 Oleksandr Bezdieniezhnykh
|
bc04ba7f99
|
[AZ-794] [AZ-795] [AZ-796] Cycle 7 Steps 12-15 sync (test-spec / docs / security / perf)
Step 12 (Test-Spec Sync): adds BT-27 for the AZ-796 9-rule
validation surface and 12 cycle-7 AC rows + Coverage Summary
update to traceability-matrix.md.
Step 13 (Update Docs): module-layout + module docs for the new
SatelliteProvider.Api/Validators namespace + GlobalExceptionHandler
+ updated TileInventory DTO; tests_unit + tests_integration
document the new InventoryRequestValidatorTests (16 unit tests
covering all 9 rules) + TileInventoryValidationTests (16
integration tests) + ProblemDetailsAssertions support;
glossary entries for Validation Problem Details / FluentValidation
/ Unmapped Member Handling; system-flows F8 (Tile Inventory Bulk
Lookup) expanded with deserializer + validator gates and a 13-row
Validation Surface table; data_parameters § Tile Inventory
documents the v2 input schema + constraints; ripple_log_cycle7
captures the doc-side ripple decisions.
Step 14 (Security Audit): 5-phase audit ran; verdict
PASS_WITH_WARNINGS (3 Low findings — D-AZ795-1 FluentValidation
12.0.0 -> 12.1.1 recommended bump, F-AZ795-1 JsonException.Message
leak in 400 detail, F-AZ795-2 BadHttpRequestException.Message leak).
No Critical / High; auth runs before validation (confirmed in
Program.cs); two NuGet additions (FluentValidation 12.0.0 +
.DependencyInjectionExtensions 12.0.0) both CVE-clean. Per-phase
reports plus consolidated security_report_cycle7.md.
Step 15 (Performance Test): docker compose stack used for perf
run, scripts/run-performance-tests.sh exited 0 with 8/8 scenarios
PASS (second consecutive clean exit-0); added PT-09 cycle-7 smoke
probe (v2 z/x/y schema, 2500-tile all-miss batch) measuring
min=27ms median=44ms p95=73ms max=86ms (13.7x under AZ-505 AC-4
1000ms budget). PT-07/08 improvements traced to the cycle-6 TLS
handshake-overhead identification, not application-side change.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-22 11:24:27 +03:00 |
|
|
Oleksandr Bezdieniezhnykh
|
5d84d2839e
|
[AZ-505] Test-spec sync + task-mode doc updates for cycle 6
ci/woodpecker/push/01-test Pipeline was successful
ci/woodpecker/push/02-build-push Pipeline was successful
Step 12 (Test-Spec Sync, cycle-update mode):
- blackbox-tests.md: append BT-23..BT-26 for AZ-505's new
observable behaviors (inventory order/shape; leaflet
most-recent via location_hash; HTTP/2 multiplex over TLS+ALPN;
request validation).
- performance-tests.md: append PT-09 (inventory p95 ≤ 1000ms /
2500 tiles); records cycle-6 measured p95=66ms; documents
promotion path to scripts/run-performance-tests.sh if budget
ever tightens.
- traceability-matrix.md: resolve the 5 AZ-503 deferrals
(AC-5/6/9/10/12) by pointing at AZ-505 test names + add 7
AZ-505 AC rows (AC-1..AC-7) + bump totals (90 -> 94 tests,
56/56 -> 63/63 in-scope) + add cycle-6 coverage shape notes
(budget relaxation rationale, voting-filter deferral note,
TLS+ALPN pivot, NFR propagation).
Step 13 (Update Docs, task mode):
- common_dtos.md: add 5 new TileInventory DTOs.
- common_interfaces.md: add ITileService.GetInventoryAsync.
- services_tile_service.md: document TileService.GetInventoryAsync
steps + the XOR-validation-in-handler note.
- dataaccess_migrator.md: bump migration count 14 -> 15;
describe migration 015 (AZ-505 leaflet covering index, lock
window, INCLUDE-list trade-off).
- system-flows.md: add F7 (Leaflet Tile Serving, AZ-310 +
AZ-505 location_hash rewire + TLS+ALPN) and F8 (Tile
Inventory Bulk Lookup) with sequence diagrams, validation
surface, and AC-4 perf evidence. Update Flow Inventory +
Dependencies tables accordingly.
- glossary.md: add "Tile Inventory" entry pointing at the
v1.0.0 contract.
- ripple_log_cycle6.md: new file — exhaustive reverse-dependency
analysis confirms zero stale downstream module docs.
Advance autodev state from step 11 -> 14 (skipping 12+13 as
completed in this commit; auto-chain through Step 14 = Security
Audit optional gate).
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-12 22:29:22 +03:00 |
|
|
Oleksandr Bezdieniezhnykh
|
b0fffa6d42
|
[AZ-284] Autodev baseline + testability refactor
Phase A baseline outputs from /autodev (Steps 1-5):
- Problem & solution docs (_docs/00_problem, _docs/01_solution)
- Codebase documentation (_docs/02_document) incl. architecture,
module-layout, glossary, system-flows, baseline compliance scan
- Test specs (blackbox, performance, resilience, security, resource,
traceability matrix)
- Test task decomposition (_docs/02_tasks/todo): AZ-285..AZ-290
- Testability refactor (_docs/04_refactoring/01-testability-refactoring):
- TC-01 Move DownloadedTileInfoV2 + new ExistingTileInfo to Common.DTO
- TC-02 Replace dead ISatelliteDownloader API with real signatures
- TC-03 GoogleMapsDownloaderV2 implements ISatelliteDownloader
- TC-04 TileService depends on ISatelliteDownloader (mockable)
- TC-05 DI + endpoints use ISatelliteDownloader
- Test runner scripts (scripts/run-tests.sh, run-performance-tests.sh)
- Autodev state pointer (_docs/_autodev_state.md)
Prepares the codebase for AZ-285..AZ-290 unit/integration test work.
Co-authored-by: Cursor <cursoragent@cursor.com>
|
2026-05-10 04:44:08 +03:00 |
|