3.9 KiB
id, type, title, domain, repo, status, owner, topic_slug, planning_priority, planning_order, created, updated, depends_on, state_hub_workstream_id
| id | type | title | domain | repo | status | owner | topic_slug | planning_priority | planning_order | created | updated | depends_on | state_hub_workstream_id | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| NK-WP-0018 | workplan | User Engine Integrated Test Scenarios | netkingdom | net-kingdom | ready | codex | netkingdom | high | 18 | 2026-05-22 | 2026-05-22 |
|
6f75035a-e056-4eab-8fdb-00a18bacdf87 |
NK-WP-0018 - User Engine Integrated Test Scenarios
Goal
Extend user-engine test coverage from isolated MVP tests to realistic standalone, platform, multi-tenant, multi-application, audit, and performance scenarios. The test suite should prove the architecture boundaries rather than only individual functions.
Scope
In scope:
- scenario matrix;
- local identity and IAM Profile fixtures;
- flex-auth authorization harness;
- multi-tenant and multi-application integration tests;
- audit/outbox/correlation tests;
- effective-profile performance tests;
- CI/readiness gates.
Out of scope:
- full production Railiance deployment;
- full enterprise SCIM conformance;
- UI end-to-end tests for future UI repos.
Tasks
id: NK-WP-0018-T1
status: todo
priority: high
state_hub_task_id: "6da86ef6-ea8b-49b9-8897-cbed00f6e61d"
Scenario matrix. Define canonical scenarios: standalone single-app, standalone denied access, platform local-identity fixture, tenant admin, platform operator, cross-tenant denial, two applications with separate catalogs, sensitive projection redaction, and event/audit replay.
id: NK-WP-0018-T2
status: todo
priority: high
state_hub_task_id: "e3424148-90d6-4c43-8f15-988f2a21d166"
Identity fixtures. Add IAM Profile claim fixtures for human, service, agent, delegated agent, tenant admin, platform operator, break-glass, local development issuer, and invalid/expired/missing-tenant tokens.
id: NK-WP-0018-T3
status: todo
priority: high
state_hub_task_id: "23fa4617-e7ce-4cdc-b753-489ec361757b"
Authorization harness. Add a deterministic flex-auth-compatible test harness that supports allow, deny, obligation, tenant-boundary, assurance, and bulk decision scenarios.
id: NK-WP-0018-T4
status: todo
priority: high
state_hub_task_id: "33c53479-7856-42ee-b9ee-8795aa73c39a"
End-to-end domain scenarios. Test full flows from actor claims through authorization, mutation, profile resolution, projection, audit write, and outbox event creation.
id: NK-WP-0018-T5
status: todo
priority: medium
state_hub_task_id: "fc2d73e4-1f45-4891-9c31-1a4dc2f3a002"
Performance and cache tests. Add tests or benchmarks for effective-profile resolution, projection rendering, authorization batching, request-scoped memoization, and cache invalidation on catalog/profile/membership changes.
id: NK-WP-0018-T6
status: todo
priority: high
state_hub_task_id: "26b63aa0-deb6-4b4d-9388-6b7e531bd4ff"
Security and privacy negative tests. Cover local issuer rejection in production, sensitive attribute leakage, cross-tenant reads/writes, admin overreach, catalog sensitivity downgrade, namespace hijack, stale membership facts, and missing audit correlation.
id: NK-WP-0018-T7
status: todo
priority: medium
state_hub_task_id: "a46e6e78-71a1-4518-881f-85b39269f4a8"
CI and readiness gates. Add repeatable commands for unit, integration, scenario, and conformance-style tests. Document what must pass before a platform deployment or UI consumer can depend on user-engine.
Acceptance Criteria
- The test suite proves standalone, tenant, multi-app, authorization, profile, projection, audit, and event behavior.
- Negative tests cover the architecture review risks.
- Scenario fixtures are readable enough for future agents and developers to extend.
- CI/readiness commands are documented and deterministic.
Dependencies And Sequencing
- Depends on NK-WP-0016 and NK-WP-0017.
- Feeds the final implementation assessment in NK-WP-0019.