Phase 1 — Goals
Description: Shared Go integration test harness (testcontainers, tags, CI) before auth/proxy integration milestones scale up.
Phase 1 — Goals
Goal 1.0: Test infrastructure (prerequisite)
Description: Shared Go integration test harness (testcontainers, tags, CI) before auth/proxy integration milestones scale up.
Related milestones:
Validation: go test -tags=integration ./... documented and runnable in CI smoke path
Goal 1.1: Persistence and auth data plane
Description: Introduce Postgres migrations and the minimum schema for organizations and API tokens, plus the auth gRPC contract and validation logic.
Acceptance criteria:
- Migration runner integrated with
Makefile/dev-tool.sh - Tables match subset of DATABASE_SCHEMA.md (
ibex_core.organizations,ibex_core.tokens) - RLS enabled;
SET LOCAL app.current_org_idpattern documented and tested ValidateToken(or equivalent) RPC returns org_id + permission bitmap or unauthenticated error- Cross-tenant test: token from Org A cannot validate as Org B
Related milestones:
Validation: make db-migrate; go test ./services/auth/... with integration tag; grpcurl or integration client against auth
Goal 1.2: Proxy platform integration
Description: Wire the proxy to auth and parse incoming LLM requests without calling a provider.
Acceptance criteria:
- Proxy calls auth with bounded timeout; fails closed on auth errors
- Valid request attaches org context for downstream use (no provider call yet)
- OpenAI-shaped chat completion JSON parses; malformed body → 400 with stable error envelope
- No new business endpoints beyond documented proxy routes for this goal
Related milestones:
Validation: Integration tests with auth + proxy running; httptest for malformed payloads
Goal 1.3: Observability baseline
Description: Align skeleton observability with MONITORING.md and DEPENDENCIES.md.
Acceptance criteria:
- OTel tracer/meter providers initialized in auth and proxy
main(exporter optional) - HTTP middleware creates spans for request path
- Migrate
/metricstoprometheus/client_golangOR document ADR deferral with parity tests - Logs remain structured JSON; no secrets or raw memory content
Related milestones:
Goal 1.4: Developer experience baseline
Description: Canonical local dev onboarding: idempotent seed data, .env.example files, local smoke tests, shared config/error packages, and a standardised health check contract.
Acceptance criteria:
make db-seedproduces a working org, user, agent, and PAT on a migrated dev databasemake dev-smokevalidates auth → proxy without an LLM keypackages/configandpackages/apierrorare used by auth and proxy (no scatteredos.Getenvfor required vars)/healthand/readyfollow a documented JSON contract across Go services
Related milestones:
Validation: Fresh clone + make compose-dev-up + make db-migrate + make db-seed + make dev-smoke exits 0
Goal 1.5: Phase 1 security gate
Description: End-to-end security integration test suite validating the composed proxy middleware chain (auth → agent verify → rate limit) against real Postgres and Redis. Explicit Phase 1 completion gate.
Acceptance criteria:
- Token from Org A cannot access Org B resources (403)
- Revoked token rejected (401) within documented SLA
- Cross-org agent ID rejected (403)
- Rate limit returns 429 with
Retry-After - Insufficient permission bitmap returns 403
- All tests run under
go test -tags=integrationin CI
Related milestones:
Validation: go test -tags=integration ./services/proxy/... security suite green; Phase 1 exit criteria in README satisfied
Decision points (mid-phase)
| When | Question | Default if no pivot |
|---|---|---|
| After 1.1.1 | golang-migrate vs goose vs atlas | golang-migrate (ADR-0005) |
| After 1.1.2 | gRPC only vs internal HTTP for auth | gRPC per ARCHITECTURE.md |
| After 1.2.1 | In-process auth vs always remote | Remote gRPC with short timeout |
Log pivots in FINDINGS.md.
Last updated on