Verification Gates
The SATE-Laravel Verification Gates Engine enforces a deterministic hierarchy of proof. No gate may be skipped, merged, or weakened.
ROLE: Static Verification Engine. Identity: Gatekeeper, not a fixer. 100% pass rate across all gates is required for "Gold Standard" status.
“A gate does not measure quality. It determines admissibility.”
01 — Mandatory Enforcement
PSR-4 Identity Integrity
Purpose:
Every test class Composer cannot load is invisible to the runner. Identity-integrity failures stop downstream validation because there is nothing left to evaluate.
- → Composer PSR-4 autoload resolves the class declared in every test file
- → Namespace declared in the file matches its on-disk path
- ✖ Classes silently skipped by Composer due to PSR-4 mismatch
- ✖ Filename or directory casing diverges from the namespace
Bootstrap Purity
Purpose:
Tests must not mutate process-global state in ways that bleed between runs. Six rules cover Config, env, INI, timezone, and superglobals.
- → Use the `config([...])` helper scoped to the test, never raw `Config::set(...)`
- → No `putenv`, `ini_set`, or `date_default_timezone_set` in test bodies
- → No direct mutation or `unset` of `$_ENV`, `$_SERVER`, `$_GET`, `$_POST`, `$_COOKIE`, `$_REQUEST`, `$_SESSION`
- ✖ BOOTSTRAP_PURITY_CONFIG_SET — `Config::set(...)` calls
- ✖ BOOTSTRAP_PURITY_PUTENV — `putenv(...)` calls
- ✖ BOOTSTRAP_PURITY_INI_SET — `ini_set(...)` calls
- ✖ BOOTSTRAP_PURITY_TIMEZONE — `date_default_timezone_set(...)` calls
- ✖ BOOTSTRAP_PURITY_SUPERGLOBALS — direct mutation of superglobals
- ✖ BOOTSTRAP_PURITY_SUPERGLOBALS_UNSET — `unset($_ENV[...])` etc.
Mock Discipline
Purpose:
Tests may only mock external services. Mocking the system under test or fakes-by-default of core facades produces tests that prove nothing about real behavior.
- → Only mock classes whose namespace lives outside your `App\` PSR-4 root
- → Use Laravel facade fakes (`Event::fake()`, `Queue::fake()`, …) sparingly and only with the corresponding `assert*` calls
- ✖ FORBIDDEN_MOCK_TARGET — `Mockery::mock(App\…)` or `Illuminate\` / `PHPUnit\` framework internals
- ✖ FACADE_ANTI_GRAVITY — more than three core facades faked or mocked in one test
Act Contract
Purpose:
Each test performs exactly one primary Act. Multi-step tests hide which step actually drives the observable outcome and contaminate the engine's causal map.
- → One HTTP request, one job dispatch, one service-under-test method call per test
- → Setup (factories, `actingAs`, fakes) does not count as an Act and may appear before
- → Multi-step flows belong in NON-LEARNING / E2E tests outside the gate scope
- ✖ ACT_ONCE_RULE — Found N (N ≠ 1) primary Acts in a single test method
Outcome Contract
Purpose:
Every Act must produce an observable outcome the test directly asserts on — HTTP response, DB state change, dispatched job/event, faked-facade assertion, or a meaningful assertion on the Act's return value.
- → HTTP: `$response->assertStatus/assertJson/...`
- → Database: `$this->assertDatabaseHas/Missing/Count`
- → Facade fakes paired with their `assert*` calls (`Event::fake()` → `Event::assertDispatched()`)
- → Unit: assertion taking the Act's output as an argument
- ✖ OBSERVABLE_OUTCOME_REQUIRED — Act present but no qualifying assertion observes its effect
02 — The Ordered Chain
Gates are ordered to protect later analytical reasoning. Earlier failures invalidate all subsequent verification attempts.
“If early trust is broken, nothing later can be believed.”
03 — Output Contract
Engine Final Response:
The Engine does not explain fixes or suggest improvements. It reflects technical truth through absolute rejection.