john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/docs/TESTING-CHECKLIST.md
TheFlow 2298d36bed fix(submissions): restructure Economist package and fix article display 
- Create Economist SubmissionTracking package correctly:
  * mainArticle = full blog post content
  * coverLetter = 216-word SIR— letter
  * Links to blog post via blogPostId
- Archive 'Letter to The Economist' from blog posts (it's the cover letter)
- Fix date display on article cards (use published_at)
- Target publication already displaying via blue badge

Database changes:
- Make blogPostId optional in SubmissionTracking model
- Economist package ID: 68fa85ae49d4900e7f2ecd83
- Le Monde package ID: 68fa2abd2e6acd5691932150

Next: Enhanced modal with tabs, validation, export

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 08:47:42 +13:00

27 KiB
Raw Blame History

Tractatus Production - Comprehensive Testing Checklist

Site: https://agenticgovernance.digital Date Created: 2025-10-07 Phase: Phase 2 - Week 5 (Post-Deployment) Purpose: Ensure production site meets all quality, security, and governance standards

Testing Instructions

How to Use This Checklist:

  1. Work through each section sequentially
  2. Mark items PASS, FAIL, or ⚠️ PARTIAL with notes
  3. Document all failures with screenshots/logs
  4. Create fix tickets for all FAIL items
  5. Retest after fixes applied

Testing Environment:

1. Functional Testing

1.1 Homepage & Navigation

Test Case Expected Result Status Notes
Homepage loads at / Shows hero section, navigation, three audience paths
Navigation menu visible All links present (Researcher/Implementer/Advocate/About/Blog/Contact)
Logo links to homepage Clicking logo returns to /
Footer renders Shows Te Tiriti acknowledgment, links, copyright
Favicon displays Browser tab shows Tractatus icon
No console errors Browser console clean on homepage

1.2 Three Audience Paths

Test Case Expected Result Status Notes
/researcher route works Renders researcher landing page
/implementer route works Renders implementer landing page
/advocate route works Renders advocate landing page
Path content distinct Each path shows role-specific content
Call-to-action buttons Each path has clear next steps

1.3 Documentation Viewer

Test Case Expected Result Status Notes
/docs route works Shows document library
Search functionality Can search documents by keyword
Document rendering Markdown renders correctly with formatting
Code syntax highlighting Code blocks have proper highlighting
Anchor links work Internal links navigate correctly
PDF download available Can download PDF versions

1.4 About & Values Pages

Test Case Expected Result Status Notes
/about route works Renders about page
/values route works Renders values page
Te Tiriti acknowledgment Shows respectful acknowledgment
Mission statement clear Core values articulated
Contact information Email/social links present

1.5 Blog System

Test Case Expected Result Status Notes
/blog route works Shows blog post list
Blog posts render Individual posts display correctly
Metadata visible Author, date, tags shown
Pagination works Can navigate between pages
No posts shows message Graceful empty state

2. Interactive Demonstrations

2.1 Instruction Classification Demo

Test Case Expected Result Status Notes
/demos/classification loads Demo interface renders
Text input field works Can type instruction text
"Classify" button functions Triggers classification
Quadrant result displays Shows STRATEGIC/OPS/TAC/SYS/STO
Persistence level shown Shows HIGH/MEDIUM/LOW
Temporal scope shown Shows PROJECT/SESSION/TASK
Verification requirement shown Shows MANDATORY/RECOMMENDED/NONE
Explicitness score shown Shows 0.0-1.0 score
Example instructions work Pre-populated examples classify correctly

2.2 27027 Incident Visualizer

Test Case Expected Result Status Notes
/demos/27027 loads Visualizer interface renders
Timeline animation works Shows incident progression
"Replay" button functions Can restart animation
Instruction shown Displays "MongoDB port 27017"
Violation highlighted Shows AI using 27027 instead
CrossReferenceValidator demo Shows how validator would catch it
Code example present Shows CrossReferenceValidator code

