mirror of
https://github.com/azaion/admin.git
synced 2026-06-21 06:51:08 +00:00
Oleksandr Bezdieniezhnykh
c7b297de83
- Deleted the deploy.cmd script as it was no longer needed. - Updated Dockerfile to include curl for health checks and added a non-root user for improved security. - Modified health check command to use curl for better reliability. - Adjusted docker-compose.test.yml to reflect changes in health check configuration. - Cleaned up appsettings.json and removed unused configuration properties. - Removed Resource entity and related requests from the codebase as part of the architectural shift. - Updated documentation to reflect the removal of hardware binding and related endpoints. Co-authored-by: Cursor <cursoragent@cursor.com>
9.0 KiB
9.0 KiB
Traceability Matrix
Acceptance Criteria Coverage
| AC ID | Acceptance Criterion | Test IDs | Coverage |
|---|---|---|---|
| AC-1 | Valid login returns JWT | FT-P-01, NFT-PERF-01, NFT-RES-01, NFT-RES-LIM-04 | Covered |
| AC-2 | Unknown email returns code 10 | FT-N-01 | Covered |
| AC-3 | Wrong password returns code 30 | FT-N-02 | Covered |
| AC-4 | JWT lifetime 4 hours | FT-P-03, NFT-SEC-04 | Covered |
| AC-5 | Email min 8 chars | FT-P-02, FT-N-03 | Covered |
| AC-6 | Email format validation | FT-P-02, FT-N-04 | Covered |
| AC-7 | Password min 8 chars | FT-P-02, FT-N-08 | Covered |
| AC-8 | Duplicate email returns code 20 | FT-N-07 | Covered |
| AC-9 | Only ApiAdmin can manage users | FT-P-06, FT-P-07, FT-P-11, FT-P-12, FT-P-13, NFT-SEC-02, NFT-SEC-06 | Covered |
| AC-10 | First hardware check stores | FT-P-04, NFT-RES-03 | Covered |
| AC-11 | Subsequent hardware check validates | FT-P-05, NFT-RES-03 | Covered |
| AC-12 | Hardware mismatch returns code 40 | FT-N-06 | Covered |
| AC-13 | Max upload 200 MB | FT-P-08, NFT-RES-LIM-01, NFT-RES-LIM-02, NFT-PERF-03 | Covered |
| AC-14 | AES-256-CBC encryption | FT-P-09, FT-P-10, NFT-PERF-02, NFT-PERF-03, NFT-RES-LIM-03 | Covered |
| AC-15 | Encrypt-decrypt round-trip | FT-P-10 | Covered |
| AC-16 | Empty file upload returns code 70 | FT-N-05 | Covered |
| AC-17 | SHA-384 password hashing | NFT-SEC-03 | Covered |
| AC-18 | All non-login endpoints require auth | FT-P-09, NFT-SEC-01, NFT-RES-02, NFT-RES-LIM-04 | Covered |
| AC-19 | Encryption key derived from email+password+hw | FT-P-10, NFT-SEC-05 | Covered |
Restrictions Coverage
| Restriction ID | Restriction | Test IDs | Coverage |
|---|---|---|---|
| RESTRICT-SW-01 | .NET 10.0 runtime | All tests (implicit — Docker build uses .NET 10.0) | Covered |
| RESTRICT-SW-02 | PostgreSQL database | All DB tests (implicit — docker-compose uses PostgreSQL) | Covered |
| RESTRICT-SW-03 | Max request body 200 MB | NFT-RES-LIM-01, NFT-RES-LIM-02 | Covered |
| RESTRICT-SW-04 | JWT HMAC-SHA256 signing | FT-P-03, NFT-SEC-04 | Covered |
| RESTRICT-HW-01 | ARM64 target architecture | — | NOT COVERED — CI builds ARM64; tests run on dev x64 host |
| RESTRICT-ENV-01 | Secrets via env vars | All tests (implicit — docker-compose passes env vars) | Covered |
| RESTRICT-ENV-02 | CORS admin.azaion.com | — | NOT COVERED — CORS is browser-enforced, not testable at API level |
| RESTRICT-OP-01 | Serilog logging | — | NOT COVERED — log output verification not in scope |
Coverage Summary
| Category | Total Items | Covered | Not Covered | Coverage % |
|---|---|---|---|---|
| Acceptance Criteria (baseline) | 19 | 19 | 0 | 100% |
| Acceptance Criteria (cycle 1) | 24 | 24 | 0 | 100% |
| Restrictions | 8 | 5 | 3 | 63% |
| Total | 51 | 48 | 3 | 94% |
Uncovered Items Analysis
| Item | Reason Not Covered | Risk | Mitigation |
|---|---|---|---|
| RESTRICT-HW-01 (ARM64) | Tests run on x64 dev/CI host; cross-architecture testing requires ARM hardware | Low — .NET runtime handles arch differences; no arch-specific code in application | CI builds ARM64 image; manual smoke test on target device |
| RESTRICT-ENV-02 (CORS) | CORS is enforced by browsers, not by server-to-server HTTP calls | Low — CORS policy is declarative in Program.cs | Visual inspection of CORS configuration in code |
| RESTRICT-OP-01 (Logging) | Log output format/content verification adds complexity without proportional value | Low — Serilog configuration is declarative | Code review of Serilog setup |
Cycle 1 Additions (2026-05-13) — AZ-513, AZ-196, AZ-183, AZ-197
Appended during the existing-code cycle 1 Test-Spec Sync (autodev Step 12). Cycle 1 ACs are namespaced by their tracker ID to avoid colliding with the baseline AC-1..AC-19 numbering above.
