curo1305
710e535411
All 117 cloud tests pass; 13/13 validation map requirements COVERED. Updated status, frontmatter, sign-off, and added audit trail. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
5.7 KiB
5.7 KiB
phase, slug, status, nyquist_compliant, wave_0_complete, created, audited
| phase | slug | status | nyquist_compliant | wave_0_complete | created | audited |
|---|---|---|---|---|---|---|
| 5 | 05-cloud-storage-backends | complete | true | true | 2026-05-28 | 2026-05-30 |
Phase 5 — Validation Strategy
Per-phase validation contract for feedback sampling during execution.
Test Infrastructure
| Property | Value |
|---|---|
| Framework | pytest + pytest-asyncio (already in requirements.txt) |
| Config file | backend/pytest.ini (already exists) |
| Quick run command | cd backend && pytest tests/test_cloud.py -x -v |
| Full suite command | cd backend && pytest -v |
| Estimated runtime | ~30 seconds (quick) / ~90 seconds (full) |
Sampling Rate
- After every task commit: Run
cd backend && pytest tests/test_cloud.py -x -v - After every plan wave: Run
cd backend && pytest -v - Before
/gsd:verify-work: Full suite must be green - Max feedback latency: 90 seconds
Per-Task Verification Map
| Task ID | Plan | Wave | Requirement | Threat Ref | Secure Behavior | Test Type | Automated Command | File Exists | Status |
|---|---|---|---|---|---|---|---|---|---|
| 05-01-01 | 01 | 0 | CLOUD-01..07 | T-05-01 | Full test suite passes | unit + integration | pytest tests/test_cloud.py -x -v |
✅ | ✅ green |
| 05-01-02 | 01 | 0 | CLOUD-02 | T-05-02 | credentials_enc round-trip |
unit | pytest tests/test_cloud.py::test_credential_round_trip -x |
✅ | ✅ green |
| 05-02-01 | 02 | 1 | CLOUD-01 | T-05-03 | HKDF encrypt/decrypt round-trip | unit | pytest tests/test_cloud.py::test_credential_round_trip -x |
✅ | ✅ green |
| 05-02-02 | 02 | 1 | CLOUD-02, SEC-08 | T-05-04 | credentials_enc not in API response |
integration | pytest tests/test_cloud.py::test_credentials_enc_not_exposed -x |
✅ | ✅ green |
| 05-03-01 | 03 | 2 | CLOUD-01 | T-05-05 | OAuth callback validates state, rejects invalid state (400) | integration | pytest tests/test_cloud.py::test_oauth_callback_invalid_state -x |
✅ | ✅ green |
| 05-03-02 | 03 | 2 | CLOUD-01 | T-05-06 | SSRF: RFC-1918 and loopback blocked | unit | pytest tests/test_cloud.py::test_ssrf_validation -x |
✅ | ✅ green |
| 05-03-03 | 03 | 2 | CLOUD-01 | T-05-07 | WebDAV connection validated before save (D-08) | integration | pytest tests/test_cloud.py::test_webdav_connect_validates -x |
✅ | ✅ green |
| 05-04-01 | 04 | 3 | CLOUD-05 | T-05-08 | invalid_grant sets REQUIRES_REAUTH |
integration | pytest tests/test_cloud.py::test_invalid_grant_sets_requires_reauth -x |
✅ | ✅ green |
| 05-04-02 | 04 | 3 | CLOUD-06 | T-05-09 | Disconnect permanently deletes credentials_enc from DB |
integration | pytest tests/test_cloud.py::test_disconnect_deletes_credentials -x |
✅ | ✅ green |
| 05-05-01 | 05 | 4 | CLOUD-03 | T-05-10 | Cloud upload goes through FastAPI, not presigned URL | integration | pytest tests/test_cloud.py::test_cloud_upload_no_presigned -x |
✅ | ✅ green |
| 05-05-02 | 05 | 4 | CLOUD-07 | T-05-11 | StorageBackend factory returns correct type per storage_backend field |
unit | pytest tests/test_cloud.py::test_factory_returns_correct_backend -x |
✅ | ✅ green |
| 05-06-01 | 06 | 5 | CLOUD-04 | T-05-12 | Admin cannot see credentials_enc |
integration | pytest tests/test_cloud.py::test_admin_cannot_see_credentials -x |
✅ | ✅ green |
| 05-06-02 | 06 | 5 | CLOUD-01 | T-05-13 | Cross-user cloud connection access returns 404 | integration | pytest tests/test_cloud.py::test_cross_user_idor -x |
✅ | ✅ green |
Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky
Wave 0 Requirements
backend/tests/test_cloud.py— all CLOUD-01..07 tests + SSRF + IDOR + admin-block (27 tests, all green)backend/tests/test_cloud_backends.py— GoogleDriveBackend + OneDriveBackend structural tests (63 tests)backend/tests/test_cloud_utils.py— utility/helper testsbackend/tests/test_webdav_backend.py— WebDAV + Nextcloud backend tests (27 tests)
117 tests total across 4 cloud test files, all green.
Manual-Only Verifications
| Behavior | Requirement | Why Manual | Test Instructions |
|---|---|---|---|
| OAuth consent UI for Google Drive | CLOUD-01 | Requires real GCP app credentials + browser | Connect Google Drive from SettingsView Cloud Storage tab; verify OAuth consent screen appears; verify redirect back with success toast |
| OAuth consent UI for OneDrive | CLOUD-01 | Requires real Azure app registration + browser | Connect OneDrive from SettingsView; verify Microsoft OAuth consent; verify redirect back with success toast |
| Sidebar cloud node appearance | CLOUD-03 | Browser UI | After connecting a provider, verify it appears as a top-level sidebar node; expand to see cloud folders |
REQUIRES_REAUTH badge in UI |
CLOUD-05 | Simulated token revocation + browser | Manually set status='REQUIRES_REAUTH' in DB; verify SettingsView shows yellow badge + Reconnect button |
Validation Sign-Off
- All tasks have
<automated>verify or Wave 0 dependencies - Sampling continuity: no 3 consecutive tasks without automated verify
- Wave 0 covers all MISSING references
- No watch-mode flags
- Feedback latency < 90s
nyquist_compliant: trueset in frontmatter
Approval: 2026-05-30
Validation Audit 2026-05-30
| Metric | Count |
|---|---|
| Gaps found | 0 |
| Resolved | 0 |
| Escalated | 0 |
| Tests passing | 117 |
| Test files | 4 (test_cloud.py, test_cloud_backends.py, test_cloud_utils.py, test_webdav_backend.py) |
| Validation map rows | 13 |
| All rows green | ✅ yes |
All 13 validation map requirements were fully covered at audit time. No gaps, no escalations. Phase 5 is Nyquist-compliant.