# Phase 4 — User Acceptance Testing (Warzone Delivery / Mule Protocol) > Phase 4 is NOT YET IMPLEMENTED. This is a pre-written test plan. ## Prerequisites - Phase 3 UAT fully passing - Two isolated networks (can use VMs or Docker networks) - A device that can move between networks (the mule) --- ## 1. Mule Identity & Authorization ```bash cargo run --bin warzone-mule -- init cargo run --bin warzone-mule -- register -s http://server-a:7700 ``` - [ ] Mule generates its own identity - [ ] Mule registered with Server A - [ ] Server admin authorizes mule: `warzone-server admin authorize-mule ` - [ ] Unauthorized mule rejected on pickup attempt --- ## 2. Message Pickup **Server A has queued messages for users on Server B (which is offline):** ```bash cargo run --bin warzone-mule -- pickup -s http://server-a:7700 ``` - [ ] Mule connects to Server A - [ ] Mule authenticates (challenge-response) - [ ] Server returns queued outbound messages (encrypted blobs) - [ ] Messages marked as "IN_TRANSIT by mule X" on Server A - [ ] Mule stores messages locally - [ ] Mule reports capacity: "Picked up 42 messages (1.2 MB / 50 MB capacity)" --- ## 3. Physical Transport & Delivery **Mule moves to Server B's network:** ```bash cargo run --bin warzone-mule -- deliver -s http://server-b:7700 ``` - [ ] Mule connects to Server B - [ ] Delivers encrypted blobs - [ ] Server B queues messages for local recipients - [ ] Server B returns delivery receipts (signed) - [ ] Mule stores receipts locally --- ## 4. Receipt Delivery **Mule returns to Server A's network:** ```bash cargo run --bin warzone-mule -- receipts -s http://server-a:7700 ``` - [ ] Mule delivers receipts to Server A - [ ] Server A marks messages as DELIVERED - [ ] Server A removes messages from outbound queue --- ## 5. Receipt Enforcement **Mule tries to pick up again WITHOUT delivering previous receipts:** ```bash cargo run --bin warzone-mule -- pickup -s http://server-a:7700 ``` - [ ] Server A rejects: "outstanding receipts not delivered" - [ ] Mule must deliver receipts first (or submit signed failure report) --- ## 6. Deduplication **Two mules pick up the same messages:** - [ ] Mule 1 picks up and delivers to Server B - [ ] Mule 2 picks up same messages (still in transit) - [ ] Mule 2 delivers to Server B - [ ] Server B deduplicates: messages delivered once, no duplicates for recipients --- ## 7. Message Expiry **Messages older than TTL:** - [ ] Server queues message with 7-day TTL - [ ] After 7 days without pickup → status changes to EXPIRED - [ ] Expired messages not given to mules - [ ] Expired messages cleaned up from DB --- ## 8. Outer Encryption (Metadata Hiding) - [ ] Messages from Server A to Server B wrapped in outer encryption (Server B's pubkey) - [ ] Mule sees only: "encrypted blob for Server B" - [ ] Mule cannot see sender/recipient fingerprints - [ ] Server B unwraps outer layer, routes inner messages to recipients --- ## 9. Partial Sync / Resume **Mule connection interrupted during pickup:** ```bash cargo run --bin warzone-mule -- pickup -s http://server-a:7700 # kill connection mid-transfer cargo run --bin warzone-mule -- pickup -s http://server-a:7700 ``` - [ ] Second pickup resumes from where it left off - [ ] No duplicate messages in mule's local store --- ## 10. Compression - [ ] Message bundles compressed with zstd before transfer - [ ] Mule reports compressed size: "42 messages: 1.2 MB → 400 KB (67% compression)" - [ ] Decompression on delivery --- ## Summary | # | Feature | Result | |---|---------|--------| | 1 | Mule identity & auth | ☐ | | 2 | Message pickup | ☐ | | 3 | Physical delivery | ☐ | | 4 | Receipt delivery | ☐ | | 5 | Receipt enforcement | ☐ | | 6 | Deduplication | ☐ | | 7 | Message expiry | ☐ | | 8 | Outer encryption | ☐ | | 9 | Partial sync | ☐ | | 10 | Compression | ☐ | **Tester:** _______________ **Date:** _______________