---
id: USER-WP-0005
type: workplan
title: "User Engine Integrated Test Scenarios"
domain: netkingdom
repo: user-engine
status: finished
owner: codex
topic_slug: netkingdom
planning_priority: high
planning_order: 5
created: "2026-05-22"
updated: "2026-05-22"
depends_on:
  - USER-WP-0003
  - USER-WP-0004
state_hub_workstream_id: "06face5b-6984-4acc-8128-f82d61abdc75"
---

# USER-WP-0005 - User Engine Integrated Test Scenarios

## Goal

Prove the architecture boundaries with realistic standalone, platform,
multi-tenant, multi-application, projection, audit, event, and performance
test scenarios.

## Tasks

```task
id: USER-WP-0005-T1
status: done
priority: high
state_hub_task_id: "f0408602-4ec9-4d01-9a62-2daa3fa7373e"
```

Define the canonical scenario matrix for standalone, denied access, tenant
admin, platform operator, cross-tenant denial, two applications, sensitive
redaction, and audit/event replay.

```task
id: USER-WP-0005-T2
status: done
priority: high
state_hub_task_id: "78dad786-f69d-4e84-884b-0e2a32338c3e"
```

Add identity fixtures for human, service, agent, delegated agent, tenant
admin, platform operator, break-glass, local issuer, invalid, expired, and
missing-tenant actors.

```task
id: USER-WP-0005-T3
status: done
priority: high
state_hub_task_id: "87cac8eb-2182-4b17-aa29-60109cf6f2c4"
```

Add an authorization harness for allow, deny, obligation, tenant-boundary,
assurance, and bulk decision scenarios.

```task
id: USER-WP-0005-T4
status: done
priority: high
state_hub_task_id: "5fc6e120-0c94-4fb0-bc7f-2d8713a40011"
```

Test full flows from actor claims through authorization, mutation, profile
resolution, projection, audit write, and outbox event creation.

```task
id: USER-WP-0005-T5
status: done
priority: medium
state_hub_task_id: "609a3579-268c-4ed9-b5b7-2e01dc8e7049"
```

Add tests or benchmarks for effective-profile resolution, projection
rendering, authorization batching, memoization, and cache invalidation.

```task
id: USER-WP-0005-T6
status: done
priority: high
state_hub_task_id: "c346a142-3e7a-48ee-bf71-553cdcf4861d"
```

Add security and privacy negative tests for local issuer rejection, sensitive
leakage, cross-tenant access, admin overreach, catalog downgrade, namespace
hijack, stale membership facts, and missing audit correlation.

```task
id: USER-WP-0005-T7
status: done
priority: medium
state_hub_task_id: "ac92965e-778d-48ec-a674-32b1c333bb0d"
```

Add CI/readiness commands for unit, integration, scenario, and
conformance-style test suites.

## Acceptance Criteria

- Scenario tests prove standalone, tenant, multi-app, authorization, profile,
  projection, audit, and event behavior.
- Negative tests cover the architecture review risks.
- CI/readiness commands are documented and deterministic.