curo1305
6.2 KiB
6.2 KiB
phase, slug, status, nyquist_compliant, wave_0_complete, created
| phase | slug | status | nyquist_compliant | wave_0_complete | created |
|---|---|---|---|---|---|
| 6.2 | close-v1-sharing-cloud-delete-csv-export-gaps | draft | false | false | 2026-05-31 |
Phase 6.2 — Validation Strategy
Per-phase validation contract for feedback sampling during execution.
Test Infrastructure
| Property | Value |
|---|---|
| Framework | pytest + pytest-asyncio (backend); Vitest (frontend) |
| Config file | backend/pytest.ini |
| Quick run command | cd backend && pytest tests/test_shares.py tests/test_audit.py tests/test_documents.py -x -q |
| Full suite command | cd backend && pytest -v |
| Estimated runtime | ~30 seconds |
Sampling Rate
- After every task commit: Run
cd backend && pytest tests/test_shares.py tests/test_audit.py tests/test_documents.py -x -q - After every plan wave: Run
cd backend && pytest -v - Before
/gsd:verify-work: Full suite must be green (excluding pre-existingtest_extractor.py::test_extract_docxModuleNotFoundError) - Max feedback latency: 30 seconds
Per-Task Verification Map
| Task ID | Plan | Wave | Requirement | Threat Ref | Secure Behavior | Test Type | Automated Command | File Exists | Status |
|---|---|---|---|---|---|---|---|---|---|
| SHARE-05-fix | 01 | 1 | SHARE-05 | — | is_shared drives badge (not share_count) |
unit | pytest tests/test_shares.py::test_share_indicator_in_owner_list -x |
✅ | ⬜ pending |
| SHARE-03-post | 01 | 1 | SHARE-03 | — | POST /api/shares respects permission field |
integration | pytest tests/test_shares.py::test_share_create_with_permission -x |
❌ W0 | ⬜ pending |
| SHARE-03-patch | 01 | 1 | SHARE-03 | T-IDOR | PATCH /api/shares/{id} changes permission | integration | pytest tests/test_shares.py::test_share_patch_permission -x |
❌ W0 | ⬜ pending |
| SHARE-03-idor | 01 | 1 | SHARE-03 | T-IDOR | PATCH wrong owner → 404 (not 403) | integration | pytest tests/test_shares.py::test_share_patch_idor -x |
❌ W0 | ⬜ pending |
| CLOUD-del-route | 02 | 1 | CLOUD-del | T-quota | delete_document routes to cloud backend for non-minio | integration | pytest tests/test_documents.py::test_delete_cloud_document_propagates -x |
❌ W0 | ⬜ pending |
| CLOUD-del-fail | 02 | 1 | CLOUD-del | T-cloud | Cloud delete failure returns structured JSON error | integration | pytest tests/test_documents.py::test_delete_cloud_document_failure -x |
❌ W0 | ⬜ pending |
| CLOUD-del-rm | 02 | 1 | CLOUD-del | T-quota | remove_only=true skips cloud, removes DB record only | integration | pytest tests/test_documents.py::test_delete_cloud_remove_only -x |
❌ W0 | ⬜ pending |
| AUDIT-handle | 03 | 2 | ADMIN-06 | — | Audit log response includes user_handle and actor_handle | integration | pytest tests/test_audit.py::test_audit_log_includes_user_handle -x |
❌ W0 | ⬜ pending |
| AUDIT-filter | 03 | 2 | ADMIN-06 | — | user_handle filter resolves to correct entries | integration | pytest tests/test_audit.py::test_audit_log_filter_by_handle -x |
❌ W0 | ⬜ pending |
| AUDIT-filter-empty | 03 | 2 | ADMIN-06 | — | unknown handle filter returns empty (not error) | integration | pytest tests/test_audit.py::test_audit_log_filter_unknown_handle -x |
❌ W0 | ⬜ pending |
| DAILY-list | 03 | 2 | ADMIN-06 | — | Daily exports list endpoint returns sorted keys | integration | pytest tests/test_audit.py::test_daily_exports_list -x |
❌ W0 | ⬜ pending |
| DAILY-dl | 03 | 2 | ADMIN-06 | T-path | Daily export download returns CSV bytes; date validated against regex | integration | pytest tests/test_audit.py::test_daily_export_download -x |
❌ W0 | ⬜ pending |
Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky
Wave 0 Requirements
tests/test_shares.py::test_share_create_with_permission— stubs for SHARE-03 POST permission fieldtests/test_shares.py::test_share_patch_permission— stubs for SHARE-03 PATCH endpointtests/test_shares.py::test_share_patch_idor— stubs for IDOR invariant on PATCHtests/test_documents.py::test_delete_cloud_document_propagates— stubs for cloud delete routingtests/test_documents.py::test_delete_cloud_document_failure— stubs for D-03 structured errortests/test_documents.py::test_delete_cloud_remove_only— stubs for D-02 remove_only pathtests/test_audit.py::test_audit_log_includes_user_handle— stubs for D-11 handle enrichmenttests/test_audit.py::test_audit_log_filter_by_handle— stubs for D-12 handle filtertests/test_audit.py::test_audit_log_filter_unknown_handle— stubs for D-12 empty resulttests/test_audit.py::test_daily_exports_list— stubs for D-15 listing endpointtests/test_audit.py::test_daily_export_download— stubs for D-16 streaming endpoint
Manual-Only Verifications
| Behavior | Requirement | Why Manual | Test Instructions |
|---|---|---|---|
| CSV export download via fetch+Blob triggers file save in browser | ADMIN-06 | Browser download behavior cannot be automated in pytest | Open admin panel, navigate to Audit Log tab, click "Export CSV", verify browser download dialog/file saved |
| Cloud delete failure warning modal UX | CLOUD-del | Modal interaction requires E2E framework | Delete a cloud document with a simulated provider failure; verify modal appears with "Remove from app" option |
| Daily export date dropdown populates and download triggers | ADMIN-06 | Frontend fetch+Blob download in browser | Open admin panel, verify date dropdown shows available exports, click Download, verify file saved |
| Share permission toggle visible per row in ShareModal | SHARE-03 | Vue component rendering | Open ShareModal for a document with active shares; verify view/edit toggle appears per row |
Validation Sign-Off
- All tasks have
<automated>verify or Wave 0 dependencies - Sampling continuity: no 3 consecutive tasks without automated verify
- Wave 0 covers all MISSING references
- No watch-mode flags
- Feedback latency < 30s
nyquist_compliant: trueset in frontmatter
Approval: pending