push) Failing after 1s
📊 Status Badges Update / 📊 Update Status Badges (push) Failing after 1s
V3 CI/CD Pipeline / Static regression guards (#2267 YAML + (push) Failing after 1s
V3 CI/CD Pipeline / Test V3 Packages (push) Failing after 0s
V3 CI/CD Pipeline / agent_execute provider routing smoke (#2042) (push) Failing after 0s
CVE Audit Gate / Audit v3 (critical-blocking) (push) Failing after 1s
federation-peer-rust / stable-native (push) Failing after 2s
🔗 Cross-Agent Integration Tests / 🚀 Integration Test Setup (push) Failing after 2s
neural-trader-smoke / runtime-smoke (push) Failing after 1s
V3 CI/CD Pipeline / Build V3 (macos-latest) (push) Has been skipped
V3 CI/CD Pipeline / Build V3 (ubuntu-latest) (push) Has been skipped
V3 CI/CD Pipeline / Type Check V3 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 24 (push) Failing after 1s
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / ubuntu-latest / Node 22 (push) Failing after 2s
V3 CI/CD Pipeline / browser rvf create flag smoke (#2015) (push) Failing after 0s
V3 CI/CD Pipeline / Dependency review (#2046) (push) Has been skipped
V3 CI/CD Pipeline / Supply-chain audit (#2046) (push) Failing after 0s
V3 CI/CD Pipeline / witness marker drift smoke (#2021) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader portfolio CG smoke (#2068, ADR-126 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / neural-trader backtest signing smoke (#2068, ADR-126 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / kg-extract type-import classification smoke (#2049) (push) Failing after 0s
V3 CI/CD Pipeline / witness verify precondition smoke (#1880) (push) Failing after 2s
V3 CI/CD Pipeline / neural-trader pipeline risk-gate smoke (#2068, ADR-126 Phase 5) (push) Failing after 0s
V3 CI/CD Pipeline / neural-trader feature attribution smoke (#2068, ADR-126 Phase 6) (push) Failing after 0s
V3 CI/CD Pipeline / plugin-registry signature verification smoke (#1922, CWE-347) (push) Failing after 4s
V3 CI/CD Pipeline / memory stats legacy-DB smoke (#2120) (push) Failing after 4s
V3 CI/CD Pipeline / github deprecated actions smoke (#2089, ADR-127 Phase 3) (push) Failing after 1s
V3 CI/CD Pipeline / graph query + pathfinder smoke (ADR-130 P2+P5) (push) Has been skipped
V3 CI/CD Pipeline / graph trajectory hooks smoke (ADR-130 P3) (push) Has been skipped
V3 CI/CD Pipeline / graph plugin adapter smoke (ADR-130 P4) (push) Has been skipped
V3 CI/CD Pipeline / graph benchmark (ADR-130 P6) (push) Has been skipped
V3 CI/CD Pipeline / statusline generator delegation smoke (#2195) (push) Failing after 1s
V3 CI/CD Pipeline / wizard init regression guard (#2206 (push) Failing after 1s
V3 CI/CD Pipeline / memory no-stray-db smoke (ADR-125 P7) (push) Failing after 1s
V3 CI/CD Pipeline / github-safe injection smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github actions pin smoke (#2089, ADR-127 Phase 1) (push) Failing after 1s
V3 CI/CD Pipeline / github attribution opt-in smoke (#2089, ADR-127 Phase 4) (push) Failing after 1s
V3 CI/CD Pipeline / pre-bash hook safety smoke (#2017) (push) Failing after 1s
V3 CI/CD Pipeline / Memory import smoke / ubuntu-latest (push) Failing after 0s
V3 CI/CD Pipeline / MCP protocol smoke / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / ruvllm WASM auto-init smoke (#2086) (push) Failing after 4s
V3 CI/CD Pipeline / MCP paired-tool round-trip smoke (#1889) (push) Failing after 1s
V3 CI/CD Pipeline / Plugin package install-safety (#1902/#1903/#1904) (push) Failing after 1s
