Fix CI: make policy-load e2e overwrite self-consistent (#317)

The seeded knowledge graph (test.jsonl) carries Knows/WorksAt edges over its
Persons, so the policy test's per-table `--mode overwrite` of a lone Person
stranded those retained edges against the new node image. Overwrite RI
validation now correctly rejects that as an OrphanEdge, so the allowed-actor
load failed with "src 'Alice' not found in Person".

Replace the edge tables in the same overwrite (Knows LoadPolicy->LoadPolicy,
WorksAt LoadPolicy->Acme — Acme is a retained Company) so the load commits
cleanly. The test's subject — engine-layer policy enforcement on a destructive
overwrite — is unchanged; the loaded data was always incidental.

Surfaced only on main: cargo test --workspace fail-fasts at the first failing
binary, and the cli system suite runs only under the full workspace gate, not
-p omnigraph-engine.
This commit is contained in:
Ragnor Comerford 2026-06-30 15:41:32 +02:00 committed by GitHub
parent 0dce7c8d18
commit b2cfea035e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -1295,9 +1295,17 @@ fn local_cli_load_enforces_engine_layer_policy() {
);
let temp = tempfile::tempdir().unwrap();
let data = temp.path().join("policy-load.jsonl");
// The seeded graph (test.jsonl) has Knows/WorksAt edges over its Persons, so a
// per-table overwrite must be self-consistent: replacing node:Person also
// replaces the edge tables that referenced the old Persons, or the retained
// edges would strand against the new node image (a loud OrphanEdge). The data
// is incidental to this policy test; it just has to commit cleanly for the
// allowed actor. WorksAt points at Acme, a Company the overwrite retains.
fs::write(
&data,
r#"{"type":"Person","data":{"name":"LoadPolicy","age":11}}"#,
"{\"type\":\"Person\",\"data\":{\"name\":\"LoadPolicy\",\"age\":11}}\n\
{\"edge\":\"Knows\",\"from\":\"LoadPolicy\",\"to\":\"LoadPolicy\"}\n\
{\"edge\":\"WorksAt\",\"from\":\"LoadPolicy\",\"to\":\"Acme\"}\n",
)
.unwrap();