AZ Azerbaijan / AZN
MUPZA OperatorOwner accountMU
M
MUPZAOSRestaurant OS command
Release Evidence

All sprint evidence in one dashboard

PASS markers, runbooks and QA scripts are collected here so GitHub creation and AWS staging can be done manually with a clear local evidence trail. Generated `.deploy` artifacts stay ignored.

Release statusGates: 51PASS gates: 51Categories: 7Role: AI CTO + Senior DevOps + Senior QA / Release Operator
All markers presenttrue
All last-known PASStrue
Runbooks linkedtrue
QA scripts linkedtrue
Generated artifacts ignoredtrue
No dashboard evidence writestrue
GitHub push falsetrue
AWS mutation falsetrue

Gate categories

posGates: 1PASS: 1
communicationsGates: 13PASS: 13
cloudGates: 6PASS: 6
offline_lanGates: 9PASS: 9
release_opsGates: 15PASS: 15
securityGates: 6PASS: 6
reuseGates: 1PASS: 1

Operator safety

MUPZAAIRead-only, secrets unused.
GitHub/AWSManual operator action only, repo sprint mutation false.
ProductionUntouched; staging health is value-free.

Release gates

POS approval audit + CSV evidencepass
posMUPZA_POS_QA_EVIDENCE_CSV_EXPORT_FIX_V1_PASSscripts/qa/run-pos-approval-audit-log-qa-smoke-v1.ps1

Cashier risk actions need manager approval, audit evidence and CSV export.

Communication foundationpass
communicationsMUPZA_COMMUNICATION_FOUNDATION_QA_SMOKE_V1_PASSscripts/qa/run-communication-foundation-qa-smoke-v1.ps1

OTP, WhatsApp, Telegram, email and LAN notifications start behind audited outbox contracts.

Communication provider adapterpass
communicationsMUPZA_COMMUNICATION_PROVIDER_ADAPTER_QA_SMOKE_V1_PASSscripts/qa/run-communication-provider-adapter-qa-smoke-v1.ps1

Real providers stay dry-run and env-gated until operator setup.

Notification consent templatespass
communicationsMUPZA_NOTIFICATION_CONSENT_TEMPLATE_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-notification-consent-template-contract-qa-smoke-v1.ps1

External messages require consent, template rules, audit and blocked secret payload fields.

Customer consent ledgerpass
communicationsMUPZA_CUSTOMER_CONSENT_LEDGER_QA_SMOKE_V1_PASSscripts/qa/run-customer-consent-ledger-qa-smoke-v1.ps1

Customer opt-in, opt-out and transactional messaging decisions are audited before external sends.

Notification provider dry-run harnesspass
communicationsMUPZA_NOTIFICATION_PROVIDER_DRY_RUN_HARNESS_QA_SMOKE_V1_PASSscripts/qa/run-notification-provider-dry-run-harness-qa-smoke-v1.ps1

OTP, WhatsApp, Telegram, email and LAN in-app sends are simulated with audit evidence.

Notification provider catalogpass
communicationsMUPZA_NOTIFICATION_PROVIDER_CATALOG_QA_SMOKE_V1_PASSscripts/qa/run-notification-provider-catalog-qa-smoke-v1.ps1

OTP, WhatsApp, Telegram, email and LAN in-app providers are mapped with health and failover rules.

Notification send decision matrixpass
communicationsMUPZA_NOTIFICATION_SEND_DECISION_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-notification-send-decision-matrix-qa-smoke-v1.ps1

Notification sends are blocked, mocked or routed to LAN fallback before real provider calls.

Notification delivery retry queuepass
communicationsMUPZA_NOTIFICATION_DELIVERY_RETRY_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-notification-delivery-retry-queue-qa-smoke-v1.ps1

External notification delivery uses consent/env gates, retry backoff and dead-letter audit.

Webhook verification contractpass
communicationsMUPZA_WEBHOOK_VERIFICATION_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-webhook-verification-contract-qa-smoke-v1.ps1

WhatsApp and Telegram inbound webhooks require secrets, replay protection and audit.

