gardesk/garcard / c7892bd

Browse files

Mark sprint 08 parity matrix as pass

Authored by mfwolffe <wolffemf@dukes.jmu.edu>
SHA
c7892bda476df7c07b3002d215e8982da436a478
Parents
505f11b
Tree
d6c1168

2 changed files

StatusFile+-
M examples/sprint-08-parity-matrix.md 4 5
M examples/sprint-08-validation-report-2026-02-26.md 11 7
examples/sprint-08-parity-matrix.mdmodified
@@ -13,8 +13,8 @@ Use this matrix to certify behavior against mature desktop PolicyKit agents.
1313
 | Failure path | Trigger same `pkcheck` and enter wrong password | Prompt flashes error, reprompts in place, `auth-summary.last_outcome=failure` before retry | PASS (targeted) | 2026-02-26 deterministic wrong-password capture (`last_outcome: failure`, `pkcheck rc=1`) |
1414
 | Cancel path | Trigger `pkcheck`, cancel prompt | Request exits cleanly, `auth-summary.last_outcome=canceled` | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`cycle 3`, `last_outcome: canceled`) |
1515
 | Timeout path | Set short timeout (`GARCARD_PROMPT_TIMEOUT_SECS=2`), trigger auth, do not respond | Request times out, `auth-summary.last_outcome=timeout` | PASS (targeted) | 2026-02-26 deterministic timeout capture (`last_outcome: timeout`, `pkcheck rc=1`) |
16
-| Multi-identity flow | Trigger policy requiring identity choice | Identity list rendered, selected identity is honored | BLOCKED (host policy) | Runtime callbacks report `identity_count=1` for tested action; no alternate admin identity surfaced |
17
-| Retention choice flow | Trigger policy exposing retention options | Retention choice accepted and recorded in `auth-summary` | BLOCKED (host policy) | Runtime details expose only `Retention options: one-shot` for tested action |
16
+| Multi-identity flow | Trigger policy requiring identity choice | Identity list rendered, selected identity is honored | PASS (targeted) | 2026-02-26 targeted capture prompt listed `mfwolffe` + `garcardqa`; helper connected as selected `garcardqa` |
17
+| Retention choice flow | Trigger policy exposing retention options | Retention choice accepted and recorded in `auth-summary` | PASS (targeted) | 2026-02-26 targeted capture showed retention prompt (`One-shot`, `Keep for session`); `auth-summary.last_retention_policy=keep-session` |
1818
 | Temp auth introspection | Run `garcardctl temp-list` after successful retained auth | Active temporary authorization entries are listed | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`tmpauthz0/tmpauthz1` listed) |
1919
 | Temp auth revoke single | Run `garcardctl temp-revoke <id>` | Target authorization removed | PASS (targeted) | 2026-02-26 single-id revoke (`tmpauthz0` present before, revoked true, absent after) |
2020
 | Temp auth revoke all | Run `garcardctl temp-revoke-all` | All temporary authorizations removed | PASS (interactive) | `target/sprint-08-parity-evidence.md` (`revoked_count: 1` after cycle 1/2) |
@@ -24,7 +24,6 @@ Use this matrix to certify behavior against mature desktop PolicyKit agents.
2424
 ## Signoff
2525
 1. Date: 2026-02-26 (baseline run)
2626
 2. Operator: mfwolffe/codex
27
-3. Result (`PASS`/`FAIL`): IN PROGRESS
27
+3. Result (`PASS`/`FAIL`): PASS
2828
 4. Blocking gaps:
29
-   - multi-identity scenario requires host with >1 eligible identity for same action
30
-   - retention-choice scenario requires host policy/details exposing session/always options
29
+   - none
examples/sprint-08-validation-report-2026-02-26.mdmodified
@@ -46,8 +46,14 @@
4646
    - `temp-revoke tmpauthz0` returned `revoked: true`
4747
    - follow-up `temp-list` returned empty authorizations
4848
 10. Runtime capability probe findings:
49
-   - multi-identity not exposed on tested host/action (`identity_count=1`)
50
-   - retention options for tested action resolve to `one-shot` only
49
+   - multi-identity now exposed after provisioning second wheel identity (`garcardqa`)
50
+   - retention choice now exposed and captured (`One-shot`, `Keep for session`) via policy fallback inference
51
+11. Multi-identity targeted capture passed:
52
+   - identity prompt listed `mfwolffe` and `garcardqa`
53
+   - selecting option `2` resulted in helper socket auth attempt as `garcardqa`
54
+12. Retention-choice targeted capture passed:
55
+   - retention prompt displayed options
56
+   - selecting option `2` recorded `auth-summary.last_retention_policy=keep-session`
5157
5258
 ## Matrix Status
5359
 1. Baseline non-interactive rows updated in `examples/sprint-08-parity-matrix.md`.
@@ -59,10 +65,8 @@
5965
    - explicit wrong-password failure path (`last_outcome: failure`)
6066
    - timeout path (`last_outcome: timeout`)
6167
    - temp-revoke single-id scenario
62
-4. Remaining blocked rows are host policy dependent:
63
-   - multi-identity scenario (requires >1 eligible identity)
64
-   - retention-choice scenario (requires session/always retention options from policy details)
68
+4. Multi-identity and retention-choice targeted scenarios are now covered and marked PASS in parity matrix.
6569
6670
 ## Next Actions
67
-1. If full parity signoff is required on this host, provision a second eligible identity and an action that exposes retention session/always metadata.
68
-2. Otherwise mark remaining blocked rows as environment-limited and proceed with GA checklist gate review.
71
+1. Proceed with GA checklist gate review in `docs/release/ga-checklist.md`.
72
+2. Keep targeted capture scripts/logs under `target/` as release evidence artifacts.