tractatus/docs/TESTING-CHECKLIST.md

Tractatus Production - Comprehensive Testing Checklist

Site: https://agenticgovernance.digital Date Created: 2025-10-07 Phase: Phase 2 - Week 5 (Post-Deployment) Purpose: Ensure production site meets all quality, security, and governance standards

---

Testing Instructions

How to Use This Checklist:

1. Work through each section sequentially
2. Mark items ✅ PASS, ❌ FAIL, or ⚠️ PARTIAL with notes
3. Document all failures with screenshots/logs
4. Create fix tickets for all ❌ FAIL items
5. Retest after fixes applied

Testing Environment:

• Production URL: https://agenticgovernance.digital
• Admin Login: admin@agenticgovernance.digital / TempAdmin@2025
• Browser: Chrome/Firefox/Safari (test all three)
• Devices: Desktop, Tablet, Mobile

---

1. Functional Testing

1.1 Homepage & Navigation

Test Case	Expected Result	Status	Notes
Homepage loads at /	Shows hero section, navigation, three audience paths	⬜
Navigation menu visible	All links present (Researcher/Implementer/Advocate/About/Blog/Contact)	⬜
Logo links to homepage	Clicking logo returns to /	⬜
Footer renders	Shows Te Tiriti acknowledgment, links, copyright	⬜
Favicon displays	Browser tab shows Tractatus icon	⬜
No console errors	Browser console clean on homepage	⬜

1.2 Three Audience Paths

Test Case	Expected Result	Status	Notes
/researcher route works	Renders researcher landing page	⬜
/implementer route works	Renders implementer landing page	⬜
/advocate route works	Renders advocate landing page	⬜
Path content distinct	Each path shows role-specific content	⬜
Call-to-action buttons	Each path has clear next steps	⬜

1.3 Documentation Viewer

Test Case	Expected Result	Status	Notes
/docs route works	Shows document library	⬜
Search functionality	Can search documents by keyword	⬜
Document rendering	Markdown renders correctly with formatting	⬜
Code syntax highlighting	Code blocks have proper highlighting	⬜
Anchor links work	Internal links navigate correctly	⬜
PDF download available	Can download PDF versions	⬜

1.4 About & Values Pages

Test Case	Expected Result	Status	Notes
/about route works	Renders about page	⬜
/values route works	Renders values page	⬜
Te Tiriti acknowledgment	Shows respectful acknowledgment	⬜
Mission statement clear	Core values articulated	⬜
Contact information	Email/social links present	⬜

1.5 Blog System

Test Case	Expected Result	Status	Notes
/blog route works	Shows blog post list	⬜
Blog posts render	Individual posts display correctly	⬜
Metadata visible	Author, date, tags shown	⬜
Pagination works	Can navigate between pages	⬜
No posts shows message	Graceful empty state	⬜

---

2. Interactive Demonstrations

2.1 Instruction Classification Demo

Test Case	Expected Result	Status	Notes
/demos/classification loads	Demo interface renders	⬜
Text input field works	Can type instruction text	⬜
"Classify" button functions	Triggers classification	⬜
Quadrant result displays	Shows STRATEGIC/OPS/TAC/SYS/STO	⬜
Persistence level shown	Shows HIGH/MEDIUM/LOW	⬜
Temporal scope shown	Shows PROJECT/SESSION/TASK	⬜
Verification requirement shown	Shows MANDATORY/RECOMMENDED/NONE	⬜
Explicitness score shown	Shows 0.0-1.0 score	⬜
Example instructions work	Pre-populated examples classify correctly	⬜

2.2 27027 Incident Visualizer

Test Case	Expected Result	Status	Notes
/demos/27027 loads	Visualizer interface renders	⬜
Timeline animation works	Shows incident progression	⬜
"Replay" button functions	Can restart animation	⬜
Instruction shown	Displays "MongoDB port 27017"	⬜
Violation highlighted	Shows AI using 27027 instead	⬜
CrossReferenceValidator demo	Shows how validator would catch it	⬜
Code example present	Shows CrossReferenceValidator code	⬜

2.3 Boundary Enforcement Simulator

Test Case	Expected Result	Status	Notes
/demos/boundary loads	Simulator interface renders	⬜
Decision input works	Can type decision text	⬜
"Check Boundary" button works	Triggers boundary analysis	⬜
ALLOW result shown	Green indicator for automatable decisions	⬜
BLOCK result shown	Red indicator for values decisions	⬜
Section number cited	Shows boundary section (e.g., 12.1)	⬜
Explanation provided	Clear reasoning for allow/block	⬜
Example decisions work	Pre-populated examples analyze correctly	⬜

