diff --git a/_docs/02_document/modules/tests_unit.md b/_docs/02_document/modules/tests_unit.md index e12be8e..c94f614 100644 --- a/_docs/02_document/modules/tests_unit.md +++ b/_docs/02_document/modules/tests_unit.md @@ -7,11 +7,11 @@ Unit test project for component-internal logic. Original AZ-2/AZ-3 era had only Existing baseline (pre-cycle-2) test classes cover `TileService`, `RegionService`, `RouteService`, geo math, repositories, validators, idempotency, and migration helpers — not enumerated exhaustively here. Cycle-2 additions: -### AZ-487 — JWT validation baseline -- `Authentication/AuthenticationServiceCollectionExtensionsTests` — `AddSatelliteJwt_RegistersJwtBearerScheme`, `AddSatelliteJwt_ThrowsOnMissingSecret`, `AddSatelliteJwt_ThrowsOnShortSecret`. -- `Authentication/JwtTokenFactoryTests` — `Create_ProducesTokenValidatedByMatchingParameters`, `CreateExpired_TokenFailsValidationWithLifetimeException`, `Create_WithExtraClaims_PropagatesClaimsThroughValidation`, `TamperSignature_TokenFailsValidationWithSignatureException`. -- `Authentication/AuthenticationServiceCollectionExtensionsTests` — covers `AddSatelliteJwt` registration + `TokenValidationParameters` shape (AZ-487, AZ-494). Includes AZ-494's fail-fast assertions: `AddSatelliteJwt_ThrowsOnMissingIssuer`, `AddSatelliteJwt_ThrowsOnEmptyIssuer`, `AddSatelliteJwt_ThrowsOnMissingAudience`, `AddSatelliteJwt_ThrowsOnEmptyAudience`, plus the updated `_ConfiguresTokenValidationParameters_AsPerContract` and `_PrefersEnvironmentVariableOverConfiguration` cases that assert `ValidateIssuer = true` + `ValidIssuer` + `ValidateAudience = true` + `ValidAudience`. -- `TestUtilities/JwtTokenFactory` — helper that mints HS256 tokens with the same `TokenValidationParameters` used in production. Adjusts `notBefore` for negative-lifetime requests so `JwtSecurityToken` accepts the value and downstream lifetime validation can fire (`IDX12401` workaround documented inline). +### AZ-487 + AZ-494 — JWT validation baseline + iss/aud +- `Authentication/AuthenticationServiceCollectionExtensionsTests` — covers `AddSatelliteJwt` registration + `TokenValidationParameters` shape across both AZs: + - AZ-487 baseline: `AddSatelliteJwt_RegistersJwtBearerScheme`, `AddSatelliteJwt_ThrowsOnMissingSecret`, `AddSatelliteJwt_ThrowsOnShortSecret`. + - AZ-494 extension: `AddSatelliteJwt_ThrowsOnMissingIssuer`, `_ThrowsOnEmptyIssuer`, `_ThrowsOnMissingAudience`, `_ThrowsOnEmptyAudience`, plus updated `_ConfiguresTokenValidationParameters_AsPerContract` and `_PrefersEnvironmentVariableOverConfiguration` asserting `ValidateIssuer = true` + `ValidIssuer` + `ValidateAudience = true` + `ValidAudience`. +- `Authentication/JwtTokenFactoryTests` — `Create_ProducesTokenValidatedByMatchingParameters`, `CreateExpired_TokenFailsValidationWithLifetimeException`, `Create_WithExtraClaims_PropagatesClaimsThroughValidation`, `TamperSignature_TokenFailsValidationWithSignatureException`. The factory itself lives in `SatelliteProvider.TestSupport` after AZ-491 (single source of truth); this project consumes it via `ProjectReference`. ### AZ-488 — UAV tile upload - `UavTileQualityGateTests` — one happy path + ≥ 