# Testing

Primary command reference: `docs/COMMANDS.md`.

Core commands: `composer install --no-interaction --no-progress`, `composer validate --no-check-publish`, `composer audit`, `composer test`, `composer check`, and `php tools\qa-inventory.php`.

API contract truth gate command: `composer api-contract-harness` or `php tools\api-contract-harness.php`.

Performance gate command: `composer performance-smoke` or `php tools\performance-smoke.php`.

Mobile app readiness gate command: `composer mobile-readiness` or `php tools\mobile-readiness.php`.

Release gate command: `composer release-gate` or `php tools\release-gate.php`.

Manual QA checklist: XAMPP browser setup, registration, login/logout, dashboard access, CRUD forms, validation errors, pagination, filters, mobile layout, role restrictions, scoped demo reset, CSV validation, and API JSON responses.

Detailed testing-architect context: see `docs/TESTING_ARCHITECT_BRIEF.md` for the product overview, route map, feature inventory, data model, RBAC model, integration boundaries, current automated coverage, risks, and recommended test plan structure.

Latest production-readiness QA evidence:

- `docs/PRODUCTION_READINESS_QA_REPORT.md`
- `docs/QA_ROUTE_ACTION_INVENTORY.md`
- `docs/TESTING_STRATEGY.md`

Commercial-readiness execution outputs:

- `docs/COMMERCIAL_TEST_PLAN.md`
- `docs/TEST_EXECUTION_REPORT.md`
- `docs/DEFECT_REGISTER.md`
- `docs/COMMERCIAL_RELEASE_GATE.md`
- `docs/MANUAL_QA_SCRIPT.md`
- `docs/SECURITY_TEST_REPORT.md`
- `docs/TEST_COVERAGE_GAP_ANALYSIS.md`
- `docs/COMMERCIAL_READINESS_DECISION.md`

Browser smoke command, when bundled Node dependencies and Chrome are available:

```powershell
$env:NODE_PATH='C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules;C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules\.pnpm\node_modules'
$env:BROWSER_EXECUTABLE_PATH='C:\Program Files\Google\Chrome\Application\chrome.exe'
$env:FIELDOPS_BASE_URL='http://localhost/FieldOps-Cloud/public'
& 'C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\bin\node.exe' tools\browser-smoke.cjs
```

Role/RBAC browser walkthrough command:

```powershell
$env:NODE_PATH='C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules;C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules\.pnpm\node_modules'
$env:BROWSER_EXECUTABLE_PATH='C:\Program Files\Google\Chrome\Application\chrome.exe'
$env:FIELDOPS_BASE_URL='http://localhost/FieldOps-Cloud/public'
& 'C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\bin\node.exe' tools\role-walkthrough.cjs
```

High-risk role interaction browser smoke command:

```powershell
$env:NODE_PATH='C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules;C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules\.pnpm\node_modules'
$env:BROWSER_EXECUTABLE_PATH='C:\Program Files\Google\Chrome\Application\chrome.exe'
$env:FIELDOPS_BASE_URL='http://localhost/FieldOps-Cloud/public'
& 'C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\bin\node.exe' tools\role-interaction-smoke.cjs
```

Production auth/security smoke command:

```powershell
$env:NODE_PATH='C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules;C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules\.pnpm\node_modules'
$env:BROWSER_EXECUTABLE_PATH='C:\Program Files\Google\Chrome\Application\chrome.exe'
& 'C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\bin\node.exe' tools\auth-production-smoke.cjs
```

Production workflow browser smoke command:

```powershell
$env:NODE_PATH='C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules;C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\node_modules\.pnpm\node_modules'
$env:BROWSER_EXECUTABLE_PATH='C:\Program Files\Google\Chrome\Application\chrome.exe'
& 'C:\Users\chama\.cache\codex-runtimes\codex-primary-runtime\dependencies\node\bin\node.exe' tools\production-workflow-smoke.cjs
```

Current known untested areas: live report provider delivery and hosted worker execution, live payroll/provider sync, public REST API implementation if launch-scoped, live third-party OAuth/sync, live billing/payment webhooks, real payment gateway processing, manual assistive-technology/WCAG review beyond the Gate 8 accessibility smoke, signed native app store builds, app-store submission, physical-device tests, hosted production load testing, GitHub-hosted workflow evidence, hosted import worker runner proof, live accounting-provider cost imports, and CI browser-smoke execution with project-managed browser dependencies. Local MySQL volume profiling is covered by Gate 17, durable import/export history is covered by Gate 18, retry-state transitions are covered by Gate 19, selected high-risk role interactions are covered by Gate 20, local import payload replay lifecycle is covered by Gate 21, active API contract truth is covered by Gate 22, core reports durability is covered by Gate 23, core dashboard durability is covered by Gate 24, report/dashboard period scoping is covered by Gate 25, previous-period trend comparison is covered by Gate 26, advanced report summary coverage is covered by Gate 27, saved report preset coverage is covered by Gate 28, scheduled report delivery queue foundation coverage is covered by Gate 29, material-cost-backed profitability coverage is covered by Gate 30, direct job cost capture coverage is covered by Gate 31, contract profitability coverage is covered by Gate 32, purchase-order accrual coverage is covered by Gate 33, supplier-invoice matching coverage is covered by Gate 34, payroll/time-sheet import coverage is covered by Gate 35, and production workflow browser coverage with portal placeholder flows is covered by Gate 36, but hosted-scale proof still requires the final infrastructure.