From 38ff2f4fde201d564dd5f5d6fac7f53fc4fd9479 Mon Sep 17 00:00:00 2001
From: Elizabeth W <liz@adawynn.dev>
Date: Mon, 20 Apr 2026 01:25:11 -0600
Subject: [PATCH] tests for enforce policy

---
 tools/src/enforce-policy.test.ts | 58 ++++++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 tools/src/enforce-policy.test.ts

diff --git a/tools/src/enforce-policy.test.ts b/tools/src/enforce-policy.test.ts
new file mode 100644
index 0000000..ff74586
--- /dev/null
+++ b/tools/src/enforce-policy.test.ts
@@ -0,0 +1,58 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+import { checkReports } from './enforce-policy.js';
+
+describe('enforce-policy', () => {
+    let tempDir: string;
+
+    beforeEach(() => {
+        tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'reports-'));
+    });
+
+    afterEach(() => {
+        fs.rmSync(tempDir, { recursive: true, force: true });
+    });
+
+    it('should find vulnerabilities above threshold in SARIF', () => {
+        const sarifData = {
+            runs: [{
+                results: [
+                    { properties: { 'security-severity': '8.5' } },
+                    { properties: { 'security-severity': '5.0' } }
+                ]
+            }]
+        };
+        fs.writeFileSync(path.join(tempDir, 'test.sarif'), JSON.stringify(sarifData));
+
+        const findings = checkReports(tempDir, 7.0);
+        expect(findings).toHaveLength(1);
+        expect(findings[0].name).toBe('test.sarif');
+        expect(findings[0].score).toBe(8.5);
+    });
+
+    it('should find vulnerabilities above threshold in JSON', () => {
+        const jsonData = {
+            findings: [
+                { cvss: 9.0 },
+                { score: 6.5 }
+            ]
+        };
+        fs.writeFileSync(path.join(tempDir, 'test.json'), JSON.stringify(jsonData));
+
+        const findings = checkReports(tempDir, 7.0);
+        expect(findings).toHaveLength(1);
+        expect(findings[0].name).toBe('test.json');
+        expect(findings[0].score).toBe(9.0);
+    });
+
+    it('should set process.exitCode = 1 for invalid JSON', () => {
+        fs.writeFileSync(path.join(tempDir, 'invalid.json'), '{ "bad": json');
+
+        const findings = checkReports(tempDir, 7.0);
+        expect(findings).toHaveLength(0);
+        expect(process.exitCode).toBe(1);
+        process.exitCode = 0; // reset for other tests
+    });
+});