--- phase: 3 slug: lab-02-network-vpc status: draft nyquist_compliant: false wave_0_complete: false created: 2026-03-25 --- # Phase 3 — Validation Strategy > Per-phase validation contract for network isolation and VPC simulation testing. --- ## Test Infrastructure | Property | Value | |----------|-------| | **Framework** | bash (test scripts) | | **Config file** | none | | **Quick run command** | `bash labs/lab-02-network/tests/quick-test.sh` | | **Full suite command** | `bash labs/lab-02-network/tests/run-all-tests.sh` | | **Estimated runtime** | ~30 seconds | --- ## Sampling Rate - **After every task commit:** Run `bash labs/lab-02-network/tests/quick-test.sh` - **After every plan wave:** Run `bash labs/lab-02-network/tests/run-all-tests.sh` - **Before `/gsd:verify-work`:** Full suite must be green - **Max feedback latency:** 30 seconds --- ## Per-Task Verification Map | Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status | |---------|------|------|-------------|-----------|-------------------|-------------|--------| | 03-01-01 | 01 | 1 | LAB-02, TEST-01 | unit | `bash labs/lab-02-network/tests/test-network-isolation.sh` | ❌ W0 | ⬜ pending | | 03-01-02 | 01 | 1 | INF-02 | integration | `bash labs/lab-02-network/tests/test-private-network-no-expose.sh` | ❌ W0 | ⬜ pending | | 03-02-01 | 02 | 1 | DOCT-01, DOCT-02 | documentation | File existence check | ❌ W0 | ⬜ pending | | 03-03-01 | 03 | 2 | LAB-02, INF-02 | infrastructure | `docker-compose config` + container ping test | ❌ W0 | ⬜ pending | *Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky* --- ## Wave 0 Requirements - [ ] `labs/lab-02-network/tests/test-network-isolation.sh` — stubs for network isolation tests - [ ] `labs/lab-02-network/tests/test-private-network-no-expose.sh` — stubs for INF-02 compliance - [ ] `labs/lab-02-network/tests/run-all-tests.sh` — test orchestration script - [ ] `labs/lab-02-network/tests/quick-test.sh` — quick validation script --- ## Manual-Only Verifications | Behavior | Requirement | Why Manual | Test Instructions | |----------|-------------|------------|-------------------| | Visual verification of network topology | LAB-02 | Requires human interpretation of docker network ls output | Student runs `docker network ls` and compares to expected VPC structure | | Documentation completeness | DOCT-01, DOCT-02, DOCT-03, DOCT-04 | Requires human judgment of Diátaxis quadrant coverage | Instructor reviews all 4 quadrants for completeness | --- ## Validation Sign-Off - [ ] All tasks have `` verify or Wave 0 dependencies - [ ] Sampling continuity: no 3 consecutive tasks without automated verify - [ ] Wave 0 covers all MISSING references - [ ] No watch-mode flags - [ ] Feedback latency < 30s - [ ] `nyquist_compliant: true` set in frontmatter **Approval:** pending --- ## Integration Points ### Phase 2 Dependencies - IAM concepts from Lab 01 are foundational but Network lab can run independently - Test script patterns from Phase 2 (run-all-tests.sh, color output) should be reused ### Future Phase Dependencies - Lab 04 (Storage & S3) will use networks created in this phase - Lab 05 (Database) will place database in private network created here - Network isolation is prerequisite for multi-tier architecture ### INF-02 Compliance Verification - Private networks must NOT expose ports on 0.0.0.0 - Test verifies `docker-compose config` output for `127.0.0.1:PORT:PORT` pattern - Manual verification: `netstat -tlnp | grep docker` shows no 0.0.0.0 bindings for private services