--- phase: 15 slug: external-authentication status: draft nyquist_compliant: false wave_0_complete: false created: 2026-04-04 --- # Phase 15 — Validation Strategy > Per-phase validation contract for feedback sampling during execution. --- ## Test Infrastructure | Property | Value | |----------|-------| | **Framework** | Bun test runner + Playwright | | **Config file** | `bunfig.toml` (Bun), `playwright.config.ts` (E2E) | | **Quick run command** | `bun test tests/middleware/auth.test.ts` | | **Full suite command** | `bun test && bun run test:e2e` | | **Estimated runtime** | ~30 seconds | --- ## Sampling Rate - **After every task commit:** Run `bun test tests/middleware/auth.test.ts` - **After every plan wave:** Run `bun test` - **Before `/gsd:verify-work`:** Full suite must be green - **Max feedback latency:** 30 seconds --- ## Per-Task Verification Map | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status | |---------|------|------|-------------|-----------|-------------------|-------------|--------| | 15-01-01 | 01 | 1 | AUTH-04 | integration | `docker compose -f docker-compose.dev.yml up -d && curl http://localhost:3001/oidc/.well-known/openid-configuration` | ❌ W0 | ⬜ pending | | 15-02-01 | 02 | 1 | AUTH-03 | unit | `bun test tests/middleware/auth.test.ts` | ✅ (needs update) | ⬜ pending | | 15-02-02 | 02 | 1 | AUTH-01 | manual | N/A (requires running Logto) | N/A | ⬜ pending | | 15-02-03 | 02 | 1 | AUTH-02 | manual | N/A (requires running Logto) | N/A | ⬜ pending | | 15-03-01 | 03 | 2 | AUTH-05 | e2e | `bun run test:e2e` | ✅ (needs update) | ⬜ pending | *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky* --- ## Wave 0 Requirements - [ ] Update `tests/middleware/auth.test.ts` — remove user/session tests, add OIDC session mock - [ ] Update `tests/services/auth.service.test.ts` — remove user/session tests, keep API key tests - [ ] Update `tests/routes/auth.test.ts` — update for new auth route structure - [ ] Update `e2e/seed.ts` — remove users table insert, add API key seed - [ ] Update `e2e/auth.spec.ts` — replace login form tests with redirect-based flow or API key auth --- ## Manual-Only Verifications | Behavior | Requirement | Why Manual | Test Instructions | |----------|-------------|------------|-------------------| | User registers via Logto | AUTH-01 | Requires running Logto instance with UI interaction | Start docker-compose.dev.yml, navigate to /login, complete Logto registration, verify dashboard loads | | User logs in via Logto | AUTH-02 | Requires running Logto instance with UI interaction | Start docker-compose.dev.yml, navigate to /login, complete Logto login, verify existing data visible | --- ## Validation Sign-Off - [ ] All tasks have `` verify or Wave 0 dependencies - [ ] Sampling continuity: no 3 consecutive tasks without automated verify - [ ] Wave 0 covers all MISSING references - [ ] No watch-mode flags - [ ] Feedback latency < 30s - [ ] `nyquist_compliant: true` set in frontmatter **Approval:** pending