> For the complete documentation index, see [llms.txt](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/phases/phase_31/session_06_demo_qa_and_privacy_verification.md).

# Session 06: Demo QA And Privacy Verification

**Session ID**: `phase31-session06-demo-qa-and-privacy-verification` **Status**: Not Started **Estimated Tasks**: \~12-25 **Estimated Duration**: 2-4 hours

***

## Objective

Prove the static demo renders the planned route matrix and makes no private bridge requests.

***

## Scope

### In Scope (MVP)

* Add Playwright smoke coverage for the full Pages-demo route matrix.
* Add a network assertion that no request pathname starts with `/__` in public demo mode.
* Allow static `/demo/*` asset requests.
* Run demo build and static preview checks.
* Run typecheck and focused tests for demo behavior.
* Run secret/path scans against committed `demo-website/public/demo/*` fixtures.
* Run secret/path scans against generated `demo-website/dist`.
* Check Cloudflare Pages static behavior for client-side routing and headers.
* Record blockers for any route that cannot yet render safely.

### Out of Scope

* Adding a full CI guard before the demo stabilizes.
* Changing source adapter approval scope.
* Deployment to a live Pages project unless project configuration is available.
* Adding new public features beyond verification and safety gates.

***

## Folded Source Details

Playwright smoke route matrix:

* `/`
* `/skills`
* `/memory`
* `/knowledge-graph`
* `/activity`
* `/agents/hermes`
* `/agents/claude-code`
* `/agents/openclaw`
* `/extensions/trend-finder/trends`
* `/extensions/trend-finder/engine`
* `/extensions/trend-finder/sources`
* `/extensions/trend-finder/workbench`
* `/extensions/trend-finder/watchlist`
* `/extensions/trend-finder/brief`
* `/extensions/ai-rogue/play`
* `/extensions/ai-rogue/ledger`
* `/extensions/ai-rogue/loadout`
* `/extensions/ai-rogue/settings`

Network rule:

* Fail if any request pathname starts with `/__`.
* Allow `/demo/*` static assets.
* Use the same assertion across smoke tests so later surfaces inherit the guard.

Scan targets:

* Committed `demo-website/public/demo/*` fixtures.
* Generated `demo-website/dist`.

Scan for:

* Absolute local paths.
* Secrets.
* Auth files.
* Credential labels.
* Token/key-shaped strings.
* Private memory text.
* Raw prompts.
* Raw transcripts.
* Raw command output.
* Local bridge URLs.
* `file://` URLs.
* Loopback and private-LAN URLs.

Required verification commands:

* `bun run demo:build:pages`
* `bun run demo:preview:pages` or equivalent static preview command.
* `bun run typecheck`
* Focused Vitest suites for public demo behavior.
* Focused Playwright route smoke suite.
* Privacy scan command for fixtures and generated output.

CI guard decision:

* A repo CI guard for `demo:build:pages` plus secret/path scan remains deferred until the demo stabilizes, unless the implementation proves it is cheap and non-disruptive to add now.

***

## Prerequisites

* [ ] Sessions 03 through 05 are complete.
* [ ] Static preview can run locally.
* [ ] Route matrix from this stub is still current.
* [ ] Generated `demo-website/dist` exists for scan and header checks.

***

## Deliverables

1. Automated route smoke tests for Pages demo mode.
2. Automated no-bridge-request assertion.
3. Privacy scan command or test coverage for committed fixtures and generated output.
4. Validation notes for any route that cannot yet render safely.
5. Evidence that static routing and headers behave as expected under preview.

***

## Success Criteria

* [ ] All expected public routes load from the static preview.
* [ ] No public route requests `/__*`.
* [ ] Static `/demo/*` asset requests remain allowed.
* [ ] Scans find no local paths, secrets, auth files, credential labels, raw private text, local bridge URLs, or token/key-shaped strings in fixtures or generated output.
* [ ] Build, preview, typecheck, focused tests, and smoke tests pass or have documented blockers.
* [ ] CI guard remains explicitly deferred or added only after the demo path is stable.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://ai-os-and-trend-finder.gitbook.io/ai-os-and-trend-finder-docs/.spec_system/archive/phases/phase_31/session_06_demo_qa_and_privacy_verification.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
