mirror of
https://github.com/azaion/annotations.git
synced 2026-06-21 14:41:05 +00:00
Oleksandr Bezdieniezhnykh
90d48cf3c0
C01 (JWKS HTTPS env gate, src/Auth/JwtExtensions.cs) Gate HttpDocumentRetriever.RequireHttps on ASPNETCORE_ENVIRONMENT != "E2ETest" (case-insensitive). HTTPS is still enforced for Development, Staging, Production, and any unset value. Test harness can now serve JWKS over plain HTTP via the mock issuer documented in _docs/02_document/tests/environment.md. C02 (RabbitMQ host DNS resolution, src/Services/FailsafeProducer.cs) Resolve RABBITMQ_HOST via DNS when the value is not a literal IP. Adds ResolveHostAddress(host, ct) helper that uses IPAddress.TryParse first, then Dns.GetHostAddressesAsync. Fixes a latent production bug (operators using a DNS hostname like "rabbitmq" or "broker.internal" got a FormatException at startup) and unblocks the e2e Docker test harness where the broker is reachable only via service-name DNS. Review report: _docs/03_implementation/reviews/batch_01_review.md Verdict PASS_WITH_WARNINGS (1 Low/Maintainability finding, documented as deferred to Step 8 hardening). Tracker IDs are placeholders — Jira MCP unavailable. Real IDs to be assigned per _docs/_process_leftovers/2026-05-14_testability-tracker.md. Co-authored-by: Cursor <cursoragent@cursor.com>
36 lines
2.4 KiB
Markdown
36 lines
2.4 KiB
Markdown
# Autodev State
|
|
|
|
## Current Step
|
|
flow: existing-code
|
|
step: 4
|
|
name: Code Testability Revision
|
|
status: in_progress
|
|
sub_step:
|
|
phase: 4
|
|
name: phase-4-implementation-runner
|
|
detail: "review PASS_WITH_WARNINGS; commit pending"
|
|
retry_count: 0
|
|
cycle: 1
|
|
tracker: local
|
|
|
|
## Completed Steps
|
|
- step: 1
|
|
name: Document
|
|
status: completed
|
|
- step: 2
|
|
name: Architecture Baseline Scan
|
|
status: completed
|
|
outcome: "PASS_WITH_WARNINGS — 0 Critical, 0 High, 1 Medium (RB-08 logical coupling), 2 Low (RB-06 ClassesController, accepted-debt FailsafeProducer.EnqueueAsync)"
|
|
- step: 3
|
|
name: Test Spec
|
|
status: completed
|
|
outcome: "67 scenarios authored across 6 test-spec files; coverage 88% (40/45 active items, 6 RB-deferred, 5 truly uncovered with documented reasons); Docker-only execution; scripts/run-tests.sh + scripts/run-performance-tests.sh + e2e/docker-compose.test.yml + e2e/seed/run.sh produced and syntactically valid"
|
|
|
|
## Mid-step adjustments
|
|
- 2026-05-14: targeted auth + CORS re-sync triggered by codebase drift discovered at Step 4 entry.
|
|
- Detected: AuthController + TokenService removed; JwtExtensions switched from HS256 symmetric to ES256 over admin's JWKS; ConfigurationResolver and CorsConfigurationValidator added in src/Infrastructure/.
|
|
- User-chosen path: Option A — targeted re-sync, then continue to Step 4 proper.
|
|
- Files touched (19): _docs/02_document/architecture.md, module-layout.md (already aligned), system-flows.md, glossary.md, FINAL_report.md, 04_verification_log.md, architecture_compliance_baseline.md, 00_discovery.md, modules/auth-identity.md (already aligned), modules/composition-program.md (already aligned), deployment/environment_strategy.md (already aligned); _docs/00_problem/problem.md, restrictions.md, acceptance_criteria.md, security_approach.md (already aligned), input_data/data_parameters.md, input_data/expected_results/results_report.md; _docs/01_solution/solution.md; _docs/02_document/tests/blackbox-tests.md, security-tests.md, traceability-matrix.md, test-data.md, environment.md; e2e/docker-compose.test.yml; e2e/seed/run.sh.
|
|
- ADR-002 and ADR-006 marked RETIRED. SEC-01, SEC-02, SEC-03 marked Closed. Refactor Backlog unaffected.
|
|
- One new testability open risk recorded in architecture.md (Open Risks §6): JWKS HTTPS-only retrieval blocks plain-HTTP test harness; resolution is `ASPNETCORE_ENVIRONMENT=E2ETest` + relaxed `RequireHttps` for tests, never in production.
|