breakpilot-compliance/ai-compliance-sdk/internal/ucca/compliance_status_test.go

package ucca

import "testing"

func loadGraph(t *testing.T) (*ObligationJoinKeys, *ControlMappingSet, *EvidenceRequirementSet) {
	t.Helper()
	joins, err := LoadObligationJoinKeys("../../../obligations/obligation_join_keys.json")
	if err != nil {
		t.Fatalf("join keys: %v", err)
	}
	maps, err := LoadControlMappings("../../data/control_mappings")
	if err != nil {
		t.Fatalf("mappings: %v", err)
	}
	ev, err := LoadEvidenceRequirements("../../data/evidence_requirements")
	if err != nil {
		t.Fatalf("evidence: %v", err)
	}
	return joins, maps, ev
}

func TestAssessObligationStatus(t *testing.T) {
	joins, maps, ev := loadGraph(t)

	// covered obligation, no evidence collected yet (MVP) -> offen
	st := AssessObligationStatus(joins, maps, ev, "firmware_software_authentication", nil)
	if st.Status != "offen" {
		t.Errorf("want offen, got %q", st.Status)
	}
	if len(st.Controls) == 0 {
		t.Fatal("expected controls for a covered obligation")
	}
	for _, c := range st.Controls {
		if len(c.MissingEvidence) != len(c.RequiredEvidence) {
			t.Error("MVP: all required evidence should be missing")
		}
	}
	t.Logf("DURCHSTICH firmware_software_authentication: status=%s legal_basis=%v citation_spans=%s",
		st.Status, st.LegalBasis, st.CitationSpans)
	for _, c := range st.Controls {
		t.Logf("  %s %s (%s): %d required evidence, %d missing", c.Framework, c.Control, c.MappingType, len(c.RequiredEvidence), len(c.MissingEvidence))
	}

	// all evidence present -> erfuellt
	st2 := AssessObligationStatus(joins, maps, ev, "firmware_software_authentication", func(f, c, et string) bool { return true })
	if st2.Status != "erfuellt" {
		t.Errorf("want erfuellt with all evidence present, got %q", st2.Status)
	}

	// uncovered obligation (no accepted control reaches it) -> unklar
	if st3 := AssessObligationStatus(joins, maps, ev, "sbom_creation", nil); st3.Status != "unklar" {
		t.Errorf("uncovered sbom_creation: want unklar, got %q", st3.Status)
	}

	// unknown obligation_id -> unklar
	if st4 := AssessObligationStatus(joins, maps, ev, "does_not_exist", nil); st4.Status != "unklar" {
		t.Errorf("unknown obligation: want unklar, got %q", st4.Status)
	}
}