ahmido
f35782a163
Added artifacts, screenshots, and documentation for the platform sellable smoke matrix. Fixed a bug in FindingRiskGovernanceResolver and updated related tests. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #426
5.7 KiB
5.7 KiB
Platform Sellable Smoke Matrix
Status: browser run complete
Spec: specs/355-platform-sellable-smoke-matrix/spec.md
Purpose: Browser-first sellable-readiness verification across the current operator owner surfaces.
Result Legend
PASS: browser-verified and productized enoughPASS WITH NOTES: works, but minor P2/P3 notes remainBLOCKED: fixture/state missing or dependency gate prevents honest verificationFAIL P1: operator-flow or hierarchy issue that blocks closeFAIL P0: safety, scope, authorization, or runtime issue
Matrix
| Flow ID | Flow name | Surface | Environment / fixture | State tested | Expected primary action | Actual primary action | Scope preserved | Customer-safe boundary correct | Console errors | Network/server errors | Screenshot | Result | Severity | Notes |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| F1 | Environment Dashboard -> provider blocker | Environment Dashboard -> Required Permissions | workspace=spec-352-guidance-browser-audit, environment=spec-352-audit-provider-blocker |
provider blocker outranks lower-priority review output | open provider-readiness owner surface | Review permissions -> /admin/workspaces/spec-352-guidance-browser-audit/environments/spec-352-audit-provider-blocker/required-permissions |
yes | yes | none observed | none observed | 01-dashboard-provider-blocker.png, 02-provider-required-permissions-target.png |
PASS | none | Dashboard guidance stayed navigation-first and landed on a matching blocker explanation. |
| F2 | Environment Dashboard -> review-output blocker | Environment Dashboard -> review owner surface | workspace=spec-352-guidance-browser-audit, environment=spec-352-audit-review-output |
review-output blocker with no provider blocker | open review-output owner surface | Open draft review -> /admin/workspaces/33/environments/spec-352-audit-review-output/environment-reviews/31 |
yes | yes | none observed | none observed | 03-dashboard-review-output-blocker.png |
PASS | none | Primary CTA matched Spec 351 review-output resolve logic. |
| F3 | Customer Review Workspace resolve loop | Customer Review Workspace | environment_id=52, review #31 |
blocked output with existing draft | repo-backed dominant review action | Open draft review |
yes | yes | none observed | none observed | 04-customer-review-workspace-resolve-action.png |
PASS | none | Draft state was explicit, no empty state appeared, and publish was not presented as the dominant action while blocked. |
| F4 | Review detail in customer-workspace context | Environment Review detail | review #31 opened from customer workspace |
customer-workspace detail continuity | no duplicate CTA rail; clear output readiness | output readiness and limitations stayed distinct; no competing top rail | yes | yes | none observed | none observed | 05-review-detail-customer-workspace-context.png |
PASS WITH NOTES | P3 | Output guidance card still contains redundant self-link actions that loop back to the same review detail. |
| F5 | Provider guidance owner surfaces | Provider Connections / Required Permissions | environment_id=51 plus required-permissions deep link |
provider blocker | one provider-readiness next step | Open required permissions |
yes | yes | none observed | none observed | 06-provider-guidance.png |
PASS | none | Provider Connections explained blocker reason and impact before raw provider details. |
| F6 | Accepted-risk owner flow | Finding Exceptions Queue / Exception Detail | workspace=wp, environment=spec342-demo-accepted-risks, exceptions #7, #8, #9 |
expiring, expired, incomplete | review accepted risk or owner-surface follow-up | focused queue guidance stayed dominant; no fake remediation CTA | yes | yes | none observed | none observed | 07-accepted-risk-expiring.png, 08-accepted-risk-expired.png |
PASS WITH NOTES | P3 | Expired and expiring priority behaved correctly. Spec 355 used local-only fixture augmentation and exposed a German-locale copy leak that was fixed in-scope before close-out. |
| F7 | Governance Inbox continuity | Governance Inbox | workspace=wp, environment=spec342-demo-accepted-risks |
queue item follow-up | open owner surface with one clear next action | Review accepted risk deep-linked to the focused queue lane with back-link context |
yes | yes | none observed | none observed | 09-governance-inbox.png |
PASS | none | Governance Inbox remained the queue-clearing surface instead of duplicating dashboard-style guidance. |
| F8 | Evidence path support | Evidence Overview | workspace=wp, environment=spec342-demo-evidence-incomplete, operation #24 |
evidence incomplete / internal-only output boundary | inspect evidence basis or supporting proof | Review customer output |
yes | yes | none observed | none observed | 10-evidence-overview.png |
PASS | none | Evidence stayed decision-first and explicitly warned that the output was not ready for external sharing. |
| F9 | Operation proof | Operation detail | workspace=wp, environment=spec342-demo-evidence-incomplete, operation #24 |
linked proof with internal-only impact | open run proof without competing with owner CTA | operation proof showed scope, outcome, and follow-up guidance | yes | yes | none observed | none observed | 11-operation-proof.png |
PASS | none | Operation truth remained traceable and did not overclaim governance health or customer-safe status. |
| F10 | Calm no-urgent-action state | Environment Dashboard | workspace=spec-352-guidance-browser-audit, environment=spec-352-audit-no-urgent |
no urgent action | calm no-action state | Review environment with calm-state framing |
yes | yes | none observed | none observed | 12-no-urgent-action.png |
PASS | none | Quiet state was productized and did not collapse into an empty or broken screen. |