sdk

Radroots SDK and bindings
git clone https://radroots.dev/git/sdk.git
Log | Files | Refs | README
commit d1c1b9c030e1f6168d1d9fb09c3d5dac49437b5a
parent 3c15e9f5bfa247d7f71383c8b0a98166864c6ee6
Author: triesap <tyson@radroots.org>
Date:   Fri, 19 Jun 2026 16:22:56 -0700

tests: guard passive payment SDK surface

- keep order payment exports limited to passive status metadata

- reject SDK payment, checkout, settlement, refund, and wallet write APIs

- preserve source-boundary coverage for the order runtime

Diffstat:

Mcrates/sdk/tests/source_boundary.rs | 74++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


1 file changed, 74 insertions(+), 0 deletions(-)

diff --git a/crates/sdk/tests/source_boundary.rs b/crates/sdk/tests/source_boundary.rs
@@ -128,6 +128,41 @@ const REQUIRED_ORDERS_CLIENT_METHODS: &[&str] = &[
     "pub async fn status(",
 ];
 
+const FORBIDDEN_PAYMENT_WRITE_PUBLIC_EXPORTS: &[&str] = &[
+    "CheckoutClient",
+    "EscrowClient",
+    "InvoiceClient",
+    "OrderPaymentRecordEnqueueRequest",
+    "OrderPaymentRecordPrepareRequest",
+    "OrderPaymentRecordReceipt",
+    "OrderSettlementDecisionEnqueueRequest",
+    "OrderSettlementDecisionPrepareRequest",
+    "OrderSettlementDecisionReceipt",
+    "PaymentClient",
+    "PaymentsClient",
+    "RefundClient",
+    "WalletClient",
+    "ORDER_PAYMENT_RECORD_OPERATION_KIND",
+    "ORDER_SETTLEMENT_DECISION_OPERATION_KIND",
+];
+
+const FORBIDDEN_PAYMENT_WRITE_ORDER_METHODS: &[&str] = &[
+    "accept_settlement",
+    "checkout",
+    "enqueue_payment",
+    "enqueue_settlement",
+    "escrow",
+    "invoice",
+    "payment_provider",
+    "prepare_payment",
+    "prepare_settlement",
+    "record_payment",
+    "refund",
+    "reject_settlement",
+    "settle_payment",
+    "wallet",
+];
+
 #[test]
 fn sdk_sources_do_not_import_app_or_cli_concepts() {
     for path in rust_source_files(Path::new(env!("CARGO_MANIFEST_DIR")).join("src").as_path()) {
@@ -175,6 +210,45 @@ fn migrated_runtime_tests_stay_on_product_runtime_boundary() {
 }
 
 #[test]
+fn payment_deferral_keeps_sdk_public_runtime_surface_passive_only() {
+    let lib_source = read_source(
+        Path::new(env!("CARGO_MANIFEST_DIR"))
+            .join("src/lib.rs")
+            .as_path(),
+    );
+    let order_source = read_source(
+        Path::new(env!("CARGO_MANIFEST_DIR"))
+            .join("src/orders_runtime.rs")
+            .as_path(),
+    );
+
+    for passive_export in [
+        "OrderPaymentHandoffKind",
+        "OrderPaymentStateKind",
+        "OrderSettlementStateKind",
+    ] {
+        assert!(
+            lib_source.contains(passive_export),
+            "src/lib.rs must keep passive order payment status export `{passive_export}`"
+        );
+    }
+
+    for forbidden in FORBIDDEN_PAYMENT_WRITE_PUBLIC_EXPORTS {
+        assert!(
+            !lib_source.contains(forbidden),
+            "src/lib.rs must not expose deferred payment write surface `{forbidden}`"
+        );
+    }
+
+    for forbidden in FORBIDDEN_PAYMENT_WRITE_ORDER_METHODS {
+        assert!(
+            !order_source.contains(forbidden),
+            "src/orders_runtime.rs must not add deferred payment write method or capability `{forbidden}`"
+        );
+    }
+}
+
+#[test]
 fn order_runtime_public_exports_are_explicit() {
     let source = read_source(
         Path::new(env!("CARGO_MANIFEST_DIR"))