stemedb/applications/aphoria/uat/scripts/test-pack-version-update.sh

#!/bin/bash
#
# Pack Version Update Test
#
# Tests that importing a newer version of a pack correctly updates attribution.
#
# Usage: ./test-pack-version-update.sh
#

set -e

SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../.." && pwd)"
APHORIA_BIN="$PROJECT_ROOT/target/release/aphoria"
TEST_DIR="/tmp/uat-version-update"

# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'

TESTS_PASSED=0
TESTS_FAILED=0

pass() { echo -e "${GREEN}✓${NC} $1"; TESTS_PASSED=$((TESTS_PASSED + 1)); }
fail() { echo -e "${RED}✗${NC} $1"; TESTS_FAILED=$((TESTS_FAILED + 1)); }
info() { echo -e "${YELLOW}→${NC} $1"; }
section() { echo ""; echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"; echo "$1"; echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"; }

# Build if needed
if [ ! -f "$APHORIA_BIN" ]; then
    info "Building Aphoria (release)..."
    (cd "$PROJECT_ROOT" && cargo build --release --package aphoria)
fi

rm -rf "$TEST_DIR"
mkdir -p "$TEST_DIR"

section "Step 1: Create Standards v1.0 Pack"

STANDARDS_DIR="$TEST_DIR/standards"
mkdir -p "$STANDARDS_DIR"
cd "$STANDARDS_DIR"

cat > Cargo.toml << 'EOF'
[package]
name = "security-standards"
version = "0.1.0"
edition = "2021"
EOF

cat > aphoria.toml << 'EOF'
[episteme]
data_dir = ".aphoria/db"
[project]
name = "security-standards"
EOF

mkdir -p src && echo "fn main() {}" > src/main.rs

info "Blessing TLS cert verification (v1.0)..."
"$APHORIA_BIN" bless "code://standard/tls/cert_verification" \
    --predicate enabled --value true \
    --reason "v1.0: Certificate verification required"

"$APHORIA_BIN" policy export --name "Standards-v1.0" --output standards-v1.0.pack
pass "Standards v1.0 pack created"

section "Step 2: Create Dev Project"

DEV_DIR="$TEST_DIR/dev-team"
mkdir -p "$DEV_DIR/config"
cd "$DEV_DIR"

cat > Cargo.toml << 'EOF'
[package]
name = "my-service"
version = "0.1.0"
edition = "2021"
EOF

cat > aphoria.toml << 'EOF'
[episteme]
data_dir = ".aphoria/db"
[project]
name = "my-service"
EOF

mkdir -p src && echo "fn main() {}" > src/main.rs

cat > config/tls.yaml << 'EOF'
tls:
  tls_verify: false
EOF

pass "Dev project created"

section "Step 3: Import v1.0 and Scan"

info "Importing Standards v1.0..."
"$APHORIA_BIN" policy import "$STANDARDS_DIR/standards-v1.0.pack"

info "Scanning with v1.0..."
SCAN_V1=$("$APHORIA_BIN" scan --persist --format json 2>&1)
echo "$SCAN_V1" > scan-v1.json

VERSION_V1=$(grep -o '"pack_name"[[:space:]]*:[[:space:]]*"[^"]*"' scan-v1.json | head -1 | sed 's/.*"\([^"]*\)"$/\1/')

if [ "$VERSION_V1" = "Standards-v1.0" ]; then
    pass "v1.0 attribution correct: $VERSION_V1"
else
    fail "Expected Standards-v1.0, got: $VERSION_V1"
fi

section "Step 4: Create Standards v2.0 Pack"

cd "$STANDARDS_DIR"
rm -rf .aphoria

info "Re-initializing for v2.0..."
"$APHORIA_BIN" bless "code://standard/tls/cert_verification" \
    --predicate enabled --value true \
    --reason "v2.0: Certificate verification MANDATORY (updated policy)"

"$APHORIA_BIN" policy export --name "Standards-v2.0" --output standards-v2.0.pack
pass "Standards v2.0 pack created"

section "Step 5: Import v2.0 and Re-Scan"

cd "$DEV_DIR"

info "Importing Standards v2.0..."
"$APHORIA_BIN" policy import "$STANDARDS_DIR/standards-v2.0.pack"

info "Scanning with v2.0..."
SCAN_V2=$("$APHORIA_BIN" scan --persist --format json 2>&1)
echo "$SCAN_V2" > scan-v2.json

VERSION_V2=$(grep -o '"pack_name"[[:space:]]*:[[:space:]]*"[^"]*"' scan-v2.json | head -1 | sed 's/.*"\([^"]*\)"$/\1/')

if [ "$VERSION_V2" = "Standards-v2.0" ]; then
    pass "v2.0 attribution correct: $VERSION_V2"
else
    fail "Expected Standards-v2.0, got: $VERSION_V2"
fi

section "Step 6: Verify v1.0 No Longer Appears"

V1_APPEARS=$(grep "Standards-v1.0" scan-v2.json 2>/dev/null | wc -l | tr -d ' ')

if [ "$V1_APPEARS" -eq 0 ]; then
    pass "v1.0 no longer appears (correctly superseded)"
else
    fail "v1.0 still appears ${V1_APPEARS:-0} time(s)"
fi

section "Step 7: Show Version Transition"

echo ""
echo "Before (v1.0):"
grep '"pack_name"' scan-v1.json | head -3 || echo "  (no pack_name found)"

echo ""
echo "After (v2.0):"
grep '"pack_name"' scan-v2.json | head -3 || echo "  (no pack_name found)"

section "Summary"

echo ""
echo "Test Results:"
echo "  Passed: $TESTS_PASSED"
echo "  Failed: $TESTS_FAILED"
echo ""
echo "Observation:"
echo "  Pack version update works correctly"
echo "  v2.0 import supersedes v1.0 (same subject key)"
echo "  Attribution updates to reflect new version"
echo ""

if [ "$TESTS_FAILED" -gt 0 ]; then
    exit 1
else
    exit 0
fi