radiusmethod · dgershman · Jan 27, 2026 · Aug 12, 2025 · Jan 27, 2026
diff --git a/CLAUDE.md b/CLAUDE.md
@@ -24,48 +24,66 @@ Use the UDS CLI with these tasks defined in `tasks.yaml`:
 - `uds run test:ingress` - Check SocketZero UI accessibility at https://socketzero.uds.dev
 - `uds run test:ui` - Run Playwright tests in Docker container
 
+To run Playwright tests locally without Docker:
+```bash
+cd tests && npm ci && npx playwright test
+# Run a single test file:
+npx playwright test socketzero.test.ts
+# Run with specific browser:
+npx playwright test --project=chromium
+```
+
 ### Package Management
 
 The repository uses common UDS tasks imported from `uds-common` v1.16.4:
 - `create:package`, `create:test-bundle` - Package creation
-- `deploy:test-bundle` - Bundle deployment  
+- `deploy:test-bundle` - Bundle deployment
 - `setup:k3d-test-cluster` - Test cluster setup
 - `lint`, `pull`, `upgrade`, `compliance` - Standard operations
 
+### Manual Build & Deploy
+
+```bash
+uds zarf package create
+uds create bundle --confirm
+uds deploy bundle/uds-bundle-socketzero-<arch>-0.0.1.tar.zst --confirm \
+  --set socketzero_license_org="<org>" \
+  --set socketzero_license_key="<key>" \
+  --set socketzero_config="$(cat config.json | base64)"
+```
+
 ## Architecture
 
 ### Package Structure
 
 - **Root `zarf.yaml`** - Main package definition importing from `common/zarf.yaml`
-- **`common/zarf.yaml`** - Core component definition with SocketZero Helm chart
-- **`bundle/uds-bundle.yaml`** - UDS bundle for testing with dependencies
+- **`common/zarf.yaml`** - Core component definition with SocketZero Helm chart and UDS config chart
+- **`bundle/uds-bundle.yaml`** - UDS bundle for testing with variable overrides
 - **`chart/`** - UDS Package custom resources (SSO, network policies, virtual services)
 
 ### Key Components
 
-1. **SocketZero Application** - Deployed via Helm chart from https://github.com/radiusmethod/socketzero-helm.git
-2. **UDS Package Resource** - Configures SSO integration and network policies in `chart/templates/uds-package.yaml`
-3. **Values Files** - Environment-specific configurations in `values/` directory
+1. **SocketZero Application** - Deployed via Helm chart from https://github.com/radiusmethod/socketzero-helm.git (v0.6.2)
+2. **Redis** - Bundled dependency using Iron Bank image (`registry1.dso.mil/ironbank/bitnami/redis:8.0.3`)
+3. **UDS Package Resource** - Configures SSO integration and network policies in `chart/templates/uds-package.yaml`
+4. **Values Files** - Environment-specific configurations in `values/` directory
 
 ### Configuration
 
-- **SSO Integration** - SAML-based authentication configured in UDS Package spec
-- **Network Policies** - Ingress/egress rules with Istio gateway exposure on port 1234
-- **Service Exposure** - SocketZero service exposed via tenant gateway at `socketzero.{{ domain }}`
+- **SSO Integration** - Keycloak-based authentication with authservice selector on `app.kubernetes.io/name: socketzero`
+- **Network Policies** - Ambient mesh mode with intra-namespace ingress/egress rules
+- **Service Exposure** - SocketZero service exposed via tenant gateway on port 9997 at `socketzero.{{ domain }}`
 
 ## Image Registry
 
-Uses Registry1 Iron Bank image: `registry1.dso.mil/ironbank/radiusmethod/socketzero/receiver:0.5.9`
-
-## Testing Strategy
-
-- **Health Checks** - Kubernetes deployment readiness validation
-- **Ingress Testing** - HTTP status verification via curl
-- **UI Testing** - Playwright tests running in containerized environment
-- **Package Validation** - UDS Package CRD status monitoring
+Uses Registry1 Iron Bank images:
+- `registry1.dso.mil/ironbank/radiusmethod/socketzero/receiver:0.6.2`
+- `registry1.dso.mil/ironbank/bitnami/redis:8.0.3`
 