2.3 Boundary Enforcement Simulator

Test Case Expected Result Status Notes
/demos/boundary loads Simulator interface renders
Decision input works Can type decision text
"Check Boundary" button works Triggers boundary analysis
ALLOW result shown Green indicator for automatable decisions
BLOCK result shown Red indicator for values decisions
Section number cited Shows boundary section (e.g., 12.1)
Explanation provided Clear reasoning for allow/block
Example decisions work Pre-populated examples analyze correctly

3. Admin Dashboard & Authentication

3.1 Login System

Test Case Expected Result Status Notes
/admin/login route works Login form renders
Valid credentials accepted admin@agenticgovernance.digital / TempAdmin@2025 logs in
Invalid credentials rejected Wrong password shows error
JWT token stored localStorage has auth token
Redirect to dashboard Successful login goes to /admin/dashboard
Logout functionality "Logout" button clears token
Protected routes secured Cannot access /admin/* without login

3.2 Moderation Queue

Test Case Expected Result Status Notes
/admin/moderation route works Moderation dashboard renders
Queue items displayed Shows pending items
"Approve" button works Approves item, updates status
"Reject" button works Rejects item, updates status
Filtering works Can filter by type (blog/media/case)
Empty state shown Graceful message when no items

3.3 User Management

Test Case Expected Result Status Notes
/admin/users route works User list renders
Admin user visible Shows admin@agenticgovernance.digital
Create user form works Can add new user
Edit user works Can modify user details
Delete user works Can remove user
Role assignment works Can assign admin/moderator roles

4. API Endpoints

4.1 Health & Monitoring

Test Case Command Expected Result Status Notes
Health endpoint curl https://agenticgovernance.digital/health {"status":"ok","timestamp":"...","database":"connected","services":"operational"}
Response time Health check <200ms response
HTTPS enforced curl http://agenticgovernance.digital/health 301 redirect to HTTPS

4.2 Documents API

Test Case Command Expected Result Status Notes
List documents curl https://agenticgovernance.digital/api/documents JSON array of documents
Get single document curl https://agenticgovernance.digital/api/documents/:id JSON document object
Search documents curl https://agenticgovernance.digital/api/documents/search?q=boundary Filtered results
Invalid ID returns 404 curl https://agenticgovernance.digital/api/documents/invalid 404 Not Found

4.3 Governance API

Test Case Command Expected Result Status Notes
Classify instruction curl -X POST https://agenticgovernance.digital/api/governance/classify -d '{"text":"Use port 27017"}' {"quadrant":"SYSTEM","persistence":"HIGH",...}
Check boundary curl -X POST https://agenticgovernance.digital/api/governance/boundary -d '{"decision":"Update privacy policy"}' {"allowed":false,"section":"12.1",...}
Get audit log curl https://agenticgovernance.digital/api/governance/audit JSON array of audit entries

4.4 Blog API

Test Case Command Expected Result Status Notes
List blog posts curl https://agenticgovernance.digital/api/blog JSON array of posts
Get single post curl https://agenticgovernance.digital/api/blog/:slug JSON post object
Create post (auth required) curl -X POST https://agenticgovernance.digital/api/blog -H "Authorization: Bearer TOKEN" 201 Created
Unauthenticated create fails curl -X POST https://agenticgovernance.digital/api/blog 401 Unauthorized

5. Performance Testing

5.1 Lighthouse Scores (Desktop)

Metric Target Actual Status Notes
Performance ≥90
Accessibility ≥90
Best Practices ≥90
SEO ≥90

Run Command:

npx lighthouse https://agenticgovernance.digital --view

5.2 Core Web Vitals

Metric Target Actual Status Notes
Largest Contentful Paint (LCP) ≤2.5s
First Input Delay (FID) ≤100ms
Cumulative Layout Shift (CLS) ≤0.1
First Contentful Paint (FCP) ≤1.8s
Time to Interactive (TTI) ≤3.8s