Inbound provider event outboxpass
communicationsMUPZA_INBOUND_PROVIDER_EVENT_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-inbound-provider-event-outbox-qa-smoke-v1.ps1

WhatsApp and Telegram inbound events write to audited outbox before order or POS workflows.

Provider command safety queuepass
communicationsMUPZA_PROVIDER_COMMAND_SAFETY_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-provider-command-safety-queue-qa-smoke-v1.ps1

WhatsApp and Telegram commands cannot bypass POS button workflow or manager approval audit.

Firebase auth readinesspass
cloudMUPZA_FIREBASE_AUTH_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-firebase-auth-readiness-qa-smoke-v1.ps1

Owner/admin cloud auth is env-only while POS/waiter/kitchen LAN fallback remains independent.

Metrics + tag readinesspass
cloudMUPZA_METRICS_TAG_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-metrics-tag-readiness-qa-smoke-v1.ps1

Google Tag, Cloudflare and product metrics stay privacy-safe and dry-run.

Analytics consent gatepass
cloudMUPZA_ANALYTICS_CONSENT_GATE_QA_SMOKE_V1_PASSscripts/qa/run-analytics-consent-gate-qa-smoke-v1.ps1

Analytics events are gated by consent, PII, kill switch and LAN-safety rules.

Backend runtime boundarypass
cloudMUPZA_BACKEND_RUNTIME_BOUNDARY_QA_SMOKE_V1_PASSscripts/qa/run-backend-runtime-boundary-qa-smoke-v1.ps1

Cloud backend does not take authority away from POS Local Hub.

Runtime secret placement matrixpass
cloudMUPZA_RUNTIME_SECRET_PLACEMENT_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-runtime-secret-placement-matrix-qa-smoke-v1.ps1

Firebase, Cloudflare, notification and AWS env names are mapped to value-free runtime storage targets.

Cloud sync queuepass
cloudMUPZA_CLOUD_SYNC_QUEUE_QA_SMOKE_V1_PASSscripts/qa/run-cloud-sync-queue-qa-smoke-v1.ps1

Cloud sync queues later without blocking LAN order, print or approval flows.

Order ingest contractpass
offline_lanMUPZA_ORDER_INGEST_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-order-ingest-contract-qa-smoke-v1.ps1

QR, website, POS and waiter orders are accepted once and routed to core destinations.

Kitchen printer job contractpass
offline_lanMUPZA_KITCHEN_PRINTER_JOB_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-kitchen-printer-job-contract-qa-smoke-v1.ps1

Station-scoped printer jobs are idempotent and duplicate-safe.

LAN device heartbeatpass
offline_lanMUPZA_LAN_DEVICE_HEARTBEAT_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-lan-device-heartbeat-contract-qa-smoke-v1.ps1

POS, waiter, kitchen and printer devices stay visible without internet.

Environment contract matrixpass
release_opsMUPZA_ENVIRONMENT_CONTRACT_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-environment-contract-matrix-qa-smoke-v1.ps1

Firebase, Cloudflare, Google, notification and AWS env names are scoped without values.

Staging health endpointpass
release_opsMUPZA_STAGING_HEALTH_ENDPOINT_QA_SMOKE_V1_PASSscripts/qa/run-staging-health-endpoint-qa-smoke-v1.ps1

AWS/Nginx/Cloudflare smoke checks use value-free health JSON.

Release evidence dashboardpass
release_opsMUPZA_RELEASE_EVIDENCE_DASHBOARD_QA_SMOKE_V1_PASSscripts/qa/run-release-evidence-dashboard-qa-smoke-v1.ps1

Current sprint QA markers, runbooks and safety flags are visible in one local dashboard.

Route smoke indexpass
release_opsMUPZA_ROUTE_SMOKE_INDEX_QA_SMOKE_V1_PASSscripts/qa/run-route-smoke-index-qa-smoke-v1.ps1

Local pages and mock APIs are grouped for GitHub/AWS operator smoke checks.

