Files
breadcrumb-the-shire/agent-system/runs/TEST-COVERAGE-GATEWAYS-001/plan.json
2026-03-13 12:05:34 +01:00

117 lines
4.9 KiB
JSON

{
"task_id": "TEST-COVERAGE-GATEWAYS-001",
"summary": "Add PHPUnit tests for 4 critical untested gateways: AuthCryptoGateway, SettingsCryptoGateway, OidcHttpGateway, PermissionGateway. These are security-critical components with 0% test coverage.",
"assumptions": [
"AuthCryptoGateway and SettingsCryptoGateway wrap lib/Support/Crypto.php — tests verify correct delegation and error handling.",
"OidcHttpGateway makes HTTP calls to Microsoft OIDC endpoints — tests will mock the HTTP client.",
"PermissionGateway may be refactored in ARCH-GATEWAY-COMPLIANCE-001. If so, test the refactored version. If not yet done, test current version.",
"Focus on security-critical gateways first; remaining 19 untested gateways can follow in a later task."
],
"scope": {
"in": [
"New: tests/Service/Auth/AuthCryptoGatewayTest.php — encryption/decryption delegation",
"New: tests/Service/Settings/SettingsCryptoGatewayTest.php — settings value encryption",
"New: tests/Service/Auth/OidcHttpGatewayTest.php — OIDC token validation, HTTP error handling",
"New: tests/Service/Access/PermissionGatewayTest.php — permission lookup delegation"
],
"out": [
"Non-critical gateways (AddressBook, Import, Directory scope gateways)",
"Production code changes",
"Repository tests",
"Integration tests with real HTTP or crypto operations"
]
},
"guardrails": {
"required_guard_ids": [
"GR-TEST-001",
"GR-TEST-002",
"GR-SEC-005",
"GR-LANG-001",
"GR-LANG-002"
],
"required_quality_gate_ids": [
"QG-001",
"QG-002",
"QG-006"
]
},
"success_criteria": [
{
"id": "SC-001",
"criterion": "All 4 test files exist with happy-path + error/edge-case coverage for every public method."
},
{
"id": "SC-002",
"criterion": "AuthCryptoGateway and SettingsCryptoGateway tests verify that Crypto class is used (not raw openssl), per GR-SEC-005."
},
{
"id": "SC-003",
"criterion": "OidcHttpGateway tests cover: successful token exchange, invalid token response, network timeout, malformed response body."
},
{
"id": "SC-004",
"criterion": "PHPUnit (QG-001) and PHPStan (QG-002) pass green."
}
],
"implementation_steps": [
{
"id": "S1",
"title": "Analyze public API of all 4 gateways",
"description": "Read each gateway, list public methods, identify constructor dependencies, plan test scenarios.",
"guard_refs": ["GR-TEST-001"]
},
{
"id": "S2",
"title": "Write AuthCryptoGatewayTest",
"description": "Test encrypt/decrypt delegation to Crypto class. Test error handling for invalid keys, empty input, corrupted ciphertext.",
"guard_refs": ["GR-TEST-001", "GR-SEC-005"]
},
{
"id": "S3",
"title": "Write SettingsCryptoGatewayTest",
"description": "Test settings value encryption/decryption. Test round-trip (encrypt then decrypt returns original). Test error paths.",
"guard_refs": ["GR-TEST-001", "GR-SEC-005"]
},
{
"id": "S4",
"title": "Write OidcHttpGatewayTest",
"description": "Mock HTTP client. Test token exchange happy path, invalid response codes (401, 500), network errors, malformed JSON response, missing required fields in token response.",
"guard_refs": ["GR-TEST-001", "GR-TEST-002"]
},
{
"id": "S5",
"title": "Write PermissionGatewayTest",
"description": "Test permission lookup methods. Mock underlying dependency (Service or Repository depending on ARCH-GATEWAY-COMPLIANCE-001 status).",
"guard_refs": ["GR-TEST-001", "GR-TEST-002"]
},
{
"id": "S6",
"title": "Run quality gates",
"description": "QG-001, QG-002, QG-006.",
"guard_refs": ["GR-LANG-002"]
}
],
"tests": [
"tests/Service/Auth/AuthCryptoGatewayTest.php",
"tests/Service/Settings/SettingsCryptoGatewayTest.php",
"tests/Service/Auth/OidcHttpGatewayTest.php",
"tests/Service/Access/PermissionGatewayTest.php"
],
"acceptance_checks": [
"SC-001: All 4 test files pass with >= 3 test methods each",
"SC-002: AuthCrypto + SettingsCrypto tests assert Crypto class method calls via mock expectations",
"SC-003: OidcHttpGatewayTest has test methods for success, 401, 500, timeout, malformed JSON",
"SC-004: QG-001 + QG-002 + QG-006 exit 0"
],
"risks": [
{
"risk": "OidcHttpGateway may use PHP native curl/file_get_contents instead of injectable HTTP client",
"mitigation": "If not mockable, document as tech debt and test at integration level with a mock HTTP server, or refactor to accept an HTTP client interface."
},
{
"risk": "PermissionGateway may change in ARCH-GATEWAY-COMPLIANCE-001",
"mitigation": "If ARCH task runs first, write tests against refactored version. If not, write tests against current version and note that tests may need update."
}
]
}