3.2 KiB
3.2 KiB
phase, slug, status, nyquist_compliant, wave_0_complete, created
| phase | slug | status | nyquist_compliant | wave_0_complete | created |
|---|---|---|---|---|---|
| 4 | rbac | draft | false | false | 2026-03-24 |
Phase 4 — Validation Strategy
Per-phase validation contract for feedback sampling during execution.
Test Infrastructure
| Property | Value |
|---|---|
| Framework | pytest 8.x + pytest-asyncio (existing) |
| Config file | pyproject.toml (existing) |
| Quick run command | pytest tests/unit -x -q |
| Full suite command | pytest tests/ -x |
| Estimated runtime | ~30 seconds |
Sampling Rate
- After every task commit: Run
pytest tests/unit -x -q - After every plan wave: Run
pytest tests/ -x - Before
/gsd:verify-work: Full suite must be green - Max feedback latency: 30 seconds
Per-Task Verification Map
| Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
|---|---|---|---|---|---|---|---|
| 04-xx | 01 | 1 | RBAC-01,02,03 | unit | pytest tests/unit/test_rbac_guards.py -x |
❌ W0 | ⬜ pending |
| 04-xx | 01 | 1 | RBAC-04 | unit | pytest tests/unit/test_invitations.py -x |
❌ W0 | ⬜ pending |
| 04-xx | 01 | 1 | RBAC-05 | unit | pytest tests/unit/test_portal_auth.py -x |
❌ W0 | ⬜ pending |
| 04-xx | 01 | 1 | RBAC-06 | integration | pytest tests/integration/test_portal_rbac.py -x |
❌ W0 | ⬜ pending |
| 04-xx | 02 | 2 | RBAC-04 | integration | pytest tests/integration/test_invite_flow.py -x |
❌ W0 | ⬜ pending |
| 04-xx | 02 | 2 | RBAC-05 | unit | cd packages/portal && npx next build |
✅ | ⬜ pending |
Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky
Wave 0 Requirements
tests/unit/test_rbac_guards.py— RBAC-01,02,03: FastAPI require_* dependency teststests/unit/test_invitations.py— RBAC-04: HMAC token generation, expiry, tampering detectiontests/unit/test_portal_auth.py— RBAC-05: JWT contains role + tenant_idstests/integration/test_invite_flow.py— RBAC-04: end-to-end invite → accept → logintests/integration/test_portal_rbac.py— RBAC-06: all endpoints tested with correct/incorrect roles
Manual-Only Verifications
| Behavior | Requirement | Why Manual | Test Instructions |
|---|---|---|---|
| Role-specific landing pages render correctly | RBAC-05 | UI visual layout | Login as each role, verify correct dashboard renders |
| Tenant switcher dropdown works | RBAC-05 | UI interaction | Login as multi-tenant user, switch tenants, verify context changes |
| Impersonation banner visible and exit works | RBAC-01 | UI interaction | Platform admin clicks "view as", verify banner shows, click exit |
| Invite email arrives and link works | RBAC-04 | Requires live SMTP | Send invite, check inbox, click link, complete activation |
Validation Sign-Off
- All tasks have
<automated>verify or Wave 0 dependencies - Sampling continuity: no 3 consecutive tasks without automated verify
- Wave 0 covers all MISSING references
- No watch-mode flags
- Feedback latency < 30s
nyquist_compliant: trueset in frontmatter
Approval: pending