V3 CI/CD Pipeline / Tool description discoverability (ADR-112) (push) Failing after 3s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (22) (push) Failing after 1s
V3 CI/CD Pipeline / CLI npx-install smoke (#1147 / (24) (push) Failing after 1s
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / ubuntu-latest (push) Failing after 2s
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / ubuntu-latest (push) Failing after 1s
V3 CI/CD Pipeline / Vector-index dimension audit (#1947) (push) Failing after 0s
V3 CI/CD Pipeline / Hook-command install safety (#1921) (push) Failing after 1s
V3 CI/CD Pipeline / ToolOutputGuardrail smoke (ADR-131, (push) Failing after 1s
V3 CI/CD Pipeline / init-bundle invariants smoke (#2095, ADR-128 Phase 5) (push) Failing after 1s
V3 CI/CD Pipeline / wasm provider bridge smoke (ADR-129 P1) (push) Failing after 2s
V3 CI/CD Pipeline / wasm gallery CRUD smoke (ADR-129 P3) (push) Failing after 1s
V3 CI/CD Pipeline / wasm plugin bridge smoke (ADR-129 P4) (push) Failing after 0s
V3 CI/CD Pipeline / wasm compose smoke (ADR-129 P2) (push) Failing after 4s
V3 CI/CD Pipeline / graph schema smoke (ADR-130 P1) (push) Failing after 0s
Validate Marketplace / validate (push) Failing after 1s
🔍 Verification Pipeline / 🚀 Setup Verification (push) Failing after 1s
🔍 Verification Pipeline / 🛡️ Security Verification (push) Has been skipped
🔍 Verification Pipeline / 📝 Code Quality (push) Has been skipped
🔍 Verification Pipeline / 🧪 Test Verification (${{ matrix.os }}, Node ${{ matrix.node }}) (push) Has been skipped
🔍 Verification Pipeline / 🏗️ Build Verification (push) Has been skipped
🔍 Verification Pipeline / 📚 Documentation Verification (push) Has been skipped
CVE Audit Gate / High-severity report (warn only) (push) Has been cancelled
🔄 Automated Rollback Manager / 🔄 Execute Rollback (push) Has been cancelled
🔄 Automated Rollback Manager / ✅ Post-Rollback Verification (push) Has been cancelled
🔄 Automated Rollback Manager / 📊 Rollback Monitoring (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook execution smoke (#2132) / windows-latest (push) Has been cancelled
🔄 Automated Rollback Manager / ⏳ Manual Rollback Approval (push) Has been cancelled
V3 CI/CD Pipeline / MCP protocol smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Memory import smoke / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows hook shim smoke (#2132) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Windows init hooks smoke (#2132) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / macos-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / ubuntu-latest (push) Has been cancelled
V3 CI/CD Pipeline / Witness verify (signed manifest) / windows-latest (push) Has been cancelled
V3 CI/CD Pipeline / Publish to npm (alpha) (push) Has been cancelled
V3 CI/CD Pipeline / Smoke (no better-sqlite3) / macos-latest / Node 22 (push) Has been cancelled
V3 CI/CD Pipeline / Plugin hooks smoke / macos-latest / Node 22 (push) Has been cancelled
CI/CD Pipeline / Deploy & Release (push) Has been cancelled
CI/CD Pipeline / CI Status (push) Has been cancelled
🔗 Cross-Agent Integration Tests / 📊 Integration Test Report (push) Has been cancelled
🔄 Automated Rollback Manager / 🔍 Pre-Rollback Validation (push) Has been cancelled
🔍 Verification Pipeline / ⚡ Performance Verification (push) Has been cancelled
🔍 Verification Pipeline / 📊 Verification Report (push) Has been cancelled
213 lines
7.0 KiB
TypeScript
213 lines
7.0 KiB
TypeScript
/**
|
|
* TrustLevel Entity Tests
|
|
*
|
|
* Validates trust level enum values, capability gates per level,
|
|
* operation permission checks, and human-readable labels.
