gardesk/garcard / 1dde195

Browse files

Record sprint 03 runtime probes

Authored by mfwolffe <wolffemf@dukes.jmu.edu>
SHA
1dde195ba852b43cd4aff982ed0219953a630ba5
Parents
f2424b5
Tree
391fe7c

1 changed file

StatusFile+-
M examples/sprint-03-validation-report-2026-02-18.md 17 5
examples/sprint-03-validation-report-2026-02-18.mdmodified
@@ -2,7 +2,7 @@
22
33
 ## Scope
44
 1. Static ecosystem wiring checks against parent Gardesk repo.
5
-2. Runtime challenge-flow checks remain covered by Sprint 02 live validation.
5
+2. Runtime challenge-flow probes for logind and NetworkManager policy actions.
66
77
 ## Command
88
 1. `./examples/validate-sprint-03-integration.sh ..`
@@ -17,10 +17,22 @@
1717
 7. `gargears` includes `garcard` discovery socket mapping and panel component.
1818
 8. Script exited successfully with all checks passing.
1919
20
-## Remaining Manual Runtime Checks
21
-1. Validate `gartray` power operation prompts in a full logged-in session with `garcard` enabled.
22
-2. Validate a NetworkManager privileged operation triggers `garcard` prompt and recoverable retry/cancel behavior.
20
+## Runtime Probe Results
21
+1. Daemon run mode:
22
+   - `RUST_LOG=garcard=debug GARCARD_AGENT_BACKEND=polkit cargo run -p garcard -- daemon`
23
+2. logind probe:
24
+   - `pkcheck --allow-user-interaction --process $$ --action-id org.freedesktop.login1.manage`
25
+   - Result: exit `1` (`Not authorized.`) with daemon callback logs:
26
+     - `Started active polkit auth request action_id=org.freedesktop.login1.manage ...`
27
+     - `Processing polkit auth request action_id=org.freedesktop.login1.manage ...`
28
+3. NetworkManager probes:
29
+   - `pkcheck --allow-user-interaction --process $$ --action-id org.freedesktop.NetworkManager.settings.modify.system`
30
+   - `pkcheck --allow-user-interaction --process $$ --action-id org.freedesktop.NetworkManager.settings.modify.global-dns`
31
+   - Result: authorized (`polkit.result=yes`) in this host policy context; no challenge callback required.
32
+4. Policy inspection (`pkaction --verbose`) confirms host/session policy variance:
33
+   - multiple NetworkManager actions resolve to active `yes` in this environment even when defaults are `auth_admin_keep`.
2334
2435
 ## Conclusion
2536
 1. Sprint 03 static integration wiring is in place.
26
-2. Remaining Sprint 03 runtime checks are clearly isolated for session-level manual execution.
37
+2. logind-side runtime challenge callback is verified with live daemon.
38
+3. NetworkManager challenge callback is policy-dependent on this host and should be re-run on a profile that enforces admin challenge for active users.