Cloudflare DNS/TLS cutoverpass
release_opsMUPZA_CLOUDFLARE_DNS_TLS_CUTOVER_QA_SMOKE_V1_PASSscripts/qa/run-cloudflare-dns-tls-cutover-qa-smoke-v1.ps1

Staging DNS, TLS, proxy, smoke and rollback steps stay manual and production-safe.

Tenant domain routing matrixpass
release_opsMUPZA_TENANT_DOMAIN_ROUTING_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-tenant-domain-routing-matrix-qa-smoke-v1.ps1

Subdomain, custom domain, QR and website routes resolve tenant before order ingest.

QR website order intake contractpass
offline_lanMUPZA_QR_WEBSITE_ORDER_INTAKE_CONTRACT_QA_SMOKE_V1_PASSscripts/qa/run-qr-website-order-intake-contract-qa-smoke-v1.ps1

Public QR and website submits map to tenant domain routing and order ingest without payment capture in QA.

Public menu availability matrixpass
offline_lanMUPZA_PUBLIC_MENU_AVAILABILITY_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-public-menu-availability-matrix-qa-smoke-v1.ps1

QR, website and POS menu visibility require active products, modifiers and kitchen printer routes.

Public cart pricing tax guardpass
offline_lanMUPZA_PUBLIC_CART_PRICING_TAX_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-cart-pricing-tax-guard-qa-smoke-v1.ps1

QR and website totals must match order ingest before any payment capture or cloud sync.

Public payment method readinesspass
offline_lanMUPZA_PUBLIC_PAYMENT_METHOD_READINESS_QA_SMOKE_V1_PASSscripts/qa/run-public-payment-method-readiness-qa-smoke-v1.ps1

Pay-at-counter and cash-on-delivery are mock-ready while online card stays provider-disabled.

Public order confirmation outboxpass
communicationsMUPZA_PUBLIC_ORDER_CONFIRMATION_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-public-order-confirmation-outbox-qa-smoke-v1.ps1

QR and website order confirmations write audited outbox records before any provider send.

Public order status timelinepass
offline_lanMUPZA_PUBLIC_ORDER_STATUS_TIMELINE_QA_SMOKE_V1_PASSscripts/qa/run-public-order-status-timeline-qa-smoke-v1.ps1

Customer-facing public order status is read-only and cannot mutate POS, kitchen or printer state.

Public customer receipt evidencepass
offline_lanMUPZA_PUBLIC_CUSTOMER_RECEIPT_EVIDENCE_QA_SMOKE_V1_PASSscripts/qa/run-public-customer-receipt-evidence-qa-smoke-v1.ps1

QR and website receipts link pricing, payment, confirmation and status evidence without mutation.

Public receipt delivery outboxpass
communicationsMUPZA_PUBLIC_RECEIPT_DELIVERY_OUTBOX_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-delivery-outbox-qa-smoke-v1.ps1

Receipt delivery writes audited outbox records before WhatsApp, email or Telegram provider sends.

Public receipt access link guardpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_LINK_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-link-guard-qa-smoke-v1.ps1

Public receipt/status links are masked, read-only and blocked from order, payment, receipt or provider-send mutation.

Public receipt access abuse guardpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_ABUSE_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-abuse-guard-qa-smoke-v1.ps1

Public receipt reads are rate-limited, replay-protected, bot-guarded and audited without blocking LAN authority.

Public receipt access revocation ledgerpass
securityMUPZA_PUBLIC_RECEIPT_ACCESS_REVOCATION_LEDGER_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-access-revocation-ledger-qa-smoke-v1.ps1

Public receipt revoke, expiry and restore-denied decisions are audited without mutating source links or LAN authority.

