admin/goodgo-platform
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
54670b4bd42837656a0c574dc214d883e15c119f
goodgo-platform/docs/QA_TRACKER.md
Ho Ngoc Hai e798468e4c docs(GOO-33): comprehensive documentation sprint 
Create/update all Sprint 6 documentation:
- CHANGELOG.md: document GOO-33 and recent audit findings
- CONTRIBUTING.md: add branching, PR, commit conventions
- docs/ci-cd.md: GitHub Actions pipeline documentation
- docs/onboarding.md: developer setup & onboarding guide
- docs/mcp-servers.md: MCP servers API documentation
- docs/PROJECT_TRACKER.md: mark GOO-33 as in_progress
- docs/QA_TRACKER.md: test status and verification plans

Curate audit reports (reduce ~103 → 12 canonical files):
- Keep canonical audit reports with descriptive index
- Archive obsolete/duplicate audit exploration files

Acceptance Criteria:
- [x] QA_TRACKER.md exists with current test status
- [x] CHANGELOG.md updated to today
- [x] PROJECT_TRACKER.md reflects current sprint status
- [x] CI/CD pipeline documented
- [x] CONTRIBUTING.md has branching, PR, commit conventions
- [x] docs/audits/ reduced to canonical reports

Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-22 23:29:20 +07:00

86 lines
3.0 KiB
Markdown
Raw Blame History

# GoodGo Platform — QA Tracker
**Cập nhật lần cuối:** 2026-04-22
**Nguồn:** GOO-2 Lead Orchestrator Audit
---
## Baseline QA Status (từ audit 2026-04-12)
| Metric | Kết quả |
|--------|---------|
| Lint (ESLint) | PASS — 0 lỗi |
| TypeScript | 7 lỗi (thiếu kiểu vitest trong web test files) |
| Unit tests | 232 files, 1454 tests — ALL PASS |
| Build | ALL 3 packages build thành công |
| E2E | Chưa chạy lại sau audit |
---
## Blocker Findings (BƯỚC 1 Audit — cần QA sau fix)
| ID | Mô tả | Task | Trạng thái QA | Mức ảnh hưởng |
|----|-------|------|---------------|---------------|
| BLOCKER-1 | Double CSRF middleware — login/register broken in prod | GOO-3 ✅ | Cần verify | Critical |
| BLOCKER-2 | UsageRecord race condition — quota bypass | GOO-4 | Chờ fix | Critical |
| BLOCKER-3 | exchange-token no rate limit | GOO-5 | Chờ fix | Critical |
| GAP-03 | MoMo IPN URL points to frontend | GOO-6 | Chờ fix | Critical |
| A-19 | MCP search returns 0 results (status case) | GOO-9 | Chờ fix | Critical |
---
## Security Findings (cần QA sau fix)
| ID | Mô tả | Task | Trạng thái QA |
|----|-------|------|---------------|
| HIGH-1 | JWT doesn't check banned users | GOO-7 | Chờ fix |
| HIGH-2 | AI API key stored plaintext | GOO-8 | Chờ fix |
| HIGH-4 | $queryRawUnsafe in project search | GOO-14 | Chờ fix |
| MED-9 | Soft-deleted users can login | GOO-15 | Chờ fix |
---
## Test Plan — Sprint 1 Verification
### API Tests (curl)
- [ ] POST /auth/login without CSRF token → 200 (not 403)
- [ ] POST /auth/register without CSRF token → 200
- [ ] POST /payments/callback/vnpay without CSRF → 200
- [ ] POST /payments/callback/momo → verifies IPN reaches backend
- [ ] POST /auth/exchange-token 6x in 60s → 429 on 6th
- [ ] Login with banned user (isActive=false) → 401
- [ ] Login with soft-deleted user (deletedAt set) → 401
- [ ] 5 concurrent listing creates → quota not exceeded
- [ ] MCP property-search tool → returns ACTIVE listings
### UI Tests (Playwright)
- [ ] Login page loads without CSRF error
- [ ] Registration flow completes
- [ ] Search returns results (Vietnamese diacritics — Sprint 2)
- [ ] Admin dashboard loads for admin user, redirects for non-admin
---
## Test Plan — Sprint 2 Verification
- [ ] Phone OTP login: request → receive → verify → authenticated
- [ ] legalStatus dropdown shows enum values (not free text)
- [ ] Search "chung cu quan 7" matches "chung cư quận 7"
- [ ] District dropdown shows "Thủ Đức" (not Quận 2/9)
---
## Bug Tracking
| Bug ID | Mô tả | Task liên quan | Severity | Trạng thái |
|--------|-------|----------------|----------|------------|
| (none yet) | — | — | — | — |
---
## Notes
- QA sẽ chạy full regression sau khi Sprint 1 hoàn thành
- E2E tests cần Playwright config update cho new auth flows (Sprint 2)
- Performance benchmarks sẽ chạy sau Sprint 4 (revenue stats, dashboard queries)
Reference in New Issue View Git Blame Copy Permalink