gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 21:21:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f4a297dae2db5899300a331bd3cdaf2eb7b9bbb
certctl/docs/contributor/gui-qa-checklist.md
T
shankar0123 c64777f655 docs: Phase 5 — testing-guide.md prune (8268 → 0 lines, content dispersed) 
Per Phase 1 audit at cowork/docs-overhaul-phase-1-audit-2026-05-04/
and the section-by-section plan in testing-guide-tumor.md.

testing-guide.md was 30% of all docs/ content (8268 lines) but was
integration test code written in markdown, not operator documentation.
The audit's tumor analysis disposed of every Part:
  - ~65% DELETE (test cases that already exist in code)
  - ~22% MOVE to inline test code
  - ~8% KEEP-COMPRESSED into focused operator-runbook docs
  - Title + contents + release sign-off ~5% KEEP

This commit ships the KEEP-COMPRESSED dispersal:

  docs/contributor/qa-prerequisites.md (NEW, ~120 lines):
    From testing-guide.md "Prerequisites" section. Stack boot procedure,
    demo data baseline, reference IDs operators reuse across QA docs.

  docs/contributor/gui-qa-checklist.md (NEW, ~105 lines):
    From testing-guide.md "Part 35: GUI Testing". Manual GUI verification
    pass for release sign-off. 25-row table covering every dashboard page.

  docs/contributor/release-sign-off.md (NEW, ~130 lines):
    From testing-guide.md "Release Sign-Off" section (originally 1009
    lines of per-test detail tables). Compressed to a release-day
    checklist organized by gate category: code state, automated gates,
    manual QA passes, release artefact verification, branch protection,
    post-release.

  docs/operator/performance-baselines.md (NEW, ~100 lines):
    From testing-guide.md "Part 39: Performance Spot Checks". Four
    operator-runnable benchmarks (API request handling, inventory list
    pagination, scheduler tick, bulk revoke) with baseline numbers and
    when-to-re-baseline guidance.

  docs/operator/helm-deployment.md (NEW, ~120 lines):
    From testing-guide.md "Part 52: Helm Chart Deployment". Operator
    runbook for the bundled deploy/helm/certctl/ chart: prereqs,
    install, four cert-source patterns, verify, upgrade, troubleshooting.

  docs/reference/cli.md (NEW, ~120 lines):
    From testing-guide.md "Part 28: CLI Tool". certctl-cli command
    reference with command-group breakdown, common workflows
    (list/filter, renew, revoke, bulk import, EST enrollment, status),
    output formats, CI/CD integration patterns.

docs/README.md navigation index updated to include the 6 new docs:
  Reference section gains: cli.md, release-verification.md (was added
    in Phase 13)
  Operator section gains: helm-deployment.md, performance-baselines.md
  Contributor section gains: qa-prerequisites.md, gui-qa-checklist.md,
    release-sign-off.md

docs/testing-guide.md deleted. Git history preserves the 8268 lines —
if any specific test case is found missing from inline test code or
the destination docs during future work, lift from `git show
HEAD~1:docs/testing-guide.md`.

Net: docs/ total line count drops by ~7700 lines (28%), from 26,369
to 18,742. testing-guide.md was the single largest doc; pruning it is
the single biggest content-edit win of the entire restructure.

Phase 5 is the last major content phase. Remaining: Phase 4 follow-on
(per-connector page extractions from reference/connectors/index.md),
Phase 15 (WHAT/HOW/WHY remediation), Phase 16 (final acceptance gate).
2026-05-05 03:38:54 +00:00

4.1 KiB
Raw Blame History

GUI QA Checklist

Last reviewed: 2026-05-05

Manual GUI verification pass for release sign-off. Vitest covers component-level behavior; this checklist covers end-to-end flows that only land correctly when the React SPA, the REST API, and the database are all wired together.

Prereqs

The full stack must be running and healthy per qa-prerequisites.md. Open https://localhost:8443 in a fresh browser session (Incognito / Private mode is fine — avoids cached state from previous QA passes).

Pages to verify

For each page, the verification is "open it, confirm it renders without console errors, exercise the documented action, confirm the action lands as expected."

Page Action to verify Expected result
/dashboard Page loads, all 4 stat cards populate Total / Active / Expiring / Expired counts match GET /api/v1/stats/summary
/certificates Inventory list paginates "Next page" button works; URL updates with cursor; row count consistent
/certificates/<id> Detail page opens for any cert Cert chain renders, deployment status shows, audit timeline visible
/issuers Catalog renders all configured issuers Each issuer card shows last-used / status; clicking opens detail
/issuers/<id> Issuer config form Edit + Save round-trips through PATCH /api/v1/issuers/<id>
/issuers/hierarchy CA tree view Multi-level hierarchy renders; admin-gated CRUD buttons present for admins only
/agents Fleet view Online/offline status accurate; OS/arch grouping correct
/agents/<id> Agent detail Last heartbeat, registered date, deployment job history
/agents/groups Agent groups CRUD Create + edit + delete a test group; verify dynamic membership matching
/jobs Job queue Filter by status / type works; click into a job opens detail
/jobs/<id> Job detail Status, retries, logs, owner attribution
/policies Renewal policies CRUD Edit AlertChannels matrix, save, verify backend reflects change
/profiles Certificate profiles EKU constraints + max TTL editable; profile binding works
/notifications Notifier config Test connection button against each configured notifier
/discovery Discovery triage Claim / Dismiss buttons round-trip to backend
/network-scans Scan target CRUD Create scan target, trigger immediate scan, results appear
/audit Audit trail Filter by actor / action / time range; CSV export works
/short-lived Short-lived credential dashboard Live TTL countdown updates; auto-refresh every 10s
/observability Observability dashboard Charts render: expiration heatmap, renewal trends, issuance rate
/health Health monitor TLS endpoint health: healthy / degraded / down states accurate
/digest Digest preview Email preview renders; "Send digest" button dispatches
/owners Owners CRUD Create owner with team, edit, delete (after reassigning certs)
/teams Teams CRUD Create + delete; verify cascade removes orphan owners
/scep SCEP admin tabs Profiles / Intune Monitoring / Recent Activity all populate
/est EST admin tabs Profiles / Recent Activity / Trust Bundle all populate
/login Login flow API key entry persists for the session; bad key rejected

Console hygiene

Open browser DevTools and confirm:

  • No uncaught exceptions on any page
  • No 404 / 500 responses in the Network tab from API calls
  • No CORS errors
  • No CSP violations

Mobile / narrow-viewport

The dashboard is desktop-first but should not break catastrophically on narrow viewports. Resize the browser to 380px width; confirm:

  • Sidebar collapses to a hamburger menu
  • Tables either scroll horizontally or stack on mobile
  • Forms remain usable

Accessibility spot-check

  • Tab through any single page using only the keyboard. Every interactive element must be reachable, and the focus indicator must be visible.
  • Lighthouse accessibility audit on /dashboard: target ≥ 90.

Sign-off

Document any deviations in the release sign-off matrix at release-sign-off.md.

Reference in New Issue View Git Blame Copy Permalink