1 reject path per rule (Rule 1 INVALID_FORMAT × 2, Rule 2 SIZE_OUT_OF_BAND × 2, Rule 3 WRONG_DIMENSIONS × 1, Rule 4 CAPTURED_AT_FUTURE / _TOO_OLD × 2, Rule 5 IMAGE_TOO_UNIFORM × 1) + rule-ordering determinism. Uses a `FixedTimeProvider` for Rule-4 isolation and `UavTileImageFactory` for deterministic JPEG fixtures. diff --git a/_docs/02_document/ripple_log_cycle3.md b/_docs/02_document/ripple_log_cycle3.md new file mode 100644 index 0000000..1da4633 --- /dev/null +++ b/_docs/02_document/ripple_log_cycle3.md @@ -0,0 +1,82 @@ +# Cycle 3 — Documentation Ripple Log + +**Cycle**: 3 (AZ-495 doc convention + AZ-496 ASP.NET Core 8.0.25 bump + AZ-491 consolidate JWT test helpers + AZ-493 integration test DB reset hook + AZ-492 perf harness PT-07/PT-08 + AZ-494 JWT iss/aud validation) +**Generated by**: `/document` skill (task mode) during autodev Step 13 (existing-code flow) +**Resolution method**: each cycle-3 batch performed inline doc updates during implementation. Step 13 cycle-update mode verified completeness against the per-task spec and against `grep` of every new symbol (`JwtTokenFactory` post-AZ-491, `IntegrationTestResetGuard`, `IntegrationTestDatabaseReset`, `PerfBootstrap`, `MintAuthenticated` / `MintExpired` / `ResolveIssuerOrThrow` / `ResolveAudienceOrThrow`, `ResolveRequiredOrThrow`, `JWT_ISSUER` / `JWT_AUDIENCE`, `SEC-12` / `SEC-13`). + +## Directly-changed source files (cycle 3) + +### Code (production) + +- `SatelliteProvider.Api/Authentication/AuthenticationServiceCollectionExtensions.cs` (AZ-494: iss/aud constants, fail-fast `ResolveRequiredOrThrow`, `ValidateIssuer=true`, `ValidateAudience=true`) +- `SatelliteProvider.Api/appsettings.json` (AZ-494: empty `Jwt.Issuer` + `Jwt.Audience` so prod fail-fast triggers) +- `SatelliteProvider.Api/appsettings.Development.json` (AZ-494: `DEV-ONLY-` prefixed placeholders so local dev works) +- `SatelliteProvider.Api/SatelliteProvider.Api.csproj` (AZ-496: `Microsoft.AspNetCore.Authentication.JwtBearer` 8.0.21 → 8.0.25; `Microsoft.AspNetCore.OpenApi` 8.0.21 → 8.0.25) + +### Code (test-side) + +- `SatelliteProvider.TestSupport/*` (AZ-491: new project; canonical `JwtTokenFactory`. AZ-493: new `IntegrationTestResetGuard`. AZ-494: `JwtTokenFactory.Create` + `.CreateExpired` gained optional iss/aud parameters) +- `SatelliteProvider.IntegrationTests/JwtTestHelpers.cs` (AZ-491: split runner-side concerns from the factory. AZ-494: added `ResolveIssuerOrThrow`, `ResolveAudienceOrThrow`, `MintAuthenticated`, `MintExpired`) +- `SatelliteProvider.IntegrationTests/IntegrationTestDatabaseReset.cs` (AZ-493: new — runner-side reset using the TestSupport guard) +- `SatelliteProvider.IntegrationTests/JwtIntegrationTests.cs` (AZ-491 + AZ-494: migrated to `MintAuthenticated`/`MintExpired`; added `WrongIssuer_Returns401` + `WrongAudience_Returns401`) +- `SatelliteProvider.IntegrationTests/UavUploadTests.cs` (AZ-491 + AZ-493 + AZ-494: migrated to `MintAuthenticated`; removed wall-clock coordinate offset workaround) +- `SatelliteProvider.IntegrationTests/Program.cs` (AZ-491 + AZ-492 + AZ-493 + AZ-494: bootstrap subcommand dispatch for `--mint-only`/`--gen-uav-fixture`; reset hook