[plan] Add integration tests for schema restriction enforcement #10222
Description
Objective
Add integration tests that verify schema restrictions are properly enforced when compiling included workflow files.
Context
The security model restricts certain properties in included files, but we need tests to ensure these restrictions are enforced and don't regress over time.
Approach
Add test cases to relevant test files (likely pkg/parser/frontmatter_test.go or pkg/workflow/compiler_test.go):
-
Test: engine.command rejected in included files
- Create included file with
engine.commandproperty - Compile and verify error message
- Verify same property works in main workflow
- Create included file with
-
Test: Full MCP config rejected in included files
- Create included file with full MCP config (command, args, env)
- Compile and verify error message
- Verify same config works in main workflow
-
Test: Missing 'on' field in main workflow
- Create main workflow without
onfield - Verify validation error
- Verify included file works without
on
- Create main workflow without
-
Test: Valid included file with allowed properties
- Create included file with only allowed properties
- Verify successful compilation
- Verify all 15 included-supported properties work
Files to Modify
pkg/parser/frontmatter_test.go- Add validation testspkg/workflow/compiler_test.go- Add compilation tests- Test fixtures in appropriate directory (e.g.,
testdata/)
Acceptance Criteria
- Test verifies engine.command is rejected in included files
- Test verifies full MCP config is rejected in included files
- Test verifies 'on' is required in main workflows
- Test verifies valid included files compile successfully
- Error messages in tests match expected format
- Tests use table-driven pattern for multiple scenarios
- All tests pass with current implementation
Related to [plan] Document schema design philosophy and security model differences #10219
AI generated by Plan Command for discussion #10151