`007ef69`

Record sprint 08 targeted parity captures

Authored by mfwolffe <wolffemf@dukes.jmu.edu> 2 months ago

SHA: 007ef6970bdbb6f57ccd0d32ed9ba8f216ca18bf
Parents: 6adfbf7
Tree: 42c83a3

2 changed files

Status	File	+	-
M	`examples/sprint-08-parity-matrix.md`	7	9
M	`examples/sprint-08-validation-report-2026-02-26.md`	26	6

examples/sprint-08-parity-matrix.mdmodified

  | Scenario | Procedure | Expected Result | Status | Evidence |
  | --- | --- | --- | --- | --- |
  | Success path | Trigger `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run` and enter correct password | Prompt completes, auth is authorized, no failure flash | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`cycle 1/2`, `last_outcome: success`) |
 -| Failure path | Trigger same `pkcheck` and enter wrong password | Prompt flashes error, reprompts in place, `auth-summary.last_outcome=failure` before retry | Pending | daemon log + `garcardctl auth-summary` |
 +| Failure path | Trigger same `pkcheck` and enter wrong password | Prompt flashes error, reprompts in place, `auth-summary.last_outcome=failure` before retry | PASS (targeted) | 2026-02-26 deterministic wrong-password capture (`last_outcome: failure`, `pkcheck rc=1`) |
  | Cancel path | Trigger `pkcheck`, cancel prompt | Request exits cleanly, `auth-summary.last_outcome=canceled` | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`cycle 3`, `last_outcome: canceled`) |
 -| Timeout path | Set short timeout (`GARCARD_PROMPT_TIMEOUT_SECS=2`), trigger auth, do not respond | Request times out, `auth-summary.last_outcome=timeout` | Pending | daemon log + `garcardctl auth-summary` |
 -| Multi-identity flow | Trigger policy requiring identity choice | Identity list rendered, selected identity is honored | Pending | prompt capture + daemon log |
 -| Retention choice flow | Trigger policy exposing retention options | Retention choice accepted and recorded in `auth-summary` | Pending | `garcardctl auth-summary` |
 +| Timeout path | Set short timeout (`GARCARD_PROMPT_TIMEOUT_SECS=2`), trigger auth, do not respond | Request times out, `auth-summary.last_outcome=timeout` | PASS (targeted) | 2026-02-26 deterministic timeout capture (`last_outcome: timeout`, `pkcheck rc=1`) |
 +| Multi-identity flow | Trigger policy requiring identity choice | Identity list rendered, selected identity is honored | BLOCKED (host policy) | Runtime callbacks report `identity_count=1` for tested action; no alternate admin identity surfaced |
 +| Retention choice flow | Trigger policy exposing retention options | Retention choice accepted and recorded in `auth-summary` | BLOCKED (host policy) | Runtime details expose only `Retention options: one-shot` for tested action |
  | Temp auth introspection | Run `garcardctl temp-list` after successful retained auth | Active temporary authorization entries are listed | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`tmpauthz0/tmpauthz1` listed) |
 -| Temp auth revoke single | Run `garcardctl temp-revoke <id>` | Target authorization removed | Pending interactive retained auth | `temp-list` before/after |
 +| Temp auth revoke single | Run `garcardctl temp-revoke <id>` | Target authorization removed | PASS (targeted) | 2026-02-26 single-id revoke (`tmpauthz0` present before, revoked true, absent after) |
  | Temp auth revoke all | Run `garcardctl temp-revoke-all` | All temporary authorizations removed | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`revoked_count: 1` after cycle 1/2) |
  | Daemon restart during lifecycle | Restart daemon and rerun status/diag/temp commands | Control plane recovers without stale socket state | PASS (baseline) | `target/sprint-08-parity-evidence.md` (`validate-sprint-07.sh` section) |
  | Polkit restart recovery | Restart polkit and relaunch daemon | Diagnostics recover, control commands remain responsive | PASS (manual) | 2026-02-26 manual `sudo systemctl restart polkit` + post-check `validate-sprint-07.sh` (`polkit` backend healthy) |
 . Operator: mfwolffe/codex
 . Result (`PASS`/`FAIL`): IN PROGRESS
 . Blocking gaps:
 -   - failure-path parity (`last_outcome: failure`) on explicit wrong-password flow
 -   - timeout-path parity (`last_outcome: timeout`) under interactive challenge
 -   - multi-identity and retention-choice scenarios on policies that expose those options
 -   - temp-revoke single-id scenario
 +   - multi-identity scenario requires host with >1 eligible identity for same action
 +   - retention-choice scenario requires host policy/details exposing session/always options

