--- phase: 28 slug: profile-and-logto-integration status: draft nyquist_compliant: false wave_0_complete: false created: 2026-04-12 --- # Phase 28 — Validation Strategy > Per-phase validation contract for feedback sampling during execution. --- ## Test Infrastructure | Property | Value | |----------|-------| | **Framework** | Bun test (unit/integration), Playwright (E2E) | | **Config file** | `bunfig.toml`, `playwright.config.ts` | | **Quick run command** | `bun test tests/services/` | | **Full suite command** | `bun test` | | **Estimated runtime** | ~15 seconds | --- ## Sampling Rate - **After every task commit:** Run `bun test tests/services/` - **After every plan wave:** Run `bun test` - **Before `/gsd-verify-work`:** Full suite must be green - **Max feedback latency:** 15 seconds --- ## Per-Task Verification Map | Task ID | Plan | Wave | Requirement | Threat Ref | Secure Behavior | Test Type | Automated Command | File Exists | Status | |---------|------|------|-------------|------------|-----------------|-----------|-------------------|-------------|--------| | 28-01-01 | 01 | 1 | D-04 | — | M2M token cached, not logged | unit | `bun test tests/services/logto.service.test.ts` | ❌ W0 | ⬜ pending | | 28-01-02 | 01 | 1 | D-05 | — | Password verify before change | unit | `bun test tests/services/logto.service.test.ts` | ❌ W0 | ⬜ pending | | 28-02-01 | 02 | 1 | D-01 | — | N/A | route | `bun test tests/routes/` | ❌ W0 | ⬜ pending | | 28-02-02 | 02 | 1 | D-05 | — | Auth required for account actions | route | `bun test tests/routes/auth.test.ts` | ✅ | ⬜ pending | | 28-03-01 | 03 | 2 | D-01,D-02 | — | N/A | E2E | `bun run test:e2e` | ❌ W0 | ⬜ pending | | 28-03-02 | 03 | 2 | D-06 | — | Confirmation required for deletion | E2E | `bun run test:e2e` | ❌ W0 | ⬜ pending | *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky* --- ## Wave 0 Requirements - [ ] `tests/services/logto.service.test.ts` — stubs for M2M token, password, email, deletion - [ ] Mock HTTP client for Logto Management API calls (no live Logto needed in tests) *Existing infrastructure covers route-level testing patterns.* --- ## Manual-Only Verifications | Behavior | Requirement | Why Manual | Test Instructions | |----------|-------------|------------|-------------------| | Logto sign-in page branding | D-07 | Visual CSS customization in Logto Console | Visit /login, verify logo/colors match GearBox | | Custom domain setup | D-08 | Infrastructure/DNS configuration | Verify auth.gearbox.de resolves to Logto | | Social connectors (Google, GitHub) | D-09 | Logto Console configuration | Verify social buttons appear on sign-in page | | Email verification at signup | D-10 | Logto Console configuration | Create new account, verify email required | | Password policy enforcement | D-11 | Logto Console configuration | Try weak password at signup, verify rejection | --- ## Validation Sign-Off - [ ] All tasks have `` verify or Wave 0 dependencies - [ ] Sampling continuity: no 3 consecutive tasks without automated verify - [ ] Wave 0 covers all MISSING references - [ ] No watch-mode flags - [ ] Feedback latency < 15s - [ ] `nyquist_compliant: true` set in frontmatter **Approval:** pending