coulomb/net-kingdom
2
0
Fork 0
generated from coulomb/repo-seed
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
28da204cf29c0c84e7bebe5d96a3c97c1ea4d75d
net-kingdom/workplans/NK-WP-0015-user-engine-isolated-mvp.md

4.6 KiB
Raw Blame History

id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
id type title domain repo status owner topic_slug planning_priority planning_order created updated depends_on state_hub_workstream_id
NK-WP-0015 workplan User Engine Isolated MVP netkingdom net-kingdom ready codex netkingdom high 15 2026-05-22 2026-05-22
NK-WP-0014
343e035d-41e1-4fc4-b209-6872e4a5fdc8

NK-WP-0015 - User Engine Isolated MVP

Goal

Implement the smallest useful isolated user-engine in /home/worsch/user-engine with automated tests for all MVP use cases: users, accounts, external identity links, application registration, customization catalogs, profile values, effective profile resolution, projections, audit records, and domain events.

The MVP must run without the full NetKingdom platform while preserving the same boundaries used by platform mode.

Scope

In scope:

  • repo skeleton and local development workflow;
  • domain core independent of HTTP;
  • local persistence and migrations;
  • headless API for MVP resources;
  • local IAM Profile fixture or local-identity integration;
  • pluggable flex-auth check interface with a local test adapter;
  • audit and transactional outbox;
  • automated unit and integration tests.

Out of scope:

  • multi-tenant production operation beyond one explicit tenant context;
  • multi-application governance beyond one or two demo applications;
  • SCIM server or enterprise provisioning;
  • UI implementation;
  • production deployment through Railiance.

Tasks

id: NK-WP-0015-T1
status: todo
priority: high
state_hub_task_id: "81a88eaa-df2e-4b9f-85f4-a1570c9c9f86"

Repo scaffold and implementation stack. Choose the initial implementation stack, create the repository layout, define commands for lint/test/run, and keep the domain core separate from HTTP handlers and infrastructure adapters.

id: NK-WP-0015-T2
status: todo
priority: high
state_hub_task_id: "fc4172f7-e7f1-4ad9-98c3-37ccb08c7386"

Domain model and persistence. Implement users, accounts, identity links, applications, catalogs, attribute definitions, profile values, audit records, and outbox events with migrations and test fixtures.

id: NK-WP-0015-T3
status: todo
priority: high
state_hub_task_id: "8aa5a9e9-3f23-4124-aa3b-01c099ce88bc"

Identity and authorization adapters. Implement an IAM Profile actor adapter using fixtures or local-identity for isolated mode. Implement a flex-auth check port with a local deterministic test adapter. Ensure production code paths can later swap to real flex-auth without changing domain logic.

id: NK-WP-0015-T4
status: todo
priority: high
state_hub_task_id: "cedd6319-e4c2-460c-888c-d0d95d7bdbef"

Headless MVP API. Add API endpoints for health/readiness, me, users, account lifecycle transitions, identity links, application registration, catalog registration/activation, profile updates, effective profile resolution, projections, and audit inspection.

id: NK-WP-0015-T5
status: todo
priority: high
state_hub_task_id: "62ecafaa-237a-4cae-ac78-1ed79ca881a1"

Catalog and profile resolver. Implement JSON/YAML catalog registration, attribute validation, default values, global plus application profile layers, basic precedence rules, and inspectable effective profile resolution.

id: NK-WP-0015-T6
status: todo
priority: high
state_hub_task_id: "d627db12-2019-4870-a255-354fc77a1d22"

Projection, audit, and event outbox. Implement self-service, admin, application runtime, audit, and agent-context projection skeletons with sensitivity-aware redaction. Persist audit records and outbox events in the same transaction as mutations.

id: NK-WP-0015-T7
status: todo
priority: high
state_hub_task_id: "803e979d-a83a-43d8-a93d-ce97c83015ec"

MVP test suite. Cover user/account lifecycle, identity linking, catalog validation failures, profile update authorization, effective profile resolution, projection redaction, audit/outbox atomicity, local issuer handling, and deny paths from the authorization adapter.

Acceptance Criteria

  • The user-engine repo can be checked out and tested in isolation.
  • A demo application can register, register a catalog, update profile values, and request an effective profile projection.
  • A current user can read/update allowed self-service profile fields.
  • An admin-like actor can perform allowed scoped user operations through the test authorization adapter.
  • Sensitive attributes are redacted from non-eligible projections.
  • Mutations produce audit and outbox records atomically.
  • Tests cover positive and negative MVP use cases.

Dependencies And Sequencing

  • Gated by NK-WP-0014 boundary contracts.
  • Enables NK-WP-0016 and NK-WP-0017.
Reference in New Issue View Git Blame Copy Permalink