Skip to content

test(issuer): source-scan purity guards for receiptCandidate + policyReview#346

Open
ctol3r wants to merge 1 commit into
mainfrom
purity-guard-helpers
Open

test(issuer): source-scan purity guards for receiptCandidate + policyReview#346
ctol3r wants to merge 1 commit into
mainfrom
purity-guard-helpers

Conversation

@ctol3r
Copy link
Copy Markdown
Owner

@ctol3r ctol3r commented May 12, 2026

Summary

  • Extends the existing source-scan purity test pattern to cover the two most doctrine-critical pure transforms in the issuer/PSV chain: apps/web/lib/issuer-verification/receiptCandidate.ts and policyReview.ts.
  • Closes a gap surfaced by the promotion-governance audit (2026-05-12): both helpers had only behavioral coverage, so a silent fetch() or audit-row write could be added without breaking any existing assertion.
  • No production code changes — two test files only, +82/-0 lines.

Why this matters

receiptCandidate.ts and policyReview.ts are the modules that materialize the literal decisionGrade: false / proofTier: 'receipt_candidate' / proofTier: 'psv_receipt_candidate' invariants of the issuer/PSV chain. Their CLAUDE.md contract explicitly states they are pure transforms — no fetches, no DB writes, no audit-event writes. Until now that was a comment, not a checked invariant.

What changed

Each helper now has two new tests that readFileSync the source and assert:

  1. The text contains none of: fetch(, axios, XMLHttpRequest, navigator.sendBeacon, prisma., recordAudit, recordAuditEvent, dynamic import('@/, require(.
  2. The module does not statically import from apps/api, @vitalcv/psv, any prisma_client path, or psvReceipts.repo.

Pattern copied from:

  • apps/web/__tests__/issuer-backend-persistence-decision.test.ts:235–271
  • apps/web/__tests__/issuer-persistence-adapter.test.ts:325–363

Test plan

  • pnpm --filter @vitalcv/web exec vitest run __tests__/issuer-policy-review.test.ts __tests__/issuer-verification.test.ts — 67 tests pass (4 new)
  • Codex SAFE verdict required before merge per repo merge hook (do not merge without codex exec verifier output in transcript)

🤖 Generated with Claude Code

@tol3r @claude
test(issuer): add source-scan purity guards for receiptCandidate + po…
ab39245 
…licyReview

The promotion-governance audit (2026-05-12) flagged that the two most
doctrine-critical pure transforms in the issuer/PSV chain —
receiptCandidate.ts and policyReview.ts — only had behavioral coverage.
A silent fetch / audit-row write could slip in without breaking any
existing assertion.

Extends the existing source-scan pattern (issuer-backend-persistence-
decision.test.ts:235, issuer-persistence-adapter.test.ts:326) to both
helpers: assert the source text contains none of fetch( / axios /
XMLHttpRequest / navigator.sendBeacon / prisma. / recordAudit /
recordAuditEvent / dynamic import('@/' / require(, and that the modules
do not statically import any backend (apps/api, @vitalcv/psv,
prisma_client, psvReceipts.repo).

No production code changes. 67 tests pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@vercel
Copy link
Copy Markdown

vercel Bot commented May 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
vcv-web Ready Ready Preview, Comment May 12, 2026 4:20pm
vitalcv Ready Ready Preview, Comment May 12, 2026 4:20pm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ctol3r @tol3r