Sprint 04 Validation Checklist
Run these checks from an active X11 user session.
Automated Baseline
cargo test --workspace./examples/validate-sprint-04.sh
Expected:
- All tests pass.
- Daemon survives restart loop and remains reachable over IPC.
Interactive Challenge Loop
GARCARD_SPRINT04_BACKEND=polkit ./examples/validate-sprint-04.sh- Complete two
pkcheckprompts (cancel/deny/success combinations).
Expected:
- Prompt appears for challenge actions.
garcardctl auth-summaryupdates and remains responsive across iterations.
Daemon Restart During Active Prompt
- Preferred automated execution:
./examples/validate-sprint-04-runtime.sh
- Manual fallback:
- start daemon with
GARCARD_AGENT_BACKEND=polkit - trigger
pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run - while prompt is visible, issue
garcardctl quit, relaunch daemon, and retry probe.
- start daemon with
Expected:
- Active prompt interruption does not wedge daemon state.
- Relaunched daemon accepts new requests with clean
auth-summary.
Session Shutdown/Logout Race
- Preferred automated execution:
./examples/validate-sprint-04-runtime.sh
- Manual fallback:
- start daemon with debug logs
- trigger auth prompt
- send
SIGTERMto daemon PID while request is active - relaunch daemon and confirm
garcardctl status.
Expected:
- Daemon exits cleanly without stale socket.
- Relaunch succeeds without manual socket cleanup.
Security Spot Checks
- Verify secret response handling does not log plaintext values.
- Confirm IPC control socket mode remains owner-only in production (
600). - Validate only same-UID peers can control daemon IPC.
View source
| 1 | # Sprint 04 Validation Checklist |
| 2 | |
| 3 | Run these checks from an active X11 user session. |
| 4 | |
| 5 | ## Automated Baseline |
| 6 | 1. `cargo test --workspace` |
| 7 | 2. `./examples/validate-sprint-04.sh` |
| 8 | |
| 9 | Expected: |
| 10 | 1. All tests pass. |
| 11 | 2. Daemon survives restart loop and remains reachable over IPC. |
| 12 | |
| 13 | ## Interactive Challenge Loop |
| 14 | 1. `GARCARD_SPRINT04_BACKEND=polkit ./examples/validate-sprint-04.sh` |
| 15 | 2. Complete two `pkcheck` prompts (cancel/deny/success combinations). |
| 16 | |
| 17 | Expected: |
| 18 | 1. Prompt appears for challenge actions. |
| 19 | 2. `garcardctl auth-summary` updates and remains responsive across iterations. |
| 20 | |
| 21 | ## Daemon Restart During Active Prompt |
| 22 | 1. Preferred automated execution: |
| 23 | - `./examples/validate-sprint-04-runtime.sh` |
| 24 | 2. Manual fallback: |
| 25 | - start daemon with `GARCARD_AGENT_BACKEND=polkit` |
| 26 | - trigger `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run` |
| 27 | - while prompt is visible, issue `garcardctl quit`, relaunch daemon, and retry probe. |
| 28 | |
| 29 | Expected: |
| 30 | 1. Active prompt interruption does not wedge daemon state. |
| 31 | 2. Relaunched daemon accepts new requests with clean `auth-summary`. |
| 32 | |
| 33 | ## Session Shutdown/Logout Race |
| 34 | 1. Preferred automated execution: |
| 35 | - `./examples/validate-sprint-04-runtime.sh` |
| 36 | 2. Manual fallback: |
| 37 | - start daemon with debug logs |
| 38 | - trigger auth prompt |
| 39 | - send `SIGTERM` to daemon PID while request is active |
| 40 | - relaunch daemon and confirm `garcardctl status`. |
| 41 | |
| 42 | Expected: |
| 43 | 1. Daemon exits cleanly without stale socket. |
| 44 | 2. Relaunch succeeds without manual socket cleanup. |
| 45 | |
| 46 | ## Security Spot Checks |
| 47 | 1. Verify secret response handling does not log plaintext values. |
| 48 | 2. Confirm IPC control socket mode remains owner-only in production (`600`). |
| 49 | 3. Validate only same-UID peers can control daemon IPC. |