ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b3e6dfdb7c
TenantAtlas/specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/checklists/requirements.md
ahmido f6dbc89edb test: add spec 376 browser fixture coverage (#447) 
Adds browser fixture coverage for evidence system surfaces as described in Spec 376.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #447
2026-06-13 11:22:19 +00:00

67 lines
4.0 KiB
Markdown
Raw Blame History

# Requirements Checklist: Browser Audit Fixture Coverage for Evidence/System Surfaces v1
**Purpose**: Validate that Spec 376 is preparation-ready, bounded to browser fixture coverage, and safe against production auth or UI scope creep.
**Created**: 2026-06-13
**Feature**: `specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/spec.md`
## Applicability And Scope
- [x] CHK001 The spec states this is browser fixture coverage/auditability, not UI productization.
- [x] CHK002 The five in-scope surfaces are named explicitly.
- [x] CHK003 The out-of-scope list forbids product UI refactors, production auth changes, migrations, models, policies, Graph changes, and OperationRun changes.
- [x] CHK004 Close alternatives are deferred instead of hidden inside the primary scope.
- [x] CHK005 Related completed specs are read-only context and are not refresh targets.
## Candidate Gate
- [x] CHK006 The selected candidate is directly supplied by the user and supported by Spec 368/375 repo artifacts.
- [x] CHK007 The candidate is not already covered by an active or completed spec package.
- [x] CHK008 The Spec Candidate Check includes problem, today's failure, smallest version, complexity, why now, approval class, red flags, score, and decision.
- [x] CHK009 The selected slice is small enough for a bounded implementation loop.
## UI / Surface Guardrail
- [x] CHK010 UI Surface Impact records the local/testing route impact without claiming production product UI changes.
- [x] CHK011 UI/Productization Coverage classifies the existing pages as browser-audit targets, not refactor targets.
- [x] CHK012 The plan states `docs/ui-ux-enterprise-audit` updates are unnecessary unless implementation materially changes a production surface.
- [x] CHK013 Screenshot/report expectations are proportional and limited to the five target surfaces.
## Auth, RBAC, And Isolation
- [x] CHK014 Admin fixture work preserves workspace/environment context and capability requirements.
- [x] CHK015 System fixture work preserves `PlatformUser`, `platform` guard, and platform capability separation.
- [x] CHK016 Any new fixture route must be local/testing-only and 404 outside those environments.
- [x] CHK017 Redirect validation and arbitrary URL rejection are required for fixture auth routes.
- [x] CHK018 Non-member 404 and member-without-capability 403 semantics are preserved where applicable.
## Data And Truth
- [x] CHK019 Fixture data is deterministic, minimal, and local/testing-only.
- [x] CHK020 No production data dependency or hardcoded fragile IDs are accepted.
- [x] CHK021 Reports distinguish route truth, auth truth, data truth, browser screenshot truth, and follow-up truth.
- [x] CHK022 Verification labels are report classifications, not product states.
## OperationRun And Provider Boundary
- [x] CHK023 OperationRun start/completion/link UX is explicitly N/A.
- [x] CHK024 System Operations may be opened but no OperationRun lifecycle behavior may change.
- [x] CHK025 Provider boundary impact is classified as mixed and limited to fixture reachability.
- [x] CHK026 Provider-specific semantics are not generalized into platform-core truth.
## Testing And Validation
- [x] CHK027 Test lanes are explicit: Feature tests for fixture/auth safety, Browser lane for reachability/screenshots.
- [x] CHK028 Pest Browser assertions include no JS errors and no console logs for reachable pages.
- [x] CHK029 The planned validation commands include `git diff --check`, Pint if PHP changed, targeted Feature tests, and targeted browser smoke.
- [x] CHK030 Heavy/browser cost is explicit and not silently folded into broad fast-feedback.
## Preparation Review Classification
- [x] CHK031 Review outcome class: `acceptable-special-case`.
- [x] CHK032 Workflow outcome: `keep`.
- [x] CHK033 Final note location: the later implementation should use Spec 376 `artifacts/validation-report.md` plus the PR close-out as Smoke Coverage / Fixture Coverage.
## Notes
Preparation status: ready for implementation-loop review after artifact consistency analysis. No application implementation was performed during preparation.
Reference in New Issue View Git Blame Copy Permalink