Carsten Rehfeld
b2a16a8be7
- REST API: register, patch, O-level, replacements, history, search endpoints - IoT lifecycle validations: future sunset, lock-before-release, sunset-passed-before-decommission - DB schema: Liquibase changesets 001–008 (services, versions, replacements, sunset-at column) - @ColumnTransformer(write="?::jsonb") on bsm_payload fields to avoid JDBC varchar→jsonb rejection - Jandex plugin on apix-common + quarkus.index-dependency so @NotBlank validators resolve at runtime - quarkus-logging-json extension added; quarkus.log.console.json=false is now a recognised key - Fix requireSunsetBeforeLockRelease: Boolean.TRUE.equals instead of !Boolean.FALSE.equals (null guard) - BDD suite: 27 scenarios / 213 steps across 5 feature files (sunset-lock, decommission, replacement, discovery, anonymity) - Test infrastructure: JDBC TRUNCATE in @Before for DB isolation, Arc.container() for clock control — no test endpoints in production code - sunsetAt truncated to microseconds in BDD steps to match Postgres timestamptz precision - Cucumber step fixes: singular/plural candidate(s), lastResponse propagation in replacementsReturnsNCandidates Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
3.0 KiB
3.0 KiB
arc42, status
| arc42 | status |
|---|---|
| 10 — Quality Requirements | stub |
10.1 Quality Tree
Quality
├── Functionality
│ ├── Capability search returns relevant results
│ ├── HATEOAS navigation works from root URL without prior knowledge
│ └── BSM validation rejects invalid submissions with actionable errors
├── Reliability
│ ├── Liveness status reflects actual service state within one check interval
│ └── Registry survives VPS restart (data persisted to volume)
├── Security Hygiene
│ ├── All traffic over HTTPS
│ ├── Write endpoints reject unauthenticated requests
│ └── No credentials or PII in logs or Git
└── Operability
├── Deployable from scratch on a new Hetzner VPS in < 30 minutes
├── Health endpoint reflects actual DB connectivity
└── Logs provide enough context to diagnose a registration failure without a debugger
10.2 Quality Scenarios
| # | Stimulus | Response | Measurable Outcome |
|---|---|---|---|
| QS-01 | Agent sends GET /api/services?capability=inventory.read |
Returns list of matching services with BSM summaries and _links |
Response time < 500ms; result includes at least 1 registered service |
| QS-02 | Registrant submits BSM with missing required field | API returns 422 with field-level error identifying the missing field | Error response includes field name and reason; no partial write to DB |
| QS-03 | Registered service goes offline | Spider marks it unreachable within 15 min |
liveness_status=unreachable and updated last_checked_at in API response |
| QS-04 | Agent sends GET /api/ (root) |
Returns JSON with _links to search, register, and health endpoints |
No prior knowledge of path structure required; all links resolvable |
| QS-05 | VPS is rebooted | All services come back up automatically; registry data intact | docker compose up on restart (via restart policy); 0 data loss |
| QS-06 | Unauthenticated POST to /api/register |
401 Unauthorized | No registration created; API key required |
| QS-07 | STF reviewer opens portal in browser | Homepage shows registry stats + search; registration form works | Zero errors in browser console; form submits successfully |
10.3 MVP Acceptance Criteria
The PoC is done when all of the following are true:
- Public URL is reachable over HTTPS
GET /api/returns valid HATEOAS navigation linksGET /api/services?capability=Xreturns at least 1 result for at least 3 distinct capability queries- At least 5 real services are registered (not demo fixtures)
- Spider has run at least one full check cycle and updated liveness status for all registered services
- Portal registration form accepts a valid BSM and shows confirmation
- Admin O-level assignment works via portal
GET /api/healthreturns 200 with DB status- No credentials or PII appear in
docker compose logsoutput infra/hetzner/provision.sh+deploy.shinstalls and starts the full stack on a fresh Hetzner VPS