TenantAtlas/.agent/skills/workflows/browser-readonly-audit/SKILL.md
ahmido 332f6325cb feat: add tenantpilot agent skill layer v1 (#483)
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #483
2026-06-25 23:03:47 +00:00

98 lines
3.8 KiB
Markdown

---
name: tenantpilot-browser-readonly-audit
description: Read-only browser audit workflow for TenantPilot product surfaces without mutating state.
---
## Purpose
Use this skill to collect focused browser evidence for UI/product-surface audits while avoiding state mutation, destructive flows, fixture pollution, or overbroad readiness claims.
## Activate When
- Running a browser smoke check, visual inspection, product-surface audit, full browser audit, or read-only surface review.
- Inspecting pages for console errors, Livewire/runtime failures, network failures, visible complexity, navigation, authorization presentation, or Product Surface conformance.
- The user asks for browser proof and the intended path can be read-only.
## Do Not Activate When
- The task requires executing destructive/high-impact mutations.
- The user asks to implement fixes rather than audit.
- The relevant feature is backend/docs-only and browser proof is explicitly `N/A - no rendered UI surface changed`.
## Maturity
L2/L3 checklist workflow.
## Gate Type
workflow.
## Source Evidence
- `docs/product/standards/product-surface-contract.md`
- `docs/testing-guidelines.md`
- `.specify/README.md`
- `specs/400-product-contract-spec-completeness-audit/spec.md`
- `specs/407-full-browser-ux-runtime-audit/spec.md`
- `apps/platform/tests/Browser/Spec402ResourcePolicyAuthorizationSmokeTest.php`
- `apps/platform/tests/Browser/Spec412PilotReadinessRemediationSmokeTest.php`
- `apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php`
## External Anchors
Not applicable.
## Required Repo Context
- Audit target route/page/flow.
- Authentication fixture or browser harness.
- Whether fixtures are read-only or seeded for inspection.
- Expected workspace/environment context.
- Primary interaction to inspect, if any.
- Console, network, and Livewire/runtime error capture method.
## Execution Checklist
- Define the exact read-only path and actor.
- Confirm no state-changing action will be executed.
- Open the relevant route or entry point.
- Confirm workspace/environment context and expected surface labels.
- Inspect the changed or audited UI element.
- Check console/runtime errors.
- Check failed network requests related to the tested path.
- Record route, actor, context, observations, limitations, and screenshots only when useful.
- Do not generalize a narrow read-only pass into full merge readiness.
## Stop Conditions
- The path requires destructive or high-impact execution to prove the claim.
- A requested action would mutate state without a test fixture and explicit spec permission.
- Browser audit discovers an in-scope blocker that requires implementation before readiness can be claimed.
- The evidence is too narrow for the requested broad readiness claim.
- The user asks for fixes during audit and the active spec/workflow does not include implementation.
## Required Evidence After Use
- Route/path tested.
- Actor and workspace/environment context.
- UI elements inspected.
- Console/runtime/network result.
- Mutations avoided.
- Scope limitation and whether the evidence is smoke, audit sample, or full browser proof.
## Common Failure Modes
- Clicking a destructive action while trying to inspect its confirmation.
- Treating seeded demo data as production readiness.
- Reporting "browser passed" without route, actor, or context.
- Ignoring console errors as development noise without evidence.
- Expanding a read-only audit into implementation work.
## Quarantined Rules
Full Spec 416 quarantine list applies. Especially quarantined here: historical audits as current truth; raw provider/evidence payload default display; Product Surface runtime framework; OperationRun as default customer proof.
## Review / Expiry
Review when browser harnesses, fixture commands, Product Surface proof expectations, or browser lane governance change. No planned expiry.