Golden Evaluation Fixtures
These fixtures are stable Terraform plan JSON inputs used to validate Recourse's public evaluator contract. They are intentionally small, provider-specific, and safe to share.
Fixture Set
| Fixture | Purpose | Expected decision |
|---|---|---|
tests/fixtures/plans/aws-golden.json | AWS rule authority for RDS, S3 object recovery, Secrets Manager, ElastiCache, Neptune, and EFS | block |
tests/fixtures/plans/gcp-golden.json | First-class GCP storage, Cloud SQL, IAM, Secret Manager, and BigQuery rules | block |
tests/fixtures/plans/azure-golden.json | First-class Azure storage, database, Cosmos DB, role assignment, and Key Vault secret rules | block |
tests/fixtures/plans/unknown-semantic-golden.json | Provider-neutral unknown-resource classifier behavior | escalate |
Run Locally
npm run build
npx vitest --run tests/golden-plan-fixtures.test.ts
npx vitest --run tests/cli-scenarios.test.tsTo inspect a fixture through the CLI:
node dist/index.js evaluate terraform tests/fixtures/plans/gcp-golden.json --classifierConsequence Contract
These fixtures model the consequence report shape used by the CLI and MCP server: deterministic recoverability tiers, evidence strings, policy decision, actor context, and mutation targets.
Known resource handlers remain authoritative. The unknown semantic fixture verifies that low-evidence destructive resources become needs-review instead of being marked safe.
For deterministic resource handler coverage, see docs/resource-coverage.md.