Open items

The actionable set: capabilities still PARTIAL or NON-COMPLIANT, plus pending attestations (manual sign-offs and partner-track commitments). Sources:_state.json, _attestations.json.

Non-compliant

1

verified failure

Partial

6

in progress / incomplete

Pending attestations

38

41 have no owner assigned

Non-compliant capabilities

  • non-compliant
    demo-try-end-to-end-flowcapability · phase ?

    Scripted end-to-end demo at /try/end-to-end orchestrates subscribe → cart → confirm → portal → admin → CTA against the visitor's connected store; mute-by-default Web Speech narration, manual + auto-advance controls

    Sister-slice components (5a CredentialsBanner, 5b WidgetHost, 5c SyntheticSubscriptionList, 5d AdminTilesDemo) render via local placeholders pending their respective merges. Mechanical 4-line import swap once 5a-5d land.

    Hive #1259 (AC-5e), dossier docs/handoffs/hive-1143-ac5e-demo-end-to-end-flow.md, parent Hive #1143 AC-5

Pending attestations (by gating class)

  • market
    bc-corp-coordinationcoordination · owner: unassigned

    BC corporate coordination — partner agreements, certifications, and listing approval

    Related: #1269

  • market
    marketplace-listing-copygo-to-market · owner: unassigned

    BC marketplace listing copy — reviewed and approved

    Related: #1269

  • market
    bc-marketplace-tech-reviewsecurity-compliance · owner: unassigned

    BC marketplace technical review — submission + approval

    Related: #1269

  • market
    bc-marketplace-technical-reviewsecurity-compliance · owner: unassigned

    BC marketplace technical review

    Related: #1269

  • ga
    cross-browserdesign-ux · owner: unassigned

    Cross-browser QA — Chrome, Firefox, Safari, Edge

    Related: #1269 · #1280 · #1346

  • ga
    heuristic-reviewdesign-ux · owner: unassigned

    Heuristic evaluation — full merchant admin UI

    Related: #1269 · #1280 · #1348

  • ga
    mobile-responsivedesign-ux · owner: unassigned

    Mobile responsive QA — admin + portal + try page

    Related: #1269 · #1280 · #1347

  • ga
    real-merchant-usabilitydesign-ux · owner: unassigned

    Real-merchant usability sessions (≥3 merchants)

    Related: #1269 · #1280 · #1349

  • ga
    wcag-2-2-aa-admindesign-ux · owner: unassigned

    WCAG 2.2 AA conformance — admin surface

    Related: #1269 · #1278 · #1290 · #1299

  • ga
    wcag-2-2-aa-portaldesign-ux · owner: unassigned

    WCAG 2.2 AA conformance — subscriber portal

    Related: #1269 · #1278 · #1291

  • ga
    developer-integration-guidedocumentation · owner: unassigned

    Developer integration guide — Catalyst and headless storefront integration

    Related: #1269 · #1283 · #1312

  • ga
    merchant-docs-sitedocumentation · owner: unassigned

    Merchant-facing documentation site — install, configure, and manage subscriptions

    Related: #1269 · #1283 · #1313 · #1314

  • ga
    beta-program-designgo-to-market · owner: unassigned

    Beta merchant program — invite criteria, support SLA, and exit criteria

    Related: #1269 · #1284

  • ga
    onboarding-email-sequencego-to-market · owner: unassigned

    Merchant onboarding email sequence — written and delivery-tested

    Related: #1269 · #1284

  • ga
    pricing-decisiongo-to-market · owner: unassigned

    Pricing and packaging decision — documented and stakeholder-approved

    Related: #1269 · #1284

  • ga
    on-call-rotationoperations · owner: unassigned

    On-call rotation defined — schedule, alerts, and escalation paths

    Related: #1269 · #1282

  • ga
    runbook-database-recoveryoperations · owner: unassigned

    Runbook — database backup verification and recovery procedure

    Related: #1269 · #1282

  • ga
    runbook-subscription-failuresoperations · owner: unassigned

    Runbook — subscription charge failures and dunning escalation

    Related: #1269 · #1282

  • ga
    slo-definitionsoperations · owner: unassigned

    SLO definitions — uptime, charge success rate, and API latency

    Related: #1269 · #1282

  • ga
    status-page-setupoperations · owner: unassigned

    External status page — configured, monitored, and merchant-accessible

    Related: #1269 · #1282

  • ga
    support-macrosoperations · owner: unassigned

    Support macros and playbooks — common merchant support scenarios

    Related: #1269 · #1282

  • ga
    dsar-financial-retentionsecurity-compliance · owner: operator + legal + payments

    DSAR erasure — financial-record retention vs deletion (legal + payments decision)

