QA Requirements
Purpose
Defines minimum QA documentation and scenario coverage required for every feature PR.
Required QA Artifacts
docs/features/<issue-id>-<slug>.mdMUST include a## QA Test Scenariostable- Scenario IDs MUST use
<ISSUE-ID>-XXformat (example:FEAT-31-04) - Steps, input, and expected result MUST be explicit and reproducible
- QA documentation MUST be updated in the same PR as implementation
Minimum Scenario Coverage
- At least 1 happy-path scenario
- At least 2 validation/error scenarios
- At least 1 backend/service failure scenario
- At least 1 edge-case scenario
- At least 1 authorization/authentication scenario for protected features
Security Feature Additions (Required Extras)
For authentication, session, billing, premium, or AI access-control changes, include these additional scenarios:
- token/session issuance success
- unauthorized access rejection
- expiry handling (access expiry + refresh behavior)
- revocation/invalidation behavior (logout/session delete)
- abuse controls (rate limiting)
- redirect continuation behavior (
/login?next=<target>) for protected pages/actions
Dependency Note (FEAT-31)
- Features that depend on user identity or entitlements MUST align QA scenarios with FEAT-31 auth/session behavior.
- At minimum, dependent features must test:
- unauthenticated user is redirected or rejected correctly
- authenticated user succeeds
- stale/expired auth path fails safely
PR Gate
A PR is blocked if:
- QA scenarios are missing
- Scenario IDs are missing/malformed
- Scenarios do not match implemented behavior
- Security-sensitive changes do not include security-specific QA cases