# Verify policy contracts — backup verification as parallel provisioning.
# Drill-as-recipe: instead of a boolean flag, declare a sandbox infra recipe
# the daemon coordinator spins up, restores into, and runs an integration
# test suite against. The only credible verification is one that actually
# restores and exercises the data.

let bp = import "backup_policy.ncl" in

{
  # Test step discriminated union. The manager runs each step in order,
  # collecting pass/fail/skip; an optional step does not abort on failure.
  TestStep = {
    kind   | [| 'http_check, 'sql_query, 'file_exists, 'cmd, 'integration |],
    name   | String,
    optional | Bool | default = false,
    timeout  | bp.Duration | default = "60s",

    # 'http_check
    url             | String | optional,
    expected_status | Number | optional,

    # 'sql_query
    connection_ref | String | optional | doc "Reference to a connection profile (vault path or alias)",
    query          | String | optional,
    expected       | String | optional,

    # 'file_exists
    path     | String | optional,

    # 'cmd
    run               | String | optional,
    expect_zero_exit  | Bool   | default = true,

    # 'integration — invokes a higher-level scenario by name
    component | String | optional,
    scenario  | String | optional,
  },

  # Reference to a parallel provisioning recipe that materialises the sandbox.
  # The recipe lives under infra/<workspace>/verify-recipes/ and is itself
  # declarative Nickel exported to the orchestrator.
  ProvisioningRecipeRef = {
    name | String | doc "Recipe identifier (looked up in infra/<workspace>/verify-recipes/)",
    args | { _ | String } | doc "Per-invocation parameters passed to the recipe" | default = {},
  },

  # Drill specification consumed by the daemon coordinator on a verify schedule.
  DrillSpec = {
    name           | String,
    parallel_infra | ProvisioningRecipeRef,
    test_suite     | Array TestStep,
    cleanup        | [| 'always, 'on_success, 'never |] | default = 'on_success,
    timeout        | bp.Duration | default = "30m",
    schedule       | bp.Schedule | optional | doc "Drill cadence; defaults to manual invocation when omitted",
  },

  # Top-level verify policy: a level (cheapest → costliest) plus an optional
  # drill spec for 'restore_drill / 'full_dr levels.
  VerifyPolicy = {
    level    | [| 'quick, 'deep, 'restore_drill, 'full_dr |] | default = 'quick,
    schedule | bp.Schedule | optional,
    drill    | DrillSpec | optional,
  },
}