ForgePM — Orlando Enterprise
Outcome Contract
Outcome Contract — ForgePM (Orlando Enterprise)
The outcome is accepted only if every MUST_PASS success criterion below is satisfied by automated evidence. Functional criteria (SC-F*) prove the business works; non-functional criteria (SC-N*) prove the enterprise bar.
Functional success criteria
| ID | Criterion | Severity | Evidence |
|---|---|---|---|
| SC-F1 | An authenticated manager can create properties/units and they persist across restart | MUST_PASS | db + runtime tests |
| SC-F2 | Monthly rent charges generate for active leases; recording a payment updates the balance and delinquency status | MUST_PASS | db tests |
| SC-F3 | A maintenance work order can be opened, assigned, and moved through its status workflow | MUST_PASS | db tests |
| SC-F4 | Short-term pricing returns a recommended nightly price + range that responds to Orlando seasonality, occupancy, and demand | MUST_PASS | unit tests |
| SC-F5 | "Where to Maximize" returns ranked, explainable opportunities with estimated monthly upside | MUST_PASS | unit + db tests |
| SC-F6 | Dashboard KPIs and CSV exports of core data are available to permitted roles | MUST_PASS | runtime tests |
Non-functional success criteria (enterprise bar)
| ID | NFR dimension | Criterion | Severity | Evidence |
|---|---|---|---|---|
| SC-N1 | identity_authentication | Unauthenticated API access is rejected (401); login establishes a signed session; passwords stored with salted scrypt; MFA/SSO seam present | MUST_PASS | runtime + unit tests |
| SC-N2 | authorization_model | RBAC enforced server-side with least privilege; forbidden actions return 403 (e.g. VIEWER cannot write, STAFF cannot manage users) | MUST_PASS | db + runtime tests |
| SC-N3 | tenant_isolation | Every read/write is org-scoped; cross-tenant read or write is impossible (proven by negative tests) | MUST_PASS | db + runtime tests |
| SC-N4 | auditability | Privileged actions append to an immutable audit log with actor, org, action, target, timestamp | MUST_PASS | db + runtime tests |
| SC-N5 | security_compliance | Secrets are hashed/managed, sessions expire, inputs validated, error responses leak no internals; compliance posture documented | MUST_PASS | unit + runtime tests |
| SC-N6 | data_durability | SQLite in WAL mode with versioned migrations and a backup script; data survives restart | MUST_PASS | db + runtime tests |
| SC-N7 | observability | Structured request logging + /healthz and /metrics endpoints | MUST_PASS | runtime tests |
| SC-N8 | admin_operations | Org admins can self-serve manage users and roles | MUST_PASS | db + runtime tests |
| SC-N9 | ux_maturity | Earthy/light design system; responsive; complete loading/empty/error states | SHOULD_PASS | static + browser checks |
| SC-N10 | accessibility | WCAG 2.1 AA basics: semantic landmarks, labelled controls, visible focus, sufficient contrast | SHOULD_PASS | static checks |
| SC-N11 | reporting_exports | Core datasets exportable as CSV via API | MUST_PASS | runtime tests |
Definition of done
- All
MUST_PASScriteria pass undernpm run verifywith collected evidence. - Certification level is set honestly from the evidence and the ENTERPRISE
non-functional gate (see delivery-package/certification-report.md).