 ## Variables
 
 Key Zarf variables defined in root `zarf.yaml`:
 - `DOMAIN` (default: "uds.dev")
-- `EXAMPLE_DB_USERNAME`, `EXAMPLE_DB_ENDPOINT` - Database configuration placeholders
+- `SOCKETZERO_CONFIG` - Base64-encoded JSON configuration
+- `SOCKETZERO_LICENSE_ORG` - Organization name for license
+- `SOCKETZERO_LICENSE_KEY` - License key
diff --git a/CODEOWNERS-template.md b/CODEOWNERS-template.md
diff --git a/README-template.md b/README-template.md
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
@@ -18,10 +18,12 @@ spec:
   {{- end }}
   # Customize network policies and expose services via istio
   network:
+    serviceMesh:
+      mode: ambient
     expose:
       - service: socketzero
-        podLabels:
-          app: socketzero
+        selector:
+          app.kubernetes.io/name: socketzero
         gateway: tenant
         host: socketzero
         port: 9997

diff --git a/common/zarf.yaml b/common/zarf.yaml
@@ -29,7 +29,7 @@ components:
         namespace: socketzero
         url: https://github.com/radiusmethod/socketzero-helm.git
         gitPath: .
-        version: 0.5.9-r1
+        version: 0.6.2
         valuesFiles:
           - ../values/common-values.yaml
     actions:

diff --git a/tests/optional-example-zarf-tests/example-custom-resource.yaml b/tests/optional-example-zarf-tests/example-custom-resource.yaml
diff --git a/tests/optional-example-zarf-tests/example-secret.yaml b/tests/optional-example-zarf-tests/example-secret.yaml
diff --git a/tests/optional-example-zarf-tests/zarf.yaml b/tests/optional-example-zarf-tests/zarf.yaml
diff --git a/tests/socketzero.test.ts b/tests/socketzero.test.ts
@@ -0,0 +1,36 @@
+/**
+ * Copyright 2024 Defense Unicorns
+ * SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+ */
+
+import { test, expect } from "@playwright/test";
+
+test('SocketZero UI loads successfully', async ({ page }) => {
+  // Test that the SocketZero application loads
+  await page.goto('/');
+
+  // Wait for the page to load and check for SocketZero-specific content
+  await expect(page).toHaveTitle(/SocketZero/);
+
+  // Check that the main interface elements are present
+  await expect(page.locator('body')).toBeVisible();
+});
+
+test('SocketZero authentication flow', async ({ page }) => {
+  // Test SSO integration by attempting to access protected content
+  await page.goto('/');
+
+  // Check if redirected to authentication or if already authenticated
+  const currentUrl = page.url();
+
+  if (currentUrl.includes('/login') || currentUrl.includes('auth')) {
+    // If redirected to login, verify the SSO flow is working
+    await expect(page).toHaveURL(/login|auth/);
+
+    // Look for authentication elements
+    await expect(page.locator('form, .login, .auth')).toBeVisible();
+  } else {
+    // If already authenticated, verify main interface is accessible
+    await expect(page.locator('body')).toBeVisible();
+  }
+});
diff --git a/tests/template-application-name.test.ts b/tests/template-application-name.test.ts
diff --git a/values/registry1-values.yaml b/values/registry1-values.yaml
@@ -6,4 +6,4 @@
 # Example variables from UDS package repo template. Update to relevant variables after templating
 image:
   repository: registry1.dso.mil/ironbank/radiusmethod/socketzero/receiver
-  tag: 0.5.9
+  tag: 0.6.2
diff --git a/zarf.yaml b/zarf.yaml
@@ -33,5 +33,5 @@ components:
     charts:
       - name: socketzero
     images:
-      - registry1.dso.mil/ironbank/radiusmethod/socketzero/receiver:0.5.9
+      - registry1.dso.mil/ironbank/radiusmethod/socketzero/receiver:0.6.2
       - registry1.dso.mil/ironbank/bitnami/redis:8.0.3