alee/relicario
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
3dd1e1bb15e3d3b0cbbdf9c50155257e6d2592fa
relicario/docs/test-checklists/2026-04-27-pre-v0.3.0-audit.md
adlee-was-taken 17ff79d5f6 docs: plan 3A spec + pre-v0.3.0 audit checklist 
Plan 3A: backup & restore — drives the feature branch landing in
the next commit (merge of feature/backup-restore).

Pre-v0.3.0 audit checklist: manual smoke-test list for the v0.2.x
audit-pass commits (TOTP edit, history, detach, status, generator
defaults, vault-tab parity, sync button) — to walk through before
the v0.3.0 tag.
2026-04-29 20:29:09 -04:00

5.4 KiB
Raw Blame History

Pre-v0.3.0 manual test checklist

Date: 2026-04-27 Scope: every change in CHANGELOG.md's Unreleased section since v0.2.0 (commits a7dbf35, f79a67b, 3f0f5b1, b951741, c66fd52).

Purpose: smoke-walk the audit pass before drawing the line and tagging v0.3.0. Treat as a logic-spot-check, not a regression suite — the automated tests (cargo test, the extension's vitest suite) cover everything covered by tests already; this list is the things that need human eyeballs.

CLI — new commands (commit 3f0f5b1)

  • relicario status inside an active vault — shows root path, item counts (active / trashed), attachment count + total bytes, device count, git log -1 last-commit line.
  • relicario status with at least one trashed item — trashed count is non-zero; active count excludes it.
  • relicario history <query> — masked by default (passwords show as ••••).
  • relicario history <query> --show — values revealed in the clear.
  • relicario history <query> --field login_password — filter works. Also try the raw form (--field core:login_password) — both should match.
  • relicario history <query> on an item with no captured history — prints "no history captured".
  • relicario detach <query> <aid> — removes the attachment ref, deletes the encrypted blob on disk, commits detach: ….
  • relicario detach <doc-item> <primary-aid> — refuses with "use purge instead".
  • relicario edit <totp-item> — rotate issuer, label, then secret; verify a core:totp_secret history entry is captured (visible via relicario history).
  • relicario settings generator-defaults (no flags) — prints current defaults.
  • relicario settings generator-defaults --random --length 32 — flips mode + length, persists across runs.
  • relicario settings generator-defaults --bip39 --words 7 --separator - — mode flip persists.
  • relicario generate inside vault — uses the stored defaults.
  • relicario generate --length 8 inside vault — explicit flag overrides the stored default.
  • relicario generate outside any vault — still works at hardcoded defaults (length 20, BIP39 5 words). No unlock prompt.

Extension — popup (commit a7dbf35)

  • Settings view → "Sync now" — refresh succeeds with "synced ✓"; force a sync with a bad token to confirm the error string surfaces.
  • Item-list toolbar sync button — same coverage.
  • Devices view on a fresh install whose device_name isn't on the remote — banner appears.
  • Click "Register this device" → enter a name → confirm → device appears in the list, banner disappears.
  • Verify keypair persists across SW restart (re-open popup; banner should NOT return).

Extension — vault tab parity (commit a7dbf35)

  • Open vault.html (Ctrl+Shift+L or popup pop-out). All views render: list, detail, add, edit, settings, settings-vault, trash, devices, field-history.
  • register_this_device works from the vault tab the same way as the popup.
  • Inactivity timer still fires when only the vault tab is open (no popup activity).
  • Wrong-extension sender check — install a second extension, send a message; should be rejected. (Covered by router.test.ts:373-384 but worth one manual sanity run if time permits.)

Setup wizard (commit f79a67b — pure-helper extraction)

  • First-run new-vault path: zxcvbn meter still updates within ~150 ms of typing; strength label changes through the five tiers as the passphrase strengthens.
  • First-run attach path: passphrase / image rejection produces the exact "Could not decrypt vault — wrong passphrase or reference image." string (no oracle leak).
  • Step 5 device registration completes without manual fallback when the extension is reachable.

Refactor — cmd_add / cmd_edit per-type helpers (commit 3f0f5b1)

For each ItemCore variant: spin up the form, save, re-open, edit, save, verify the on-disk item stays valid. Drives both build_*_item and edit_*.

  • Login (with embedded TOTP sub-config)
  • SecureNote
  • Identity
  • Card
  • Key
  • Document (add via attach; edit should print the "use attach / extract" message)
  • Standalone Totp

Build / test gates

  • cargo test — all green.
  • cargo test -p relicario-cli --test basic_flows (and the other named integration tests) — green individually.
  • cargo build -p relicario-wasm --target wasm32-unknown-unknown — succeeds.
  • Extension Chrome build (webpack) — produces a loadable extension.
  • Extension Firefox build (webpack.firefox.config.js) — produces a loadable extension.
  • Load in Chrome, load in Firefox, smoke-unlock an existing vault.

Architecture-docs sanity (commit c66fd52)

  • Spot-check three line-number citations from each ARCHITECTURE.md against live code (drift is the silent killer — line-numbered docs rot fastest). Suggested: - service-worker/index.ts:20 (lazy WASM init) - crypto.rs:59 (VERSION_BYTE = 0x02) - helpers.rs:48-52 (hardened-git -c flags)

Sign-off

When every box above is checked, the audit pass is good to tag as v0.3.0. Anything that fails goes back into Unreleased as a fix commit before the tag.

Reference in New Issue View Git Blame Copy Permalink