f93417dc3c
Enforce an optional TLP release ceiling at the single export chokepoint so no format (PDF/PPTX/HTML) can bypass it. Classifying a deck stays optional; the gate only blocks decks classified above the configured ceiling, and is off by default. - ClassificationPolicy + ExportDecision: pure, tested decision logic (release ceiling, fail-closed; null = no gate). - ExportService.export() evaluates the policy first and refuses without building or writing anything when blocked. - Persist the ceiling as maxReleaseExportTlpKey in app settings/prefs (default off) with a setter on SettingsNotifier. - Export dialog runs the same check up front and explains a blocked export before any work starts; app shell builds the policy from settings. - Tests: classification_policy_test plus export_service chokepoint tests asserting a blocked export fails and writes no file. - Docs: CHANGELOG, README, USER_GUIDE, ARCHITECTURE, SECURITY. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
62 lines
2.2 KiB
Dart
62 lines
2.2 KiB
Dart
import 'package:flutter_test/flutter_test.dart';
|
|
import 'package:ocideck/models/deck.dart';
|
|
import 'package:ocideck/services/classification_policy.dart';
|
|
|
|
void main() {
|
|
group('ClassificationPolicy', () {
|
|
test(
|
|
'without a ceiling every level is allowed (classificeren optioneel)',
|
|
() {
|
|
const policy = ClassificationPolicy();
|
|
expect(policy.hasGate, isFalse);
|
|
for (final level in TlpLevel.values) {
|
|
expect(policy.evaluate(level).allowed, isTrue);
|
|
}
|
|
},
|
|
);
|
|
|
|
test('a ceiling allows levels at or below it', () {
|
|
const policy = ClassificationPolicy(maxReleaseLevel: TlpLevel.amber);
|
|
expect(policy.hasGate, isTrue);
|
|
for (final level in [
|
|
TlpLevel.none,
|
|
TlpLevel.clear,
|
|
TlpLevel.green,
|
|
TlpLevel.amber,
|
|
]) {
|
|
expect(policy.evaluate(level).allowed, isTrue, reason: level.name);
|
|
}
|
|
});
|
|
|
|
test('a ceiling blocks levels above it, with a clear reason', () {
|
|
const policy = ClassificationPolicy(maxReleaseLevel: TlpLevel.amber);
|
|
for (final level in [TlpLevel.amberStrict, TlpLevel.red]) {
|
|
final decision = policy.evaluate(level);
|
|
expect(decision.allowed, isFalse, reason: level.name);
|
|
expect(decision.reason, contains(level.label));
|
|
expect(decision.reason, contains(TlpLevel.amber.label));
|
|
}
|
|
});
|
|
|
|
test('a ceiling of none only allows unclassified decks', () {
|
|
const policy = ClassificationPolicy(maxReleaseLevel: TlpLevel.none);
|
|
expect(policy.evaluate(TlpLevel.none).allowed, isTrue);
|
|
expect(policy.evaluate(TlpLevel.clear).allowed, isFalse);
|
|
});
|
|
|
|
group('fromKey', () {
|
|
test('null key means no gate', () {
|
|
final policy = ClassificationPolicy.fromKey(null);
|
|
expect(policy.hasGate, isFalse);
|
|
expect(policy.evaluate(TlpLevel.red).allowed, isTrue);
|
|
});
|
|
|
|
test('a TLP key sets the ceiling', () {
|
|
final policy = ClassificationPolicy.fromKey(TlpLevel.green.key);
|
|
expect(policy.maxReleaseLevel, TlpLevel.green);
|
|
expect(policy.evaluate(TlpLevel.green).allowed, isTrue);
|
|
expect(policy.evaluate(TlpLevel.amber).allowed, isFalse);
|
|
});
|
|
});
|
|
});
|
|
}
|