# Referenced Requirements

Source document: /var/lib/qaagent/uploads/qa-20260523-192152/qaagent-selftest-requirements.md
Extraction timestamp: 2026-05-23 19:27:14 UTC
Target: https://qa.winds-os.com

| Requirement ID | Source Reference | Original Requirement Text | Normalized Requirement Text | Feature/Page | Notes |
|---|---|---|---|---|---|
| REQ-001 | requirements.md lines 8 | Public health endpoint responds successfully with JSON status. | Public health endpoint responds successfully with JSON status. | API /health | HTTP/2 200 and JSON {ok:true}. |
| REQ-002 | requirements.md lines 10 | Unauthenticated visitors to the web UI are redirected to or shown the login page and cannot access the dashboard directly. | Unauthenticated visitors to the web UI are redirected to or shown the login page and cannot access the dashboard directly. | Authentication | Root redirects to /login and login form is shown. |
| REQ-003 | requirements.md lines 12 | Admin login accepts the configured password and opens the dashboard. | Admin login accepts the configured password and opens the dashboard. | Authentication | POST /login returns 303 to /; authenticated dashboard content loads. |
| REQ-004 | requirements.md lines 14 | Dashboard contains expected lead-in fields for creating a QA run: Target URL, Project name, Current feature/scope, Requirement doc upload, Optional test cases upload, and Create QA Run action. | Dashboard contains expected lead-in fields for creating a QA run: Target URL, Project name, Current feature/scope, Requirement doc upload, Optional test cases upload, and Create QA Run action. | Dashboard UI | All required labels/actions found in authenticated dashboard HTML and screenshots. |
| REQ-005 | requirements.md lines 16 | API rejects requests without X-API-Key. | API rejects requests without X-API-Key. | API auth | GET /api/runs without key returns HTTP 401 with Invalid API key. |
| REQ-006 | requirements.md lines 18 | API accepts an authenticated multipart POST to /api/runs containing target_url, project, scope, and requirements upload, and returns a queued run JSON object with id/status. | API accepts an authenticated multipart POST to /api/runs containing target_url, project, scope, and requirements upload, and returns a queued run JSON object with id/status. | API runs | Authenticated multipart smoke POST returned HTTP 200 with id qa-20260523-192337 and status queued. |
| REQ-007 | requirements.md lines 20 | Test run history/API exposes submitted runs and includes status, target URL, project, logs/report fields when available. | Test run history/API exposes submitted runs and includes status, target URL, project, logs/report fields when available. | Run history/API | Authenticated history API includes submitted runs with status, target_url, project, public_url/log_path/error fields; dashboard table shows history. |
| REQ-008 | requirements.md lines 22 | The background worker processes a queued run and either completes with a hosted files.winds-os.com report or records a clear failure/log message. | The background worker processes a queued run and either completes with a hosted files.winds-os.com report or records a clear failure/log message. | Worker/report publishing | Prior queued run processed to failed with clear error/log; current self-test run has hosted URL field. Smoke run intentionally left queued behind active self-test run. |