# [DEF:backend.tests.services.clean_release.test_source_isolation:Module]
# @TIER: STANDARD
# @SEMANTICS: tests, clean-release, source-isolation, internal-only
# @PURPOSE: Verify internal source registry validation behavior.
# @LAYER: Domain
# @RELATION: TESTS -> backend.src.services.clean_release.source_isolation
# @INVARIANT: External endpoints always produce blocking violations.

from datetime import datetime, timezone

from src.models.clean_release import ResourceSourceEntry, ResourceSourceRegistry
from src.services.clean_release.source_isolation import validate_internal_sources


def _registry() -> ResourceSourceRegistry:
    return ResourceSourceRegistry(
        registry_id="registry-internal-v1",
        name="Internal Sources",
        entries=[
            ResourceSourceEntry(
                source_id="src-1",
                host="repo.intra.company.local",
                protocol="https",
                purpose="artifact-repo",
                enabled=True,
            ),
            ResourceSourceEntry(
                source_id="src-2",
                host="pypi.intra.company.local",
                protocol="https",
                purpose="package-mirror",
                enabled=True,
            ),
        ],
        updated_at=datetime.now(timezone.utc),
        updated_by="tester",
        status="active",
    )


def test_validate_internal_sources_all_internal_ok():
    result = validate_internal_sources(
        registry=_registry(),
        endpoints=["repo.intra.company.local", "pypi.intra.company.local"],
    )
    assert result["ok"] is True
    assert result["violations"] == []


def test_validate_internal_sources_external_blocked():
    result = validate_internal_sources(
        registry=_registry(),
        endpoints=["repo.intra.company.local", "pypi.org"],
    )
    assert result["ok"] is False
    assert len(result["violations"]) == 1
    assert result["violations"][0]["category"] == "external-source"
    assert result["violations"][0]["blocked_release"] is True