POS approval audit + CSV evidencepass
posMUPZA_POS_QA_EVIDENCE_CSV_EXPORT_FIX_V1_PASSscripts/qa/run-pos-approval-audit-log-qa-smoke-v1.ps1Cashier risk actions need manager approval, audit evidence and CSV export.
Communication foundationpass
communicationsMUPZA_COMMUNICATION_FOUNDATION_QA_SMOKE_V1_PASSscripts/qa/run-communication-foundation-qa-smoke-v1.ps1OTP, WhatsApp, Telegram, email and LAN notifications start behind audited outbox contracts.
Communication provider adapterpass
communicationsMUPZA_COMMUNICATION_PROVIDER_ADAPTER_QA_SMOKE_V1_PASSscripts/qa/run-communication-provider-adapter-qa-smoke-v1.ps1Real providers stay dry-run and env-gated until operator setup.
Notification consent templatespass
communicationsMUPZA_NOTIFICATION_CONSENT_TEMPLATE_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-notification-consent-template-contract-qa-smoke-v1.ps1External messages require consent, template rules, audit and blocked secret payload fields.
Customer consent ledgerpass
communicationsMUPZA_CUSTOMER_CONSENT_LEDGER_QA_SMOKE_V1_PASSscripts/qa/run-customer-consent-ledger-qa-smoke-v1.ps1Customer opt-in, opt-out and transactional messaging decisions are audited before external sends.
Notification provider dry-run harnesspass
communicationsMUPZA_NOTIFICATION_PROVIDER_DRY_RUN_HARNESS_QA_SMOKE_V1_PASSscripts/qa/run-notification-provider-dry-run-harness-qa-smoke-v1.ps1OTP, WhatsApp, Telegram, email and LAN in-app sends are simulated with audit evidence.
Notification provider catalogpass
communicationsMUPZA_NOTIFICATION_PROVIDER_CATALOG_QA_SMOKE_V1_PASSscripts/qa/run-notification-provider-catalog-qa-smoke-v1.ps1OTP, WhatsApp, Telegram, email and LAN in-app providers are mapped with health and failover rules.
Notification send decision matrixpass
communicationsMUPZA_NOTIFICATION_SEND_DECISION_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-notification-send-decision-matrix-qa-smoke-v1.ps1Notification sends are blocked, mocked or routed to LAN fallback before real provider calls.
Notification delivery retry queuepass
communicationsMUPZA_NOTIFICATION_DELIVERY_RETRY_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-notification-delivery-retry-queue-qa-smoke-v1.ps1External notification delivery uses consent/env gates, retry backoff and dead-letter audit.
Webhook verification contractpass
communicationsMUPZA_WEBHOOK_VERIFICATION_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-webhook-verification-contract-qa-smoke-v1.ps1WhatsApp and Telegram inbound webhooks require secrets, replay protection and audit.
Inbound provider event outboxpass
communicationsMUPZA_INBOUND_PROVIDER_EVENT_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-inbound-provider-event-outbox-qa-smoke-v1.ps1WhatsApp and Telegram inbound events write to audited outbox before order or POS workflows.
Provider command safety queuepass
communicationsMUPZA_PROVIDER_COMMAND_SAFETY_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-provider-command-safety-queue-qa-smoke-v1.ps1WhatsApp and Telegram commands cannot bypass POS button workflow or manager approval audit.
Firebase auth readinesspass
cloudMUPZA_FIREBASE_AUTH_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-firebase-auth-readiness-qa-smoke-v1.ps1Owner/admin cloud auth is env-only while POS/waiter/kitchen LAN fallback remains independent.
Metrics + tag readinesspass
cloudMUPZA_METRICS_TAG_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-metrics-tag-readiness-qa-smoke-v1.ps1Google Tag, Cloudflare and product metrics stay privacy-safe and dry-run.
Analytics consent gatepass
cloudMUPZA_ANALYTICS_CONSENT_GATE_QA_SMOKE_V1_PASSscripts/qa/run-analytics-consent-gate-qa-smoke-v1.ps1Analytics events are gated by consent, PII, kill switch and LAN-safety rules.
Backend runtime boundarypass
cloudMUPZA_BACKEND_RUNTIME_BOUNDARY_QA_SMOKE_V1_PASSscripts/qa/run-backend-runtime-boundary-qa-smoke-v1.ps1Cloud backend does not take authority away from POS Local Hub.
Runtime secret placement matrixpass
cloudMUPZA_RUNTIME_SECRET_PLACEMENT_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-runtime-secret-placement-matrix-qa-smoke-v1.ps1Firebase, Cloudflare, notification and AWS env names are mapped to value-free runtime storage targets.