invocation; resolve secret+iss+aud at startup) +- `SatelliteProvider.IntegrationTests/PerfBootstrap.cs` (AZ-492: new — perf bootstrap subcommands for `--mint-only`/`--gen-uav-fixture`. AZ-494: mint flow also resolves iss+aud) +- `SatelliteProvider.IntegrationTests/SatelliteProvider.IntegrationTests.csproj` (AZ-491: `ProjectReference` to `SatelliteProvider.TestSupport`; removed `Microsoft.IdentityModel.JsonWebTokens` direct ref) +- `SatelliteProvider.IntegrationTests/Dockerfile` (AZ-491: copy `SatelliteProvider.TestSupport` project) +- `SatelliteProvider.Tests/Authentication/AuthenticationServiceCollectionExtensionsTests.cs` (AZ-494: 4 new fail-fast tests + updated existing tests; AZ-491: env-var save/restore pattern reused) +- `SatelliteProvider.Tests/TestSupport/IntegrationTestResetGuardTests.cs` (AZ-493: new — unit tests for the two-guard model) +- `SatelliteProvider.Tests/TestUtilities/JwtTokenFactory.cs` (AZ-491: deleted — duplicate of TestSupport) +- `SatelliteProvider.Tests/SatelliteProvider.Tests.csproj` (AZ-491: `ProjectReference` to `SatelliteProvider.TestSupport`; AZ-496 picked up the 8.0.25 bump transitively via the `ProjectReference` to `SatelliteProvider.Api`) +- `SatelliteProvider.sln` (AZ-491: registered `SatelliteProvider.TestSupport`) + +### Infrastructure / config + +- `.env.example` (AZ-494: documented `JWT_ISSUER` + `JWT_AUDIENCE` with fail-fast contract and DEV-ONLY example values) +- `docker-compose.yml` + `docker-compose.tests.yml` (AZ-494: `JWT_ISSUER` + `JWT_AUDIENCE` passed through to both `api` and `integration-tests` services. AZ-493: `INTEGRATION_TEST_DB_RESET` plumbed for the test runner) +- `scripts/run-tests.sh` (AZ-493: `--keep-state` flag + DB reset plumbing. AZ-494: `JWT_ISSUER` + `JWT_AUDIENCE` env-var loading + fail-fast checks) +- `scripts/run-performance-tests.sh` (AZ-492: pre-build, `--mint-only`/`--gen-uav-fixture` dispatch, PT-07 cold+warm distribution, PT-08 batch upload distribution, JWT attach across PT-01..PT-06. AZ-494: `JWT_ISSUER` + `JWT_AUDIENCE` loading and pass-through) + +### Skills / conventions + +- `.cursor/skills/new-task/SKILL.md` (AZ-495: doc folder convention formalised) +- `.cursor/skills/code-review/SKILL.md` (AZ-491: Phase 6 rule to prevent re-duplication of test helpers) + +## Documentation ripple + +### Architecture / module-level + +- `_docs/02_document/architecture.md` — JwtBearer version bump (AZ-496), token contract with `ValidateIssuer=true`/`ValidateAudience=true` (AZ-494), Security Architecture authentication paragraph (AZ-494). +- `_docs/02_document/module-layout.md` — `SatelliteProvider.TestSupport` module entry (AZ-491), `IntegrationTestResetGuard` (AZ-493), `PerfBootstrap` justification + image-fixture dependency rationale (AZ-492), package version bumps (AZ-496). +- `_docs/02_document/modules/api_program.md` — JWT authentication section (AZ-487 + AZ-494), package version bumps (AZ-496). +- `_docs/02_document/modules/tests_unit.md` — Consolidated `AuthenticationServiceCollectionExtensionsTests` entry covering AZ-487 + AZ-494; `TestSupport` project reference (AZ-491); transitive 8.0.25 (AZ-496). +- `_docs/02_document/modules/tests_integration.md` — `PerfBootstrap.cs` (AZ-492), `IntegrationTestDatabaseReset.cs` (AZ-493), `JwtTestHelpers` AZ-494 surface, AZ-494 new integration scenarios, env-var prerequisites. + +### Test specs + +- `_docs/02_document/tests/traceability-matrix.md` — Rows added for AZ-491 AC-1..AC-6, AZ-493 AC-1..AC-6, AZ-494 AC-1..AC-7 (AC-7 deferred ◐), AZ-495, AZ-496; PT-07/PT-08 rows updated to ✓; AZ-487 / AZ-484 perf NFR rows updated to reference the AZ-492 harness. +- `_docs/02_document/tests/security-tests.md` — SEC-12 (wrong iss → 401) and SEC-13 (wrong aud → 401) appended for AZ-494. +- `_docs/02_document/tests/performance-tests.md` — PT-07 (cold+warm) and PT-08 (batch p95) moved from "Deferred" to "Implemented (AZ-492)". +- `_docs/02_document/tests/environment.md` — Environment Variables table extended with `GOOGLE_MAPS_API_KEY`, `JWT_SECRET`, `JWT_ISSUER`, `JWT_AUDIENCE` (AZ-487, AZ-494), `INTEGRATION_TEST_DB_RESET` (AZ-493). + +### Security artefacts + +- `_docs/05_security/security_report.md` — F-AUTH-2 flipped to **RESOLVED cycle 3 (AZ-494)**; verdict reconciliation + recommendations updated. +- `_docs/05_security/owasp_review.md` — A07 status updated; residual "no token revocation list" recorded as a Low follow-up. + +### Process / metrics + +- `_docs/03_implementation/deploy_cycle2.md` — R3 follow-up note flipped to **RESOLVED in cycle 3 (AZ-494)**. +- `_docs/06_metrics/retro_2026-05-11_cycle2.md` — Action 2 (PT-07 leftover) marked **RESOLVED in cycle 3 (AZ-492)**. +- `_docs/_process_leftovers/2026-05-11_perf-pt07-harness.md` — Deleted (resolved by AZ-492). + +## Files NOT touched this cycle (by design) + +- `_docs/02_document/data_model.md` — no schema change. +- `_docs/02_document/contracts/api/uav-tile-upload.md` — public contract unchanged (AZ-494 is a token-validation change, transparent to consumers that already produce correct `iss` + `aud`). +- `_docs/02_document/components/03_tile_downloader/description.md` — no behavior change in the component. +- Per-component descriptions under `_docs/02_document/components/0[1-5]_*` — none of the cycle-3 tasks added new functional behavior at the component layer. + +## Open cross-repo doc ripple (AC-7 deferred) + +- `suite/_docs/10_auth.md` — AZ-494 AC-7 requires this doc (in the parent monorepo) to either name the production iss/aud values or note that satellite-provider validates them locally. This write is OUT OF SCOPE for satellite-provider's autodev (workspace-boundary rule). Documented in `deploy_cycle2.md` R3 follow-up. Will surface as a `_docs/_process_leftovers/` entry if the suite repo still needs the update after this autodev finishes. diff --git a/_docs/02_document/tests/environment.md b/_docs/02_document/tests/environment.md index 897379f..d5e7d3d 100644 --- a/_docs/02_document/tests/environment.md +++ b/_docs/02_document/tests/environment.md @@ -33,6 +33,11 @@ | ASPNETCORE_ENVIRONMENT | Development | API config mode | | ConnectionStrings__DefaultConnection | Host=postgres;Port=5432;... | DB connection | | MapConfig__ApiKey | (from host env) | Google Maps auth | +| GOOGLE_MAPS_API_KEY | (from `.env` or shell env) | Google Maps tile downloads (AZ-487 onward — required for any integration mode) | +| JWT_SECRET | (from `.env` or shell env; ≥ 32 bytes) | HS256 signing key shared by API + test runner (AZ-487); fail-fast at startup if missing | +| JWT_ISSUER | (from `.env` or shell env) | Expected `iss` claim (AZ-494); fail-fast at startup if missing. DEV-ONLY local value: `DEV-ONLY-iss-admin-azaion-local` | +| JWT_AUDIENCE | (from `.env` or shell env) | Expected `aud` claim (AZ-494); fail-fast at startup if missing. DEV-ONLY local value: `DEV-ONLY-aud-satellite-provider` | +| INTEGRATION_TEST_DB_RESET | `enabled` (default) / `skip` (set by `--keep-state`) | AZ-493 reset hook; `enabled` truncates test-table rows on runner start, `skip` preserves them for debugging | ## Test Execution diff --git a/_docs/02_document/tests/security-tests.md b/_docs/02_document/tests/security-tests.md index 1eb51db..5b0aa3d 100644 --- a/_docs/02_document/tests/security-tests.md +++ b/_docs/02_document/tests/security-tests.md @@ -86,3 +86,19 @@ The pre-AZ-487 assumption "no authentication" is superseded by these scenarios. **Pass criterion**: For every rejected item, `rejectDetails` matches `^[A-Za-z0-9 .,()<>=:%/-]{0,200}$` AND contains no path separator (`/` or `\`) followed by a directory name from the server image (`tiles`, `src`, `obj`, `bin`). **AC trace**: AZ-488 § Security NFR. +## SEC-12: Wrong `iss` Claim Returns 401 + +**Trigger**: Same request as SEC-05 carrying a JWT signed with the configured secret, with valid `exp` / `nbf` / signature, and with an `aud` claim matching `JWT_AUDIENCE` — but with `iss` set to `https://wrong-issuer.invalid/` (not equal to `JWT_ISSUER`). +**Precondition**: AZ-494 in place; API started with `JWT_ISSUER` + `JWT_AUDIENCE` env vars both populated (fail-fast contract). +**Expected**: HTTP 401 Unauthorized; no handler reached; no leaked detail in body. +**Pass criterion**: status == 401 AND response body contains no `iss` / `aud` value or internal exception detail. +**AC trace**: AZ-494 AC-1. + +## SEC-13: Wrong `aud` Claim Returns 401 + +**Trigger**: Same request as SEC-05 carrying a JWT signed with the configured secret, with valid `exp` / `nbf` / signature, and with `iss` matching `JWT_ISSUER` — but with `aud` set to `wrong-audience-not-satellite` (not equal to `JWT_AUDIENCE`). +**Precondition**: AZ-494 in place; API started with `JWT_ISSUER` + `JWT_AUDIENCE` env vars both populated. +**Expected**: HTTP 401 Unauthorized; no handler reached; no leaked detail in body. +**Pass criterion**: status == 401 AND response body contains no `iss` / `aud` value or internal exception detail. +**AC trace**: AZ-494 AC-2. + diff --git a/_docs/02_document/tests/traceability-matrix.md b/_docs/02_document/tests/traceability-matrix.md index 2c847c7..42d3bf9 100644 --- a/_docs/02_document/tests/traceability-matrix.md +++ b/_docs/02_document/tests/traceability-matrix.md @@ -56,13 +56,28 @@ | AZ-488 AC-8 | Oversized batch (> `MaxBatchSize`) returns 400 envelope error | RL-05 (resource-limit); `UavUploadTests.OversizedBatch_Returns400` (integration) | ✓ | | AZ-488 AC-9 | Contract `uav-tile-upload.md` v1.0.0 frozen and matches implementation | doc-state AC; verified by