@@ -42,7 +42,7 @@ func TestResolveDomainFallsBackToParsedLink(t *testing.T) {
4242}
4343
4444func TestCheckCompanyComplianceRequiredBlocksMissingClient (t * testing.T ) {
45- svc := & service {sssRequired : true }
45+ svc := & service {sssRequired : true , sssEnabled : true }
4646
4747 _ , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
4848 CompanyID : "company-id" ,
@@ -54,7 +54,7 @@ func TestCheckCompanyComplianceRequiredBlocksMissingClient(t *testing.T) {
5454}
5555
5656func TestCheckCompanyComplianceOptionalAllowsMissingClient (t * testing.T ) {
57- svc := & service {sssRequired : false }
57+ svc := & service {sssRequired : false , sssEnabled : true }
5858
5959 blocked , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
6060 CompanyID : "company-id" ,
@@ -141,7 +141,7 @@ func TestSSSStatusActionable(t *testing.T) {
141141}
142142
143143func TestCheckCompanyComplianceRequiredBlocksMissingExternalID (t * testing.T ) {
144- svc := & service {sssRequired : true , sssClient : newTestSSSClient (t )}
144+ svc := & service {sssRequired : true , sssEnabled : true , sssClient : newTestSSSClient (t )}
145145
146146 _ , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
147147 CompanyID : "company-id" ,
@@ -154,7 +154,7 @@ func TestCheckCompanyComplianceRequiredBlocksMissingExternalID(t *testing.T) {
154154}
155155
156156func TestCheckCompanyComplianceOptionalAllowsMissingExternalID (t * testing.T ) {
157- svc := & service {sssRequired : false , sssClient : newTestSSSClient (t )}
157+ svc := & service {sssRequired : false , sssEnabled : true , sssClient : newTestSSSClient (t )}
158158
159159 blocked , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
160160 CompanyID : "company-id" ,
@@ -170,7 +170,7 @@ func TestCheckCompanyComplianceOptionalAllowsMissingExternalID(t *testing.T) {
170170}
171171
172172func TestCheckCompanyComplianceOptionalBlocksPersistedSanctionMissingExternalID (t * testing.T ) {
173- svc := & service {sssRequired : false , sssClient : newTestSSSClient (t )}
173+ svc := & service {sssRequired : false , sssEnabled : true , sssClient : newTestSSSClient (t )}
174174
175175 // origin=sss bypasses the manual-block short-circuit so the missing-external-ID early
176176 // exit is the path under test: in optional mode it must honor the persisted sanction.
@@ -266,6 +266,7 @@ func TestCheckCompanyComplianceCacheHitMutatesModel(t *testing.T) {
266266 // A cached "clean" result must clear the stale loaded model so downstream gates
267267 // (e.g. ProcessEmployeeSignature) in the same request stay consistent.
268268 svc := & service {
269+ sssEnabled : true ,
269270 complianceCache : map [string ]complianceCacheEntry {
270271 "external-id" : {sanctioned : false , expiresAt : time .Now ().Add (time .Minute )},
271272 },
@@ -294,7 +295,7 @@ func TestCheckCompanyComplianceCacheHitMutatesModel(t *testing.T) {
294295func TestCheckCompanyComplianceOptionalHonorsPersistedSSSFlag (t * testing.T ) {
295296 // Optional mode with no SSS client: an already-persisted SSS-origin block must keep
296297 // blocking until a live clean result can clear it (do not fail open on the flag).
297- svc := & service {sssRequired : false }
298+ svc := & service {sssRequired : false , sssEnabled : true }
298299
299300 blocked , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
300301 CompanyID : "company-id" ,
@@ -313,7 +314,7 @@ func TestCheckCompanyComplianceOptionalHonorsPersistedSSSFlag(t *testing.T) {
313314func TestCheckCompanyComplianceAdminBlockAlwaysBlocks (t * testing.T ) {
314315 // A manual/admin block (is_sanctioned=true, no/!=sss origin) must short-circuit and
315316 // block regardless of mode or SSS availability.
316- svc := & service {sssRequired : false }
317+ svc := & service {sssRequired : false , sssEnabled : true }
317318
318319 blocked , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
319320 CompanyID : "company-id" ,
@@ -326,3 +327,22 @@ func TestCheckCompanyComplianceAdminBlockAlwaysBlocks(t *testing.T) {
326327 t .Fatal ("expected a manual/admin sanction (no origin) to always block" )
327328 }
328329}
330+
331+ func TestCheckCompanyComplianceDisabledSkipsSSS (t * testing.T ) {
332+ // Kill switch off (sssEnabled=false): the live SSS check is skipped and the company is
333+ // not blocked, even in required mode with a persisted sss-origin flag.
334+ svc := & service {sssRequired : true , sssEnabled : false , sssClient : newTestSSSClient (t )}
335+
336+ blocked , err := svc .checkCompanyCompliance (context .Background (), & models.Company {
337+ CompanyID : "company-id" ,
338+ CompanyName : "Company" ,
339+ IsSanctioned : true ,
340+ SanctionOrigin : "sss" ,
341+ })
342+ if err != nil {
343+ t .Fatalf ("expected disabled SSS to skip without error, got %v" , err )
344+ }
345+ if blocked {
346+ t .Fatal ("expected disabled SSS not to block" )
347+ }
348+ }
0 commit comments