Cloud sync queuepass
cloudMUPZA_CLOUD_SYNC_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-cloud-sync-queue-qa-smoke-v1.ps1Cloud sync queues later without blocking LAN order, print or approval flows.
Order ingest contractpass
offline_lanMUPZA_ORDER_INGEST_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-order-ingest-contract-qa-smoke-v1.ps1QR, website, POS and waiter orders are accepted once and routed to core destinations.
Kitchen printer job contractpass
offline_lanMUPZA_KITCHEN_PRINTER_JOB_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-kitchen-printer-job-contract-qa-smoke-v1.ps1Station-scoped printer jobs are idempotent and duplicate-safe.
LAN device heartbeatpass
offline_lanMUPZA_LAN_DEVICE_HEARTBEAT_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-lan-device-heartbeat-contract-qa-smoke-v1.ps1POS, waiter, kitchen and printer devices stay visible without internet.
Environment contract matrixpass
release_opsMUPZA_ENVIRONMENT_CONTRACT_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-environment-contract-matrix-qa-smoke-v1.ps1Firebase, Cloudflare, Google, notification and AWS env names are scoped without values.
Staging health endpointpass
release_opsMUPZA_STAGING_HEALTH_ENDPOINT_QA_SMOKE_V1_PASSscripts/qa/run-staging-health-endpoint-qa-smoke-v1.ps1AWS/Nginx/Cloudflare smoke checks use value-free health JSON.
Release evidence dashboardpass
release_opsMUPZA_RELEASE_EVIDENCE_DASHBOARD_QA_SMOKE_V1_PASSscripts/qa/run-release-evidence-dashboard-qa-smoke-v1.ps1Current sprint QA markers, runbooks and safety flags are visible in one local dashboard.
Route smoke indexpass
release_opsMUPZA_ROUTE_SMOKE_INDEX_QA_SMOKE_V1_PASSscripts/qa/run-route-smoke-index-qa-smoke-v1.ps1Local pages and mock APIs are grouped for GitHub/AWS operator smoke checks.
Cloudflare DNS/TLS cutoverpass
release_opsMUPZA_CLOUDFLARE_DNS_TLS_CUTOVER_QA_SMOKE_V1_PASSscripts/qa/run-cloudflare-dns-tls-cutover-qa-smoke-v1.ps1Staging DNS, TLS, proxy, smoke and rollback steps stay manual and production-safe.
Tenant domain routing matrixpass
release_opsMUPZA_TENANT_DOMAIN_ROUTING_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-tenant-domain-routing-matrix-qa-smoke-v1.ps1Subdomain, custom domain, QR and website routes resolve tenant before order ingest.
QR website order intake contractpass
offline_lanMUPZA_QR_WEBSITE_ORDER_INTAKE_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-qr-website-order-intake-contract-qa-smoke-v1.ps1Public QR and website submits map to tenant domain routing and order ingest without payment capture in QA.
Public menu availability matrixpass
offline_lanMUPZA_PUBLIC_MENU_AVAILABILITY_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-public-menu-availability-matrix-qa-smoke-v1.ps1QR, website and POS menu visibility require active products, modifiers and kitchen printer routes.
Public cart pricing tax guardpass
offline_lanMUPZA_PUBLIC_CART_PRICING_TAX_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-cart-pricing-tax-guard-qa-smoke-v1.ps1QR and website totals must match order ingest before any payment capture or cloud sync.
Public payment method readinesspass
offline_lanMUPZA_PUBLIC_PAYMENT_METHOD_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-public-payment-method-readiness-qa-smoke-v1.ps1Pay-at-counter and cash-on-delivery are mock-ready while online card stays provider-disabled.
Public order confirmation outboxpass
communicationsMUPZA_PUBLIC_ORDER_CONFIRMATION_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-public-order-confirmation-outbox-qa-smoke-v1.ps1QR and website order confirmations write audited outbox records before any provider send.
Public order status timelinepass
offline_lanMUPZA_PUBLIC_ORDER_STATUS_TIMELINE_QA_SMOKE_V1_PASSscripts/qa/run-public-order-status-timeline-qa-smoke-v1.ps1Customer-facing public order status is read-only and cannot mutate POS, kitchen or printer state.
Public customer receipt evidencepass
offline_lanMUPZA_PUBLIC_CUSTOMER_RECEIPT_EVIDENCE_QA_SMOKE_V1_PASSscripts/qa/run-public-customer-receipt-evidence-qa-smoke-v1.ps1QR and website receipts link pricing, payment, confirmation and status evidence without mutation.