|
|
*/
|
|
|
|
import { describe, it, expect } from 'vitest';
|
|
import {
|
|
TrustLevel,
|
|
TRUST_TRANSITION_THRESHOLDS,
|
|
CAPABILITY_GATES,
|
|
isOperationAllowed,
|
|
getTrustLevelLabel,
|
|
} from '../../src/domain/entities/trust-level.js';
|
|
|
|
describe('TrustLevel', () => {
|
|
describe('enum values', () => {
|
|
it('should define UNTRUSTED as 0', () => {
|
|
expect(TrustLevel.UNTRUSTED).toBe(0);
|
|
});
|
|
|
|
it('should define VERIFIED as 1', () => {
|
|
expect(TrustLevel.VERIFIED).toBe(1);
|
|
});
|
|
|
|
it('should define ATTESTED as 2', () => {
|
|
expect(TrustLevel.ATTESTED).toBe(2);
|
|
});
|
|
|
|
it('should define TRUSTED as 3', () => {
|
|
expect(TrustLevel.TRUSTED).toBe(3);
|
|
});
|
|
|
|
it('should define PRIVILEGED as 4', () => {
|
|
expect(TrustLevel.PRIVILEGED).toBe(4);
|
|
});
|
|
|
|
it('should have exactly 5 trust levels', () => {
|
|
const numericValues = Object.values(TrustLevel).filter(
|
|
(v) => typeof v === 'number'
|
|
);
|
|
expect(numericValues).toHaveLength(5);
|
|
});
|
|
});
|
|
|
|
describe('TRUST_TRANSITION_THRESHOLDS', () => {
|
|
it('should define thresholds for 1->2 transition', () => {
|
|
const threshold = TRUST_TRANSITION_THRESHOLDS['1->2'];
|
|
expect(threshold).toBeDefined();
|
|
expect(threshold.upgradeScore).toBe(0.7);
|
|
expect(threshold.downgradeScore).toBe(0.5);
|
|
expect(threshold.minInteractions).toBe(50);
|
|
});
|
|
|
|
it('should define thresholds for 2->3 transition', () => {
|
|
const threshold = TRUST_TRANSITION_THRESHOLDS['2->3'];
|
|
expect(threshold).toBeDefined();
|
|
expect(threshold.upgradeScore).toBe(0.85);
|
|
expect(threshold.downgradeScore).toBe(0.65);
|
|
expect(threshold.minInteractions).toBe(500);
|
|
});
|
|
|
|
it('should define thresholds for 3->4 transition', () => {
|
|
const threshold = TRUST_TRANSITION_THRESHOLDS['3->4'];
|
|
expect(threshold).toBeDefined();
|
|
expect(threshold.upgradeScore).toBe(0.95);
|
|
expect(threshold.downgradeScore).toBe(0.8);
|
|
expect(threshold.minInteractions).toBe(5000);
|
|
});
|
|
|
|
it('should require progressively higher scores for each level', () => {
|
|
const t12 = TRUST_TRANSITION_THRESHOLDS['1->2'];
|
|
const t23 = TRUST_TRANSITION_THRESHOLDS['2->3'];
|
|
const t34 = TRUST_TRANSITION_THRESHOLDS['3->4'];
|
|
expect(t12.upgradeScore).toBeLessThan(t23.upgradeScore);
|
|
expect(t23.upgradeScore).toBeLessThan(t34.upgradeScore);
|
|
});
|
|
|
|
it('should require progressively more interactions for each level', () => {
|
|
const t12 = TRUST_TRANSITION_THRESHOLDS['1->2'];
|
|
const t23 = TRUST_TRANSITION_THRESHOLDS['2->3'];
|
|
const t34 = TRUST_TRANSITION_THRESHOLDS['3->4'];
|
|
expect(t12.minInteractions).toBeLessThan(t23.minInteractions);
|
|
expect(t23.minInteractions).toBeLessThan(t34.minInteractions);
|
|
});
|
|
|
|
it('should always have downgradeScore less than upgradeScore', () => {
|
|
for (const [, threshold] of Object.entries(TRUST_TRANSITION_THRESHOLDS)) {
|
|
expect(threshold.downgradeScore).toBeLessThan(threshold.upgradeScore);
|
|
}
|
|
});
|
|
});
|
|
|
|
describe('CAPABILITY_GATES', () => {
|
|
it('should allow UNTRUSTED only discovery', () => {
|
|
const caps = CAPABILITY_GATES[TrustLevel.UNTRUSTED];
|
|
expect(caps).toEqual(['discovery']);
|
|
});
|
|
|
|
it('should allow VERIFIED discovery, status, and ping', () => {
|
|
const caps = CAPABILITY_GATES[TrustLevel.VERIFIED];
|
|
expect(caps).toContain('discovery');
|
|
expect(caps).toContain('status');
|
|
expect(caps).toContain('ping');
