Owner Abhi

Comments phase 1: release checklist

Ship gates for phase 1 docket comments (Keystone + admin web). Tick when done for this release.

References: test-document (case IDs), implementation-delta (doc vs code), OpenAPI for /av1/comments, src/api/av1/comment/.

Keystone (API)

Run locally or confirm in CI

  • ruff check src/ and ruff format --check src/ pass.
  • python -m pytest src/tests/test_comments.py -q --no-cov passes.
  • Default branch / PR CI passes (full pytest + coverage if your pipeline requires it).

Behavior (verify via tests, integration, or Swagger, whichever you use for this release)

  • Create, list, get, patch own, resolve, reopen, delete: happy paths match test-document for roles you ship.
  • Forbidden paths: editor cannot patch/delete others’; editor cannot resolve/reopen; cannot patch AI-authored comment; non–system-admin cannot delete AI comment; AI JWT cannot mutate except create (HTTP 200 + error.code where applicable).
  • Validation: empty body, body over 10k chars, bad content_id, missing docket, wrong course_id on read. Failures match agreed error.code values.
  • List: open / resolved / all filters; author_type filter; cursor paging without dupes or gaps.
  • GET /comments/counts: response shape and zero-count behavior match product expectation.
  • Soft delete: comment hidden from list/get; status/flags match implementation-delta / models.

Keystone-web (admin UI)

Run in keystone-web repo

  • npm run cb (typecheck) passes.
  • npm run build passes.
  • ESLint clean on comments-related paths (or whole repo, per team rule).

UI (browser: staging or local against real API)

  • System admin: create, edit any, delete any, resolve, reopen.
  • Admin: create, edit/delete own, resolve/reopen any; cannot edit/delete others’ comments.
  • Editor: create, edit/delete own; cannot resolve, reopen, or delete others’.
  • AI token (or equivalent): NOT IMPLEMENTED RIGHT NOW
  • Resolve / reopen / delete flows and copy (including delete-own vs delete-other).
  • Count badges stay correct after mutations.
  • Empty, loading, and error states acceptable.
  • Toasts or messages use error.code (forbidden vs not found vs invalid) where the API returns HTTP 200 + JSON errors.
  • AI vs human visually distinct; author_name
  • Long body and long name do not break layout.
DocUse
PRDProduct scope
TRDFrozen design snapshot
test-documentCase IDs
implementation-deltaShipped vs older docs

Keystone-web mirror: keystone-web/docs/comments/phase_1/.