Public receipt delivery outboxpass
communicationsMUPZA_PUBLIC_RECEIPT_DELIVERY_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-delivery-outbox-qa-smoke-v1.ps1Receipt delivery writes audited outbox records before WhatsApp, email or Telegram provider sends.
Public receipt access link guardpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_LINK_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-link-guard-qa-smoke-v1.ps1Public receipt/status links are masked, read-only and blocked from order, payment, receipt or provider-send mutation.
Public receipt access abuse guardpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_ABUSE_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-abuse-guard-qa-smoke-v1.ps1Public receipt reads are rate-limited, replay-protected, bot-guarded and audited without blocking LAN authority.
Public receipt access revocation ledgerpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_REVOCATION_LEDGER_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-revocation-ledger-qa-smoke-v1.ps1Public receipt revoke, expiry and restore-denied decisions are audited without mutating source links or LAN authority.
Public receipt payload redaction guardpass
securityMUPZA_PUBLIC_RECEIPT_PAYLOAD_REDACTION_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-payload-redaction-guard-qa-smoke-v1.ps1Public receipt payloads preserve customer totals while blocking internal ids, provider targets, audit ids and raw contact values.
Operator UI design foundationpass
release_opsMUPZA_OPERATOR_UI_DESIGN_FOUNDATION_QA_SMOKE_V1_PASSscripts/qa/run-operator-ui-design-foundation-qa-smoke-v1.ps1The dashboard shell is grouped, denser and operator-focused without changing POS cashier behavior.
Responsive visual evidence harnesspass
release_opsMUPZA_RESPONSIVE_VISUAL_EVIDENCE_HARNESS_QA_SMOKE_V1_PASSscripts/qa/run-responsive-visual-evidence-harness-qa-smoke-v1.ps1Mobile, tablet and desktop screenshots must prove no horizontal overflow before design handoff.
Operator push pack manifestpass
release_opsMUPZA_OPERATOR_PUSH_PACK_MANIFEST_QA_SMOKE_V1_PASSscripts/qa/run-operator-push-pack-manifest-qa-smoke-v1.ps1Manual GitHub push and AWS staging handoff paths stay explicit without performing external mutation.
AWS staging bootstrap checklistpass
release_opsMUPZA_AWS_STAGING_BOOTSTRAP_CHECKLIST_QA_SMOKE_V1_PASSscripts/qa/run-aws-staging-bootstrap-checklist-qa-smoke-v1.ps1Server, Nginx, env storage and route smoke checks stay staging-only and value-free.
Service activation matrixpass
release_opsMUPZA_SERVICE_ACTIVATION_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-service-activation-matrix-qa-smoke-v1.ps1Firebase, Cloudflare, tags, OTP, WhatsApp, Telegram and email stay dry-run and env-gated.
Provider health monitorpass
release_opsMUPZA_PROVIDER_HEALTH_MONITOR_QA_SMOKE_V1_PASSscripts/qa/run-provider-health-monitor-qa-smoke-v1.ps1Provider readiness is visible without exposing env values, secrets or performing live calls.
Service kill switch matrixpass
release_opsMUPZA_SERVICE_KILL_SWITCH_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-service-kill-switch-matrix-qa-smoke-v1.ps1External services can be disabled while POS, waiter, kitchen and printer LAN authority remains active.
AI CTO operating rulespass
release_opsMUPZA_AI_CTO_OPERATING_RULES_QA_SMOKE_V1_PASSscripts/qa/run-ai-cto-operating-rules-qa-smoke-v1.ps1Sprint continuity and AI CTO/Senior DevOps/Senior QA role rules are recorded as standing project policy.
MUPZAAI read-only reuse inventorypass
reuseMUPZA_VELORA_READONLY_REUSE_INVENTORY_V1_PASSscripts/qa/run-velora-readonly-reuse-inventory-v1.ps1MUPZAAI can guide patterns read-only without modifying it or using secrets.
Secret guard expansionpass
securityMUPZA_SECRET_GUARD_EXPANSION_QA_SMOKE_V1_PASSscripts/qa/run-secret-guard-expansion-qa-smoke-v1.ps1Push candidates are scanned for env files, keys, service accounts and provider tokens.
GitHub clean push readinesspass
securityMUPZA_GITHUB_CLEAN_PUSH_READINESS_GATE_V1_PASSscripts/qa/run-github-clean-push-readiness-gate-v1.ps1Generated folders and secret-bearing files are blocked before GitHub push.
AWS operator handoffpass
release_opsMUPZA_AWS_OPERATOR_HANDOFF_QA_SMOKE_V1_PASSscripts/qa/run-aws-operator-handoff-qa-smoke-v1.ps1Operator receives safe manual GitHub/AWS staging steps without repo-side mutation.