test persist rollback recovery

tests/test_rules_unit.sh

@@ -45,6 +45,7 @@ reset_mock_state() {
   : >"${IPTABLES_MOCK_LOG}"
   : >"${PERSIST_MOCK_LOG}"
   unset IPTABLES_MOCK_FAIL_ON_N || true
+  unset PERSIST_MOCK_FAIL || true
   storage_init
 }
 
@@ -73,4 +74,21 @@ assert_eq '0' "$(storage_count)" 'failed add should not persist storage'
 assert_contains "$(cat "${IPTABLES_MOCK_LOG}")" ' -D ' 'failed add should trigger rollback deletes'
 assert_eq '0' "$(wc -l < "${PERSIST_MOCK_LOG}")" 'failed add before persistence should not call persist_save'
 
+reset_mock_state
+export PERSIST_MOCK_FAIL=1
+assert_eq '1' "$(status_of cmd_add_batch tcp 9001 127.0.0.1 91 4 'persist rollback add')" 'cmd_add_batch should fail when persist_save fails'
+assert_eq '0' "$(storage_count)" 'persist_save failure on add should roll back storage'
+assert_eq '0' "$(wc -l < "${IPTABLES_MOCK_DIR}/state.v4")" 'persist_save failure on add should remove runtime rules'
+assert_contains "$(cat "${IPTABLES_MOCK_LOG}")" ' -D ' 'persist_save failure on add should trigger runtime rollback'
+assert_eq '1' "$(grep -Ec 'persist-mock\.sh save' "${PERSIST_MOCK_LOG}")" 'persist_save failure on add should still attempt one save'
+
+reset_mock_state
+uuid_delete_rollback=$(cmd_add_batch tcp 9100 127.0.0.1 92 4 'persist rollback delete')
+export PERSIST_MOCK_FAIL=1
+assert_eq '1' "$(status_of cmd_delete_uuid "${uuid_delete_rollback}")" 'cmd_delete_uuid should fail when persist_save fails'
+assert_eq '1' "$(storage_count)" 'persist_save failure on delete should restore storage'
+assert_contains "$(storage_get "${uuid_delete_rollback}")" "uuid=${uuid_delete_rollback}" 'persist_save failure on delete should restore storage line'
+assert_contains "$(ipt_find_by_uuid "${uuid_delete_rollback}")" "MGMT:${uuid_delete_rollback}" 'persist_save failure on delete should restore runtime rules'
+assert_eq '2' "$(grep -Ec 'persist-mock\.sh save' "${PERSIST_MOCK_LOG}")" 'persist_save failure on delete should include add and delete save attempts'
+
 pass 'test_rules_unit.sh'