examples/sprint-08-validation-report-2026-02-26.mdmodified

 . `GARCARD_SPRINT07_BACKEND=stub GARCARD_SPRINT07_RUN_PKCHECK=0 ./examples/validate-sprint-07.sh`
 . `cargo test -p garcard`
 . `cargo test --workspace`
 +6. targeted failure capture with deterministic wrong-password prompt command (`GARCARD_PROMPT_COMMAND='printf "wrong-password\n"'`)
 +7. targeted timeout capture with deterministic timeout prompt command (`GARCARD_PROMPT_COMMAND='exit 124'`)
 +8. targeted single-id revoke capture (`temp-list` -> `temp-revoke <id>` -> `temp-list`)
 +9. manual privileged restart + verification:
 +   - `sudo systemctl restart polkit`
 +   - `GARCARD_SPRINT07_BACKEND=polkit GARCARD_SPRINT07_RUN_PKCHECK=0 ./examples/validate-sprint-07.sh`
  ## Results
 . Integration certification script now passes with zero warnings:
 . Privileged polkit-restart recovery executed manually on 2026-02-26:
     - operator ran `sudo systemctl restart polkit`
     - post-restart lifecycle verification on `polkit` backend passed (`validate-sprint-07.sh`)
 +7. Targeted failure-path capture passed:
 +   - `pkcheck rc=1` with `Not authorized`
 +   - `auth-summary.last_outcome=failure`
 +8. Targeted timeout-path capture passed:
 +   - `pkcheck rc=1` with `Not authorized`
 +   - `auth-summary.last_outcome=timeout`
 +9. Targeted temp-revoke single-id capture passed:
 +   - temporary authorization id observed: `tmpauthz0`
 +   - `temp-revoke tmpauthz0` returned `revoked: true`
 +   - follow-up `temp-list` returned empty authorizations
 +10. Runtime capability probe findings:
 +   - multi-identity not exposed on tested host/action (`identity_count=1`)
 +   - retention options for tested action resolve to `one-shot` only
  ## Matrix Status
 . Baseline non-interactive rows updated in `examples/sprint-08-parity-matrix.md`.
     - success and canceled prompt paths
     - temp-list and temp-revoke-all with concrete temporary authorization ids
     - manual privileged polkit-restart recovery
 -3. Remaining rows are policy/path specific and still pending:
 +3. Targeted deterministic coverage now includes:
     - explicit wrong-password failure path (`last_outcome: failure`)
 -   - timeout path under live challenge (`last_outcome: timeout`)
 -   - multi-identity and retention-choice scenarios
 +   - timeout path (`last_outcome: timeout`)
     - temp-revoke single-id scenario
 +4. Remaining blocked rows are host policy dependent:
 +   - multi-identity scenario (requires >1 eligible identity)
 +   - retention-choice scenario (requires session/always retention options from policy details)
  ## Next Actions
 -1. Run one focused wrong-password parity capture (`failure` outcome) with debug logs.
 -2. Run one focused timeout capture using short prompt timeout on `polkit` backend.
 -3. Add one targeted single-id revoke capture (`temp-revoke <authorization-id>`) and finalize matrix signoff.
 +1. If full parity signoff is required on this host, provision a second eligible identity and an action that exposes retention session/always metadata.
 +2. Otherwise mark remaining blocked rows as environment-limited and proceed with GA checklist gate review.