223 lines
10 KiB
JSON
223 lines
10 KiB
JSON
{
|
|
"module": "authority",
|
|
"featureCount": 13,
|
|
"summary": {
|
|
"passed": 13,
|
|
"failed": 0,
|
|
"blocked": 0,
|
|
"done": 13
|
|
},
|
|
"buildNote": "Baseline: 14 test projects, 861 total tests (Authority.Core.Tests=46, Authority.Persistence.Tests=75, Authority.Timestamping.Tests=16, Authority.Timestamping.Abstractions.Tests=16, Authority.ConfigDiff.Tests=5, Authority.Tests=317, Auth.Abstractions.Tests=103, Auth.Client.Tests=28, Auth.ServerIntegration.Tests=27, Authority.Plugin.Ldap.Tests=75, Authority.Plugin.Oidc.Tests=44, Authority.Plugin.Saml.Tests=38, Authority.Plugin.Standard.Tests=39, Authority.Plugins.Abstractions.Tests=32). All 861 tests pass.",
|
|
"features": {
|
|
"authority-identity-provider-registry": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/authority-identity-provider-registry/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Registry indexes providers, aggregates capabilities, AcquireAsync returns scoped instances, duplicate handling, selector routes by parameter. 7 targeted tests all pass."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/authority-identity-provider-registry.md"
|
|
},
|
|
"authority-module-with-oidc-oauth2-dpop-mtls": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/authority-module-with-oidc-oauth2-dpop-mtls/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Full OIDC/OAuth2 flows with DPoP, mTLS, client credentials, password grant, refresh tokens, revocation, discovery, tamper inspection. 50+ targeted tests."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/authority-module-with-oidc-oauth2-dpop-mtls.md"
|
|
},
|
|
"authority-plugin-system": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/authority-plugin-system/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Plugin loader, 5 concrete plugins (Standard=39, LDAP=75, OIDC=44, SAML=38 tests), assembly discovery, registration lifecycle. 196+ tests."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/authority-plugin-system.md"
|
|
},
|
|
"authority-sealed-mode-evidence-validator": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/authority-sealed-mode-evidence-validator/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Evidence freshness validation, missing file handling, stale evidence detection, airgap audit endpoints, offline kit audit. Meaningful assertions with specific failure codes."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/authority-sealed-mode-evidence-validator.md"
|
|
},
|
|
"cli-dpop-bound-authentication": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/cli-dpop-bound-authentication/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"28 Auth.Client tests cover DPoP proof generation, token binding, file/inmemory/messaging caches, bearer token handler, auth modes. Server-side DPoP validation in Authority.Tests."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/cli-dpop-bound-authentication.md"
|
|
},
|
|
"ldap-plugin-with-claims-enrichment-and-client-provisioning": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"75 dedicated LDAP plugin tests: claims enrichment, client provisioning, capability probing, DN parsing, credential store, TLS, resilience, security, metrics."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/ldap-plugin-with-claims-enrichment-and-client-provisioning.md"
|
|
},
|
|
"local-rbac-policy-fallback-with-break-glass-access": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/local-rbac-policy-fallback-with-break-glass-access/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"File-based policy store, role inheritance, subject lifecycle, break-glass configuration, fallback mode transitions, Postgres-backed primary store."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/local-rbac-policy-fallback-with-break-glass-access.md"
|
|
},
|
|
"multi-tenant-scope-based-authorization": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/multi-tenant-scope-based-authorization/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"130+ tests: scope definitions, authorization policies, tenant header filter, tenant catalog, tenant repository. 103 abstractions + 27 server integration tests."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/multi-tenant-scope-based-authorization.md"
|
|
},
|
|
"pack-rbac-roles-and-cli-profiles": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/pack-rbac-roles-and-cli-profiles/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Pack scope definitions, AddPacksResourcePolicies, RequireScope/RequireAnyScope extensions, CLI profile configuration, per-profile token caching."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/pack-rbac-roles-and-cli-profiles.md"
|
|
},
|
|
"plugin-sdk-plugin-architecture": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/plugin-sdk-plugin-architecture/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"32 SDK abstractions tests + plugin loader tests. Plugin contracts, registration context, credential audit, secret hasher, client metadata keys. 5 concrete registrars."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/plugin-sdk-plugin-architecture.md"
|
|
},
|
|
"postgres-backend-store-prototype-for-authority-tokens": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/postgres-backend-store-prototype-for-authority-tokens/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"75 persistence tests + adapter tests. Token CRUD, refresh token rotation, InMemory parity, session persistence, EF Core migrations, ID generation, clock integration."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/postgres-backend-store-prototype-for-authority-tokens.md"
|
|
},
|
|
"rfc-3161-tsa-client-for-ci-cd-timestamping": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/rfc-3161-tsa-client-for-ci-cd-timestamping/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"32 tests: ASN.1 encoding/decoding, token verification, provider registry with priority/health, response caching, abstraction contracts. CI/CD hooks documented as planned enhancements."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/rfc-3161-tsa-client-for-ci-cd-timestamping.md"
|
|
},
|
|
"trust-root-and-certificate-chain-verification": {
|
|
"status": "done",
|
|
"tier": 2,
|
|
"evidence": "docs/qa/feature-checks/runs/authority/trust-root-and-certificate-chain-verification/run-001/tier2-integration-check.json",
|
|
"notes": [
|
|
"Token verifier with imprint/nonce mismatch detection, key rotation with JWKS continuity, RSA sign/verify roundtrip, KMS and file key sources, DSSE signing."
|
|
],
|
|
"retryCount": 0,
|
|
"sourceVerified": true,
|
|
"buildVerified": true,
|
|
"e2eVerified": true,
|
|
"skipReason": null,
|
|
"lastRunId": "run-001",
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z",
|
|
"featureFile": "docs/features/checked/authority/trust-root-and-certificate-chain-verification.md"
|
|
}
|
|
},
|
|
"lastUpdatedUtc": "2026-02-13T00:00:00Z"
|
|
}
|