cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cb788def43ce0719cb3d0728101a5e5c53d2488d
cameleer-server/.planning/phases/04-security/04-VALIDATION.md
hsiegeln cb788def43 docs(phase-04): add research and validation strategy 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 19:45:58 +01:00

3.9 KiB
Raw Blame History

phase, slug, status, nyquist_compliant, wave_0_complete, created
phase slug status nyquist_compliant wave_0_complete created
4 security draft false false 2026-03-11

Phase 4 — Validation Strategy

Per-phase validation contract for feedback sampling during execution.

Test Infrastructure

Property Value
Framework JUnit 5 + Spring Boot Test + Spring Security Test
Config file cameleer3-server-app/src/test/resources/application-test.yml
Quick run command mvn test -pl cameleer3-server-app -Dtest="Security*,Jwt*,Bootstrap*,Ed25519*" -Dsurefire.reuseForks=false
Full suite command mvn clean verify
Estimated runtime ~60 seconds

Sampling Rate

  • After every task commit: Run mvn test -pl cameleer3-server-app -Dsurefire.reuseForks=false
  • After every plan wave: Run mvn clean verify
  • Before /gsd:verify-work: Full suite must be green
  • Max feedback latency: 60 seconds

Per-Task Verification Map

Task ID Plan Wave Requirement Test Type Automated Command File Exists Status
04-01-01 01 1 SECU-03 unit mvn test -pl cameleer3-server-app -Dtest=Ed25519SigningServiceTest -Dsurefire.reuseForks=false W0 pending
04-01-02 01 1 SECU-01 unit mvn test -pl cameleer3-server-app -Dtest=JwtServiceTest -Dsurefire.reuseForks=false W0 pending
04-01-03 01 1 SECU-05 integration mvn test -pl cameleer3-server-app -Dtest=BootstrapTokenIT -Dsurefire.reuseForks=false W0 pending
04-01-04 01 1 SECU-01 integration mvn test -pl cameleer3-server-app -Dtest=SecurityFilterIT -Dsurefire.reuseForks=false W0 pending
04-01-05 01 1 SECU-02 integration mvn test -pl cameleer3-server-app -Dtest=JwtRefreshIT -Dsurefire.reuseForks=false W0 pending
04-01-06 01 1 SECU-04 integration mvn test -pl cameleer3-server-app -Dtest=SseSigningIT -Dsurefire.reuseForks=false W0 pending
04-01-07 01 1 N/A integration mvn test -pl cameleer3-server-app -Dtest=RegistrationSecurityIT -Dsurefire.reuseForks=false W0 pending

Status: pending · green · red · ⚠️ flaky

Wave 0 Requirements

  • Ed25519SigningServiceTest.java — unit test stubs for Ed25519 signing roundtrip (SECU-03)
  • JwtServiceTest.java — unit test stubs for JWT creation/validation/expiry (SECU-01, SECU-02)
  • BootstrapTokenIT.java — integration test stubs for bootstrap token validation (SECU-05)
  • SecurityFilterIT.java — integration test stubs for protected/public endpoint access (SECU-01)
  • JwtRefreshIT.java — integration test stubs for refresh flow (SECU-02)
  • SseSigningIT.java — integration test stubs for Ed25519 SSE signing (SECU-04)
  • RegistrationSecurityIT.java — integration test stubs for registration with bootstrap + public key (SECU-03, SECU-05)
  • Update application-test.yml with CAMELEER_AUTH_TOKEN: test-token
  • Update ALL existing ITs to include JWT auth headers (21 test files affected)

Existing infrastructure covers test framework and Testcontainers setup.

Manual-Only Verifications

Behavior Requirement Why Manual Test Instructions
JWT token leakage in SSE query param logs SECU-01 Requires production log inspection Check access logs don't log query parameters containing JWT tokens

Validation Sign-Off

  • All tasks have <automated> verify or Wave 0 dependencies
  • Sampling continuity: no 3 consecutive tasks without automated verify
  • Wave 0 covers all MISSING references
  • No watch-mode flags
  • Feedback latency < 60s
  • nyquist_compliant: true set in frontmatter

Approval: pending

Reference in New Issue View Git Blame Copy Permalink