Preconditions
Organizer can edit registration questions; public fixture can submit a registration requiring a waiver signature.
Happy path / Lifecycle
Create a waiver question.
Organizer enters waiver text, required flag, policy version label, and guest-facing consent copy.
Guest signs during registration.
Submit remains unavailable until the consent checkbox and signature input are filled by the guest.
Store proof.
Consent evidence includes signer, timestamp, IP/user-agent metadata where policy permits, and policy_version/hash.
Failure modes
Permission denied at the right boundary
Trigger: viewer/support attempts organizer-only operation.
Resolution: the write request returns 403, the editable surface remains closed or read-only, and the response does not leak hidden guest, event, or tenant fields.
Cross-tenant isolation
Trigger: tenant-A user guesses tenant-B resource id.
Resolution: the server returns 404 instead of 403, masks existence, and the UI renders a generic not-found state.
Soft-delete leaves audit trail
Trigger: organizer removes or deactivates the configured object.
Resolution: the row is marked inactive/deleted with actor, timestamp, and prior state preserved in audit.
Archive vs delete distinction
Trigger: organizer chooses between reversible archive and destructive delete.
Resolution: archive stays reversible and copy/export labels it archived; delete requires separate destructive confirmation and changes copy behavior.
Edit lock during publish
Trigger: publish snapshot begins while an edit is open.
Resolution: publish wins; stale save receives a deterministic conflict modal and does not mutate the published snapshot silently.
Audit log row written on every state change
Trigger: organizer saves any state transition.
Resolution: each state mutation writes an audit row with actor, timestamp, entity id, and before/after payload.
Two organizers concurrent
Trigger: two organizers edit the same state from stale versions.
Resolution: the second save gets conflict UI, both sessions refresh to the same final state, and there is no silent overwrite.
Undo window for destructive actions
Trigger: organizer deletes, cancels, or clears the object.
Resolution: a visible undo affordance lasts 10 seconds and restores the exact prior state when used.
Consent prompt not pre-checked
Trigger: guest opens waiver question on registration form.
Resolution: checkbox/signature starts unchecked, submit stays disabled until affirmative consent is supplied, and pre-checked rendering fails the probe.
Evidence stored with policy version
Trigger: guest signs waiver, then organizer changes waiver text later.
Resolution: consent audit stores policy_version or hash from signing time and later policy edits do not rewrite historical proof.
Signature required validation
Trigger: guest checks consent but leaves signature blank.
Resolution: submit is blocked with an inline error and no consent evidence row is written.
Minor or guardian copy captured
Trigger: registration includes an attendee marked under guardian threshold.
Resolution: the form captures signer relationship and stores it alongside the consent evidence without overwriting attendee identity.
Parity gap: waiver type absent
Trigger: matrix marks waiver/release signature absent.
Resolution: visible gap panel remains until waiver question type, signature normalization, required validation, and stored proof ship.
Stable test attributes
Visibility teeth. Each attribute must be effectively visible when active and must match the agent probes.
| data-test | Where | Purpose |
|---|---|---|
waiver-signature-editor | surface | editor |
waiver-signature-consent-checkbox | surface | consent checkbox |
waiver-signature-signature-input | surface | signature input |
waiver-signature-guardian-field | surface | guardian field |
waiver-signature-submit-cta | surface | submit cta |
waiver-signature-save-cta | surface | save cta |
waiver-signature-validation-error | surface | validation error |
waiver-signature-archive-cta | surface | archive cta |
waiver-signature-delete-cta | surface | delete cta |
waiver-signature-undo-toast | surface | undo toast |
waiver-signature-conflict-modal | surface | conflict modal |
waiver-signature-gap-panel | surface | gap panel |
waiver-signature-evidence-panel | surface | evidence panel |
Agent test plan
- waiver-signature-opens
- waiver-signature-saves
- waiver-signature-audit-visible
- permission-denied-boundary
- cross-tenant-404
- soft-delete-audit
- archive-delete-distinction
- publish-edit-lock
- audit-row-every-change
- concurrent-organizers-conflict
- destructive-undo-window
- consent-prompt-not-prechecked
- evidence-stored-with-policy-version
- signature-required-validation
- minor-guardian-copy
- waiver-gap-probe
- evaluate-waiver-signature