docs(02): add research and validation strategy for Lab 01 - IAM & Sicurezza

.planning/phases/02-lab-01-iam-sicurezza/02-VALIDATION.md

@@ -0,0 +1,91 @@
+---
+phase: 2
+slug: lab-01-iam-sicurezza
+status: draft
+nyquist_compliant: false
+wave_0_complete: false
+created: 2026-03-24
+---
+
+# Phase 2 — Validation Strategy
+
+> Per-phase validation contract for feedback sampling during execution.
+
+---
+
+## Test Infrastructure
+
+| Property | Value |
+|----------|-------|
+| **Framework** | Bash script testing + Docker inspection |
+| **Config file** | none — Wave 0 installs |
+| **Quick run command** | `labs/lab-01-iam/tests/test-01-setup.sh` |
+| **Full suite command** | `labs/lab-01-iam/tests/run-all-tests.sh` |
+| **Estimated runtime** | ~15 seconds |
+
+---
+
+## Sampling Rate
+
+- **After every task commit:** Run quick test for affected component
+- **After every plan wave:** Run full test suite
+- **Before `/gsd:verify-work`:** Full suite must be green
+- **Max feedback latency:** 20 seconds
+
+---
+
+## Per-Task Verification Map
+
+| Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
+|---------|------|------|-------------|-----------|-------------------|-------------|--------|
+| 02-01-01 | 01 | 1 | TEST-01 | script | `labs/lab-01-iam/tests/test-01-user.sh` | ✅ W0 | ⬜ pending |
+| 02-01-02 | 01 | 1 | LAB-01 | script | `labs/lab-01-iam/tests/test-01-user.sh` | ✅ W0 | ⬜ pending |
+| 02-02-01 | 02 | 1 | TEST-01 | script | `labs/lab-01-iam/tests/test-02-permission.sh` | ✅ W0 | ⬜ pending |
+| 02-02-02 | 02 | 1 | LAB-01 | script | `labs/lab-01-iam/tests/test-02-permission.sh` | ✅ W0 | ⬜ pending |
+| 02-03-01 | 03 | 1 | INF-01 | docker | `docker inspect --format='{{.Config.User}}' lab01-nginx 2>/dev/null || echo "not built"` | ✅ W0 | ⬜ pending |
+| 02-03-02 | 03 | 2 | DOCT-01 | file | `test -f labs/lab-01-iam/tutorial.md` | — | ⬜ pending |
+| 02-03-03 | 03 | 2 | DOCT-02 | file | `test -f how-to-guides/docker-user-setup.md` | — | ⬜ pending |
+| 02-03-04 | 03 | 2 | DOCT-03 | file | `test -f labs/lab-01-iam/REFERENCE.md` | — | ⬜ pending |
+| 02-03-05 | 03 | 2 | DOCT-04 | file | `test -f labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |
+| 02-04-01 | 04 | 2 | TEST-05 | script | `labs/lab-01-iam/tests/double-check.sh` | ✅ W0 | ⬜ pending |
+| 02-04-02 | 04 | 2 | PARA-01 | content | `grep -q "IAM.*Linux" labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |
+| 02-04-03 | 04 | 2 | PARA-03 | content | `grep -q "differenza" labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |
+
+*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*
+
+---
+
+## Wave 0 Requirements
+
+- [ ] `labs/lab-01-iam/tests/test-01-user.sh` — Verifies user creation fails without docker group
+- [ ] `labs/lab-01-iam/tests/test-02-permission.sh` — Verifies docker socket access requires group membership
+- [ ] `labs/lab-01-iam/tests/double-check.sh` — Final validation script for student self-check
+- [ ] Docker group exists on test system
+- [ ] Test can distinguish between permission denied and other errors
+
+*All tests must follow TDI: RED (fail first) → GREEN (implement) → REFACTOR*
+
+---
+
+## Manual-Only Verifications
+
+| Behavior | Requirement | Why Manual | Test Instructions |
+|----------|-------------|------------|-------------------|
+| Student follows tutorial successfully | DOCT-01, DOCT-05 | Requires human judgment | Follow tutorial literally on fresh system |
+| Student understands IAM parallels | PARA-01 | Requires comprehension check | Read EXPLANATION.md, verify mapping is clear |
+| Tutorial uses "little often" approach | DOCT-05 | Subjective assessment | Verify tutorial has small incremental steps |
+
+*Core functionality has automated verification.*
+
+---
+
+## Validation Sign-Off
+
+- [ ] All tasks have `<automated>` verify or Wave 0 dependencies
+- [ ] Sampling continuity: no 3 consecutive tasks without automated verify
+- [ ] Wave 0 covers all MISSING references
+- [ ] No watch-mode flags
+- [ ] Feedback latency < 20s
+- [ ] `nyquist_compliant: true` set in frontmatter
+
+**Approval:** pending