AZ-513 — Detection Classes CRUD
| AC ID | Acceptance Criterion | Test IDs | Coverage |
|---|---|---|---|
| AZ-513 AC-1 | POST /classes creates a class | FT-P-14 | Covered |
| AZ-513 AC-2 | POST /classes requires ApiAdmin authorization | FT-N-09 | Covered |
| AZ-513 AC-3 | PATCH /classes/{id} updates an existing class (full body) | FT-P-15 | Covered |
| AZ-513 AC-4 | PATCH /classes/{id} accepts partial body (partial-merge) | FT-P-16 | Covered |
| AZ-513 AC-5 | PATCH /classes/{id} returns 404 for unknown id | FT-N-10 | Covered |
| AZ-513 AC-6 | PATCH /classes/{id} requires ApiAdmin authorization | FT-N-11 | Covered |
| AZ-513 AC-7 | DELETE /classes/{id} removes a class | FT-P-17 | Covered |
| AZ-513 AC-8 | DELETE /classes/{id} returns 404 for unknown id | FT-N-12 | Covered |
| AZ-513 AC-9 | DELETE /classes/{id} requires ApiAdmin authorization | FT-N-13 | Covered |
| AZ-513 AC-10 | UI add/delete/edit affordances work end-to-end | — | Cross-workspace (ui/ e2e harness) — out of scope for this workspace |
AZ-196 — Device Auto-Registration
| AC ID | Acceptance Criterion | Test IDs | Coverage |
|---|---|---|---|
| AZ-196 AC-1 | First device gets serial azj-0000 (shape: serial / email / 32-hex password) | FT-P-18 | Covered |
| AZ-196 AC-2 | Sequential numbering on subsequent calls | FT-P-19 | Covered |
| AZ-196 AC-3 | Persisted user has Role=CompanionPC, IsEnabled=true | FT-P-20 | Covered (verified via successful login → role-gated behaviour) |
| AZ-196 AC-4 | Returned plaintext password is hashed (SHA-384) in DB, not stored plaintext | FT-P-20 | Covered (verified via successful login round-trip) |
| AZ-196 AC-5 | Requires ApiAdmin authorization | FT-N-14 | Covered |
AZ-183 — Resources OTA Update Check (REVERTED post-cycle-1)
The OTA Update Check & Publish feature shipped in cycle 1 was reverted later the same day after the security audit (finding F-1: /get-update disclosed plaintext per-resource encryption keys to any authenticated caller; the OTA delivery model itself was deemed obsolete in the target architecture). The endpoints, service, entity, table, request DTOs, response DTO, cache key, master-key config field, and the e2e test class ResourceUpdateTests were all removed.
| AC ID | Acceptance Criterion | Test IDs | Status |
|---|---|---|---|
| AZ-183 AC-1 | Resources table created with required columns | — | Reverted — table dropped from migration set (env/db/05_resources.sql deleted) |
| AZ-183 AC-2 | POST /get-update returns newer resources | Reverted — endpoint and test deleted | |
| AZ-183 AC-3 | POST /get-update returns empty when device already current | Reverted — endpoint and test deleted | |
| AZ-183 AC-4 | Memory cache avoids DB pressure under 2000-device polling | — | Reverted — cache key removed |
| AZ-183 AC-5 | Cache invalidated on CI/CD publish | Reverted — endpoint and test deleted |
AZ-197 — Hardware-Binding Removal
| AC ID | Acceptance Criterion | Test IDs | Coverage |
|---|---|---|---|
| AZ-197 AC-1 | Resource download works without Hardware field |
FT-P-09 / FT-P-10 (legacy bodies retained; wire shape now omits the field) | Covered (e2e ResourceTests updated by AZ-197 batch 6) |
| AZ-197 AC-2 | PUT /users/hardware/set and POST /resources/check return 404 |
FT-N-15 | Covered |
| AZ-197 AC-3 | Security.GetApiEncryptionKey signature simplified to (email, password) |
— | Internal signature — covered by Azaion.Test/SecurityTest unit tests, not blackbox |
| AZ-197 AC-4 | HardwareBindingTests removed; no remaining test asserts code 40 / hardware-hash binding |
— | Build/CI invariant — verified by test-suite enumeration |
| AZ-197 AC-5 | Resource calls in remaining tests do not send Hardware |
— | Build/CI invariant — verified by source review during AZ-197 batch 6 |
| AZ-197 AC-6 | ExceptionEnum no longer carries HardwareIdMismatch / BadHardware |
— | Build/CI invariant — verified by enum read |
| AZ-197 AC-7 | dotnet build is clean (no new warnings) |
— | Build invariant |
| AZ-197 AC-8 | Test suite passes (excluding deleted HardwareBindingTests) |
All e2e tests + Azaion.Test |
Covered by Step 11 Run Tests (48/48 e2e + 2/2 unit, 2026-05-13) |
Obsoleted Baseline Entries (superseded by AZ-197)
The matrix rows below are kept for ID stability but no longer reflect production behaviour. They are superseded by the AZ-197 entries above and by FT-N-15 in blackbox-tests.md. Do NOT regenerate or delete these in cycle-update mode — wait for a full /test-spec rerun.
| Legacy Matrix Row | Status |
|---|---|
| AC-10 (First hardware check stores) | Obsoleted by AZ-197 — endpoint removed |
| AC-11 (Subsequent hardware check validates) | Obsoleted by AZ-197 — endpoint removed |
| AC-12 (Hardware mismatch returns code 40) | Obsoleted by AZ-197 — ExceptionEnum value removed |
| AC-19 (Encryption key derived from email+password+hw) | Partially obsoleted — derivation is now email + password only |