generated from coulomb/repo-seed
96 lines
2.0 KiB
Markdown
96 lines
2.0 KiB
Markdown
---
|
|
id: USER-WP-0002
|
|
type: workplan
|
|
title: "User Engine Isolated MVP"
|
|
domain: netkingdom
|
|
repo: user-engine
|
|
status: finished
|
|
owner: codex
|
|
topic_slug: netkingdom
|
|
planning_priority: high
|
|
planning_order: 2
|
|
created: "2026-05-22"
|
|
updated: "2026-05-22"
|
|
depends_on:
|
|
- USER-WP-0001
|
|
---
|
|
|
|
# USER-WP-0002 - User Engine Isolated MVP
|
|
|
|
## Goal
|
|
|
|
Implement the smallest useful headless service in isolation: users, accounts,
|
|
identity links, one application, one catalog, profile values, effective
|
|
profile resolution, projections, audit, outbox, and tests.
|
|
|
|
## Tasks
|
|
|
|
```task
|
|
id: USER-WP-0002-T1
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Implement the domain model and local persistence migrations.
|
|
|
|
```task
|
|
id: USER-WP-0002-T2
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Implement IAM Profile-compatible fixture actor handling and local identity
|
|
linking by `(issuer, subject)`.
|
|
|
|
```task
|
|
id: USER-WP-0002-T3
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Implement the authorization check port with a deterministic local test
|
|
adapter.
|
|
|
|
```task
|
|
id: USER-WP-0002-T4
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Implement headless APIs for health, readiness, `me`, users, account lifecycle,
|
|
identity links, applications, catalogs, profiles, projections, and audit.
|
|
|
|
```task
|
|
id: USER-WP-0002-T5
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Implement catalog validation, profile value validation, defaults, global plus
|
|
application profile layers, and inspectable effective profile resolution.
|
|
|
|
```task
|
|
id: USER-WP-0002-T6
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Persist audit records and outbox events atomically with mutations.
|
|
|
|
```task
|
|
id: USER-WP-0002-T7
|
|
status: done
|
|
priority: high
|
|
```
|
|
|
|
Add tests for lifecycle, identity linking, catalog validation, profile update
|
|
authorization, projections, redaction, audit/outbox atomicity, and deny paths.
|
|
|
|
## Acceptance Criteria
|
|
|
|
- A demo application can register, publish a catalog, write profile values,
|
|
and read an effective projection.
|
|
- Self-service and admin-style operations work through the local auth adapter.
|
|
- Sensitive values are redacted in non-eligible projections.
|
|
- MVP tests cover positive and negative use cases.
|