Automate sprint four runtime races

Status	File	+	-
M	`README.md`	1	0
M	`RELEASE_NOTES.md`	1	0
M	`examples/sprint-04-validation-report-2026-02-20.md`	10	2
M	`examples/sprint-04-validation.md`	13	12
A	`examples/validate-sprint-04-runtime.sh`	158	0

README.mdmodified


 4. `examples/validate-sprint-02.sh`
 5. `examples/validate-sprint-03-integration.sh`
 6. `examples/validate-sprint-04.sh`
+7. `examples/validate-sprint-04-runtime.sh`
 
 ## Troubleshooting
 1. `Authorization requires authentication but no agent is available`

RELEASE_NOTES.mdmodified


    - `examples/sprint-03-validation-report-2026-02-18.md`
 3. Sprint 04 reliability harness/checklist:
    - `examples/validate-sprint-04.sh`
+   - `examples/validate-sprint-04-runtime.sh`
    - `examples/sprint-04-validation.md`
 
 ## Known Limitations

examples/sprint-04-validation-report-2026-02-20.mdmodified

  ## Scope
  1. Hardening regression checks after Sprint 04 code changes.
  2. Automated reliability checks for daemon restart resilience.
++3. Runtime race validation for active prompt interruption paths.
  ## Commands
  1. `cargo test --workspace`
  2. `./examples/validate-sprint-04.sh` (executed with default `stub` backend)
++3. `./examples/validate-sprint-04-runtime.sh` (executed with `polkit` backend)
  ## Results
  1. Workspace tests passed (`39` garcard tests + workspace crates).
     - post-restart status and auth summary remained healthy (`idle`)
  3. Optional interactive `pkcheck` loop was intentionally skipped in this run:
     - requires live polkit challenge flow and operator interaction.
++4. Runtime race harness passed for both previously manual checks:
++   - active prompt + daemon restart (`garcardctl quit`)
++   - active prompt + `SIGTERM`
++5. Runtime log evidence (`target/garcard-sprint04-runtime.log`) confirms:
++   - auth request reached active processing before interruption
++   - daemon shutdown/termination unregistered cleanly
++   - relaunch succeeded with healthy `status` and `auth-summary`
  ## Hardening Outcomes Confirmed
  1. IPC control path now validates same-UID peer credentials.
  3. Helper response buffers are scrubbed after sending to helper socket.
  ## Remaining Manual Sprint 04 Checks
--1. Daemon restart during an active prompt in polkit mode.
++1. Optional interactive acceptance pass (enter valid credentials, wrong-then-retry, explicit cancel) in full desktop session.
--2. Session shutdown/logout race while prompt is active.

examples/sprint-04-validation.mdmodified

 . `garcardctl auth-summary` updates and remains responsive across iterations.
  ## Daemon Restart During Active Prompt
--1. Start daemon in one terminal:
++1. Preferred automated execution:
--   - `RUST_LOG=garcard=debug GARCARD_AGENT_BACKEND=polkit cargo run -p garcard -- daemon`
++   - `./examples/validate-sprint-04-runtime.sh`
--2. Trigger challenge in another terminal:
++2. Manual fallback:
--   - `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run`
++   - start daemon with `GARCARD_AGENT_BACKEND=polkit`
--3. While prompt is visible, restart daemon:
++   - trigger `pkcheck --allow-user-interaction --process $$ --action-id com.mesonbuild.install.run`
--   - `cargo run -q -p garcardctl -- quit`
++   - while prompt is visible, issue `garcardctl quit`, relaunch daemon, and retry probe.
--   - relaunch daemon command from step 1.
--4. Re-run the same `pkcheck` command.
  Expected:
 . Active prompt interruption does not wedge daemon state.
 . Relaunched daemon accepts new requests with clean `auth-summary`.
  ## Session Shutdown/Logout Race
--1. Start daemon with debug logs.
++1. Preferred automated execution:
--2. Trigger an auth prompt.
++   - `./examples/validate-sprint-04-runtime.sh`
--3. Send `SIGTERM` to daemon PID while request is active.
++2. Manual fallback:
--4. Relaunch daemon and run `garcardctl status`.
++   - start daemon with debug logs
++   - trigger auth prompt
++   - send `SIGTERM` to daemon PID while request is active
++   - relaunch daemon and confirm `garcardctl status`.
  Expected:
 . Daemon exits cleanly without stale socket.

