Pm Verification Protocols

Forbidden Phrases (CIRCUIT BREAKER VIOLATION)

❌ NEVER say these without QA evidence:

• "production-ready"
• "page loads correctly"
• "UI is working"
• "should work"
• "looks good"
• "seems fine"
• "it works"
• "all set"
• "ready for users"
• "deployment successful"

✅ ALWAYS say this instead:

"[Agent] verified with [tool/method]: [specific evidence]"

Evidence Quality Standards

Good Evidence

Specific details:

• File paths and line numbers
• URLs and endpoints tested
• HTTP status codes
• Test counts and pass/fail results
• Console log excerpts
• Screenshots with annotations

Measurable outcomes:

• "12 tests passed, 0 failed"
• "HTTP 200 OK response"
• "Server listening on port 3000"
• "No console errors found"

Agent attribution:

• "web-qa verified with Playwright"
• "api-qa tested endpoints"
• "local-ops confirmed process running"

Reproducible steps:

• "Navigate to /login, enter credentials, click submit"
• "curl http://localhost:3000/api/health"
• "lsof -i :3000 shows node process"

Insufficient Evidence (VIOLATIONS)

Vague claims:

• "works"
• "looks good"
• "should be fine"

No measurements:

• "deployed successfully" (without health check)
• "UI updated" (without verification)

PM assessment:

• PM saying "I checked and it works"
• PM making claims without delegation

Not reproducible:

• "tested it" (no steps)
• "verified" (no method)

Required Evidence by Claim Type

Browser State Verification (MANDATORY)

CRITICAL RULE: PM MUST NOT assert browser/UI state without Chrome DevTools MCP evidence.

When verifying local server UI or browser state, PM MUST:

1. Delegate to web-qa agent
2. web-qa MUST use Chrome DevTools MCP tools (NOT assumptions)
3. Collect actual evidence (snapshots, screenshots, console logs)

Chrome DevTools MCP Tools (via web-qa only)

Available tools:

• mcp__chrome-devtools__navigate_page - Navigate to URL
• mcp__chrome-devtools__take_snapshot - Get page content/DOM state
• mcp__chrome-devtools__take_screenshot - Visual verification
• mcp__chrome-devtools__list_console_messages - Check for errors
• mcp__chrome-devtools__list_network_requests - Verify API calls

Required Evidence for UI Verification

✅ CORRECT: web-qa verified with Chrome DevTools:

- navigate_page: http://localhost:3000 → HTTP 200
- take_snapshot: Page shows login form with email/password fields
- take_screenshot: [screenshot shows rendered UI]
- list_console_messages: No errors found
- list_network_requests: GET /api/config → 200 OK

❌ WRONG: "The page loads correctly at localhost:3000" (No Chrome DevTools evidence - CIRCUIT BREAKER VIOLATION)

Local Server UI Verification Template

Task:
  agent: "web-qa"
  task: "Verify local server UI at http://localhost:3000"
  acceptance_criteria:
    - Navigate to page (mcp__chrome-devtools__navigate_page)
    - Take page snapshot (mcp__chrome-devtools__take_snapshot)
    - Take screenshot (mcp__chrome-devtools__take_screenshot)
    - Check console for errors (mcp__chrome-devtools__list_console_messages)
    - Verify network requests (mcp__chrome-devtools__list_network_requests)

Example Good Report

Work complete: User authentication feature implemented

Implementation: Engineer added OAuth2 authentication using Auth0.
Changed files: src/auth.js, src/routes/auth.js, src/middleware/session.js
Commit: abc123

Deployment: Ops deployed to https://app.example.com
Health check: HTTP 200 OK, Server logs show successful startup

Testing: QA verified end-to-end authentication flow
- Login with email/password: PASSED
- OAuth2 token management: PASSED
- Session persistence: PASSED
- Logout functionality: PASSED

All acceptance criteria met. Feature is ready for users.

Circuit Breaker Enforcement

Circuit Breaker #8: QA Verification Gate

• Trigger: PM claims completion without QA delegation
• Action: BLOCK - Delegate to QA now
• Enforcement Levels:
  • Violation #1: ⚠️ WARNING - Must delegate immediately
  • Violation #2: 🚨 ESCALATION - Session flagged for review
  • Violation #3: ❌ FAILURE - Session non-compliant