3.8 KiB
3.8 KiB
| 1 | ID | Summary | Severity | User_impact | Business_impact | Security_impact | Privacy_impact | Accessibility_impact | Affected_locale | Affected_theme | Affected_browser | Affected_viewport | Reproduction_steps | Expected_behavior | Actual_behavior | Evidence | Owner | Status | Release_disposition | Resolution_commit | Retest_result |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2 | P15-001 | Two release-evidence CSV files had inconsistent column counts | High | Indirect; evidence could be misread or fields shifted | Release decisions could use corrupted issue or QA records | None direct | None direct | None direct | All | All | All | All | Parse all repository CSV files with a standards-compliant CSV reader | Every row matches the header width | P14-009 had 11 fields instead of 9; P14-M10 had 10 instead of 11 | PHASE_15_BASELINE_STATIC_AUDIT_RESULTS_v1.0.json | Engineering + QA | Resolved | Fixed in Phase 15 | Unavailable; supplied archive had no Git metadata | All CSV files parse; C15-004 and C15-006 pass |
| 3 | P15-002 | Demo API accepted JSON look-alike media types by prefix | Medium | Malformed clients could reach JSON parsing instead of receiving 415 | Ambiguous API contract and weaker request validation | Broader-than-documented content-type acceptance | No direct data exposure identified | None | All | All | All clients | N/A | Send Content-Type application/jsonp | 415 unsupported_content_type | Prefix check treated it as JSON | PHASE_15_BASELINE_STATIC_AUDIT_RESULTS_v1.0.json | Engineering + Security | Resolved | Fixed in Phase 15 | Unavailable; supplied archive had no Git metadata | Eight dependency-free assertions pass; Vitest regression authored but not run |
| 4 | P15-003 | Visual tests used a stale theme key and inconsistent snapshot project scope | Medium | Dark-mode regressions could be recorded under the wrong theme | Unreliable visual approval evidence | None | None | Theme contrast regressions could be missed | EN/FR/AR | Dark/system | All Playwright projects | Configured visual matrix | Inspect component-system visual setup and run snapshots outside Chromium | Canonical theme key; canonical Chromium snapshots only | Unused storage key and non-canonical project execution | PHASE_15_BASELINE_STATIC_AUDIT_RESULTS_v1.0.json | Engineering + Design QA | Resolved | Fixed; browser retest still blocked | Unavailable; supplied archive had no Git metadata | Static regression validator passes; browser snapshots not executed |
| 5 | P15-004 | CI omitted the demo-service integration test suite | High | Server-side conversion failures could merge undetected | Primary lead workflow lacked CI integration protection | Adapter error/timeout/idempotency regressions could escape CI | Boundary regressions could escape CI | None direct | All | All | Server boundary | N/A | Inspect Phase 14 CI quality job | CI runs pnpm test:integration | Only unit and Playwright suites were configured | PHASE_15_BASELINE_STATIC_AUDIT_RESULTS_v1.0.json | Engineering + QA | Resolved | CI command added; execution pending connected CI | Unavailable; supplied archive had no Git metadata | Phase 15 validator confirms command presence; integration suite not locally executed |
| 6 | P15-005 | Final Phase 15 dependency-backed, browser, performance, deployment, rollback, and manual QA evidence is incomplete | High | Accessibility, browser, performance, and conversion defects may remain undiscovered | Release readiness cannot be established | Dependency and dynamic security checks are stale or absent | Runtime analytics/consent behavior lacks current browser evidence | Manual WCAG, keyboard, screen-reader, zoom, and reflow evidence absent | EN/FR/AR | Light/dark/system | Chromium/Firefox/WebKit/mobile engines | 1440/1024/768/390/320 and zoom states | Attempt pinned toolchain activation and frozen install | Exact toolchain installs and all Phase 15 gates execute | Host has Node 22.16.0, no pnpm, no registry DNS, and no project dependencies | PHASE_15_TOOLCHAIN_SETUP.log; COMMAND_MATRIX_v1.0.csv | Engineering + QA + Accessibility + Security | Open - environment blocked | Blocks Phase 15 acceptance and Phase 16 readiness | N/A | Not retested; requires connected pinned CI and human QA |