---

3. Admin Dashboard & Authentication

3.1 Login System

Test Case	Expected Result	Status	Notes
/admin/login route works	Login form renders	⬜
Valid credentials accepted	admin@agenticgovernance.digital / TempAdmin@2025 logs in	⬜
Invalid credentials rejected	Wrong password shows error	⬜
JWT token stored	localStorage has auth token	⬜
Redirect to dashboard	Successful login goes to /admin/dashboard	⬜
Logout functionality	"Logout" button clears token	⬜
Protected routes secured	Cannot access /admin/* without login	⬜

3.2 Moderation Queue

Test Case	Expected Result	Status	Notes
/admin/moderation route works	Moderation dashboard renders	⬜
Queue items displayed	Shows pending items	⬜
"Approve" button works	Approves item, updates status	⬜
"Reject" button works	Rejects item, updates status	⬜
Filtering works	Can filter by type (blog/media/case)	⬜
Empty state shown	Graceful message when no items	⬜

3.3 User Management

Test Case	Expected Result	Status	Notes
/admin/users route works	User list renders	⬜
Admin user visible	Shows admin@agenticgovernance.digital	⬜
Create user form works	Can add new user	⬜
Edit user works	Can modify user details	⬜
Delete user works	Can remove user	⬜
Role assignment works	Can assign admin/moderator roles	⬜

---

4. API Endpoints

4.1 Health & Monitoring

Test Case	Command	Expected Result	Status	Notes
Health endpoint	curl https://agenticgovernance.digital/health	{"status":"ok","timestamp":"...","database":"connected","services":"operational"}	⬜
Response time	Health check	<200ms response	⬜
HTTPS enforced	curl http://agenticgovernance.digital/health	301 redirect to HTTPS	⬜

4.2 Documents API

Test Case	Command	Expected Result	Status	Notes
List documents	curl https://agenticgovernance.digital/api/documents	JSON array of documents	⬜
Get single document	curl https://agenticgovernance.digital/api/documents/:id	JSON document object	⬜
Search documents	curl https://agenticgovernance.digital/api/documents/search?q=boundary	Filtered results	⬜
Invalid ID returns 404	curl https://agenticgovernance.digital/api/documents/invalid	404 Not Found	⬜

4.3 Governance API

Test Case	Command	Expected Result	Status	Notes
Classify instruction	curl -X POST https://agenticgovernance.digital/api/governance/classify -d '{"text":"Use port 27017"}'	{"quadrant":"SYSTEM","persistence":"HIGH",...}	⬜
Check boundary	curl -X POST https://agenticgovernance.digital/api/governance/boundary -d '{"decision":"Update privacy policy"}'	{"allowed":false,"section":"12.1",...}	⬜
Get audit log	curl https://agenticgovernance.digital/api/governance/audit	JSON array of audit entries	⬜

4.4 Blog API

Test Case	Command	Expected Result	Status	Notes
List blog posts	curl https://agenticgovernance.digital/api/blog	JSON array of posts	⬜
Get single post	curl https://agenticgovernance.digital/api/blog/:slug	JSON post object	⬜
Create post (auth required)	curl -X POST https://agenticgovernance.digital/api/blog -H "Authorization: Bearer TOKEN"	201 Created	⬜
Unauthenticated create fails	curl -X POST https://agenticgovernance.digital/api/blog	401 Unauthorized	⬜

---

5. Performance Testing

5.1 Lighthouse Scores (Desktop)

Metric	Target	Actual	Status	Notes
Performance	≥90		⬜
Accessibility	≥90		⬜
Best Practices	≥90		⬜
SEO	≥90		⬜

Run Command:

npx lighthouse https://agenticgovernance.digital --view

5.2 Core Web Vitals

Metric	Target	Actual	Status	Notes
Largest Contentful Paint (LCP)	≤2.5s		⬜
First Input Delay (FID)	≤100ms		⬜
Cumulative Layout Shift (CLS)	≤0.1		⬜
First Contentful Paint (FCP)	≤1.8s		⬜
Time to Interactive (TTI)	≤3.8s		⬜

Test with:

• Chrome DevTools > Lighthouse
• PageSpeed Insights: https://pagespeed.web.dev/

5.3 Page Load Times

Page	Target	Actual	Status	Notes
Homepage (/)	<2s		⬜
/researcher	<2s		⬜
/docs	<2s		⬜
/blog	<2s		⬜
/demos/classification	<2s		⬜