Step 13 (Update Docs) review | ✓ | | AZ-488 AC-10 | All existing tests + new AZ-487/AZ-488 tests pass; no AZ-484 regression | Full `scripts/run-tests.sh --full` run (cycle 2 Step 11 — passed) | ✓ | -| AZ-494 AC-1 | Wrong `iss` token returns 401 | `JwtIntegrationTests.WrongIssuer_Returns401` (integration) | ✓ | -| AZ-494 AC-2 | Wrong `aud` token returns 401 | `JwtIntegrationTests.WrongAudience_Returns401` (integration) | ✓ | +| AZ-494 AC-1 | Wrong `iss` token returns 401 | SEC-12 (blackbox); `JwtIntegrationTests.WrongIssuer_Returns401` (integration) | ✓ | +| AZ-494 AC-2 | Wrong `aud` token returns 401 | SEC-13 (blackbox); `JwtIntegrationTests.WrongAudience_Returns401` (integration) | ✓ | | AZ-494 AC-3 | Matching iss + aud accepted | `JwtIntegrationTests.ValidToken_Returns200_OnHealthyEndpoint` (integration; updated to mint via env iss/aud) | ✓ | | AZ-494 AC-4 | Missing config fails fast | `AuthenticationServiceCollectionExtensionsTests.AddSatelliteJwt_ThrowsOnMissingIssuer` + `_ThrowsOnEmptyIssuer` + `_ThrowsOnMissingAudience` + `_ThrowsOnEmptyAudience` (unit) | ✓ | | AZ-494 AC-5 | Existing tests pass with matched fixtures | Full integration suite reruns at Step 16 with `JwtTestHelpers.MintAuthenticated` (auto-fills iss/aud from env) | ✓ (gate verified at Step 16) | | AZ-494 AC-6 | Security artifacts updated (F-AUTH-2 → Resolved) | `_docs/05_security/security_report.md` + `owasp_review.md` updated this batch | ✓ | | AZ-494 AC-7 | Suite contract reflects reality | `suite/_docs/10_auth.md` lives outside this workspace; this cycle's deploy report documents that satellite-provider validates iss/aud locally and the prod values are admin-team-confirmed at deploy time | ◐ deferred (cross-repo write) | +| AZ-491 AC-1 | Single source of truth — only one `JwtTokenFactory` exists in source | Structural: repo-wide grep returns exactly `SatelliteProvider.TestSupport/JwtTokenFactory.cs`; the legacy `SatelliteProvider.Tests/TestUtilities/JwtTokenFactory.cs` was deleted in batch 02 | ✓ | +| AZ-491 AC-2 | Existing integration tests pass unchanged | Full integration suite at Step 11 (`./scripts/run-tests.sh --full`) — all green | ✓ | +| AZ-491 AC-3 | Existing unit tests pass unchanged | Unit suite at Step 11 (Step 1 of `run-tests.sh`) — all green | ✓ | +| AZ-491 AC-4 | Runner-side concerns preserved in `JwtTestHelpers` (env reads, HttpClient mutation stay in IntegrationTests) | Structural: `JwtTokenFactory` (pure) in TestSupport; `JwtTestHelpers` (side-effectful) in IntegrationTests — documented in `module-layout.md` | ✓ | +| AZ-491 AC-5 | Cycle-2 fixes remain effective (AZ-487/AZ-488 token-validation invariants preserved) | Integration scenarios `JwtIntegrationTests.AnonymousRequest_*`, `_ExpiredToken_Returns401`, `_InvalidSignature_Returns401`, `_ValidToken_Returns200_OnHealthyEndpoint`, `UavUploadTests.