football/tests/unit/encryption-setup_test.bats

#!/usr/bin/env bats
# Unit tests for encryption-setup.sh hook
# Reference: PRD.md FR-001 (Full Disk Encryption)

@test "encryption-setup.sh exists and is executable" {
    [ -f "/workspace/config/hooks/installed/encryption-setup.sh" ]
    [ -x "/workspace/config/hooks/installed/encryption-setup.sh" ]
}

@test "Encryption uses LUKS2 format" {
    grep -q "luks2\|LUKS2" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption uses AES-XTS cipher" {
    grep -q "aes-xts\|aes_xts\|AES-XTS" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption uses 512-bit key" {
    grep -q "512" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup includes cryptsetup" {
    grep -q "cryptsetup" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup configures initramfs" {
    grep -q "initramfs" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup configures crypttab" {
    grep -q "crypttab" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup includes dm-crypt module" {
    grep -q "dm_crypt" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup creates check-encryption.sh" {
    grep -q "check-encryption.sh" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup creates manage-encryption-keys.sh" {
    grep -q "manage-encryption-keys.sh" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup creates systemd service" {
    grep -q "knel-encryption-check.service" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup creates README with recovery info" {
    grep -q "README" /workspace/config/hooks/installed/encryption-setup.sh
}

@test "Encryption setup configures GRUB" {
    grep -q "grub" /workspace/config/hooks/installed/encryption-setup.sh
}