The inbound test driver (ITEST-06): drives the real synchronous persist + route + execute write path and captures the outcome in the current test process's mailbox.

This is the inbound analog of outbound's Fake.Storage → {:mail, _} → Mailglass.TestAssertions triangle. Outbound has a Fake.Storage that emits {:mail, %Message{}} on every delivery; inbound has no delivery row, so the capture seam lives here in the driver: after Execution.execute/2 returns, Test.Ingress does

send(self(), {:inbound, message, outcome, route})

so that MailglassInbound.TestAssertions can read the captured tuple with assert_received (the inbound mirror of assert_mail_sent).

Why this ships in lib/ (not test/support/)

Adopters import MailglassInbound.TestAssertions and drive captures via this module from their own suites, so it ships in the mailglass_inbound Hex package via the files: ~w(lib …) manifest — despite the Test in its name, lib/mailglass_inbound/test/ingress.ex is a lib/ path. Because it ships in lib/, it references ONLY core/runtime modules (Persist, Execution, the inbound providers) — never Oban, ExAws, or Plug.Test (Pitfall 6), so it compiles under mix compile --no-optional-deps --warnings-as-errors.

Two entry points

• receive_inbound/2 — drive a code-built %InboundMessage{} straight through persist + execute (skips the provider parse seam; use it when you already have a canonical message, e.g. from MailglassInbound.Fixtures).
• receive_provider_payload/3 — run the real provider verify!/normalize seam first (the same seam the production plug drives), then the same persist + execute + capture chain. Use it to exercise provider parsing + verification end to end.

SES cross-test hygiene: reset the cert cache

receive_provider_payload(:ses, …) consumes an SES fixture built by MailglassInbound.Fixtures.build_ses_sns_payload/1, which primes the process-global ETS cert cache (Mailglass.Webhook.Providers.SES.CertCache, shared across concurrent async tests) with one never-evicted entry per call. The driver deliberately does NOT reset that cache itself (it ships in lib/ and stays free of an :ex_unit runtime dependency). If you drive SES fixtures from a plain ExUnit.Case, reset the cache between tests:

setup do: Mailglass.Webhook.Providers.SES.CertCache.reset()

MailglassInbound.MailboxCase already resets it in its setup, so suites that use it need no extra step. The Postmark/SendGrid/Mailgun lanes touch no process-global state.

The captured outcome slot

The third element of the captured tuple is the normalized execute/2 result map — the actual return value of MailglassInbound.Execution.execute/2 (%{outcome: :accept}, %{outcome: :reject, outcome_reason: "..."}, %{outcome: :no_match}, %{status: :skipped} on a duplicate, …), NOT the raw %MailglassInbound.Mailbox{} outcome atom. Keeping the real seam's return as the captured value means MailglassInbound.TestAssertions matches on the same enum the persisted ExecutionRun.outcome carries (:accept | :ignore | :reject | :bounce | :no_match | :failed), so an assertion can never drift from what was actually persisted.

Synchronous only — never dispatch/2

The driver drives Execution.execute/2 (SYNC) with source: :fresh. It NEVER calls Execution.dispatch/2 (async — Oban or a detached Task.Supervisor child), which produces non-deterministic ExecutionRun counts (D-47-03/04, proven by the replay-convergence property). Replaying the same message converges: persist dedupes (DB unique index — provider-id for Postmark, md5(raw_mime) for SendGrid/SES/Mailgun), and execute/2 on a :duplicate persist result short-circuits to {:ok, %{status: :skipped}}, inserting zero fresh ExecutionRun rows.

PII posture

The driver writes to the adopter's sandboxed test DB (rolled back per test) and sends the capture tuple only to the current test process. It adds no telemetry of its own (the Execution.execute/2 it drives emits the normal PII-free execution span) and adds no PII spans (T-47-09/12).