Skip to main content

Acceptance Criteria

IDAcceptance CriterionStatus
AC-AUTH-001Valid users can login and receive role-scoped access.Needs Evidence
AC-RBAC-001Unauthorized role access is denied.Needs Evidence
AC-TENANT-001Cross-school, cross-supplier, and cross-operator access is denied.Needs Evidence
AC-BCK-001Restore test date and result are documented.Needs Evidence
AC-PAY-001Duplicate payment/webhook does not duplicate financial effect.Needs Confirmation
AC-API-001OpenAPI draft is reviewed against backend runtime routes.Needs Technical Verification