# QA ALIGN Engineer Remediation Plan
> Internal engineering artifact. Do not send this file as the client-facing advisory report.

## System Summary

- Framework: playwright
- Trust Level: medium
- Release Decision: WARN
- Recommended Start Sprint: 5
- Recommended Route: 5 → 6 → 16
- Estimated Good Fix: $4050

## Engineer Execution Order

1. **deterministic-state-lifecycle-partial** (28 risk points) — Fix after critical trust blockers are under control.
2. **locator-governance-inconsistent** (10 risk points) — Fix after critical trust blockers are under control.
3. **duplication-drift-risk** (10 risk points) — Fix after critical trust blockers are under control.

## deterministic-state-lifecycle-partial

**Severity:** high
**Impact:** weakens_release_confidence

### Pattern Detected
Detected framework risk pattern: deterministic-state-lifecycle-partial

### Evidence
- No explicit fresh unauth context creation detected in scan
- State reset model appears partial rather than universal

### Line-Level Remediation Targets
- `pages/LoginPage.js:35` — Observed authentication-state control surface; the scan found no explicit fresh unauthenticated context creation.

```
// Unauthenticated nav signal
```

- `specs/sprint6/Sprint6.release-gates.regression.spec.js:66` — Observed authentication-state control surface; the scan found no explicit fresh unauthenticated context creation.

```
'RW.REGR.002 @unauth @regression — Delete removes article from profile',
```

- `specs/sprint6/Sprint6.release-gates.regression.spec.js:229` — Observed authentication-state control surface; the scan found no explicit fresh unauthenticated context creation.

```
test.describe('RW.REGR.008 @unauth', () => {
```


### Deterministic Fix Card

```json
{
  "target_file": "pages/LoginPage.js:35",
  "before_snippet": "// Unauthenticated nav signal",
  "after_snippet": "test('unauth path is isolated', async ({ browser }) => {\n  const context = await browser.newContext({ storageState: undefined });\n  const page = await context.newPage();\n  await page.goto('/#/editor');\n  await expect(page).not.toHaveURL(/editor/);\n  await context.close();\n});",
  "verification_command": "npx playwright test --grep @state-contract",
  "agent_attribution": "CI Failure Triage Agent: separated flaky symptoms from state-lifecycle contract risk so engineers can fix isolation instead of adding retries.",
  "matrix_source": "Playwright|Test Isolation & State|Reusing authenticated page for unauthorized tests",
  "field_catalog_csv": null,
  "evidence_status": "line-level evidence provided by assessment"
}
```

### Engineering Intent
Reduce the risk represented by this finding without changing unrelated test behavior.

### Likely Files To Inspect
- Review files referenced in validation evidence.
- Review framework setup, test base, and CI configuration.

### Fix Steps
1. Review the finding evidence.
2. Locate the smallest safe code area responsible for the pattern.
3. Apply a focused fix.
4. Run the narrowest relevant validation first.
5. Then rerun the full assessment.

### Do Not
- Do not perform broad rewrites without preserving test intent.
- Do not hide the symptom without correcting the pattern.
- Do not skip validation.

### Verification
- Run the affected test area.
- Rerun QA ALIGN assessment.
- Confirm trust level or finding count improves.

### Expected Impact
Reduces framework risk associated with this finding.

## locator-governance-inconsistent

**Severity:** medium
**Impact:** blocks_trust

### Pattern Detected
Detected framework risk pattern: locator-governance-inconsistent

### Evidence
- High locator() usage detected (122)
- Brittle selector patterns detected (42)

### Line-Level Remediation Targets
- `pages/TodoMvcPage.js:21` — Observed locator implementation contributing to the inconsistent locator-governance finding.

```
this.newTodoInput = page.locator('.new-todo');
```

- `pages/TodoMvcPage.js:22` — Observed locator implementation contributing to the inconsistent locator-governance finding.

```
this.todoItems = page.locator('.todo-list li');
```

- `pages/TodoMvcPage.js:23` — Observed locator implementation contributing to the inconsistent locator-governance finding.

```
this.todoTitles = page.locator('.todo-list li label');
```


### Deterministic Fix Card

```json
{
  "target_file": "pages/TodoMvcPage.js:21",
  "before_snippet": "this.newTodoInput = page.locator('.new-todo');",
  "after_snippet": "await loginPage.open();\nawait loginPage.signInButton().click();\n\nsignInButton() {\n  return this.page.getByRole('button', { name: /sign in/i });\n}",
  "verification_command": "npx playwright test --grep @locator-contract",
  "agent_attribution": "Intelligent Locator Agent: classified selector governance risk and derived the role/label-based replacement path.",
  "matrix_source": "Playwright|Selectors & Locators|Brittle CSS chains (deep selectors)",
  "field_catalog_csv": null,
  "evidence_status": "line-level evidence provided by assessment"
}
```

### Engineering Intent
Reduce the risk represented by this finding without changing unrelated test behavior.

### Likely Files To Inspect
- Review files referenced in validation evidence.
- Review framework setup, test base, and CI configuration.

### Fix Steps
1. Review the finding evidence.
2. Locate the smallest safe code area responsible for the pattern.
3. Apply a focused fix.
4. Run the narrowest relevant validation first.
5. Then rerun the full assessment.

### Do Not
- Do not perform broad rewrites without preserving test intent.
- Do not hide the symptom without correcting the pattern.
- Do not skip validation.

### Verification
- Run the affected test area.
- Rerun QA ALIGN assessment.
- Confirm trust level or finding count improves.

### Expected Impact
Reduces framework risk associated with this finding.

## duplication-drift-risk

**Severity:** low
**Impact:** blocks_trust

### Pattern Detected
Detected framework risk pattern: duplication-drift-risk

### Evidence
- Clone ratio reported at 3.83%

### Line-Level Remediation Targets
- `fixtures/global-setup.js:87-97` — Observed duplicate implementation block contributes to maintenance drift risk.

```
Duplicated block reported by jscpd
```

- `fixtures/global-setup.js:178-188` — Observed duplicate implementation block contributes to maintenance drift risk.

```
Duplicated block reported by jscpd
```

- `fixtures/home.js:1-6` — Observed duplicate implementation block contributes to maintenance drift risk.

```
Duplicated block reported by jscpd
```


### Deterministic Fix Card

```json
{
  "target_file": "fixtures/global-setup.js:87",
  "before_snippet": "Duplicated block reported by jscpd",
  "after_snippet": "use live API in smoke + schema-validated fixtures",
  "verification_command": "Run the affected test area.",
  "agent_attribution": "QA ALIGN Remediation Agent: derived a deterministic fix target from framework assessment evidence.",
  "matrix_source": "Playwright|Network & API Mocking|Over-mocking (tests pass with unrealistic mocks)",
  "field_catalog_csv": null,
  "evidence_status": "line-level evidence provided by assessment"
}
```

### Engineering Intent
Reduce the risk represented by this finding without changing unrelated test behavior.

### Likely Files To Inspect
- Review files referenced in validation evidence.
- Review framework setup, test base, and CI configuration.

### Fix Steps
1. Review the finding evidence.
2. Locate the smallest safe code area responsible for the pattern.
3. Apply a focused fix.
4. Run the narrowest relevant validation first.
5. Then rerun the full assessment.

### Do Not
- Do not perform broad rewrites without preserving test intent.
- Do not hide the symptom without correcting the pattern.
- Do not skip validation.

### Verification
- Run the affected test area.
- Rerun QA ALIGN assessment.
- Confirm trust level or finding count improves.

### Expected Impact
Reduces framework risk associated with this finding.