|
|
expect(caps).not.toContain('send');
|
|
});
|
|
|
|
it('should allow ATTESTED send, receive, and query-redacted', () => {
|
|
const caps = CAPABILITY_GATES[TrustLevel.ATTESTED];
|
|
expect(caps).toContain('send');
|
|
expect(caps).toContain('receive');
|
|
expect(caps).toContain('query-redacted');
|
|
expect(caps).not.toContain('share-context');
|
|
});
|
|
|
|
it('should allow TRUSTED share-context and collaborative-task', () => {
|
|
const caps = CAPABILITY_GATES[TrustLevel.TRUSTED];
|
|
expect(caps).toContain('share-context');
|
|
expect(caps).toContain('collaborative-task');
|
|
expect(caps).not.toContain('full-memory');
|
|
});
|
|
|
|
it('should allow PRIVILEGED full-memory and remote-spawn', () => {
|
|
const caps = CAPABILITY_GATES[TrustLevel.PRIVILEGED];
|
|
expect(caps).toContain('full-memory');
|
|
expect(caps).toContain('remote-spawn');
|
|
});
|
|
|
|
it('should have each higher level as a superset of lower levels', () => {
|
|
const levels = [
|
|
TrustLevel.UNTRUSTED,
|
|
TrustLevel.VERIFIED,
|
|
TrustLevel.ATTESTED,
|
|
TrustLevel.TRUSTED,
|
|
TrustLevel.PRIVILEGED,
|
|
];
|
|
|
|
for (let i = 1; i < levels.length; i++) {
|
|
const lowerCaps = CAPABILITY_GATES[levels[i - 1]];
|
|
const higherCaps = CAPABILITY_GATES[levels[i]];
|
|
for (const cap of lowerCaps) {
|
|
expect(higherCaps).toContain(cap);
|
|
}
|
|
}
|
|
});
|
|
});
|
|
|
|
describe('isOperationAllowed', () => {
|
|
it('should allow discovery for UNTRUSTED', () => {
|
|
expect(isOperationAllowed(TrustLevel.UNTRUSTED, 'discovery')).toBe(true);
|
|
});
|
|
|
|
it('should deny send for UNTRUSTED', () => {
|
|
expect(isOperationAllowed(TrustLevel.UNTRUSTED, 'send')).toBe(false);
|
|
});
|
|
|
|
it('should deny send for VERIFIED', () => {
|
|
expect(isOperationAllowed(TrustLevel.VERIFIED, 'send')).toBe(false);
|
|
});
|
|
|
|
it('should allow send for ATTESTED', () => {
|
|
expect(isOperationAllowed(TrustLevel.ATTESTED, 'send')).toBe(true);
|
|
});
|
|
|
|
it('should deny full-memory for TRUSTED', () => {
|
|
expect(isOperationAllowed(TrustLevel.TRUSTED, 'full-memory')).toBe(false);
|
|
});
|
|
|
|
it('should allow full-memory for PRIVILEGED', () => {
|
|
expect(isOperationAllowed(TrustLevel.PRIVILEGED, 'full-memory')).toBe(true);
|
|
});
|
|
|
|
it('should deny unknown operations at any level', () => {
|
|
expect(isOperationAllowed(TrustLevel.PRIVILEGED, 'unknown-op')).toBe(false);
|
|
});
|
|
|
|
it('should allow discovery at every trust level', () => {
|
|
for (const level of [
|
|
TrustLevel.UNTRUSTED,
|
|
TrustLevel.VERIFIED,
|
|
TrustLevel.ATTESTED,
|
|
TrustLevel.TRUSTED,
|
|
TrustLevel.PRIVILEGED,
|
|
]) {
|
|
expect(isOperationAllowed(level, 'discovery')).toBe(true);
|
|
}
|
|
});
|
|
});
|
|
|
|
describe('getTrustLevelLabel', () => {
|
|
it('should return UNTRUSTED for level 0', () => {
|
|
expect(getTrustLevelLabel(TrustLevel.UNTRUSTED)).toBe('UNTRUSTED');
|
|
});
|
|
|
|
it('should return VERIFIED for level 1', () => {
|
|
expect(getTrustLevelLabel(TrustLevel.VERIFIED)).toBe('VERIFIED');
|
|
});
|
|
|
|
it('should return ATTESTED for level 2', () => {
|
|
expect(getTrustLevelLabel(TrustLevel.ATTESTED)).toBe('ATTESTED');
|
|
});
|
|
|
|
it('should return TRUSTED for level 3', () => {
|
|
expect(getTrustLevelLabel(TrustLevel.TRUSTED)).toBe('TRUSTED');
|
|
});
|
|
|
|
it('should return PRIVILEGED for level 4', () => {
|
|
expect(getTrustLevelLabel(TrustLevel.PRIVILEGED)).toBe('PRIVILEGED');
|
|
});
|
|
});
|
|
});
|