Step 1 of 5
Test the signup surface
Account creation is the front door - test it including the ugly inputs.
Execute signup tests with a fresh state and record PASS/FAIL with observations: valid signup creates a persisted account (verify the record exists) and lands correctly with an active session; duplicate email is rejected with a visible, non-technical error; each validation rule fires inline (empty fields, bad email format, short password, mismatched confirmation); the submit button disables while working; the created password is stored hashed (verify no plaintext).
Expected after this step
An executed signup test table covering happy path, duplicates, and validation.
Should not happen
- ✕Testing login only with the correct password
- ✕Skipping direct-API guard checks
- ✕Ignoring the back button after logout
- ✕Reset flows that were never actually completed
Verify before continuing
Do not move on until every check is true. The complete button stays locked until then.
Do not continue if…
- !Testing login only with the correct password
- !Skipping direct-API guard checks
- !Ignoring the back button after logout
- !Reset flows that were never actually completed
If the AI messes this up
Use this when the AI fakes progress or breaks the feature. It forces a real fix.
Signup tests skipped verification of the stored record. Query the user store after the test signup and confirm the record with a hashed password.