generated from coulomb/repo-seed
141 lines
3.9 KiB
Markdown
141 lines
3.9 KiB
Markdown
---
|
|
id: NK-WP-0018
|
|
type: workplan
|
|
title: "User Engine Integrated Test Scenarios"
|
|
domain: netkingdom
|
|
repo: net-kingdom
|
|
status: ready
|
|
owner: codex
|
|
topic_slug: netkingdom
|
|
planning_priority: high
|
|
planning_order: 18
|
|
created: "2026-05-22"
|
|
updated: "2026-05-22"
|
|
depends_on:
|
|
- NK-WP-0016
|
|
- NK-WP-0017
|
|
state_hub_workstream_id: "6f75035a-e056-4eab-8fdb-00a18bacdf87"
|
|
---
|
|
|
|
# NK-WP-0018 - User Engine Integrated Test Scenarios
|
|
|
|
## Goal
|
|
|
|
Extend user-engine test coverage from isolated MVP tests to realistic
|
|
standalone, platform, multi-tenant, multi-application, audit, and performance
|
|
scenarios. The test suite should prove the architecture boundaries rather than
|
|
only individual functions.
|
|
|
|
## Scope
|
|
|
|
In scope:
|
|
|
|
- scenario matrix;
|
|
- local identity and IAM Profile fixtures;
|
|
- flex-auth authorization harness;
|
|
- multi-tenant and multi-application integration tests;
|
|
- audit/outbox/correlation tests;
|
|
- effective-profile performance tests;
|
|
- CI/readiness gates.
|
|
|
|
Out of scope:
|
|
|
|
- full production Railiance deployment;
|
|
- full enterprise SCIM conformance;
|
|
- UI end-to-end tests for future UI repos.
|
|
|
|
## Tasks
|
|
|
|
```task
|
|
id: NK-WP-0018-T1
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "6da86ef6-ea8b-49b9-8897-cbed00f6e61d"
|
|
```
|
|
|
|
**Scenario matrix.** Define canonical scenarios: standalone single-app,
|
|
standalone denied access, platform local-identity fixture, tenant admin,
|
|
platform operator, cross-tenant denial, two applications with separate
|
|
catalogs, sensitive projection redaction, and event/audit replay.
|
|
|
|
```task
|
|
id: NK-WP-0018-T2
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "e3424148-90d6-4c43-8f15-988f2a21d166"
|
|
```
|
|
|
|
**Identity fixtures.** Add IAM Profile claim fixtures for human, service,
|
|
agent, delegated agent, tenant admin, platform operator, break-glass, local
|
|
development issuer, and invalid/expired/missing-tenant tokens.
|
|
|
|
```task
|
|
id: NK-WP-0018-T3
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "23fa4617-e7ce-4cdc-b753-489ec361757b"
|
|
```
|
|
|
|
**Authorization harness.** Add a deterministic flex-auth-compatible test
|
|
harness that supports allow, deny, obligation, tenant-boundary, assurance, and
|
|
bulk decision scenarios.
|
|
|
|
```task
|
|
id: NK-WP-0018-T4
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "33c53479-7856-42ee-b9ee-8795aa73c39a"
|
|
```
|
|
|
|
**End-to-end domain scenarios.** Test full flows from actor claims through
|
|
authorization, mutation, profile resolution, projection, audit write, and
|
|
outbox event creation.
|
|
|
|
```task
|
|
id: NK-WP-0018-T5
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "fc2d73e4-1f45-4891-9c31-1a4dc2f3a002"
|
|
```
|
|
|
|
**Performance and cache tests.** Add tests or benchmarks for effective-profile
|
|
resolution, projection rendering, authorization batching, request-scoped
|
|
memoization, and cache invalidation on catalog/profile/membership changes.
|
|
|
|
```task
|
|
id: NK-WP-0018-T6
|
|
status: todo
|
|
priority: high
|
|
state_hub_task_id: "26b63aa0-deb6-4b4d-9388-6b7e531bd4ff"
|
|
```
|
|
|
|
**Security and privacy negative tests.** Cover local issuer rejection in
|
|
production, sensitive attribute leakage, cross-tenant reads/writes, admin
|
|
overreach, catalog sensitivity downgrade, namespace hijack, stale membership
|
|
facts, and missing audit correlation.
|
|
|
|
```task
|
|
id: NK-WP-0018-T7
|
|
status: todo
|
|
priority: medium
|
|
state_hub_task_id: "a46e6e78-71a1-4518-881f-85b39269f4a8"
|
|
```
|
|
|
|
**CI and readiness gates.** Add repeatable commands for unit, integration,
|
|
scenario, and conformance-style tests. Document what must pass before a
|
|
platform deployment or UI consumer can depend on user-engine.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- The test suite proves standalone, tenant, multi-app, authorization, profile,
|
|
projection, audit, and event behavior.
|
|
- Negative tests cover the architecture review risks.
|
|
- Scenario fixtures are readable enough for future agents and developers to
|
|
extend.
|
|
- CI/readiness commands are documented and deterministic.
|
|
|
|
## Dependencies And Sequencing
|
|
|
|
- Depends on NK-WP-0016 and NK-WP-0017.
|
|
- Feeds the final implementation assessment in NK-WP-0019.
|