garcard Public

Watch 0 Fork 0 Star 0

markdown · 1618 bytes Raw Blame History

Sprint 07 Validation Checklist

Run these checks from an active desktop user session.

Automated Baseline

cargo test --workspace
./examples/validate-sprint-07.sh

Expected:

Tests pass.
status, auth-summary, diagnose, and temp-authorization commands all respond.

Log out and back in.
Start daemon: cargo run -q -p garcard -- daemon
Run:
- cargo run -q -p garcardctl -- status
- cargo run -q -p garcardctl -- diagnose

Expected:

status.subject_kind should normally be unix-session.
diagnose.authority_connected should be true when polkit is reachable.

Polkit Restart Recovery

Run: GARCARD_SPRINT07_POLKIT_RESTART_CMD='sudo systemctl restart polkit' ./examples/validate-sprint-07.sh
If sudo is unavailable, restart polkit manually and rerun:
- garcardctl diagnose
- garcardctl temp-list

Expected:

Daemon can be restarted cleanly after polkit restart.
Diagnostics and temp-authorization controls recover without socket cleanup.

Repeated Authorization + Revocation Cycles

Run: GARCARD_SPRINT07_BACKEND=polkit GARCARD_SPRINT07_RUN_PKCHECK=1 ./examples/validate-sprint-07.sh
During prompts, exercise both denied and successful authentication outcomes.
After successful auth, verify:
- garcardctl temp-list
- garcardctl temp-revoke-all
- garcardctl temp-list

Expected:

Repeated cycles do not wedge auth state.
Temporary authorizations are introspectable and revocable in-session.
diagnose.hints includes useful remediation guidance for denied/no-agent paths.

View source

  
        1
        # Sprint 07 Validation Checklist
      
        2
        
        3
        Run these checks from an active desktop user session.
      
        4
        
        5
        ## Automated Baseline
      
        6
        1. `cargo test --workspace`
      
        7
        2. `./examples/validate-sprint-07.sh`
      
        8
        
        9
        Expected:
      
        10
        1. Tests pass.
      
        11
        2. `status`, `auth-summary`, `diagnose`, and temp-authorization commands all respond.
      
        12
        
        13
        ## Fresh Login / Session Restart
      
        14
        1. Log out and back in.
      
        15
        2. Start daemon: `cargo run -q -p garcard -- daemon`
      
        16
        3. Run:
      
        17
           - `cargo run -q -p garcardctl -- status`
      
        18
           - `cargo run -q -p garcardctl -- diagnose`
      
        19
        
        20
        Expected:
      
        21
        1. `status.subject_kind` should normally be `unix-session`.
      
        22
        2. `diagnose.authority_connected` should be `true` when polkit is reachable.
      
        23
        
        24
        ## Polkit Restart Recovery
      
        25
        1. Run: `GARCARD_SPRINT07_POLKIT_RESTART_CMD='sudo systemctl restart polkit' ./examples/validate-sprint-07.sh`
      
        26
        2. If sudo is unavailable, restart polkit manually and rerun:
      
        27
           - `garcardctl diagnose`
      
        28
           - `garcardctl temp-list`
      
        29
        
        30
        Expected:
      
        31
        1. Daemon can be restarted cleanly after polkit restart.
      
        32
        2. Diagnostics and temp-authorization controls recover without socket cleanup.
      
        33
        
        34
        ## Repeated Authorization + Revocation Cycles
      
        35
        1. Run: `GARCARD_SPRINT07_BACKEND=polkit GARCARD_SPRINT07_RUN_PKCHECK=1 ./examples/validate-sprint-07.sh`
      
        36
        2. During prompts, exercise both denied and successful authentication outcomes.
      
        37
        3. After successful auth, verify:
      
        38
           - `garcardctl temp-list`
      
        39
           - `garcardctl temp-revoke-all`
      
        40
           - `garcardctl temp-list`
      
        41
        
        42
        Expected:
      
        43
        1. Repeated cycles do not wedge auth state.
      
        44
        2. Temporary authorizations are introspectable and revocable in-session.
      
        45
        3. `diagnose.hints` includes useful remediation guidance for denied/no-agent paths.

1	# Sprint 07 Validation Checklist
2
3	Run these checks from an active desktop user session.
4
5	## Automated Baseline
6	1. `cargo test --workspace`
7	2. `./examples/validate-sprint-07.sh`
8
9	Expected:
10	1. Tests pass.
11	2. `status`, `auth-summary`, `diagnose`, and temp-authorization commands all respond.
12
13	## Fresh Login / Session Restart
14	1. Log out and back in.
15	2. Start daemon: `cargo run -q -p garcard -- daemon`
16	3. Run:
17	- `cargo run -q -p garcardctl -- status`
18	- `cargo run -q -p garcardctl -- diagnose`
19
20	Expected:
21	1. `status.subject_kind` should normally be `unix-session`.
22	2. `diagnose.authority_connected` should be `true` when polkit is reachable.
23
24	## Polkit Restart Recovery
25	1. Run: `GARCARD_SPRINT07_POLKIT_RESTART_CMD='sudo systemctl restart polkit' ./examples/validate-sprint-07.sh`
26	2. If sudo is unavailable, restart polkit manually and rerun:
27	- `garcardctl diagnose`
28	- `garcardctl temp-list`
29
30	Expected:
31	1. Daemon can be restarted cleanly after polkit restart.
32	2. Diagnostics and temp-authorization controls recover without socket cleanup.
33
34	## Repeated Authorization + Revocation Cycles
35	1. Run: `GARCARD_SPRINT07_BACKEND=polkit GARCARD_SPRINT07_RUN_PKCHECK=1 ./examples/validate-sprint-07.sh`
36	2. During prompts, exercise both denied and successful authentication outcomes.
37	3. After successful auth, verify:
38	- `garcardctl temp-list`
39	- `garcardctl temp-revoke-all`
40	- `garcardctl temp-list`
41
42	Expected:
43	1. Repeated cycles do not wedge auth state.
44	2. Temporary authorizations are introspectable and revocable in-session.
45	3. `diagnose.hints` includes useful remediation guidance for denied/no-agent paths.