Automated PR provided by Codex via Gitea API. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #483
98 lines
3.8 KiB
Markdown
98 lines
3.8 KiB
Markdown
---
|
|
name: tenantpilot-browser-readonly-audit
|
|
description: Read-only browser audit workflow for TenantPilot product surfaces without mutating state.
|
|
---
|
|
|
|
## Purpose
|
|
|
|
Use this skill to collect focused browser evidence for UI/product-surface audits while avoiding state mutation, destructive flows, fixture pollution, or overbroad readiness claims.
|
|
|
|
## Activate When
|
|
|
|
- Running a browser smoke check, visual inspection, product-surface audit, full browser audit, or read-only surface review.
|
|
- Inspecting pages for console errors, Livewire/runtime failures, network failures, visible complexity, navigation, authorization presentation, or Product Surface conformance.
|
|
- The user asks for browser proof and the intended path can be read-only.
|
|
|
|
## Do Not Activate When
|
|
|
|
- The task requires executing destructive/high-impact mutations.
|
|
- The user asks to implement fixes rather than audit.
|
|
- The relevant feature is backend/docs-only and browser proof is explicitly `N/A - no rendered UI surface changed`.
|
|
|
|
## Maturity
|
|
|
|
L2/L3 checklist workflow.
|
|
|
|
## Gate Type
|
|
|
|
workflow.
|
|
|
|
## Source Evidence
|
|
|
|
- `docs/product/standards/product-surface-contract.md`
|
|
- `docs/testing-guidelines.md`
|
|
- `.specify/README.md`
|
|
- `specs/400-product-contract-spec-completeness-audit/spec.md`
|
|
- `specs/407-full-browser-ux-runtime-audit/spec.md`
|
|
- `apps/platform/tests/Browser/Spec402ResourcePolicyAuthorizationSmokeTest.php`
|
|
- `apps/platform/tests/Browser/Spec412PilotReadinessRemediationSmokeTest.php`
|
|
- `apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php`
|
|
|
|
## External Anchors
|
|
|
|
Not applicable.
|
|
|
|
## Required Repo Context
|
|
|
|
- Audit target route/page/flow.
|
|
- Authentication fixture or browser harness.
|
|
- Whether fixtures are read-only or seeded for inspection.
|
|
- Expected workspace/environment context.
|
|
- Primary interaction to inspect, if any.
|
|
- Console, network, and Livewire/runtime error capture method.
|
|
|
|
## Execution Checklist
|
|
|
|
- Define the exact read-only path and actor.
|
|
- Confirm no state-changing action will be executed.
|
|
- Open the relevant route or entry point.
|
|
- Confirm workspace/environment context and expected surface labels.
|
|
- Inspect the changed or audited UI element.
|
|
- Check console/runtime errors.
|
|
- Check failed network requests related to the tested path.
|
|
- Record route, actor, context, observations, limitations, and screenshots only when useful.
|
|
- Do not generalize a narrow read-only pass into full merge readiness.
|
|
|
|
## Stop Conditions
|
|
|
|
- The path requires destructive or high-impact execution to prove the claim.
|
|
- A requested action would mutate state without a test fixture and explicit spec permission.
|
|
- Browser audit discovers an in-scope blocker that requires implementation before readiness can be claimed.
|
|
- The evidence is too narrow for the requested broad readiness claim.
|
|
- The user asks for fixes during audit and the active spec/workflow does not include implementation.
|
|
|
|
## Required Evidence After Use
|
|
|
|
- Route/path tested.
|
|
- Actor and workspace/environment context.
|
|
- UI elements inspected.
|
|
- Console/runtime/network result.
|
|
- Mutations avoided.
|
|
- Scope limitation and whether the evidence is smoke, audit sample, or full browser proof.
|
|
|
|
## Common Failure Modes
|
|
|
|
- Clicking a destructive action while trying to inspect its confirmation.
|
|
- Treating seeded demo data as production readiness.
|
|
- Reporting "browser passed" without route, actor, or context.
|
|
- Ignoring console errors as development noise without evidence.
|
|
- Expanding a read-only audit into implementation work.
|
|
|
|
## Quarantined Rules
|
|
|
|
Full Spec 416 quarantine list applies. Especially quarantined here: historical audits as current truth; raw provider/evidence payload default display; Product Surface runtime framework; OperationRun as default customer proof.
|
|
|
|
## Review / Expiry
|
|
|
|
Review when browser harnesses, fixture commands, Product Surface proof expectations, or browser lane governance change. No planned expiry.
|