Automated PR provided by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #483
3.8 KiB
3.8 KiB
| name | description |
|---|---|
| tenantpilot-browser-readonly-audit | Read-only browser audit workflow for TenantPilot product surfaces without mutating state. |
Purpose
Use this skill to collect focused browser evidence for UI/product-surface audits while avoiding state mutation, destructive flows, fixture pollution, or overbroad readiness claims.
Activate When
- Running a browser smoke check, visual inspection, product-surface audit, full browser audit, or read-only surface review.
- Inspecting pages for console errors, Livewire/runtime failures, network failures, visible complexity, navigation, authorization presentation, or Product Surface conformance.
- The user asks for browser proof and the intended path can be read-only.
Do Not Activate When
- The task requires executing destructive/high-impact mutations.
- The user asks to implement fixes rather than audit.
- The relevant feature is backend/docs-only and browser proof is explicitly
N/A - no rendered UI surface changed.
Maturity
L2/L3 checklist workflow.
Gate Type
workflow.
Source Evidence
docs/product/standards/product-surface-contract.mddocs/testing-guidelines.md.specify/README.mdspecs/400-product-contract-spec-completeness-audit/spec.mdspecs/407-full-browser-ux-runtime-audit/spec.mdapps/platform/tests/Browser/Spec402ResourcePolicyAuthorizationSmokeTest.phpapps/platform/tests/Browser/Spec412PilotReadinessRemediationSmokeTest.phpapps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php
External Anchors
Not applicable.
Required Repo Context
- Audit target route/page/flow.
- Authentication fixture or browser harness.
- Whether fixtures are read-only or seeded for inspection.
- Expected workspace/environment context.
- Primary interaction to inspect, if any.
- Console, network, and Livewire/runtime error capture method.
Execution Checklist
- Define the exact read-only path and actor.
- Confirm no state-changing action will be executed.
- Open the relevant route or entry point.
- Confirm workspace/environment context and expected surface labels.
- Inspect the changed or audited UI element.
- Check console/runtime errors.
- Check failed network requests related to the tested path.
- Record route, actor, context, observations, limitations, and screenshots only when useful.
- Do not generalize a narrow read-only pass into full merge readiness.
Stop Conditions
- The path requires destructive or high-impact execution to prove the claim.
- A requested action would mutate state without a test fixture and explicit spec permission.
- Browser audit discovers an in-scope blocker that requires implementation before readiness can be claimed.
- The evidence is too narrow for the requested broad readiness claim.
- The user asks for fixes during audit and the active spec/workflow does not include implementation.
Required Evidence After Use
- Route/path tested.
- Actor and workspace/environment context.
- UI elements inspected.
- Console/runtime/network result.
- Mutations avoided.
- Scope limitation and whether the evidence is smoke, audit sample, or full browser proof.
Common Failure Modes
- Clicking a destructive action while trying to inspect its confirmation.
- Treating seeded demo data as production readiness.
- Reporting "browser passed" without route, actor, or context.
- Ignoring console errors as development noise without evidence.
- Expanding a read-only audit into implementation work.
Quarantined Rules
Full Spec 416 quarantine list applies. Especially quarantined here: historical audits as current truth; raw provider/evidence payload default display; Product Surface runtime framework; OperationRun as default customer proof.
Review / Expiry
Review when browser harnesses, fixture commands, Product Surface proof expectations, or browser lane governance change. No planned expiry.