feat: add universal resource activation policy profile flow

scripts/validate/validate-omnl-ledger-mapping.mjs

@@ -0,0 +1,51 @@
+#!/usr/bin/env node
+/**
+ * Validate omnl-ledger-mapping.v1.json against omnl-ledger-mapping.v1.schema.json
+ * Usage: node scripts/validate/validate-omnl-ledger-mapping.mjs [path]
+ */
+import { readFileSync, existsSync } from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import Ajv from 'ajv';
+import addFormats from 'ajv-formats';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const projectRoot = path.join(__dirname, '../..');
+const defaultPath = path.join(
+  projectRoot,
+  'config/universal-resource-activation/integration/omnl-ledger-mapping.v1.example.json'
+);
+const schemaPath = path.join(
+  projectRoot,
+  'config/universal-resource-activation/integration/omnl-ledger-mapping.v1.schema.json'
+);
+
+const file = path.resolve(projectRoot, process.argv[2] || defaultPath);
+
+if (!existsSync(file)) {
+  console.error(`[validate-ledger-mapping] Missing ${file}`);
+  process.exit(1);
+}
+if (!existsSync(schemaPath)) {
+  console.error(`[validate-ledger-mapping] Missing schema ${schemaPath}`);
+  process.exit(1);
+}
+
+const ajv = new Ajv({ allErrors: true, strict: false, validateSchema: false });
+addFormats(ajv);
+const validate = ajv.compile(JSON.parse(readFileSync(schemaPath, 'utf8')));
+let data;
+try {
+  data = JSON.parse(readFileSync(file, 'utf8'));
+} catch (e) {
+  console.error(`[validate-ledger-mapping] Invalid JSON: ${e.message}`);
+  process.exit(1);
+}
+
+if (!validate(data)) {
+  console.error(`[validate-ledger-mapping] FAIL: ${ajv.errorsText(validate.errors, { separator: '\n' })}`);
+  process.exit(1);
+}
+
+console.log(`[validate-ledger-mapping] OK: ${file}`);
+process.exit(0);

scripts/validate/validate-universal-resource-activation.mjs

@@ -1,100 +1,10 @@
 #!/usr/bin/env node
 /**
- * Validate config/universal-resource-activation/manifest.json against
- * - universal-resource-activation.manifest.v1.schema.json
- * - universal-resource-activation.resource.v1.schema.json (per item in resources[])
- * - universal-resource-activation.evidence-package.v1.schema.json (per item in evidencePackages[])
+ * Validate config/universal-resource-activation/manifest.json against URA JSON Schemas.
  *
- * Usage: from repo root: node scripts/validate/validate-universal-resource-activation.mjs
- * Exit 0 on success, 1 on error.
+ * Usage: from repo root: node scripts/validate/validate-universal-resource-activation.mjs [path/to/manifest.json]
  */
-import { readFileSync, existsSync } from 'fs';
-import path from 'path';
-import { fileURLToPath } from 'url';
-import Ajv from 'ajv';
-import addFormats from 'ajv-formats';
+import { validateUraManifestFileCli } from '../ura/lib/validate-ura-manifest.mjs';
 
