crazy mega refactor

2026-05-04 03:16:40 -07:00
parent 55c1d347e6
commit 6d96e2d159
11 changed files with 686 additions and 616 deletions
--- a/test/CheckTests.hs
+++ b/test/CheckTests.hs
@@ -86,8 +86,7 @@ undefinedNameTests = testGroup "undefined names"
  , testCase "policy guard references undeclared zone" $
      -- 'unknown_zone' not declared; check should flag it
      assertHasError (isUndefined "unknown_zone")
-        "policy fwd : Frame \
-        \  on { hook = Forward, table = Filter, priority = Filter } \
+        "policy fwd : Frame hook Forward \
        \  = { | Frame(iif in unknown_zone -> wan, _) -> Allow; \
        \      | _ -> Drop; \
        \  };"
@@ -96,8 +95,7 @@ undefinedNameTests = testGroup "undefined names"
      assertNoErrors
        "interface lan : LAN {}; \
        \zone trusted = { lan }; \
-        \policy fwd : Frame \
-        \  on { hook = Forward, table = Filter, priority = Filter } \
+        \policy fwd : Frame hook Forward \
        \  = { | Frame(iif in trusted -> wan, _) -> Allow; \
        \      | _ -> Drop; \
        \  };"
@@ -124,11 +122,9 @@ duplicateTests = testGroup "duplicates"

  , testCase "duplicate policy" $
      assertHasError (isDuplicate "input")
-        "policy input : Frame \
-        \  on { hook = Input, table = Filter, priority = Filter } \
+        "policy input : Frame hook Input \
        \  = { | _ -> Allow; }; \
-        \policy input : Frame \
-        \  on { hook = Input, table = Filter, priority = Filter } \
+        \policy input : Frame hook Input \
        \  = { | _ -> Drop; };"

  , testCase "distinct names — no error" $
@@ -144,23 +140,18 @@ policyTerminationTests :: TestTree
 policyTerminationTests = testGroup "policy termination"
  [ testCase "last arm is Continue — error" $
      assertHasError (isNoContinue "bad_policy")
-        "policy bad_policy : Frame \
-        \  on { hook = Input, table = Filter, priority = Filter } \
-        \  = { | _ -> Continue; };"
+        "policy bad_policy : Frame hook Input = { | _ -> Continue; };"

  , testCase "last arm is Drop — ok" $
      assertNoErrors
-        "policy good : Frame \
-        \  on { hook = Input, table = Filter, priority = Filter } \
+        "policy good : Frame hook Input \
        \  = { | _ if ct.state in { Established } -> Allow; \
        \      | _ -> Drop; \
        \  };"

  , testCase "last arm is Allow — ok" $
      assertNoErrors
-        "policy output : Frame \
-        \  on { hook = Output, table = Filter, priority = Filter } \
-        \  = { | _ -> Allow; };"
+        "policy output : Frame hook Output = { | _ -> Allow; };"

  , testCase "Continue in non-last arm is fine" $
      assertNoErrors
@@ -172,9 +163,7 @@ policyTerminationTests = testGroup "policy termination"

  , testCase "empty policy body — error" $
      assertHasError (isNoContinue "empty")
-        "policy empty : Frame \
-        \  on { hook = Output, table = Filter, priority = Filter } \
-        \  = {};"
+        "policy empty : Frame hook Output = {};"
  ]

 -- ─── Pattern cycle tests ─────────────────────────────────────────────────────
@@ -207,14 +196,11 @@ cleanProgramTests = testGroup "clean programs"
        \interface lan : LAN { cidr4 = { 10.17.1.0/24 }; }; \
        \interface wg0 : WireGuard {}; \
        \zone lan_zone = { lan, wg0 }; \
-        \policy input : Frame \
-        \  on { hook = Input, table = Filter, priority = Filter } \
+        \policy input : Frame hook Input \
        \  = { | _ if ct.state in { Established, Related } -> Allow; \
        \      | _ -> Drop; \
        \  }; \
-        \policy output : Frame \
-        \  on { hook = Output, table = Filter, priority = Filter } \
-        \  = { | _ -> Allow; };"
+        \policy output : Frame hook Output = { | _ -> Allow; };"

  , testCase "pattern and flow declarations" $
      assertNoErrors