generated from coulomb/repo-seed
39 lines
1.8 KiB
Markdown
39 lines
1.8 KiB
Markdown
# Integrated Scenario Matrix
|
|
|
|
The scenario suite is the conformance target for repos that integrate
|
|
user-engine. It keeps identity, authorization, tenant, application, profile,
|
|
projection, audit, and event behavior testable without a UI.
|
|
|
|
| Scenario | Proves |
|
|
| --- | --- |
|
|
| standalone_self_service | A verified actor can resolve `me`, write profile values, and read a projection. |
|
|
| denied_access | Authorization denials do not mutate state or emit outbox events. |
|
|
| tenant_admin | Tenant admins can manage in-tenant account, membership, and profile state. |
|
|
| platform_operator | Platform operators can operate across tenants without tenant-admin overreach. |
|
|
| cross_tenant_denial | Tenant actors cannot manage another tenant or platform root. |
|
|
| two_applications | Catalog ownership and projections prevent application data leakage. |
|
|
| sensitive_redaction | Sensitive values are redacted in runtime and claims-enrichment projections. |
|
|
| audit_event_replay | Mutations carry audit records, outbox events, and correlation ids. |
|
|
| identity_canon_context | Actor, user, account, authenticated subject, authorization principal, tenant, membership, grant-like facts, and evidence references stay distinguishable. |
|
|
|
|
## Fixture Actors
|
|
|
|
`user_engine.testing.scenarios` provides fixtures for human, service, agent,
|
|
delegated agent, tenant admin, platform operator, break-glass, local issuer,
|
|
invalid, expired, and missing-tenant identities.
|
|
|
|
## Commands
|
|
|
|
All suites currently run through the standard-library test runner:
|
|
|
|
```bash
|
|
make test
|
|
make test-scenarios
|
|
make test-integration
|
|
make test-conformance
|
|
```
|
|
|
|
The separate targets are aliases today. They are intentionally present so CI
|
|
can split unit, scenario, integration, and conformance execution later without
|
|
changing consumer documentation.
|