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const projectRoot = path.join(__dirname, '../..');
-const configDir = path.join(projectRoot, 'config', 'universal-resource-activation');
-
-const manifestPath = path.join(configDir, 'manifest.json');
-const manifestSchemaPath = path.join(projectRoot, 'config', 'universal-resource-activation.manifest.v1.schema.json');
-const resourceSchemaPath = path.join(projectRoot, 'config', 'universal-resource-activation.resource.v1.schema.json');
-const evidenceSchemaPath = path.join(projectRoot, 'config', 'universal-resource-activation.evidence-package.v1.schema.json');
-
-function fail(msg) {
-  console.error(`[validate-ura] ${msg}`);
-  process.exit(1);
-}
-
-if (!existsSync(manifestPath)) {
-  fail(`Missing ${manifestPath}`);
-}
-
-const ajv = new Ajv({
-  allErrors: true,
-  strict: false,
-  validateSchema: false,
-});
-addFormats(ajv);
-
-const manifestSchema = JSON.parse(readFileSync(manifestSchemaPath, 'utf8'));
-const resourceSchema = JSON.parse(readFileSync(resourceSchemaPath, 'utf8'));
-const evidenceSchema = JSON.parse(readFileSync(evidenceSchemaPath, 'utf8'));
-
-const validateManifest = ajv.compile(manifestSchema);
-const validateResource = ajv.compile(resourceSchema);
-const validateEvidence = ajv.compile(evidenceSchema);
-
-const raw = readFileSync(manifestPath, 'utf8');
-let data;
-try {
-  data = JSON.parse(raw);
-} catch (e) {
-  fail(`Invalid JSON: ${e.message}`);
-}
-
-if (!validateManifest(data)) {
-  fail(`Manifest failed manifest schema: ${ajv.errorsText(validateManifest.errors, { separator: '\n' })}`);
-}
-
-if (!Array.isArray(data.resources)) {
-  fail('resources must be an array');
-}
-if (!Array.isArray(data.evidencePackages)) {
-  fail('evidencePackages must be an array');
-}
-
-data.resources.forEach((r, i) => {
-  if (!validateResource(r)) {
-    fail(
-      `resources[${i}] (resourceId=${r?.resourceId}): ${ajv.errorsText(validateResource.errors, { separator: '\n' })}`
-    );
-  }
-});
-
-data.evidencePackages.forEach((p, i) => {
-  if (!validateEvidence(p)) {
-    fail(
-      `evidencePackages[${i}] (id=${p?.evidencePackageId}): ${ajv.errorsText(validateEvidence.errors, { separator: '\n' })}`
-    );
-  }
-});
-
-// Cross-check: all resourceIds referenced in evidence exist
-const ids = new Set(data.resources.map((r) => r.resourceId).filter(Boolean));
-data.evidencePackages.forEach((p, pi) => {
-  (p.resourceIds || []).forEach((rid) => {
-    if (!ids.has(rid)) {
-      fail(
-        `evidencePackages[${pi}] references unknown resourceId: ${rid}`
-      );
-    }
-  });
-});
-
-console.log(
-  `[validate-ura] OK: ${data.resources.length} resource(s), ${data.evidencePackages.length} evidence package(s)`
-);
-process.exit(0);
+const arg = process.argv[2];
+validateUraManifestFileCli(arg || undefined);

scripts/validate/validate-ura-policy-profiles.mjs

@@ -0,0 +1,65 @@
+#!/usr/bin/env node
+/**
+ * Validate config/universal-resource-activation/policy-profiles.json against
+ * universal-resource-activation.policy-profile-registry.v1.schema.json
+ * and ensure manifest policyProfileRefs[] ids exist in the registry.
+ *
+ * Usage: from repo root — node scripts/validate/validate-ura-policy-profiles.mjs
+ */
+import { readFileSync, existsSync } from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import Ajv from 'ajv';
+import addFormats from 'ajv-formats';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const projectRoot = path.join(__dirname, '../..');
+
+const registryPath = path.join(projectRoot, 'config', 'universal-resource-activation', 'policy-profiles.json');
+const registrySchemaPath = path.join(
+  projectRoot,
+  'config',
+  'universal-resource-activation.policy-profile-registry.v1.schema.json',
+);
+const manifestPath = path.join(projectRoot, 'config', 'universal-resource-activation', 'manifest.json');
+
+function fail(msg) {
+  console.error(`[validate-ura-profiles] ${msg}`);
+  process.exit(1);
+}
+
+if (!existsSync(registryPath)) fail(`Missing ${registryPath}`);
+if (!existsSync(registrySchemaPath)) fail(`Missing ${registrySchemaPath}`);
+
+const ajv = new Ajv({ allErrors: true, strict: false, validateSchema: false });
+addFormats(ajv);
+
+const registrySchema = JSON.parse(readFileSync(registrySchemaPath, 'utf8'));
+const validateRegistry = ajv.compile(registrySchema);
+const registry = JSON.parse(readFileSync(registryPath, 'utf8'));
+
+if (!validateRegistry(registry)) {
+  console.error('[validate-ura-profiles] policy-profiles.json failed schema:', validateRegistry.errors);
+  process.exit(1);
+}
+
+const ids = new Set(registry.profiles.map((p) => p.policyProfileId));
+console.log(`[validate-ura-profiles] OK: ${ids.size} profile(s) in registry`);
+
+if (existsSync(manifestPath)) {
+  const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
+  const refs = manifest.policyProfileRefs || [];
+  for (const r of refs) {
+    const pid = r.id;
+    if (!pid || !ids.has(pid)) {
+      fail(`manifest policyProfileRefs contains unknown or missing id: "${pid}"`);
+    }
+  }
+  for (const res of manifest.resources || []) {
+    const pid = res.policyProfileId;
+    if (pid && !ids.has(pid)) {
+      fail(`resource ${res.resourceId} references unknown policyProfileId: "${pid}"`);
+    }
+  }
+  console.log('[validate-ura-profiles] OK: manifest refs match registry');
+}