    Related: #1636

  • ga
    gdpr-reviewsecurity-compliance · owner: unassigned

    GDPR compliance review — data subject rights + processor agreements

    Related: #1269 · #1279 · #1309 · #1319 · #1320 · #1321 · #1323 · #1324

  • ga
    pci-scope-verificationsecurity-compliance · owner: unassigned

    PCI scope verification — no raw card data in our systems

    Related: #1269 · #1279 · #1306

  • ga
    penetration-testsecurity-compliance · owner: unassigned

    Third-party penetration test — full app surface

    Related: #1269 · #1279

  • ga
    secret-scanning-auditsecurity-compliance · owner: unassigned

    Secret scanning audit — gitleaks + environment secret hygiene

    Related: #1269 · #1279 · #1304 · #1305

  • ga
    adversarial-testingtesting · owner: unassigned

    Adversarial and edge-case testing — concurrent operations + destructive inputs

    Related: #1269 · #1281

  • ga
    exploratory-testingtesting · owner: unassigned

    Exploratory testing session — unscripted, independent tester

    Related: #1269 · #1281

  • ga
    manual-test-executiontesting · owner: unassigned

    Full manual test plan execution against staging environment

    Related: #1269 · #1281

  • ga
    test-data-preptesting · owner: unassigned

    Staging test data — realistic multi-merchant, multi-subscription dataset

    Related: #1269 · #1281

  • ga
    test-plan-extractiontesting · owner: unassigned

    Manual test plan extracted from BDD scenarios + AC

    Related: #1269 · #1281

  • soft
    hiring-decisionscoordination · owner: unassigned

    Hiring plan — roles needed for Phase 2 engineering and merchant support

    Related: #1269

  • soft
    roadmap-planningcoordination · owner: unassigned

    Roadmap planning — Phase 2 priorities documented and stakeholder-aligned

    Related: #1269

  • soft
    migration-guidesdocumentation · owner: unassigned

    Migration guides — from Recharge, WooCommerce Subscriptions, and build-native

    Related: #1269 · #1316 · #1345

  • soft
    launch-announcementgo-to-market · owner: unassigned

    Launch announcement — blog post or press release drafted and reviewed

    Related: #1269

  • soft
    sales-enablementgo-to-market · owner: unassigned

    Sales enablement materials — one-pager, demo script, competitive positioning

    Related: #1269

  • soft
    incident-review-templateoperations · owner: unassigned

    Incident review template — first post-mortem completed

    Related: #1269

  • soft
    regression-suite-coveragetesting · owner: unassigned

    Manual regression suite — coverage of auto-test gaps

    Related: #1269

Partial capabilities

6 rows — in-progress or partial implementations

  • partial
    brd-us-16-3-admin-bundle-detail

    Admin bundle detail view: line-item → subscription attribution + lifecycle events

  • partial
    brd-us-17-1-expired-link-shows-reuse-page

    Expired or reused magic link shows "Request a new link" page

  • partial
    brd-us-18-6-quantity-silent-clamp

    Out-of-range quantity is silently clamped to [1..100] rather than rejected; audit event records original_quantity + clamped:true

  • partial
    brd-us-23-12-magic-link-email-pipeline

    Portal login magic-link sent with 32-byte opaque token, 15-min TTL, single-use bcrypt lookup; dunning PM-update link has 7-day TTL; domain mismatch rejected

  • partial
    brd-us-25-2-subscribe-and-save-badge

    Plan whose amount_cents is below the one-time product price renders a "Subscribe and save X%" badge in the storefront widget; the discount applies at checkout without coupon-code entry because the cart line uses plan.amount_cents directly.

  • partial
    demo-try-connect-form

    Demo "connect your store" connect form — store_hash + Storefront API token, validated client-side, session stored in sessionStorage only (spec #1254 AC-2)

All attestations42 total, all statuses

Full list — passed, expired, and gap-documented included, not just pending. Grouped by gating impact: marketplace-blocking first, then GA-blocking, then soft-gating, then informational.

Total

42

Passed

0

In review

2

Pending

38

Gap-documented

2

Expired

0

Marketplace-blocking4 attestations

  • bc-corp-coordination

    pending

    BC corporate coordination — partner agreements, certifications, and listing approval

    category: coordinationphase: launchowner: TBDexpires after: 90dhive: #1269
  • marketplace-listing-copy

    pending

    BC marketplace listing copy — reviewed and approved

    category: go-to-marketphase: launchowner: TBDexpires after: 365dhive: #1269
  • bc-marketplace-tech-review

    pending

    BC marketplace technical review — submission + approval

    category: security-compliancephase: launchowner: TBDexpires after: 180dhive: #1269
  • bc-marketplace-technical-review

    pending

    BC marketplace technical review

    category: security-compliancephase: pre-launchowner: TBDexpires after: 365dhive: #1269

GA-blocking30 attestations

  • cross-browser

    pending

    Cross-browser QA — Chrome, Firefox, Safari, Edge

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1280,#1346
  • heuristic-review

    pending

    Heuristic evaluation — full merchant admin UI

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1280,#1348
  • mobile-responsive

    pending

    Mobile responsive QA — admin + portal + try page

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1280,#1347
  • real-merchant-usability

    pending

    Real-merchant usability sessions (≥3 merchants)

