Activates a new @critical @admin-introspection scenario in
features/jwt/jwt_secret_retention.feature that exercises the GET
/api/v1/admin/jwt/secrets endpoint added in PR #51.
The scenario asserts the SECURITY-CRITICAL property: the metadata
endpoint exposes structure (count + per-secret is_primary, age,
fingerprint) WITHOUT leaking secret values. If a future change
accidentally adds the secret value to the response, this test fails
loud:
SECURITY: response leaked the secret value "test-secret-do-not-leak..."
Specifically, the BDD asserts:
- After adding a secondary secret with a known value, GET returns 200
- The response contains 2 secrets in count
- The response does NOT contain the secret value anywhere
- Every entry has a non-empty SHA-256 fingerprint
4 new step definitions added to pkg/bdd/steps/jwt_retention_steps.go:
- iAddASecondaryJWTSecretNamed (parameterised by secret value)
- iRequestTheJWTSecretsMetadataEndpoint
- theMetadataShouldContainNSecrets
- theMetadataShouldNotContainTheSecretValue (the security check)
- everySecretInTheMetadataShouldHaveASHA256Fingerprint
Tests:
- Scenario passes via @admin-introspection tag filter.
- Full BDD suite (auth/config/greet/health/info/jwt) green.
The pre-existing @todo scenarios (Multiple secrets with different ages,
Cleanup frequency configuration, etc.) remain @todo — they require
arbitrary timestamp setup or manual cleanup triggers that aren't
exposed via API, by design. Documented as future test-infrastructure
work.
Adds Kubernetes-style /api/healthz endpoint with status/version/uptime_seconds/timestamp.
Non-breaking — /api/health preserved. Includes unit test (passes locally) and BDD scenario (validated by CI).
Généré ~95% en autonomie par Mistral Vibe via workspace ICM ~/Work/Vibe/workspaces/healthz-feature/.
Co-authored-by: Gabriel Radureau <arcodange@gmail.com>
Co-committed-by: Gabriel Radureau <arcodange@gmail.com>
- Add ADR-0012 documenting the decision to format only staged Go files
- Update ADR README.md with new entry
- Document rationale, alternatives, and verification results
- Include future considerations for monitoring and CI/CD integration
Generated by Mistral Vibe.
Co-Authored-By: Mistral Vibe <vibe@mistral.ai>
- Added /api/v2/greet POST endpoint with JSON request/response
- Implemented ServiceV2 with Hello my friend <name>! greeting format
- Added api.v2_enabled feature flag (default: false)
- Extended BDD tests to cover v2 scenarios
- Maintained full backward compatibility with v1 API
- Added DLC_API_V2_ENABLED environment variable support
- Created ADR 0010-api-v2-feature-flag.md
- Updated configuration system to support API versioning
Finalize BDD testing framework with:
- Unified step definitions using StepContext struct
- Proper server verification in theServerIsRunning step
- Robust JSON response handling with escaping and newline trimming
- Updated documentation reflecting current implementation
- Test validation script to ensure test quality
- All tests passing with proper black box testing
Key files updated:
- pkg/bdd/steps/steps.go: Unified step definitions
- pkg/bdd/testserver/client.go: Robust response validation
- pkg/bdd/README.md: Godog pattern guide
- doc/BDD_GUIDE.md: Updated usage guide
- adr/0008-bdd-testing.md: Updated ADR with current approach
- scripts/run-bdd-tests.sh: Test validation script
The BDD framework is now production-ready with comprehensive
documentation and proper testing practices.
Implement comprehensive BDD testing framework using Godog:
- Added feature files for greet and health endpoints
- Created test server that runs on port 9191
- Implemented step definitions using Godog's exact patterns
- Fixed undefined step warnings by following Godog conventions
- All tests passing with proper response validation
- Maintained black box testing principles
Key files:
- pkg/bdd/steps/steps.go - Step definitions using StepContext struct
- pkg/bdd/testserver/ - Test server implementation
- features/*.feature - BDD feature files
- pkg/bdd/README.md - Documentation for proper step patterns
The implementation follows Godog's exact pattern suggestions to avoid
undefined step warnings and provides comprehensive API testing.
