6cca895ba9
- Documented major changes after pulling from upstream (HKUDS/LightRAG), focusing on multi-tenant support, security hardening, and RLS/RBAC. - Created concise documentation under docs/diff_hku, including migration guides and security audits. - Enumerated unmerged upstream commits and summarized substantive features and fixes. - Outlined next steps for DB migrations, CI tests, and potential cherry-picking of upstream fixes.
30 lines
1.3 KiB
Markdown
30 lines
1.3 KiB
Markdown
|
|
# Tests & acceptance checklist (minimal but actionable)
|
|
|
|
Security & isolation
|
|
|
|
- [ ] RLS enforcement smoke-test (PG): set session app.current_tenant -> verify cross-tenant reads are blocked
|
|
|
|
- [ ] DB function has_tenant_access unit tests + integration tests using expected query shapes
|
|
|
|
- [ ] get_tenant_context / get_tenant_context_optional tests verifying header precedence, missing token behavior, and strict-mode behavior
|
|
|
|
Functional
|
|
|
|
- [ ] Tenant lifecycle: create tenant, add user as owner, create KB, add documents, delete KB, delete tenant
|
|
|
|
- [ ] Membership actions: add/remove/update membership and verify effects on access
|
|
|
|
- [ ] TenantRAGManager: concurrency test that spawns multiple tasks requesting same tenant/kb and verifies a single instance created then evicted properly.
|
|
|
|
E2E
|
|
|
|
- [ ] Run provided e2e tests under e2e/ with a Postgres instance that includes the migrations and RLS applied. Verify all pass.
|
|
|
|
- [ ] Negative tests: attempt to access KB from different tenant using crafted token and assert HTTP 403.
|
|
|
|
Operational / CI
|
|
|
|
- [ ] Add CI jobs that run the above tests using a disposable Postgres service in GitHub Actions or local Docker Compose.
|
|
|
|
If tests above pass -> safe to roll out to staging. If any P0 test fails, block release and revert until fixed.
|