From 4706a873559c74237c4a175067d59f48fe3276fa Mon Sep 17 00:00:00 2001 From: Adolfo Delorenzo Date: Tue, 24 Mar 2026 13:28:17 -0600 Subject: [PATCH] docs(04): add research and validation strategy --- .planning/phases/04-rbac/04-VALIDATION.md | 82 +++++++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 .planning/phases/04-rbac/04-VALIDATION.md diff --git a/.planning/phases/04-rbac/04-VALIDATION.md b/.planning/phases/04-rbac/04-VALIDATION.md new file mode 100644 index 0000000..65df074 --- /dev/null +++ b/.planning/phases/04-rbac/04-VALIDATION.md @@ -0,0 +1,82 @@ +--- +phase: 4 +slug: rbac +status: draft +nyquist_compliant: false +wave_0_complete: false +created: 2026-03-24 +--- + +# Phase 4 — Validation Strategy + +> Per-phase validation contract for feedback sampling during execution. + +--- + +## Test Infrastructure + +| Property | Value | +|----------|-------| +| **Framework** | pytest 8.x + pytest-asyncio (existing) | +| **Config file** | `pyproject.toml` (existing) | +| **Quick run command** | `pytest tests/unit -x -q` | +| **Full suite command** | `pytest tests/ -x` | +| **Estimated runtime** | ~30 seconds | + +--- + +## Sampling Rate + +- **After every task commit:** Run `pytest tests/unit -x -q` +- **After every plan wave:** Run `pytest tests/ -x` +- **Before `/gsd:verify-work`:** Full suite must be green +- **Max feedback latency:** 30 seconds + +--- + +## Per-Task Verification Map + +| Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status | +|---------|------|------|-------------|-----------|-------------------|-------------|--------| +| 04-xx | 01 | 1 | RBAC-01,02,03 | unit | `pytest tests/unit/test_rbac_guards.py -x` | ❌ W0 | ⬜ pending | +| 04-xx | 01 | 1 | RBAC-04 | unit | `pytest tests/unit/test_invitations.py -x` | ❌ W0 | ⬜ pending | +| 04-xx | 01 | 1 | RBAC-05 | unit | `pytest tests/unit/test_portal_auth.py -x` | ❌ W0 | ⬜ pending | +| 04-xx | 01 | 1 | RBAC-06 | integration | `pytest tests/integration/test_portal_rbac.py -x` | ❌ W0 | ⬜ pending | +| 04-xx | 02 | 2 | RBAC-04 | integration | `pytest tests/integration/test_invite_flow.py -x` | ❌ W0 | ⬜ pending | +| 04-xx | 02 | 2 | RBAC-05 | unit | `cd packages/portal && npx next build` | ✅ | ⬜ pending | + +*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky* + +--- + +## Wave 0 Requirements + +- [ ] `tests/unit/test_rbac_guards.py` — RBAC-01,02,03: FastAPI require_* dependency tests +- [ ] `tests/unit/test_invitations.py` — RBAC-04: HMAC token generation, expiry, tampering detection +- [ ] `tests/unit/test_portal_auth.py` — RBAC-05: JWT contains role + tenant_ids +- [ ] `tests/integration/test_invite_flow.py` — RBAC-04: end-to-end invite → accept → login +- [ ] `tests/integration/test_portal_rbac.py` — RBAC-06: all endpoints tested with correct/incorrect roles + +--- + +## Manual-Only Verifications + +| Behavior | Requirement | Why Manual | Test Instructions | +|----------|-------------|------------|-------------------| +| Role-specific landing pages render correctly | RBAC-05 | UI visual layout | Login as each role, verify correct dashboard renders | +| Tenant switcher dropdown works | RBAC-05 | UI interaction | Login as multi-tenant user, switch tenants, verify context changes | +| Impersonation banner visible and exit works | RBAC-01 | UI interaction | Platform admin clicks "view as", verify banner shows, click exit | +| Invite email arrives and link works | RBAC-04 | Requires live SMTP | Send invite, check inbox, click link, complete activation | + +--- + +## Validation Sign-Off + +- [ ] All tasks have `` verify or Wave 0 dependencies +- [ ] Sampling continuity: no 3 consecutive tasks without automated verify +- [ ] Wave 0 covers all MISSING references +- [ ] No watch-mode flags +- [ ] Feedback latency < 30s +- [ ] `nyquist_compliant: true` set in frontmatter + +**Approval:** pending