T028: harden CI validation — tenant-scope/visibility coherence, solution_id cross-check
Some checks are pending
validate-listings / validate (push) Waiting to run

This commit is contained in:
m2 (AI Agent) 2026-07-02 04:10:01 +02:00
parent 9b9ebcc960
commit f36894a94e

View file

@ -30,6 +30,19 @@ def main() -> int:
listing = json.loads((d / "listing.json").read_text())
if listing.get("listing_id") != d.name:
failures.append(f"{d.name}: directory name != listing_id")
sol_file = d / "solution.json"
if sol_file.exists():
sol = json.loads(sol_file.read_text())
scope = sol.get("tenant_scope")
vis = listing.get("tenant_visibility", [])
# tenant firewall coherence: a tenant-scoped solution must not be
# visible beyond its tenant (constitution IV)
if scope and scope != "m2-core" and ("*" in vis or any(t != scope for t in vis)):
failures.append(
f"{d.name}: tenant_scope={scope} but tenant_visibility={vis} leaks beyond the tenant"
)
if sol.get("solution_id") and listing.get("solution_id") != sol["solution_id"]:
failures.append(f"{d.name}: listing.solution_id != solution.solution_id")
if failures:
print("VALIDATION FAILED:")
print("\n".join(f" - {f}" for f in failures))