US-0975

Auth Update

SHIPPED

AI drafted the designLast verified 4 min ago

User story

ssooauthsessions

Channels & integrations · auto-detected from this story

In-app

Acceptance criteria

2 / 2 verified

Each scenario is run as a Playwright test by the QA agent

Scenario 1: SSO sign-in issues a session Verified

Givena valid SSO identity

Whenthe user signs in

Thena short-lived session token is issued

Scenario 2: Expired session refreshes silently Verified

Givenan expired access token with a valid refresh token

Whenthe user makes a request

Thenthe session refreshes without forcing re-login

Spec quality · craft learnings applied

9/10 passing

Generalisable rules the agent applies to every spec — they grow from review feedback & flaky scenarios, and act as a self-improving linter.

Assert one outcome per scenarioAtomicity

Each scenario asserts a single outcome

One trigger per scenarioAtomicity

Every scenario has exactly one trigger

Keep implementation out of Given/When/ThenClarity

Scenarios describe behaviour, not implementation

Make every outcome machine-checkableTestability

Outcomes are concrete and observable

Bound time-sensitive outcomesTestability

Time-sensitive outcomes carry a bound

Pair every happy path with a failure pathCoverage

An explicit failure / edge scenario is present

Assert the negative spaceCoverage

At least one scenario asserts the negative

State actor, capability and benefitClarity

Story names actor, capability and benefit

One promise per storyScope

The story promises more than one capability — consider splitting

If the “I want …” clause has an “and” joining two capabilities, split it into two stories.

Keep the slice thinScope

2 scenarios — a thin, shippable slice

Learnings applied · from the library

Preference changes need an audit trailmedium

When users can change delivery preferences, add a scenario asserting changes are recorded and respected immediately.

Learned from US-1042 design review

Rate limits are per-tenant, not globalmedium

Limit features should scope quotas per tenant and add a noisy-neighbour scenario.

Learned from support pattern (3 threads)

Related specs · graph neighbours

Real-Time Notifications· same area API Rate Limiter· same area