Public receipt payload redaction guardpass
securityMUPZA_PUBLIC_RECEIPT_PAYLOAD_REDACTION_GUARD_QA_SMOKE_V1_PASSscripts/qa/run-public-receipt-payload-redaction-guard-qa-smoke-v1.ps1

Public receipt payloads preserve customer totals while blocking internal ids, provider targets, audit ids and raw contact values.

Operator UI design foundationpass
release_opsMUPZA_OPERATOR_UI_DESIGN_FOUNDATION_QA_SMOKE_V1_PASSscripts/qa/run-operator-ui-design-foundation-qa-smoke-v1.ps1

The dashboard shell is grouped, denser and operator-focused without changing POS cashier behavior.

Responsive visual evidence harnesspass
release_opsMUPZA_RESPONSIVE_VISUAL_EVIDENCE_HARNESS_QA_SMOKE_V1_PASSscripts/qa/run-responsive-visual-evidence-harness-qa-smoke-v1.ps1

Mobile, tablet and desktop screenshots must prove no horizontal overflow before design handoff.

Operator push pack manifestpass
release_opsMUPZA_OPERATOR_PUSH_PACK_MANIFEST_QA_SMOKE_V1_PASSscripts/qa/run-operator-push-pack-manifest-qa-smoke-v1.ps1

Manual GitHub push and AWS staging handoff paths stay explicit without performing external mutation.

AWS staging bootstrap checklistpass
release_opsMUPZA_AWS_STAGING_BOOTSTRAP_CHECKLIST_QA_SMOKE_V1_PASSscripts/qa/run-aws-staging-bootstrap-checklist-qa-smoke-v1.ps1

Server, Nginx, env storage and route smoke checks stay staging-only and value-free.

Service activation matrixpass
release_opsMUPZA_SERVICE_ACTIVATION_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-service-activation-matrix-qa-smoke-v1.ps1

Firebase, Cloudflare, tags, OTP, WhatsApp, Telegram and email stay dry-run and env-gated.

Provider health monitorpass
release_opsMUPZA_PROVIDER_HEALTH_MONITOR_QA_SMOKE_V1_PASSscripts/qa/run-provider-health-monitor-qa-smoke-v1.ps1

Provider readiness is visible without exposing env values, secrets or performing live calls.

Service kill switch matrixpass
release_opsMUPZA_SERVICE_KILL_SWITCH_MATRIX_QA_SMOKE_V1_PASSscripts/qa/run-service-kill-switch-matrix-qa-smoke-v1.ps1

External services can be disabled while POS, waiter, kitchen and printer LAN authority remains active.

AI CTO operating rulespass
release_opsMUPZA_AI_CTO_OPERATING_RULES_QA_SMOKE_V1_PASSscripts/qa/run-ai-cto-operating-rules-qa-smoke-v1.ps1

Sprint continuity and AI CTO/Senior DevOps/Senior QA role rules are recorded as standing project policy.

MUPZAAI read-only reuse inventorypass
reuseMUPZA_VELORA_READONLY_REUSE_INVENTORY_V1_PASSscripts/qa/run-velora-readonly-reuse-inventory-v1.ps1

MUPZAAI can guide patterns read-only without modifying it or using secrets.

Secret guard expansionpass
securityMUPZA_SECRET_GUARD_EXPANSION_QA_SMOKE_V1_PASSscripts/qa/run-secret-guard-expansion-qa-smoke-v1.ps1

Push candidates are scanned for env files, keys, service accounts and provider tokens.

GitHub clean push readinesspass
securityMUPZA_GITHUB_CLEAN_PUSH_READINESS_GATE_V1_PASSscripts/qa/run-github-clean-push-readiness-gate-v1.ps1

Generated folders and secret-bearing files are blocked before GitHub push.

AWS operator handoffpass
release_opsMUPZA_AWS_OPERATOR_HANDOFF_QA_SMOKE_V1_PASSscripts/qa/run-aws-operator-handoff-qa-smoke-v1.ps1

Operator receives safe manual GitHub/AWS staging steps without repo-side mutation.