examples/validate-sprint-04-runtime.shadded

++#!/usr/bin/env bash
++set -euo pipefail
++
++SOCKET_PATH="${GARCARD_SPRINT04_RUNTIME_SOCKET:-${PWD}/target/garcard-sprint04-runtime.sock}"
++LOG_FILE="${GARCARD_SPRINT04_RUNTIME_LOG:-${PWD}/target/garcard-sprint04-runtime.log}"
++ACTION_ID="${GARCARD_SPRINT04_RUNTIME_ACTION_ID:-com.mesonbuild.install.run}"
++PROMPT_TIMEOUT_SECS="${GARCARD_SPRINT04_RUNTIME_PROMPT_TIMEOUT_SECS:-20}"
++
++if ! command -v pkcheck >/dev/null 2>&1; then
++  echo "pkcheck not found; install polkit tools to run runtime validation"
++  exit 1
++fi
++
++if command -v garcard >/dev/null 2>&1; then
++  DAEMON_CMD=(garcard daemon)
++else
++  DAEMON_CMD=(cargo run -q -p garcard -- daemon)
++fi
++
++if command -v garcardctl >/dev/null 2>&1; then
++  CTL_CMD=(garcardctl)
++else
++  CTL_CMD=(cargo run -q -p garcardctl --)
++fi
++
++DAEMON_PID=0
++PROBE_PID=0
++
++run_ctl() {
++  GARCARD_SOCKET="${SOCKET_PATH}" "${CTL_CMD[@]}" "$@"
++}
++
++wait_for_daemon() {
++  local tries=120
++  while (( tries > 0 )); do
++    if run_ctl ping >/dev/null 2>&1; then
++      return 0
++    fi
++    sleep 0.2
++    tries=$((tries - 1))
++  done
++  echo "daemon did not become ready in time"
++  return 1
++}
++
++start_daemon() {
++  GARCARD_SOCKET="${SOCKET_PATH}" \
++    GARCARD_AGENT_BACKEND=polkit \
++    GARCARD_PROMPT_TIMEOUT_SECS="${PROMPT_TIMEOUT_SECS}" \
++    RUST_LOG=garcard=debug \
++    "${DAEMON_CMD[@]}" >>"${LOG_FILE}" 2>&1 &
++  DAEMON_PID=$!
++  wait_for_daemon
++}
++
++stop_daemon_graceful() {
++  if [[ "${DAEMON_PID}" -gt 0 ]] && kill -0 "${DAEMON_PID}" 2>/dev/null; then
++    run_ctl quit >/dev/null 2>&1 || true
++    wait "${DAEMON_PID}" 2>/dev/null || true
++  fi
++  DAEMON_PID=0
++}
++
++stop_daemon_sigterm() {
++  if [[ "${DAEMON_PID}" -gt 0 ]] && kill -0 "${DAEMON_PID}" 2>/dev/null; then
++    kill -TERM "${DAEMON_PID}" 2>/dev/null || true
++    wait "${DAEMON_PID}" 2>/dev/null || true
++  fi
++  DAEMON_PID=0
++}
++
++cleanup() {
++  stop_daemon_graceful
++  rm -f "${SOCKET_PATH}"
++}
++trap cleanup EXIT
++
++wait_for_active_request() {
++  local tries=120
++  while (( tries > 0 )); do
++    local summary
++    summary="$(run_ctl auth-summary 2>/dev/null || true)"
++    if [[ "${summary}" == *'"active_requests": 1'* ]]; then
++      return 0
++    fi
++    sleep 0.2
++    tries=$((tries - 1))
++  done
++  echo "auth request never became active"
++  return 1
++}
++
++run_probe_background() {
++  local out_file="$1"
++  local err_file="$2"
++  pkcheck --allow-user-interaction --process "$$" --action-id "${ACTION_ID}" \
++    >"${out_file}" 2>"${err_file}" &
++  PROBE_PID=$!
++}
++
++wait_probe() {
++  local probe_pid="$1"
++  local rc_file="$2"
++  set +e
++  wait "${probe_pid}"
++  local rc=$?
++  set -e
++  echo "${rc}" > "${rc_file}"
++}
++
++mkdir -p "$(dirname "${SOCKET_PATH}")"
++mkdir -p "$(dirname "${LOG_FILE}")"
++rm -f "${SOCKET_PATH}" "${LOG_FILE}"
++
++echo "Sprint 04 runtime validation"
++echo "  socket: ${SOCKET_PATH}"
++echo "  log: ${LOG_FILE}"
++echo "  action: ${ACTION_ID}"
++
++echo "[0/3] Reset temporary authorizations"
++pkcheck --revoke-temp || true
++
++echo "[1/3] Active prompt + daemon restart"
++start_daemon
++probe1_out="${PWD}/target/sprint04-probe-restart.out"
++probe1_err="${PWD}/target/sprint04-probe-restart.err"
++probe1_rc="${PWD}/target/sprint04-probe-restart.rc"
++run_probe_background "${probe1_out}" "${probe1_err}"
++wait_for_active_request
++run_ctl quit >/dev/null
++wait "${DAEMON_PID}" 2>/dev/null || true
++DAEMON_PID=0
++wait_probe "${PROBE_PID}" "${probe1_rc}"
++start_daemon
++run_ctl status >/dev/null
++run_ctl auth-summary >/dev/null
++stop_daemon_graceful
++
++echo "[2/3] Active prompt + SIGTERM race"
++start_daemon
++probe2_out="${PWD}/target/sprint04-probe-sigterm.out"
++probe2_err="${PWD}/target/sprint04-probe-sigterm.err"
++probe2_rc="${PWD}/target/sprint04-probe-sigterm.rc"
++run_probe_background "${probe2_out}" "${probe2_err}"
++wait_for_active_request
++stop_daemon_sigterm
++wait_probe "${PROBE_PID}" "${probe2_rc}"
++start_daemon
++run_ctl status
++run_ctl auth-summary
++stop_daemon_graceful
++
++echo "[3/3] Summary"
++echo "  restart probe rc=$(cat "${probe1_rc}")"
++echo "  sigterm probe rc=$(cat "${probe2_rc}")"
++echo "  restart probe stderr: $(tr '\n' ' ' < "${probe1_err}")"
++echo "  sigterm probe stderr: $(tr '\n' ' ' < "${probe2_err}")"
++echo "Validation complete."

