tests fixes and sprints work

src/Policy/__Tests/StellaOps.Policy.Engine.Tests/PolicyRuntimeEvaluationServiceTests.cs

@@ -9,6 +9,7 @@ using StellaOps.Policy.Engine.ReachabilityFacts;
 using StellaOps.Policy.Engine.Options;
 using StellaOps.Policy.Engine.Services;
 using StellaOps.Policy.Engine.Signals.Entropy;
+using StellaOps.Policy.Licensing;
 using StellaOps.PolicyDsl;
 using Xunit;
 
@@ -407,13 +408,38 @@ public sealed class PolicyRuntimeEvaluationServiceTests
         Assert.Equal("not_affected", response.Status);
     }
 
+    [Trait("Category", TestCategories.Unit)]
+    [Fact]
+    public async Task EvaluateAsync_BlocksOnLicenseComplianceFailure()
+    {
+        var harness = CreateHarness();
+        await harness.StoreTestPolicyAsync("pack-6", 1, TestPolicy);
+
+        var component = new PolicyEvaluationComponent(
+            Name: "example",
+            Version: "1.0.0",
+            Type: "library",
+            Purl: "pkg:npm/example@1.0.0",
+            Metadata: ImmutableDictionary<string, string>.Empty.Add("license_expression", "GPL-3.0-only"));
+        var sbom = new PolicyEvaluationSbom(
+            ImmutableHashSet<string>.Empty.WithComparer(StringComparer.OrdinalIgnoreCase),
+            ImmutableArray.Create(component));
+
+        var request = CreateRequest("pack-6", 1, severity: "Low", sbom: sbom);
+        var response = await harness.Service.EvaluateAsync(request, TestContext.Current.CancellationToken);
+
+        Assert.Equal("blocked", response.Status);
+        Assert.Contains(response.Annotations, pair => pair.Key == "license.status" && pair.Value == "fail");
+    }
+
     private static RuntimeEvaluationRequest CreateRequest(
         string packId,
         int version,
         string severity,
         string tenantId = "tenant-1",
         string subjectPurl = "pkg:npm/lodash@4.17.21",
-        string advisoryId = "CVE-2024-0001")
+        string advisoryId = "CVE-2024-0001",
+        PolicyEvaluationSbom? sbom = null)
     {
         return new RuntimeEvaluationRequest(
             packId,
@@ -424,7 +450,7 @@ public sealed class PolicyRuntimeEvaluationServiceTests
             Severity: new PolicyEvaluationSeverity(severity, null),
             Advisory: new PolicyEvaluationAdvisory("NVD", ImmutableDictionary<string, string>.Empty),
             Vex: PolicyEvaluationVexEvidence.Empty,
-            Sbom: PolicyEvaluationSbom.Empty,
+            Sbom: sbom ?? PolicyEvaluationSbom.Empty,
             Exceptions: PolicyEvaluationExceptions.Empty,
             Reachability: PolicyEvaluationReachability.Unknown,
             EntropyLayerSummary: null,
@@ -443,6 +469,16 @@ public sealed class PolicyRuntimeEvaluationServiceTests
         var cache = new InMemoryPolicyEvaluationCache(cacheLogger, TimeProvider.System, options);
         var evaluator = new PolicyEvaluator();
         var entropy = new EntropyPenaltyCalculator(options, NullLogger<EntropyPenaltyCalculator>.Instance);
+        var licenseOptions = Microsoft.Extensions.Options.Options.Create(new LicenseComplianceOptions
+        {
+            Enabled = true,
+            Policy = LicensePolicyDefaults.Default
+        });
+        var licenseComplianceService = new LicenseComplianceService(
+            new LicenseComplianceEvaluator(LicenseKnowledgeBase.LoadDefault()),
+            new LicensePolicyLoader(),
+            licenseOptions,
+            NullLogger<LicenseComplianceService>.Instance);
 
         var reachabilityStore = new InMemoryReachabilityFactsStore(TimeProvider.System);
         var reachabilityCache = new InMemoryReachabilityFactsOverlayCache(
@@ -463,6 +499,8 @@ public sealed class PolicyRuntimeEvaluationServiceTests
             evaluator,
             reachabilityService,
             entropy,
+            licenseComplianceService,
+            ntiaCompliance: null,
             TimeProvider.System,
             serviceLogger);