docs: add testing checklists and Windows Git notes

Update docs to record recent testing and ops deliverables: add Implementation Masterplan entries for Windows Git resolution hardening, testing hardening analysis, headed manual-audit Playwright pack, and manual validation slices A/B. Rename the manual checklist section (P -> Q) and add references to the new manual validation documents and manual audit pack. Add a Post-Merge Wave summary to STATUS describing the Windows Git script, dependency update automation, headed manual-audit details, and manual validation checklists. Update TESTING_GUIDE to reference the detailed step-indexed Slice A and Slice B validation checklists.

Author: Chris0Jeky

docs/IMPLEMENTATION_MASTERPLAN.md

@@ -439,6 +439,22 @@ Delivered in the latest cycle:
    - minor/patch updates grouped per ecosystem; major NuGet/npm updates arrive as individual PRs; GitHub Actions updates fully grouped
    - added `docs/ops/DEPENDENCY_UPDATE_POLICY.md` with update categories, PR verification expectations, severity-based triage SLAs, escalation procedures, and policy boundaries
    - security triage workflow aligns with existing `docs/security/SECURITY_DEPENDENCY_VULNERABILITY_POLICY.md` severity policy; no auto-merge enabled
+96. OPS Windows Git resolution hardening (`#121`):
+   - added `scripts/check-git-env.sh` diagnostic script validating Git for Windows resolution (not Cygwin/MSYS2) and stale `.git/index.lock` detection with worktree awareness
+   - updated `CLAUDE.md` and `AGENTS.md` Windows Notes to reference the script and PATH remediation guidance
+97. TST-08 testing and hardening strategy analysis (`#143`):
+   - delivered `docs/analysis/2026-03-29_testing-hardening-strategy.md` with gap analysis across backend/frontend tests, CI, MCP, deployment, ops reliability, and security
+   - proposed 15 follow-up issues across 4 priority tiers with acceptance criteria and execution sequencing
+98. TST-25 headed manual-audit Playwright pack (`#369`):
+   - added `frontend/taskdeck-web/tests/e2e/manual-audit.spec.ts` covering core `Home -> Inbox/Capture -> Review -> Board` audit loop with 18 screenshots
+   - live LLM probes gated behind `TASKDECK_RUN_LIVE_LLM_TESTS` env var; CI exclusion via `TASKDECK_RUN_AUDIT` env var gate
+   - added `docs/testing/MANUAL_AUDIT_PACK.md` documenting usage vs stakeholder demo recorder vs default smoke
+99. TST-07 manual validation slice A — workspace shell, board lifecycle, and keyboard UX (`#130`):
+   - added `docs/testing/manual-validation-a-workspace-board-ux.md` with 22 step-indexed scenarios (A-01 to A-22)
+   - covers auth flows, shell navigation, board lifecycle, column/card/label operations, keyboard UX, escape behavior stack, and Today view
+100. TST-08 manual validation slice B — authz policy, cross-user isolation, and API error contracts (`#131`):
+    - added `docs/testing/manual-validation-b-authz-contracts.md` with 175 step-indexed checks (B-01 to B-175) covering all 28 controllers
+    - two-user fixture setup with curl-based bootstrap script; covers unauthenticated denial, cross-user board isolation, error payload contract verification
 
 ## Current Planning Pivot (2026-03-07)
 

docs/MANUAL_TEST_CHECKLIST.md

@@ -445,7 +445,7 @@ Scope (22 scenarios, A-01 through A-22):
 6. Today view and onboarding: agenda, dismiss/replay persistence (A-21 to A-22)
 
 Reference: `docs/testing/manual-validation-a-workspace-board-ux.md` for full step tables, evidence guidance, automation candidates, and defect filing template.
-## P. Authz Policy, Cross-User Isolation, and API Error Contracts (Slice B, `#131`)
+## Q. Authz Policy, Cross-User Isolation, and API Error Contracts (Slice B, `#131`)
 
 Status:
 - active; comprehensive two-user authz matrix covering all controller families

docs/STATUS.md

@@ -303,6 +303,25 @@ Proposed issue summary:
 - Priority III (TST-27 to TST-29, SEC-24): repository tests, board sub-store tests, router tests, DAST
 - Priority IV (TST-30, TST-31, OPS-25, SEC-25): OpenAPI snapshots, shutdown tests, CSP reporting, HTTP client tests
 
+## Post-Merge Wave (2026-03-29)
+
+Windows Git hardening (`#121`):
+- `scripts/check-git-env.sh` validates Git for Windows resolution (not Cygwin/MSYS2) and detects stale `.git/index.lock` with worktree awareness
+- `CLAUDE.md` and `AGENTS.md` updated with script reference and PATH remediation guidance
+
+Dependency update automation (`#148`):
+- `.github/dependabot.yml` active for NuGet, npm, and GitHub Actions with weekly cadence and grouped minor/patch updates
+- `docs/ops/DEPENDENCY_UPDATE_POLICY.md` covers triage SLAs, escalation, and policy boundaries
+
+Headed manual-audit Playwright pack (`#369`):
+- `frontend/taskdeck-web/tests/e2e/manual-audit.spec.ts` covers core `Home -> Inbox/Capture -> Review -> Board` audit loop with 18 screenshots
+- gated behind `TASKDECK_RUN_AUDIT` env var; live LLM probes opt-in via `TASKDECK_RUN_LIVE_LLM_TESTS`
+- usage documented in `docs/testing/MANUAL_AUDIT_PACK.md`
+
+Manual validation checklists (`#130`, `#131`):
+- Slice A (`#130`): 22 step-indexed scenarios (A-01 to A-22) in `docs/testing/manual-validation-a-workspace-board-ux.md` covering workspace shell, board lifecycle, keyboard UX, and escape behavior stack
+- Slice B (`#131`): 175 step-indexed checks (B-01 to B-175) in `docs/testing/manual-validation-b-authz-contracts.md` covering all 28 controllers with two-user isolation matrix
+
 ## MVP Expansion Planning Integration (2026-03-07)
 
 New review packages under `docs/InReview/MVP_EXPANSION/` were cross-read against the current repo state and backlog:

docs/TESTING_GUIDE.md

@@ -582,6 +582,10 @@ Planned quality expectations when implementation starts:
 Use `docs/MANUAL_TEST_CHECKLIST.md` for action-by-action manual validation.
 Use `docs/ops/OBSERVABILITY_BASELINE.md` for telemetry dashboard/alert baseline and observability smoke validation.
 
+Detailed step-indexed validation checklists:
+- Slice A — workspace shell, board lifecycle, keyboard UX: `docs/testing/manual-validation-a-workspace-board-ux.md`
+- Slice B — authz policy, cross-user isolation, API error contracts: `docs/testing/manual-validation-b-authz-contracts.md`
+
 ## Thesis Alignment Validation (Capture Realignment)
 
 This section defines validation expectations for the capture-first direction.