*` — all migrated to `MintAuthenticated` and still PASS at Step 11 | ✓ | +| AZ-491 AC-6 | Code-review rule lands to prevent re-duplication | `.cursor/skills/code-review/SKILL.md` Phase 6 rule added in batch 02 (Cycle-3 review SKILL update) | ✓ | +| AZ-493 AC-1 | Empty-state on startup — no leftover rows from previous run | `IntegrationTestDatabaseReset.ResetAsync` invoked at runner start; uniqueness assumptions in `UavUploadTests` (`source='uav'` rows per coordinate) hold without the wall-clock workaround | ✓ | +| AZ-493 AC-2 | Wallclock workaround no longer needed | Structural: `UavUploadTests` no longer offsets coordinates by `DateTime.UtcNow.Ticks % …` to dodge stale rows; coordinates are now deterministic per scenario | ✓ | +| AZ-493 AC-3 | Opt-out preserves state (`--keep-state` flag skips reset) | `scripts/run-tests.sh` parses `--keep-state`, sets `INTEGRATION_TEST_DB_RESET=skip`, and `Program.cs` honours that env var | ✓ | +| AZ-493 AC-4 | Reset only fires in test environment (two-guard model) | Unit: `IntegrationTestResetGuardTests` (env sentinel + Host allowlist `postgres`/`localhost`/`127.0.0.1`; production-shape hostnames rejected) | ✓ | +| AZ-493 AC-5 | Documentation reflects new convention | doc-state AC — `_docs/02_document/module-layout.md` + `_docs/02_document/modules/tests_integration.md` updated in batch 03 | ✓ | +| AZ-493 AC-6 | Existing tests pass unchanged | Full integration suite at Step 11 — all green | ✓ | +| AZ-495 AC-1..AC-N | Doc folder convention formalized | doc-state AC — `.cursor/skills/new-task/SKILL.md` updated in batch 01; `_docs/02_document/module-layout.md` carries the convention | ✓ | +| AZ-496 AC-1 | `Microsoft.AspNetCore.Authentication.JwtBearer` bumped 8.0.21 → 8.0.25 in `SatelliteProvider.Api.csproj` | Structural: csproj diff visible in batch 01 commit; transitive update propagates to `Tests.csproj` via `ProjectReference` | ✓ | +| AZ-496 AC-2..AC-N | Suite still green at the new version | Full unit + integration suite at Step 11 — all green; SEC-05..SEC-11 + AZ-494 AC-1/AC-2 (which depend on `JwtBearer`) all PASS | ✓ | ## Restrictions → Test Mapping diff --git a/_docs/_autodev_state.md b/_docs/_autodev_state.md index abbefc6..a305d1b 100644 --- a/_docs/_autodev_state.md +++ b/_docs/_autodev_state.md @@ -2,13 +2,13 @@ ## Current Step flow: existing-code -step: 10 -name: Implement +step: 13 +name: Update Docs status: completed sub_step: - phase: 16 - name: full-test-suite-passed - detail: "Step 16 PASS: ./scripts/run-tests.sh --full green. 5 batches landed (AZ-495+AZ-496, AZ-491, AZ-493, AZ-492, AZ-494). 2 cumulative reviews: 01-03 + 04-05 both PASS_WITH_WARNINGS. AZ-494 AC-1/2 wrong-iss/wrong-aud assertions both PASS in integration log line 650/653. 4 new fail-fast unit tests PASS. Cycle 3 implementation complete." + phase: 5 + name: ripple-log-written + detail: "Step 11 PASS (full suite via Implement gate, log /tmp/run-tests-cycle3-step16.log). Step 12 PASS — cycle-update mode appended traceability rows for AZ-491/AZ-493/AZ-495/AZ-496 + AZ-494 SEC-12/SEC-13 cross-refs; SEC-12 + SEC-13 scenarios added to security-tests.md; environment.md env-var table extended with JWT_*/INTEGRATION_TEST_DB_RESET. Step 13 PASS — most module/architecture/security docs were updated inline during batches; consolidated stale tests_unit.md duplicate AuthenticationServiceCollectionExtensionsTests entry; produced ripple_log_cycle3.md. Next: Step 14 (Security Audit, optional gate)." retry_count: 0 cycle: 3 tracker: jira