# Zavvion Events Commercial Lite MVP - Human Functional Testing Plan

**Date:** 2026-05-26  
**Target release:** Commercial Lite MVP  
**Default local base URL:** `http://localhost/zavvion-events/public/`  
**Primary objective:** prove that the platform works safely and clearly for real public buyers, customers, organisers, platform organisers, and platform admins before commercial launch.

## How To Use This Pack

1. Ask the architect/deployment owner to fill in the staging URL and role credentials in the workbook `Credentials` sheet.
2. Run the tests in priority order: all `P0` tests first, then `P1`, then `P2`.
3. Every failed or blocked scenario must have an issue row with screenshot/video evidence.
4. Retest every fixed issue and update the same issue row with retest evidence.
5. Do not mark the release complete until every `P0` passes, every `P1` is either passed or accepted with a named owner, and all payment/role/security critical workflows are verified on the deployed server.

## Release Exit Criteria

- Public buyers can browse, select reserved seats, buy non-reserved ticket quantities, and complete checkout without seeing unallocated tickets or unsafe payment methods.
- Organisers can create venues, reusable seat maps, section grids, event-level ticket allocations, media, and publish only valid future events.
- Platform admins can approve organisers and manage fee rules, with conflict checks enforced.
- Role boundaries are verified: customers cannot access organiser/admin areas; organisers cannot access platform admin controls; platform organiser cannot become platform admin.
- Stripe test checkout has been completed through a signed webhook on staging, with order, ticket, QR token, and ledger verified.
- Mobile/tablet views work at 320, 360, 375, 390, 414, 430, 768, 820, 1024, 1280, 1440, and 1920 px widths.
- Accessibility basics pass: keyboard-only navigation, focus management, labelled controls, readable contrast, touch targets, and 200 percent zoom.
- Loading, empty, validation, permission denied, failed payment, rejected upload, and network failure states are tested for major workflows.
- Uploaded seat-map PDF/image behavior is verified per reusable seat map, not per venue.
- No secrets, stack traces, raw local paths, or private customer data are exposed.

## Severity Definitions

| Severity | Meaning | Examples |
|---|---|---|
| Critical | Blocks commercial launch or creates financial/security risk | Payment issued without signed webhook, double booking, role escalation, secrets exposed |
| High | Blocks a core workflow for a role | Organiser cannot save event, public cannot buy, seat map mismatch |
| Medium | Important usability/data issue with workaround | Responsive layout poor on tablet, confusing validation |
| Low | Cosmetic/minor wording | Spacing, copy polish, minor alignment |

## Required Test Data

- Reserved-only event.
- Non-reserved-only event.
- Mixed reserved and non-reserved event.
- Event with no uploaded seat-map asset.
- Event with uploaded seat-map PDF/image.
- Venue with multiple reusable seat maps.
- At least two organisers and two customers for isolation tests.
- Stripe test connected organiser account for payment tests.

## Workflow Coverage Summary

| Role | Core workflows |
|---|---|
| Public visitor | Home, Discover, event detail, booking tabs, seat-map tab, register/sign in paths |
| Customer | Register, login, checkout, reserved seats, non-reserved seats, My tickets, orders, profile/privacy |
| Organiser | Venues, reusable seat maps, PDF/image per seat map, event creation/editing, event-level ticket pricing, media, Stripe readiness, finance |
| Platform organiser | Global organiser support login, organiser context switching, organiser workflows without admin powers |
| Platform admin | Organiser applications, fee rules add/edit/delete, conflict checks, system readiness, role/privacy boundaries |

## Key Commercial Risks To Target

- Public page shows ticket types that are not allocated to the event.
- Event uses the wrong seat map after organiser selects a different reusable map.
- Non-reserved sections disappear from public booking.
- Customer-facing Seat-map tab shows a fake/generated structured map when no PDF/image was uploaded.
- Payment success redirect issues tickets without signed webhook.
- Organiser/admin role boundaries leak data or controls.
- Platform fee rules allow conflicting active policies.
- Mobile checkout basket clips labels or makes controls unusable.
- Event date validation allows events before the current date.