docs(phase-28): add validation strategy

2026-04-12 17:37:57 +02:00
parent 28218ad9e6
commit 18fa93dd01
1 changed files with 82 additions and 0 deletions
--- a/.planning/phases/28-profile-and-logto-integration/28-VALIDATION.md
+++ b/.planning/phases/28-profile-and-logto-integration/28-VALIDATION.md
@@ -0,0 +1,82 @@
+---
+phase: 28
+slug: profile-and-logto-integration
+status: draft
+nyquist_compliant: false
+wave_0_complete: false
+created: 2026-04-12
+---
+
+# Phase 28 — Validation Strategy
+
+> Per-phase validation contract for feedback sampling during execution.
+
+---
+
+## Test Infrastructure
+
+| Property | Value |
+|----------|-------|
+| **Framework** | Bun test (unit/integration), Playwright (E2E) |
+| **Config file** | `bunfig.toml`, `playwright.config.ts` |
+| **Quick run command** | `bun test tests/services/` |
+| **Full suite command** | `bun test` |
+| **Estimated runtime** | ~15 seconds |
+
+---
+
+## Sampling Rate
+
+- **After every task commit:** Run `bun test tests/services/`
+- **After every plan wave:** Run `bun test`
+- **Before `/gsd-verify-work`:** Full suite must be green
+- **Max feedback latency:** 15 seconds
+
+---
+
+## Per-Task Verification Map
+
+| Task ID | Plan | Wave | Requirement | Threat Ref | Secure Behavior | Test Type | Automated Command | File Exists | Status |
+|---------|------|------|-------------|------------|-----------------|-----------|-------------------|-------------|--------|
+| 28-01-01 | 01 | 1 | D-04 | — | M2M token cached, not logged | unit | `bun test tests/services/logto.service.test.ts` | ❌ W0 | ⬜ pending |
+| 28-01-02 | 01 | 1 | D-05 | — | Password verify before change | unit | `bun test tests/services/logto.service.test.ts` | ❌ W0 | ⬜ pending |
+| 28-02-01 | 02 | 1 | D-01 | — | N/A | route | `bun test tests/routes/` | ❌ W0 | ⬜ pending |
+| 28-02-02 | 02 | 1 | D-05 | — | Auth required for account actions | route | `bun test tests/routes/auth.test.ts` | ✅ | ⬜ pending |
+| 28-03-01 | 03 | 2 | D-01,D-02 | — | N/A | E2E | `bun run test:e2e` | ❌ W0 | ⬜ pending |
+| 28-03-02 | 03 | 2 | D-06 | — | Confirmation required for deletion | E2E | `bun run test:e2e` | ❌ W0 | ⬜ pending |
+
+*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*
+
+---
+
+## Wave 0 Requirements
+
+- [ ] `tests/services/logto.service.test.ts` — stubs for M2M token, password, email, deletion
+- [ ] Mock HTTP client for Logto Management API calls (no live Logto needed in tests)
+
+*Existing infrastructure covers route-level testing patterns.*
+
+---
+
+## Manual-Only Verifications
+
+| Behavior | Requirement | Why Manual | Test Instructions |
+|----------|-------------|------------|-------------------|
+| Logto sign-in page branding | D-07 | Visual CSS customization in Logto Console | Visit /login, verify logo/colors match GearBox |
+| Custom domain setup | D-08 | Infrastructure/DNS configuration | Verify auth.gearbox.de resolves to Logto |
+| Social connectors (Google, GitHub) | D-09 | Logto Console configuration | Verify social buttons appear on sign-in page |
+| Email verification at signup | D-10 | Logto Console configuration | Create new account, verify email required |
+| Password policy enforcement | D-11 | Logto Console configuration | Try weak password at signup, verify rejection |
+
+---
+
+## Validation Sign-Off
+
+- [ ] All tasks have `<automated>` verify or Wave 0 dependencies
+- [ ] Sampling continuity: no 3 consecutive tasks without automated verify
+- [ ] Wave 0 covers all MISSING references
+- [ ] No watch-mode flags
+- [ ] Feedback latency < 15s
+- [ ] `nyquist_compliant: true` set in frontmatter
+
+**Approval:** pending