breakpilot-compliance/backend-compliance/tests/test_cra_readiness.py

"""Stateless CRA readiness check: scope answers -> classification + grouped guideline."""
from fastapi import FastAPI
from fastapi.testclient import TestClient
from compliance.api.cra_assess_routes import router

app = FastAPI()
app.include_router(router, prefix="/api")
client = TestClient(app)


def test_connected_product_in_scope_with_grouped_guideline():
    r = client.post("/api/v1/cra/readiness", json={
        "intended_use": "App fuer Industrieanlagen", "connected_to_internet": True, "has_software_updates": True})
    assert r.status_code == 200
    d = r.json()
    assert d["in_scope"] is True
    assert d["counts"]["code"] > 0 and d["counts"]["process"] > 0 and d["counts"]["document"] > 0
    assert d["total_effort_days"] > 0
    assert len(d["deadlines"]) >= 1


def test_remote_maintenance_implies_connectivity():
    d = client.post("/api/v1/cra/readiness", json={"intended_use": "x", "remote_maintenance": True}).json()
    assert d["in_scope"] is True


def test_no_digital_element_not_in_scope():
    d = client.post("/api/v1/cra/readiness", json={"intended_use": ""}).json()
    assert d["in_scope"] is False
    assert d["classification"] == "NOT_IN_SCOPE"
    assert d["counts"]["code"] == 0


def test_machinery_flag_does_not_break_assessment():
    # Machinery-Reg obligations come from the Controls-API (use_case=maschinen, DB) and
    # are verified live, not here. Without a DB the endpoint must still return the CRA
    # guideline (best-effort machinery fetch).
    r = client.post("/api/v1/cra/readiness", json={
        "intended_use": "App fuer Industrieanlagen", "connected_to_internet": True, "is_machinery": True})
    assert r.status_code == 200
    d = r.json()
    assert d["in_scope"] is True
    items = d["guideline"]["code"] + d["guideline"]["process"] + d["guideline"]["document"]
    assert any(it["source"] == "CRA" for it in items)