import { describe, test } from 'node:test';
import assert from 'node:assert';
import { SecurityPolicy } from '../src/security/policy/SecurityPolicy.js';

describe('SecurityPolicy defaults', () => {
  test('evaluate fails closed when not implemented by a concrete policy', async () => {
    const policy = new SecurityPolicy();
    const result = await policy.evaluate('user-1', 'read', '/app');
    assert.strictEqual(result.allowed, false);
    assert.strictEqual(result.requires_login, true);
  });

  test('evaluateSync fails closed when not implemented by a concrete policy', () => {
    const policy = new SecurityPolicy();
    const result = policy.evaluateSync('user-1', 'read', '/app');
    assert.strictEqual(result.allowed, false);
    assert.strictEqual(result.requires_login, true);
  });
});