apix/apix-mvp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement apix-registry with IoT sunset/decommission lifecycle and full BDD suite

Browse Source 
- REST API: register, patch, O-level, replacements, history, search endpoints
- IoT lifecycle validations: future sunset, lock-before-release, sunset-passed-before-decommission
- DB schema: Liquibase changesets 001–008 (services, versions, replacements, sunset-at column)
- @ColumnTransformer(write="?::jsonb") on bsm_payload fields to avoid JDBC varchar→jsonb rejection
- Jandex plugin on apix-common + quarkus.index-dependency so @NotBlank validators resolve at runtime
- quarkus-logging-json extension added; quarkus.log.console.json=false is now a recognised key
- Fix requireSunsetBeforeLockRelease: Boolean.TRUE.equals instead of !Boolean.FALSE.equals (null guard)
- BDD suite: 27 scenarios / 213 steps across 5 feature files (sunset-lock, decommission, replacement, discovery, anonymity)
- Test infrastructure: JDBC TRUNCATE in @Before for DB isolation, Arc.container() for clock control — no test endpoints in production code
- sunsetAt truncated to microseconds in BDD steps to match Postgres timestamptz precision
- Cucumber step fixes: singular/plural candidate(s), lastResponse propagation in replacementsReturnsNCandidates

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Carsten Rehfeld
2026-05-08 09:13:26 +02:00
commit b2a16a8be7
71 changed files with 5480 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/arc42/10-quality-requirements.md
+52
View File
@@ -0,0 +1,52 @@
---
arc42: "10 — Quality Requirements"
status: stub
---
## 10.1 Quality Tree
```
Quality
├── Functionality
│ ├── Capability search returns relevant results
│ ├── HATEOAS navigation works from root URL without prior knowledge
│ └── BSM validation rejects invalid submissions with actionable errors
├── Reliability
│ ├── Liveness status reflects actual service state within one check interval
│ └── Registry survives VPS restart (data persisted to volume)
├── Security Hygiene
│ ├── All traffic over HTTPS
│ ├── Write endpoints reject unauthenticated requests
│ └── No credentials or PII in logs or Git
└── Operability
├── Deployable from scratch on a new Hetzner VPS in < 30 minutes
├── Health endpoint reflects actual DB connectivity
└── Logs provide enough context to diagnose a registration failure without a debugger
```
## 10.2 Quality Scenarios
| # | Stimulus | Response | Measurable Outcome |
|---|---|---|---|
| QS-01 | Agent sends `GET /api/services?capability=inventory.read` | Returns list of matching services with BSM summaries and `_links` | Response time < 500ms; result includes at least 1 registered service |
| QS-02 | Registrant submits BSM with missing required field | API returns 422 with field-level error identifying the missing field | Error response includes field name and reason; no partial write to DB |
| QS-03 | Registered service goes offline | Spider marks it `unreachable` within 15 min | `liveness_status=unreachable` and updated `last_checked_at` in API response |
| QS-04 | Agent sends `GET /api/` (root) | Returns JSON with `_links` to search, register, and health endpoints | No prior knowledge of path structure required; all links resolvable |
| QS-05 | VPS is rebooted | All services come back up automatically; registry data intact | `docker compose up` on restart (via restart policy); 0 data loss |
| QS-06 | Unauthenticated POST to `/api/register` | 401 Unauthorized | No registration created; API key required |
| QS-07 | STF reviewer opens portal in browser | Homepage shows registry stats + search; registration form works | Zero errors in browser console; form submits successfully |
## 10.3 MVP Acceptance Criteria
The PoC is **done** when all of the following are true:
- [ ] Public URL is reachable over HTTPS
- [ ] `GET /api/` returns valid HATEOAS navigation links
- [ ] `GET /api/services?capability=X` returns at least 1 result for at least 3 distinct capability queries
- [ ] At least 5 real services are registered (not demo fixtures)
- [ ] Spider has run at least one full check cycle and updated liveness status for all registered services
- [ ] Portal registration form accepts a valid BSM and shows confirmation
- [ ] Admin O-level assignment works via portal
- [ ] `GET /api/health` returns 200 with DB status
- [ ] No credentials or PII appear in `docker compose logs` output
- [ ] `infra/hetzner/provision.sh` + `deploy.sh` installs and starts the full stack on a fresh Hetzner VPS