Users run QA flows, mandatory security review, UAT-style acceptance against design/motion intent, and block/unblock release.
As a user, I want to run or record QA against story ACs, So that quality is traceable.
Maps to: FR38.
Acceptance Criteria:
Given stories with ACs
When QA flow executes
Then pass/fail per AC is stored and visible on story
And links to test artifacts or runs optional
As a workspace, I want security audit before release declaration, So that shipping meets policy.
Maps to: FR39, NFR-S4 alignment.
Acceptance Criteria:
Given build complete milestone
When user requests release
Then Cipher audit must be completed or explicitly waived with record
And findings carry severity + remediation state
As a user, I want to compare delivery to design and motion intent, So that UAT is structured.
Maps to: FR40.
Acceptance Criteria:
Given linked design/motion artifacts
When UAT session runs
Then checklist captures spatial and temporal checks (checkboxes + notes)
And reduced-motion behavior verified if applicable
As a user, I want to mark release blocked or unblocked, So that policy gates are explicit.
Maps to: FR41.
Acceptance Criteria:
Given QA + security + UAT states
When user toggles release status
Then blocked reasons are required and visible on dashboard/shell
And unblocked requires all policies satisfied or waiver recorded