cb3ebfea7c
Rename Java packages from com.cameleer3 to com.cameleer, module directories from cameleer3-* to cameleer-*, and all references throughout workflows, Dockerfiles, docs, migrations, and pom.xml. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
3.8 KiB
3.8 KiB
phase, slug, status, nyquist_compliant, wave_0_complete, created
| phase | slug | status | nyquist_compliant | wave_0_complete | created |
|---|---|---|---|---|---|
| 4 | security | draft | false | false | 2026-03-11 |
Phase 4 — Validation Strategy
Per-phase validation contract for feedback sampling during execution.
Test Infrastructure
| Property | Value |
|---|---|
| Framework | JUnit 5 + Spring Boot Test + Spring Security Test |
| Config file | cameleer-server-app/src/test/resources/application-test.yml |
| Quick run command | mvn test -pl cameleer-server-app -Dtest="Security*,Jwt*,Bootstrap*,Ed25519*" -Dsurefire.reuseForks=false |
| Full suite command | mvn clean verify |
| Estimated runtime | ~60 seconds |
Sampling Rate
- After every task commit: Run
mvn test -pl cameleer-server-app -Dsurefire.reuseForks=false - After every plan wave: Run
mvn clean verify - Before
/gsd:verify-work: Full suite must be green - Max feedback latency: 60 seconds
Per-Task Verification Map
| Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
|---|---|---|---|---|---|---|---|
| 04-01-01 | 01 | 1 | SECU-03 | unit | mvn test -pl cameleer-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-02 | 01 | 1 | SECU-01 | unit | mvn test -pl cameleer-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-03 | 01 | 1 | SECU-05 | integration | mvn test -pl cameleer-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-04 | 01 | 1 | SECU-01 | integration | mvn test -pl cameleer-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-05 | 01 | 1 | SECU-02 | integration | mvn test -pl cameleer-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-06 | 01 | 1 | SECU-04 | integration | mvn test -pl cameleer-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
| 04-01-07 | 01 | 1 | N/A | integration | mvn test -pl cameleer-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false |
❌ W0 | ⬜ pending |
Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky
Wave 0 Requirements
Ed25519SigningServiceTest.java— unit test stubs for Ed25519 signing roundtrip (SECU-03)JwtServiceTest.java— unit test stubs for JWT creation/validation/expiry (SECU-01, SECU-02)BootstrapTokenIT.java— integration test stubs for bootstrap token validation (SECU-05)SecurityFilterIT.java— integration test stubs for protected/public endpoint access (SECU-01)JwtRefreshIT.java— integration test stubs for refresh flow (SECU-02)SseSigningIT.java— integration test stubs for Ed25519 SSE signing (SECU-04)RegistrationSecurityIT.java— integration test stubs for registration with bootstrap + public key (SECU-03, SECU-05)- Update
application-test.ymlwithCAMELEER_AUTH_TOKEN: test-token - Update ALL existing ITs to include JWT auth headers (21 test files affected)
Existing infrastructure covers test framework and Testcontainers setup.
Manual-Only Verifications
| Behavior | Requirement | Why Manual | Test Instructions |
|---|---|---|---|
| JWT token leakage in SSE query param logs | SECU-01 | Requires production log inspection | Check access logs don't log query parameters containing JWT tokens |
Validation Sign-Off
- All tasks have
<automated>verify or Wave 0 dependencies - Sampling continuity: no 3 consecutive tasks without automated verify
- Wave 0 covers all MISSING references
- No watch-mode flags
- Feedback latency < 60s
nyquist_compliant: trueset in frontmatter
Approval: pending