--- id: USER-WP-0002 type: workplan title: "User Engine Isolated MVP" domain: netkingdom repo: user-engine status: finished owner: codex topic_slug: netkingdom planning_priority: high planning_order: 2 created: "2026-05-22" updated: "2026-05-22" depends_on: - USER-WP-0001 --- # USER-WP-0002 - User Engine Isolated MVP ## Goal Implement the smallest useful headless service in isolation: users, accounts, identity links, one application, one catalog, profile values, effective profile resolution, projections, audit, outbox, and tests. ## Tasks ```task id: USER-WP-0002-T1 status: done priority: high ``` Implement the domain model and local persistence migrations. ```task id: USER-WP-0002-T2 status: done priority: high ``` Implement IAM Profile-compatible fixture actor handling and local identity linking by `(issuer, subject)`. ```task id: USER-WP-0002-T3 status: done priority: high ``` Implement the authorization check port with a deterministic local test adapter. ```task id: USER-WP-0002-T4 status: done priority: high ``` Implement headless APIs for health, readiness, `me`, users, account lifecycle, identity links, applications, catalogs, profiles, projections, and audit. ```task id: USER-WP-0002-T5 status: done priority: high ``` Implement catalog validation, profile value validation, defaults, global plus application profile layers, and inspectable effective profile resolution. ```task id: USER-WP-0002-T6 status: done priority: high ``` Persist audit records and outbox events atomically with mutations. ```task id: USER-WP-0002-T7 status: done priority: high ``` Add tests for lifecycle, identity linking, catalog validation, profile update authorization, projections, redaction, audit/outbox atomicity, and deny paths. ## Acceptance Criteria - A demo application can register, publish a catalog, write profile values, and read an effective projection. - Self-service and admin-style operations work through the local auth adapter. - Sensitive values are redacted in non-eligible projections. - MVP tests cover positive and negative use cases.