refactor: complete bootstrap of ARNES agent harness framework

- Add complete agent harness structure with 8 roles (leader, triager, architect, implementer, reviewer, security, qa, documenter)
- Implement strict workflow with 9 stages and mandatory gates
- Add comprehensive verification script and runtime status tracking
- Create artifact-based evidence system with contracts and schemas
- Add agent policy matrix with permissions and anti-cheat rules
- Include test suite (44 tests passing) and CI-ready structure
- Add documentation: README, HOWTO, CHECKPOINTS, templates
- Configure model routing policies and token-aware task assignment
- Add BDD/SDD specification guides and feature templates
- Include starter pack for quick project onboarding

All verification checks pass. Framework ready for production use.
This commit is contained in:
rikrdo
2026-05-17 23:25:35 +02:00
parent 622e5df382
commit 3ff9b70e4c
104 changed files with 8534 additions and 187 deletions

View File

@@ -0,0 +1,70 @@
@F-004 @auth @login
Feature: User Login
Background:
Given the user "alice@example.com" exists with password "SecurePass123!"
@positive
Scenario: Successful login with valid credentials
Given I have valid email "alice@example.com" and password "SecurePass123!"
When I attempt to login
Then I should receive an access token
And the access token should contain user_id claim
And the access token should contain email claim
And the access token should not be expired
@positive
Scenario: Login returns refresh token
Given I have valid credentials for "alice@example.com"
When I login successfully
Then I should receive a refresh token
And the refresh token should be different from access token
And the refresh token should have longer expiration
@positive
Scenario: Login email is case-insensitive
Given a user exists with email "bob@test.com" and password "TestPass99!"
When I login with email "BOB@TEST.COM" and password "TestPass99!"
Then login should be successful
@negative
Scenario: Login with wrong password
Given I have email "alice@example.com" and password "WrongPassword123!"
When I attempt to login
Then I should receive error "Credenciales inválidas"
And I should not receive any token
@negative
Scenario: Login with nonexistent user
Given I have email "nonexistent@test.com" and password "AnyPass123!"
When I attempt to login
Then I should receive error "Credenciales inválidas"
And I should not receive any token
@negative
Scenario: Login with empty password
Given I have email "alice@example.com" and empty password
When I attempt to login
Then I should receive validation error
And I should not receive any token
@negative
Scenario: Login with invalid email format
Given I have email "not-an-email" and password "ValidPass123!"
When I attempt to login
Then I should receive validation error
And I should not receive any token
@security @rate-limit
Scenario: Login blocked after 10 failed attempts
Given I have email "alice@example.com" and password "WrongPassword!"
When I attempt to login 10 times with wrong password
Then account should be temporarily locked
And next login attempt should return error "Cuenta bloqueada"
@smoke
Scenario: Login endpoint responds with JSON
Given I have valid credentials for "alice@example.com"
When I send a POST request to "/api/v1/auth/login"
Then response should be JSON format
And response should have correct content-type header