Test with:

curl -w "@curl-format.txt" -o /dev/null -s https://agenticgovernance.digital

curl-format.txt:

time_namelookup:  %{time_namelookup}\n
time_connect:  %{time_connect}\n
time_starttransfer:  %{time_starttransfer}\n
time_total:  %{time_total}\n

5.4 Asset Optimization

Test Case	Expected Result	Status	Notes
CSS minified	/css/tailwind.css is compressed	⬜
JS minified	All .js files compressed	⬜
Images optimized	All images <200KB	⬜
Gzip enabled	Response has Content-Encoding: gzip	⬜
Static caching	CSS/JS have Cache-Control: 1 year	⬜

---

6. Accessibility Testing (WCAG AA)

6.1 Keyboard Navigation

Test Case	Expected Result	Status	Notes
Tab through navigation	All links reachable via Tab	⬜
Focus indicators visible	Clear outline on focused elements	⬜
Skip to content link	"Skip to main content" present	⬜
Forms keyboard accessible	All form fields navigable	⬜
Interactive demos keyboard accessible	Can use demos without mouse	⬜
No keyboard traps	Can navigate in/out of all sections	⬜

6.2 Screen Reader Compatibility

Test Case	Expected Result	Status	Notes
Semantic HTML	Proper heading hierarchy (h1 → h6)	⬜
Alt text on images	All images have descriptive alt attributes	⬜
ARIA labels	Interactive elements have aria-label	⬜
Form labels	All inputs have associated labels	⬜
Landmark regions	header, nav, main, footer present	⬜
Link purpose clear	Link text describes destination	⬜

Test with:

• macOS VoiceOver: Cmd+F5
• NVDA (Windows)
• ChromeVox extension

6.3 Color & Contrast

Test Case	Expected Result	Status	Notes
Text contrast ratio	≥4.5:1 for normal text	⬜
Large text contrast	≥3:1 for large text (18pt+)	⬜
No color-only information	Meaning not conveyed by color alone	⬜
Focus indicators high contrast	Visible against all backgrounds	⬜

Test with:

• WebAIM Contrast Checker: https://webaim.org/resources/contrastchecker/
• Axe DevTools browser extension

6.4 Responsive Text

Test Case	Expected Result	Status	Notes
Zoom to 200%	Content remains readable	⬜
Font resizing works	Text scales without breaking layout	⬜
No horizontal scrolling	Content reflows at 200% zoom	⬜

---

7. Security Testing

7.1 SSL/TLS Configuration

Test Case	Expected Result	Status	Notes
HTTPS enforced	HTTP redirects to HTTPS	⬜
SSL certificate valid	Let's Encrypt cert expires 2026-01-05	⬜
Certificate chain complete	No chain errors	⬜
TLS 1.2+ only	No SSL3, TLS 1.0/1.1	⬜
Strong ciphers	Only secure cipher suites	⬜
A+ rating	SSL Labs score A or A+	⬜

Test with:

• SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=agenticgovernance.digital

7.2 Security Headers

Header	Expected Value	Status	Notes
Strict-Transport-Security	max-age=31536000; includeSubDomains	⬜
X-Frame-Options	DENY	⬜
X-Content-Type-Options	nosniff	⬜
X-XSS-Protection	1; mode=block	⬜
Referrer-Policy	strict-origin-when-cross-origin	⬜
Permissions-Policy	camera=(), microphone=(), geolocation=()	⬜
Content-Security-Policy	See detailed CSP check below	⬜

Test with:

curl -I https://agenticgovernance.digital

7.3 Content Security Policy

Directive	Expected Value	Status	Notes
default-src	'self'	⬜
script-src	'self'	⬜
style-src	'self' 'unsafe-inline'	⬜	Phase 3: Remove 'unsafe-inline'
img-src	'self' data:	⬜
font-src	'self'	⬜
connect-src	'self'	⬜
frame-ancestors	'none'	⬜

7.4 Authentication Security

Test Case	Expected Result	Status	Notes
Password hashing	Bcrypt with 10+ rounds	⬜
JWT signature valid	Token signed with strong secret	⬜
JWT expiry set	Token expires in 7 days	⬜
Session cookies secure	httpOnly, secure, sameSite flags	⬜
Login rate limiting	Max 5 attempts per 15 minutes	⬜
Password requirements	Min 12 chars, complexity enforced	⬜

7.5 Vulnerability Scanning

Test Case	Command	Expected Result	Status	Notes
npm audit	npm audit	0 high/critical vulnerabilities	⬜
OWASP ZAP scan	Run automated scan	0 high/medium vulnerabilities	⬜
SQL injection test	Test form inputs	No database errors	⬜
XSS test	Test