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1280,#1349
  • wcag-2-2-aa-admin

    pending

    WCAG 2.2 AA conformance — admin surface

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1278,#1290,#1299
  • wcag-2-2-aa-portal

    pending

    WCAG 2.2 AA conformance — subscriber portal

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1278,#1291
  • api-reference

    gap-documented

    API reference — OpenAPI spec published and developer-accessible

    category: documentationphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1283,#1311
  • developer-integration-guide

    pending

    Developer integration guide — Catalyst and headless storefront integration

    category: documentationphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1283,#1312
  • merchant-docs-site

    pending

    Merchant-facing documentation site — install, configure, and manage subscriptions

    category: documentationphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1283,#1313,#1314
  • beta-program-design

    pending

    Beta merchant program — invite criteria, support SLA, and exit criteria

    category: go-to-marketphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1284
  • onboarding-email-sequence

    pending

    Merchant onboarding email sequence — written and delivery-tested

    category: go-to-marketphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1284
  • pricing-decision

    pending

    Pricing and packaging decision — documented and stakeholder-approved

    category: go-to-marketphase: pre-launchowner: TBDexpires after: 365dhive: #1269,#1284
  • on-call-rotation

    pending

    On-call rotation defined — schedule, alerts, and escalation paths

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • runbook-database-recovery

    pending

    Runbook — database backup verification and recovery procedure

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • runbook-subscription-failures

    pending

    Runbook — subscription charge failures and dunning escalation

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • slo-definitions

    pending

    SLO definitions — uptime, charge success rate, and API latency

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • status-page-setup

    pending

    External status page — configured, monitored, and merchant-accessible

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • support-macros

    pending

    Support macros and playbooks — common merchant support scenarios

    category: operationsphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1282
  • dsar-financial-retention

    pending

    DSAR erasure — financial-record retention vs deletion (legal + payments decision)

    category: security-compliancephase: pre-launchowner: operator + legal + paymentshive: #1636
  • gdpr-review

    pending

    GDPR compliance review — data subject rights + processor agreements

    category: security-compliancephase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1279,#1309,#1319,#1320,#1321,#1323,#1324
  • pci-scope-verification

    pending

    PCI scope verification — no raw card data in our systems

    category: security-compliancephase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1279,#1306
  • penetration-test

    pending

    Third-party penetration test — full app surface

    category: security-compliancephase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1279
  • secret-scanning-audit

    pending

    Secret scanning audit — gitleaks + environment secret hygiene

    category: security-compliancephase: ongoingowner: TBDexpires after: 180dhive: #1269,#1279,#1304,#1305
  • stride-payment-flows

    in-review

    STRIDE threat model — payment authorization and capture flows

    category: security-compliancephase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1279,#1308,#1332,#1333,#1334,#1336,#1338
  • stride-subscription-lifecycle

    in-review

    STRIDE threat model — subscription lifecycle operations

    category: security-compliancephase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1279,#1307,#1327,#1328,#1329,#1330,#1331
  • adversarial-testing

    pending

    Adversarial and edge-case testing — concurrent operations + destructive inputs

    category: testingphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1281
  • exploratory-testing

    pending

    Exploratory testing session — unscripted, independent tester

    category: testingphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1281
  • manual-test-execution

    pending

    Full manual test plan execution against staging environment

    category: testingphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1281
  • test-data-prep

    pending

    Staging test data — realistic multi-merchant, multi-subscription dataset

    category: testingphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1281
  • test-plan-extraction

    pending

    Manual test plan extracted from BDD scenarios + AC

    category: testingphase: pre-launchowner: TBDexpires after: 90dhive: #1269,#1281

Soft-gating7 attestations

  • hiring-decisions

    pending

    Hiring plan — roles needed for Phase 2 engineering and merchant support

    category: coordinationphase: launchowner: TBDexpires after: 90dhive: #1269
  • roadmap-planning

    pending

    Roadmap planning — Phase 2 priorities documented and stakeholder-aligned

    category: coordinationphase: launchowner: TBDexpires after: 90dhive: #1269
  • migration-guides

    pending

    Migration guides — from Recharge, WooCommerce Subscriptions, and build-native

    category: documentationphase: launchowner: TBDexpires after: 365dhive: #1269,#1316,#1345
  • launch-announcement

    pending

    Launch announcement — blog post or press release drafted and reviewed

    category: go-to-marketphase: launchowner: TBDexpires after: 365dhive: #1269
  • sales-enablement

    pending

    Sales enablement materials — one-pager, demo script, competitive positioning

    category: go-to-marketphase: launchowner: TBDexpires after: 365dhive: #1269
  • incident-review-template

    pending

    Incident review template — first post-mortem completed

    category: operationsphase: launchowner: TBDexpires after: 90dhive: #1269
  • regression-suite-coverage

    pending

    Manual regression suite — coverage of auto-test gaps

    category: testingphase: ongoingowner: TBDexpires after: 90dhive: #1269

Informational1 attestation

  • wcag-2-2-aa-try-page

    gap-documented

    WCAG 2.2 AA conformance — /try storefront page (RETIRED — surface deleted)

    category: design-uxphase: pre-launchowner: TBDexpires after: 180dhive: #1269,#1278,#1292