Test with:

5.3 Page Load Times

Page Target Actual Status Notes
Homepage (/) <2s
/researcher <2s
/docs <2s
/blog <2s
/demos/classification <2s

Test with:

curl -w "@curl-format.txt" -o /dev/null -s https://agenticgovernance.digital

curl-format.txt:

time_namelookup:  %{time_namelookup}\n
time_connect:  %{time_connect}\n
time_starttransfer:  %{time_starttransfer}\n
time_total:  %{time_total}\n

5.4 Asset Optimization

Test Case Expected Result Status Notes
CSS minified /css/tailwind.css is compressed
JS minified All .js files compressed
Images optimized All images <200KB
Gzip enabled Response has Content-Encoding: gzip
Static caching CSS/JS have Cache-Control: 1 year

6. Accessibility Testing (WCAG AA)

6.1 Keyboard Navigation

Test Case Expected Result Status Notes
Tab through navigation All links reachable via Tab
Focus indicators visible Clear outline on focused elements
Skip to content link "Skip to main content" present
Forms keyboard accessible All form fields navigable
Interactive demos keyboard accessible Can use demos without mouse
No keyboard traps Can navigate in/out of all sections

6.2 Screen Reader Compatibility

Test Case Expected Result Status Notes
Semantic HTML Proper heading hierarchy (h1 → h6)
Alt text on images All images have descriptive alt attributes
ARIA labels Interactive elements have aria-label
Form labels All inputs have associated labels
Landmark regions header, nav, main, footer present
Link purpose clear Link text describes destination

Test with:

  • macOS VoiceOver: Cmd+F5
  • NVDA (Windows)
  • ChromeVox extension

6.3 Color & Contrast

Test Case Expected Result Status Notes
Text contrast ratio ≥4.5:1 for normal text
Large text contrast ≥3:1 for large text (18pt+)
No color-only information Meaning not conveyed by color alone
Focus indicators high contrast Visible against all backgrounds

Test with:

6.4 Responsive Text

Test Case Expected Result Status Notes
Zoom to 200% Content remains readable
Font resizing works Text scales without breaking layout
No horizontal scrolling Content reflows at 200% zoom

7. Security Testing

7.1 SSL/TLS Configuration

Test Case Expected Result Status Notes
HTTPS enforced HTTP redirects to HTTPS
SSL certificate valid Let's Encrypt cert expires 2026-01-05
Certificate chain complete No chain errors
TLS 1.2+ only No SSL3, TLS 1.0/1.1
Strong ciphers Only secure cipher suites
A+ rating SSL Labs score A or A+

Test with:

7.2 Security Headers

Header Expected Value Status Notes
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options DENY
X-Content-Type-Options nosniff
X-XSS-Protection 1; mode=block
Referrer-Policy strict-origin-when-cross-origin
Permissions-Policy camera=(), microphone=(), geolocation=()
Content-Security-Policy See detailed CSP check below

Test with:

curl -I https://agenticgovernance.digital

7.3 Content Security Policy

Directive Expected Value Status Notes
default-src 'self'
script-src 'self'
style-src 'self' 'unsafe-inline' Phase 3: Remove 'unsafe-inline'
img-src 'self' data:
font-src 'self'
connect-src 'self'
frame-ancestors 'none'

7.4 Authentication Security

Test Case Expected Result Status Notes
Password hashing Bcrypt with 10+ rounds
JWT signature valid Token signed with strong secret
JWT expiry set Token expires in 7 days
Session cookies secure httpOnly, secure, sameSite flags
Login rate limiting Max 5 attempts per 15 minutes
Password requirements Min 12 chars, complexity enforced

7.5 Vulnerability Scanning

Test Case Command Expected Result Status Notes
npm audit npm audit 0 high/critical vulnerabilities
OWASP ZAP scan Run automated scan 0 high/medium vulnerabilities
SQL injection test Test form inputs No database errors
XSS test Test