`@@ -51,6 +51,7 @@` when the X11 prompt backend is unavailable.
51	4. `examples/validate-sprint-02.sh`	51	4. `examples/validate-sprint-02.sh`
52	5. `examples/validate-sprint-03-integration.sh`	52	5. `examples/validate-sprint-03-integration.sh`
53	6. `examples/validate-sprint-04.sh`	53	6. `examples/validate-sprint-04.sh`
		54	+7. `examples/validate-sprint-04-runtime.sh`
54		55
55	## Troubleshooting	56	## Troubleshooting
56	1. `Authorization requires authentication but no agent is available`	57	1. `Authorization requires authentication but no agent is available`

gardesk/garcard / `08a18d9`

5 changed files

`@@ -18,6 +18,7 @@`
18	- `examples/sprint-03-validation-report-2026-02-18.md`	18	- `examples/sprint-03-validation-report-2026-02-18.md`
19	3. Sprint 04 reliability harness/checklist:	19	3. Sprint 04 reliability harness/checklist:
20	- `examples/validate-sprint-04.sh`	20	- `examples/validate-sprint-04.sh`
		21	+ - `examples/validate-sprint-04-runtime.sh`
21	- `examples/sprint-04-validation.md`	22	- `examples/sprint-04-validation.md`
22		23
23	## Known Limitations	24	## Known Limitations