laboratori-cloud/.planning/phases/02-lab-01-iam-sicurezza/02-VALIDATION.md

---
phase: 2
slug: lab-01-iam-sicurezza
status: draft
nyquist_compliant: false
wave_0_complete: false
created: 2026-03-24
---

# Phase 2 — Validation Strategy

> Per-phase validation contract for feedback sampling during execution.

---

## Test Infrastructure

| Property | Value |
|----------|-------|
| **Framework** | Bash script testing + Docker inspection |
| **Config file** | none — Wave 0 installs |
| **Quick run command** | `labs/lab-01-iam/tests/test-01-setup.sh` |
| **Full suite command** | `labs/lab-01-iam/tests/run-all-tests.sh` |
| **Estimated runtime** | ~15 seconds |

---

## Sampling Rate

- **After every task commit:** Run quick test for affected component
- **After every plan wave:** Run full test suite
- **Before `/gsd:verify-work`:** Full suite must be green
- **Max feedback latency:** 20 seconds

---

## Per-Task Verification Map

| Task ID | Plan | Wave | Requirement | Test Type | Automated Command | File Exists | Status |
|---------|------|------|-------------|-----------|-------------------|-------------|--------|
| 02-01-01 | 01 | 1 | TEST-01 | script | `labs/lab-01-iam/tests/test-01-user.sh` | ✅ W0 | ⬜ pending |
| 02-01-02 | 01 | 1 | LAB-01 | script | `labs/lab-01-iam/tests/test-01-user.sh` | ✅ W0 | ⬜ pending |
| 02-02-01 | 02 | 1 | TEST-01 | script | `labs/lab-01-iam/tests/test-02-permission.sh` | ✅ W0 | ⬜ pending |
| 02-02-02 | 02 | 1 | LAB-01 | script | `labs/lab-01-iam/tests/test-02-permission.sh` | ✅ W0 | ⬜ pending |
| 02-03-01 | 03 | 1 | INF-01 | docker | `docker inspect --format='{{.Config.User}}' lab01-nginx 2>/dev/null || echo "not built"` | ✅ W0 | ⬜ pending |
| 02-03-02 | 03 | 2 | DOCT-01 | file | `test -f labs/lab-01-iam/tutorial.md` | — | ⬜ pending |
| 02-03-03 | 03 | 2 | DOCT-02 | file | `test -f how-to-guides/docker-user-setup.md` | — | ⬜ pending |
| 02-03-04 | 03 | 2 | DOCT-03 | file | `test -f labs/lab-01-iam/REFERENCE.md` | — | ⬜ pending |
| 02-03-05 | 03 | 2 | DOCT-04 | file | `test -f labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |
| 02-04-01 | 04 | 2 | TEST-05 | script | `labs/lab-01-iam/tests/double-check.sh` | ✅ W0 | ⬜ pending |
| 02-04-02 | 04 | 2 | PARA-01 | content | `grep -q "IAM.*Linux" labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |
| 02-04-03 | 04 | 2 | PARA-03 | content | `grep -q "differenza" labs/lab-01-iam/EXPLANATION.md` | — | ⬜ pending |

*Status: ⬜ pending · ✅ green · ❌ red · ⚠️ flaky*

---

## Wave 0 Requirements

- [ ] `labs/lab-01-iam/tests/test-01-user.sh` — Verifies user creation fails without docker group
- [ ] `labs/lab-01-iam/tests/test-02-permission.sh` — Verifies docker socket access requires group membership
- [ ] `labs/lab-01-iam/tests/double-check.sh` — Final validation script for student self-check
- [ ] Docker group exists on test system
- [ ] Test can distinguish between permission denied and other errors

*All tests must follow TDI: RED (fail first) → GREEN (implement) → REFACTOR*

---

## Manual-Only Verifications

| Behavior | Requirement | Why Manual | Test Instructions |
|----------|-------------|------------|-------------------|
| Student follows tutorial successfully | DOCT-01, DOCT-05 | Requires human judgment | Follow tutorial literally on fresh system |
| Student understands IAM parallels | PARA-01 | Requires comprehension check | Read EXPLANATION.md, verify mapping is clear |
| Tutorial uses "little often" approach | DOCT-05 | Subjective assessment | Verify tutorial has small incremental steps |

*Core functionality has automated verification.*

---

## Validation Sign-Off

- [ ] All tasks have `<automated>` verify or Wave 0 dependencies
- [ ] Sampling continuity: no 3 consecutive tasks without automated verify
- [ ] Wave 0 covers all MISSING references
- [ ] No watch-mode flags
- [ ] Feedback latency < 20s
- [ ] `nyquist_compliant: true` set in frontmatter

**Approval:** pending