TenantAtlas/.agent/skills/workflows/browser-readonly-audit/SKILL.md
ahmido 332f6325cb feat: add tenantpilot agent skill layer v1 (#483)
Automated PR provided by Codex via Gitea API.

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #483
2026-06-25 23:03:47 +00:00

3.8 KiB

name description
tenantpilot-browser-readonly-audit Read-only browser audit workflow for TenantPilot product surfaces without mutating state.

Purpose

Use this skill to collect focused browser evidence for UI/product-surface audits while avoiding state mutation, destructive flows, fixture pollution, or overbroad readiness claims.

Activate When

  • Running a browser smoke check, visual inspection, product-surface audit, full browser audit, or read-only surface review.
  • Inspecting pages for console errors, Livewire/runtime failures, network failures, visible complexity, navigation, authorization presentation, or Product Surface conformance.
  • The user asks for browser proof and the intended path can be read-only.

Do Not Activate When

  • The task requires executing destructive/high-impact mutations.
  • The user asks to implement fixes rather than audit.
  • The relevant feature is backend/docs-only and browser proof is explicitly N/A - no rendered UI surface changed.

Maturity

L2/L3 checklist workflow.

Gate Type

workflow.

Source Evidence

  • docs/product/standards/product-surface-contract.md
  • docs/testing-guidelines.md
  • .specify/README.md
  • specs/400-product-contract-spec-completeness-audit/spec.md
  • specs/407-full-browser-ux-runtime-audit/spec.md
  • apps/platform/tests/Browser/Spec402ResourcePolicyAuthorizationSmokeTest.php
  • apps/platform/tests/Browser/Spec412PilotReadinessRemediationSmokeTest.php
  • apps/platform/tests/Feature/Console/TenantpilotSeedBackupHealthBrowserFixtureCommandTest.php

External Anchors

Not applicable.

Required Repo Context

  • Audit target route/page/flow.
  • Authentication fixture or browser harness.
  • Whether fixtures are read-only or seeded for inspection.
  • Expected workspace/environment context.
  • Primary interaction to inspect, if any.
  • Console, network, and Livewire/runtime error capture method.

Execution Checklist

  • Define the exact read-only path and actor.
  • Confirm no state-changing action will be executed.
  • Open the relevant route or entry point.
  • Confirm workspace/environment context and expected surface labels.
  • Inspect the changed or audited UI element.
  • Check console/runtime errors.
  • Check failed network requests related to the tested path.
  • Record route, actor, context, observations, limitations, and screenshots only when useful.
  • Do not generalize a narrow read-only pass into full merge readiness.

Stop Conditions

  • The path requires destructive or high-impact execution to prove the claim.
  • A requested action would mutate state without a test fixture and explicit spec permission.
  • Browser audit discovers an in-scope blocker that requires implementation before readiness can be claimed.
  • The evidence is too narrow for the requested broad readiness claim.
  • The user asks for fixes during audit and the active spec/workflow does not include implementation.

Required Evidence After Use

  • Route/path tested.
  • Actor and workspace/environment context.
  • UI elements inspected.
  • Console/runtime/network result.
  • Mutations avoided.
  • Scope limitation and whether the evidence is smoke, audit sample, or full browser proof.

Common Failure Modes

  • Clicking a destructive action while trying to inspect its confirmation.
  • Treating seeded demo data as production readiness.
  • Reporting "browser passed" without route, actor, or context.
  • Ignoring console errors as development noise without evidence.
  • Expanding a read-only audit into implementation work.

Quarantined Rules

Full Spec 416 quarantine list applies. Especially quarantined here: historical audits as current truth; raw provider/evidence payload default display; Product Surface runtime framework; OperationRun as default customer proof.

Review / Expiry

Review when browser harnesses, fixture commands, Product Surface proof expectations, or browser lane governance change. No planned expiry.