Feat/deployment kani loadtests rbac 968 976 977 979#994
Merged
pope-h merged 3 commits intoMay 30, 2026
Merged
Conversation
…r rbac Implement multi-chain deployment configuration, Kani formal verification proofs, k6 performance load test suites, and database-backed granular RBAC role & permission management. - Issue Shelterflex#968: Admin Role & Permission Management API — Granular RBAC (database migrations, rbac middleware, admin roles routes, and replaced raw checks in dispute, payout, and KYC routes). - Issue Shelterflex#976: Multi-chain deployment configuration (EVM & Soroban scripts, testnet/mainnet configs, and tagging-triggered GHA workflow). - Issue Shelterflex#977: Bond collateral Kani verification (5 proof harnesses covering fund safety, monotonicity, withdraw validation, liquidation floor, access controls). - Issue Shelterflex#979: Load testing suite (shared config, 5 distinct k6 scenarios for properties, payments, underwriting, OTP, staking, and manual GHA run workflow). Closes Shelterflex#968 Closes Shelterflex#976 Closes Shelterflex#977 Closes Shelterflex#979
|
@soomtochukwu is attempting to deploy a commit to the pope-h's projects Team on Vercel. A member of the Team first needs to authorize it. |
|
@soomtochukwu Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
Implement multi-chain deployment configuration, Kani formal verification proofs, k6 performance load test suites, and database-backed granular RBAC role & permission management for administration APIs. ## Linked issue (recommended) Closes Shelterflex#968, Closes Shelterflex#976, Closes Shelterflex#977, Closes Shelterflex#979 ## Changes ### 1. Granular RBAC Administration (Shelterflex#968) * [New Migration] backend/migrations/035_admin_rbac.sql: Seeded default roles (super_admin, risk_officer, compliance_officer, operations) and permissions mapping. * [Middleware] backend/src/middleware/rbac.ts: Implemented requirePermission dynamic middleware validating user privileges via database queries with caching. * [New Router] backend/src/routes/adminRoles.ts: Created endpoints to assign/revoke roles and view all system roles/permissions. * [Integration] Refactored kyc.ts, paymentDispute.ts, and adminWithdrawals.ts to enforce granular, scoped permissions. * [Tests]: Added extensive tests inside adminRoles.test.ts and adminWithdrawals.test.ts. ### 2. Multi-Chain Deployment Configuration (Shelterflex#976) * [Config Files] contracts/deployment/config/: Stellar testnet, mainnet, and Base Sepolia configurations. * [Scripts] contracts/deployment/scripts/: Idempotent bash scripts deploy-soroban.sh and deploy-evm.sh. ### 3. Kani Formal Verification (Shelterflex#977) * [Proof Harnesses] contracts/bond_collateral/src/formal_properties.rs: 5 Kani proofs (prove_no_fund_leakage, prove_slash_monotonicity, prove_withdraw_safety, prove_slash_ceiling, prove_admin_only_invariant). ### 4. Load Testing Suite (Shelterflex#979) * [Scenarios] load-tests/scenarios/: 5 k6 scenarios (property-search, payment-flow, underwriting, auth-otp, staking-read). * [GHA Workflow] .github/workflows/load-test.yml: Manual load-test run GHA trigger pipeline. ## Contract Upgrade Details (if applicable) N/A ## How to test - [x] All automated tests pass (cargo test and vitest) - [x] Integration tests pass - [x] Manual testing completed (all lint, fmt, and build checks completed successfully) ## Security Considerations - [x] No secrets or sensitive data are logged - [x] Authorization checks modeled and verified symbolically and in integration tests ## Screenshots (if UI) N/A ## Checklist - [x] I linked an issue (or explained why one is not needed) - [x] I tested locally - [x] I did not commit secrets - [x] I updated docs if needed - [x] Code follows the project's style guidelines - [x] CI checks pass
soomtochukwu
force-pushed
the
feat/deployment-kani-loadtests-rbac-968-976-977-979
branch
from
e24f531 to
e6ca922
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #968
Closes #976
Closes #977
Closes #979