Adds browser fixture coverage for evidence system surfaces as described in Spec 376. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #447
67 lines
4.0 KiB
Markdown
67 lines
4.0 KiB
Markdown
# Requirements Checklist: Browser Audit Fixture Coverage for Evidence/System Surfaces v1
|
|
|
|
**Purpose**: Validate that Spec 376 is preparation-ready, bounded to browser fixture coverage, and safe against production auth or UI scope creep.
|
|
**Created**: 2026-06-13
|
|
**Feature**: `specs/376-browser-audit-fixture-coverage-evidence-system-surfaces/spec.md`
|
|
|
|
## Applicability And Scope
|
|
|
|
- [x] CHK001 The spec states this is browser fixture coverage/auditability, not UI productization.
|
|
- [x] CHK002 The five in-scope surfaces are named explicitly.
|
|
- [x] CHK003 The out-of-scope list forbids product UI refactors, production auth changes, migrations, models, policies, Graph changes, and OperationRun changes.
|
|
- [x] CHK004 Close alternatives are deferred instead of hidden inside the primary scope.
|
|
- [x] CHK005 Related completed specs are read-only context and are not refresh targets.
|
|
|
|
## Candidate Gate
|
|
|
|
- [x] CHK006 The selected candidate is directly supplied by the user and supported by Spec 368/375 repo artifacts.
|
|
- [x] CHK007 The candidate is not already covered by an active or completed spec package.
|
|
- [x] CHK008 The Spec Candidate Check includes problem, today's failure, smallest version, complexity, why now, approval class, red flags, score, and decision.
|
|
- [x] CHK009 The selected slice is small enough for a bounded implementation loop.
|
|
|
|
## UI / Surface Guardrail
|
|
|
|
- [x] CHK010 UI Surface Impact records the local/testing route impact without claiming production product UI changes.
|
|
- [x] CHK011 UI/Productization Coverage classifies the existing pages as browser-audit targets, not refactor targets.
|
|
- [x] CHK012 The plan states `docs/ui-ux-enterprise-audit` updates are unnecessary unless implementation materially changes a production surface.
|
|
- [x] CHK013 Screenshot/report expectations are proportional and limited to the five target surfaces.
|
|
|
|
## Auth, RBAC, And Isolation
|
|
|
|
- [x] CHK014 Admin fixture work preserves workspace/environment context and capability requirements.
|
|
- [x] CHK015 System fixture work preserves `PlatformUser`, `platform` guard, and platform capability separation.
|
|
- [x] CHK016 Any new fixture route must be local/testing-only and 404 outside those environments.
|
|
- [x] CHK017 Redirect validation and arbitrary URL rejection are required for fixture auth routes.
|
|
- [x] CHK018 Non-member 404 and member-without-capability 403 semantics are preserved where applicable.
|
|
|
|
## Data And Truth
|
|
|
|
- [x] CHK019 Fixture data is deterministic, minimal, and local/testing-only.
|
|
- [x] CHK020 No production data dependency or hardcoded fragile IDs are accepted.
|
|
- [x] CHK021 Reports distinguish route truth, auth truth, data truth, browser screenshot truth, and follow-up truth.
|
|
- [x] CHK022 Verification labels are report classifications, not product states.
|
|
|
|
## OperationRun And Provider Boundary
|
|
|
|
- [x] CHK023 OperationRun start/completion/link UX is explicitly N/A.
|
|
- [x] CHK024 System Operations may be opened but no OperationRun lifecycle behavior may change.
|
|
- [x] CHK025 Provider boundary impact is classified as mixed and limited to fixture reachability.
|
|
- [x] CHK026 Provider-specific semantics are not generalized into platform-core truth.
|
|
|
|
## Testing And Validation
|
|
|
|
- [x] CHK027 Test lanes are explicit: Feature tests for fixture/auth safety, Browser lane for reachability/screenshots.
|
|
- [x] CHK028 Pest Browser assertions include no JS errors and no console logs for reachable pages.
|
|
- [x] CHK029 The planned validation commands include `git diff --check`, Pint if PHP changed, targeted Feature tests, and targeted browser smoke.
|
|
- [x] CHK030 Heavy/browser cost is explicit and not silently folded into broad fast-feedback.
|
|
|
|
## Preparation Review Classification
|
|
|
|
- [x] CHK031 Review outcome class: `acceptable-special-case`.
|
|
- [x] CHK032 Workflow outcome: `keep`.
|
|
- [x] CHK033 Final note location: the later implementation should use Spec 376 `artifacts/validation-report.md` plus the PR close-out as Smoke Coverage / Fixture Coverage.
|
|
|
|
## Notes
|
|
|
|
Preparation status: ready for implementation-loop review after artifact consistency analysis. No application implementation was performed during preparation.
|