manawenuz/featherChat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe2b7d8e8aa19a34ed646a6eb16a78b286628898
featherChat/warzone/UAT/PHASE7.md
Siavash Sameni c8b51fa96b UAT test plans for all 7 phases 
UAT/PHASE1.md — 20 test scenarios, 80+ checkboxes
  Identity, encryption, messaging, TUI, web, groups, aliases,
  auth, OTP replenishment, session persistence, cross-client

UAT/PHASE2.md — 7 scenarios (WASM, receipts, files, multi-device, HW wallet, groups, history)
UAT/PHASE3.md — 6 scenarios (DNS discovery, key transparency, federation, mutual TLS, gossip)
UAT/PHASE4.md — 10 scenarios (mule identity, pickup, delivery, receipts, dedup, expiry, compression)
UAT/PHASE5.md — 6 scenarios (Bluetooth, LoRa, mDNS, Wi-Fi Direct, USB export, fallback chain)
UAT/PHASE6.md — 3 scenarios (sealed sender, traffic analysis resistance, onion routing)
UAT/PHASE7.md — 8 scenarios (ntfy, DoH, DB encryption, admin CLI, rate limiting, audit, CI, monitoring)

Each test has exact commands to run and checkboxes for pass/fail.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-27 08:01:36 +04:00

175 lines
4.6 KiB
Markdown
Raw Blame History

# Phase 7 — User Acceptance Testing (Operations & Polish)
> Phase 7 is NOT YET IMPLEMENTED. This is a pre-written test plan.
## Prerequisites
- Phase 6 UAT fully passing
- ntfy server (self-hosted or ntfy.sh)
- CI/CD pipeline configured
---
## 1. ntfy Push Notifications
**Setup:**
```bash
cargo run --bin warzone-server -- --ntfy-url https://ntfy.example.com
```
**Client subscribes:**
```bash
cargo run --bin warzone-client -- notifications --enable
```
- [ ] Client registers ntfy topic (fingerprint-derived)
- [ ] When offline and message arrives, ntfy push notification sent
- [ ] Notification shows: "New message" (NO message content — E2E)
- [ ] Android: ntfy app shows notification
- [ ] iOS: ntfy app shows notification
- [ ] Desktop: ntfy web shows notification
- [ ] Self-hosted ntfy: all above work against own instance
---
## 2. DNS-over-HTTPS (Censored Networks)
**DNS blocked but HTTPS available:**
```bash
cargo run --bin warzone-client -- chat --doh https://1.1.1.1/dns-query
```
- [ ] DNS resolution via HTTPS (bypasses local DNS censorship)
- [ ] Federation discovery works through DoH
- [ ] Key transparency verification works through DoH
- [ ] Fallback to system DNS if DoH fails
---
## 3. Server-at-Rest Encryption
```bash
cargo run --bin warzone-server -- --encrypt-db
# Prompted for passphrase on startup
```
- [ ] sled database encrypted at rest
- [ ] Server restart requires passphrase
- [ ] If server seized (power off), DB is unreadable without passphrase
- [ ] Performance impact: < 10% overhead
- [ ] Without `--encrypt-db`, DB is plaintext (default)
---
## 4. Admin CLI
```bash
cargo run --bin warzone-server -- admin
```
- [ ] `admin list-users` — shows all registered fingerprints + aliases
- [ ] `admin list-groups` — shows all groups + member counts
- [ ] `admin ban <fingerprint>` — blocks user from server
- [ ] `admin unban <fingerprint>` — unblocks user
- [ ] `admin list-mules` — shows authorized mules
- [ ] `admin authorize-mule <fp>` — authorizes a mule
- [ ] `admin revoke-mule <fp>` — revokes mule authorization
- [ ] `admin stats` — shows message counts, active users, queue depth
- [ ] `admin gc` — garbage collect expired messages, tokens, aliases
---
## 5. Rate Limiting
**Spam prevention:**
- [ ] More than 100 messages/minute from one fingerprint → rate limited
- [ ] Rate limit response: HTTP 429 with retry-after header
- [ ] Client shows: "Rate limited, retry in 30 seconds"
- [ ] Group sends: limit per-member, not per-group
**Registration abuse:**
- [ ] More than 5 identities from one IP per hour → blocked
- [ ] Alias registration: max 1 per hour per fingerprint
---
## 6. Audit Logging
```bash
cargo run --bin warzone-server -- --audit-log /var/log/warzone-audit.log
```
- [ ] All authentication events logged (success + failure)
- [ ] Key registrations logged
- [ ] Group create/join/leave logged
- [ ] Alias registrations logged
- [ ] Message metadata logged (from_fp, to_fp, timestamp, size — NO content)
- [ ] Mule pickups/deliveries logged
- [ ] Log format: structured JSON, one event per line
- [ ] Log rotation compatible (logrotate)
---
## 7. Cross-Compilation CI
```bash
cargo build --target x86_64-unknown-linux-gnu
cargo build --target aarch64-unknown-linux-gnu
cargo build --target x86_64-apple-darwin
cargo build --target aarch64-apple-darwin
cargo build --target x86_64-pc-windows-msvc
wasm-pack build --target web crates/warzone-protocol
```
- [ ] Linux x86_64: static binary, runs on Ubuntu/Debian/Alpine
- [ ] Linux aarch64 (ARM): runs on Raspberry Pi / ARM servers
- [ ] macOS x86_64: runs on Intel Macs
- [ ] macOS aarch64: runs on Apple Silicon
- [ ] Windows: runs on Windows 10+
- [ ] WASM: loads in Chrome, Firefox, Safari
- [ ] All binaries < 20 MB
- [ ] CI pipeline runs tests on all platforms
- [ ] Release artifacts uploaded to GitHub/Gitea
---
## 8. Monitoring & Health
**Health check:**
```bash
curl http://localhost:7700/v1/health
```
- [ ] Returns status, version, uptime
- [ ] Queue depth included
- [ ] Active connections count
- [ ] DB size on disk
**Prometheus metrics (optional):**
```bash
curl http://localhost:7700/metrics
```
- [ ] `warzone_messages_total` counter
- [ ] `warzone_active_users` gauge
- [ ] `warzone_queue_depth` gauge
- [ ] `warzone_auth_failures_total` counter
---
## Summary
| # | Feature | Result |
|---|---------|--------|
| 1 | ntfy notifications | ☐ |
| 2 | DNS-over-HTTPS | ☐ |
| 3 | Server-at-rest encryption | ☐ |
| 4 | Admin CLI | ☐ |
| 5 | Rate limiting | ☐ |
| 6 | Audit logging | ☐ |
| 7 | Cross-compilation CI | ☐ |
| 8 | Monitoring & health | ☐ |
**Tester:** _______________
**Date:** _______________
Reference in New Issue View Git Blame Copy Permalink