mirror of
https://github.com/azaion/annotations.git
synced 2026-06-21 12:11:06 +00:00
Oleksandr Bezdieniezhnykh
90d48cf3c0
C01 (JWKS HTTPS env gate, src/Auth/JwtExtensions.cs) Gate HttpDocumentRetriever.RequireHttps on ASPNETCORE_ENVIRONMENT != "E2ETest" (case-insensitive). HTTPS is still enforced for Development, Staging, Production, and any unset value. Test harness can now serve JWKS over plain HTTP via the mock issuer documented in _docs/02_document/tests/environment.md. C02 (RabbitMQ host DNS resolution, src/Services/FailsafeProducer.cs) Resolve RABBITMQ_HOST via DNS when the value is not a literal IP. Adds ResolveHostAddress(host, ct) helper that uses IPAddress.TryParse first, then Dns.GetHostAddressesAsync. Fixes a latent production bug (operators using a DNS hostname like "rabbitmq" or "broker.internal" got a FormatException at startup) and unblocks the e2e Docker test harness where the broker is reachable only via service-name DNS. Review report: _docs/03_implementation/reviews/batch_01_review.md Verdict PASS_WITH_WARNINGS (1 Low/Maintainability finding, documented as deferred to Step 8 hardening). Tracker IDs are placeholders — Jira MCP unavailable. Real IDs to be assigned per _docs/_process_leftovers/2026-05-14_testability-tracker.md. Co-authored-by: Cursor <cursoragent@cursor.com>
2.4 KiB
2.4 KiB
Autodev State
Current Step
flow: existing-code step: 4 name: Code Testability Revision status: in_progress sub_step: phase: 4 name: phase-4-implementation-runner detail: "review PASS_WITH_WARNINGS; commit pending" retry_count: 0 cycle: 1 tracker: local
Completed Steps
- step: 1 name: Document status: completed
- step: 2 name: Architecture Baseline Scan status: completed outcome: "PASS_WITH_WARNINGS — 0 Critical, 0 High, 1 Medium (RB-08 logical coupling), 2 Low (RB-06 ClassesController, accepted-debt FailsafeProducer.EnqueueAsync)"
- step: 3 name: Test Spec status: completed outcome: "67 scenarios authored across 6 test-spec files; coverage 88% (40/45 active items, 6 RB-deferred, 5 truly uncovered with documented reasons); Docker-only execution; scripts/run-tests.sh + scripts/run-performance-tests.sh + e2e/docker-compose.test.yml + e2e/seed/run.sh produced and syntactically valid"
Mid-step adjustments
- 2026-05-14: targeted auth + CORS re-sync triggered by codebase drift discovered at Step 4 entry.
- Detected: AuthController + TokenService removed; JwtExtensions switched from HS256 symmetric to ES256 over admin's JWKS; ConfigurationResolver and CorsConfigurationValidator added in src/Infrastructure/.
- User-chosen path: Option A — targeted re-sync, then continue to Step 4 proper.
- Files touched (19): _docs/02_document/architecture.md, module-layout.md (already aligned), system-flows.md, glossary.md, FINAL_report.md, 04_verification_log.md, architecture_compliance_baseline.md, 00_discovery.md, modules/auth-identity.md (already aligned), modules/composition-program.md (already aligned), deployment/environment_strategy.md (already aligned); _docs/00_problem/problem.md, restrictions.md, acceptance_criteria.md, security_approach.md (already aligned), input_data/data_parameters.md, input_data/expected_results/results_report.md; _docs/01_solution/solution.md; _docs/02_document/tests/blackbox-tests.md, security-tests.md, traceability-matrix.md, test-data.md, environment.md; e2e/docker-compose.test.yml; e2e/seed/run.sh.
- ADR-002 and ADR-006 marked RETIRED. SEC-01, SEC-02, SEC-03 marked Closed. Refactor Backlog unaffected.
- One new testability open risk recorded in architecture.md (Open Risks §6): JWKS HTTPS-only retrieval blocks plain-HTTP test harness; resolution is
ASPNETCORE_ENVIRONMENT=E2ETest+ relaxedRequireHttpsfor tests, never in production.