docs: sync planning summaries and manual guide status (#22)

dknauss · web-flow · commit db01cf144e78 · 2026-03-07T23:28:43.000-07:00
diff --git a/.planning/ROADMAP.md b/.planning/ROADMAP.md
@@ -1,6 +1,7 @@
 # Roadmap: Security Hardening Sprint
 
 **Milestone:** Security Hardening Sprint
+**Status:** Complete (all 4 phases delivered)
 **Created:** 2026-03-03
 **Depth:** Standard (4 phases)
 **Source:** ROADMAP.md section 12, .planning/review/03-03-2026/PROPOSED-NEXT-STEPS-Claude.md
@@ -37,7 +38,7 @@ Plans:
 Plans:
 - [x] 03-01-PLAN.md — Core TDD: normalize/validate filtered rules in `Action_Registry::get_rules()` and drop invalid rules fail-closed (Wave 1)
 - [x] 03-02-PLAN.md — MU-loader TDD: remove hardcoded basename/path assumptions and add resilient fallback resolution (Wave 2)
-- [ ] 03-03-PLAN.md — Integration + docs + full-gate verification for Phase 3 contracts (Wave 3)
+- [x] 03-03-PLAN.md — Integration + docs + full-gate verification for Phase 3 contracts (Wave 3)
 
 ### Phase 4: WPGraphQL Persisted Query Strategy and WSAL Sensor
 
@@ -47,4 +48,4 @@ Plans:
 Plans:
 - [x] 04-01-PLAN.md — WPGraphQL TDD: add persisted-query classification strategy with preserved secure fallback behavior (Wave 1; depends on Phase 3)
 - [x] 04-02-PLAN.md — WSAL TDD: implement optional WSAL sensor bridge mapped from existing WP Sudo audit hooks (Wave 2)
-- [ ] 04-03-PLAN.md — Integration + docs + manual verification + full-gate closure for Phase 4 deliverables (Wave 3)
+- [x] 04-03-PLAN.md — Integration + docs + manual verification + full-gate closure for Phase 4 deliverables (Wave 3)
diff --git a/.planning/phases/03-rule-schema-validation-and-mu-loader-resilience/03-03-SUMMARY.md b/.planning/phases/03-rule-schema-validation-and-mu-loader-resilience/03-03-SUMMARY.md
@@ -25,7 +25,7 @@ Finalize Phase 3 with integration coverage for malformed filtered rules and alig
 - **`ROADMAP.md`**
   - Updated P2 entries (rule-schema validation and MU-loader resilience) to shipped/complete language with implemented fix/test details.
 - **`.planning/ROADMAP.md`**
-  - Marked `03-01` and `03-02` checkboxes complete.
+  - Marked Phase 3 checkboxes (`03-01`, `03-02`, `03-03`) complete.
 
 ## Verification Results
 
@@ -36,10 +36,12 @@ Finalize Phase 3 with integration coverage for malformed filtered rules and alig
 - ✅ `vendor/bin/phpunit --configuration phpunit.xml.dist --do-not-cache-result tests/Unit/GateTest.php --filter test_match_request_matches_builtin_rule_with_malformed_custom_rule_present`
   - Passed (`1 test`, `2 assertions`).
 
-## Blockers / Environment Notes
+## Final Closure Verification
 
-- ⛔ Integration DB unavailable in this environment:
-  - `composer test:integration -- tests/Integration/ActionRegistryTest.php --do-not-cache-result`
-  - Failed with MySQL auth error (`Access denied for user 'root'@'localhost'`).
-- ⛔ `composer analyse:phpstan` remains intermittently stalled in this runner.
-  - Unit scope for touched files is green; static-analysis rerun is still required in a clean local CI/dev environment.
+- ✅ Full quality gates were completed on `main` during release-readiness:
+  - `composer test:unit`
+  - `composer test:integration` (single-site)
+  - `WP_MULTISITE=1 composer test:integration`
+  - `composer analyse:phpstan`
+  - `composer analyse:psalm`
+  - `composer lint`
diff --git a/.planning/phases/04-wpgraphql-persisted-query-and-wsal-sensor/04-03-SUMMARY.md b/.planning/phases/04-wpgraphql-persisted-query-and-wsal-sensor/04-03-SUMMARY.md
@@ -18,15 +18,15 @@ Finalize Phase 4 contracts across integration coverage, docs, manual test guidan
   - Added persisted-query classifier contract (`wp_sudo_wpgraphql_classification`).
   - Updated persisted-query guidance to classifier-first model with secure fallback.
   - Added optional WSAL bridge section with hook→event ID mapping.
-  - Added Stream parity note (planned next, WSAL-first delivery).
+  - Added Stream parity note.
 - **`docs/security-model.md`**
   - Updated persisted-query section to reference classifier filter path and fallback posture.
   - Added MU loader path-resolution diagnostics note.
 - **`tests/MANUAL-TESTING.md`**
   - Added persisted-query classifier validation checklist (`16.6`).
   - Added WSAL bridge validation checklist (`19.6`).
 - **`.planning/ROADMAP.md`**
-  - Marked `04-01` and `04-02` complete.
+  - Marked Phase 4 checkboxes (`04-01`, `04-02`, `04-03`) complete.
 
 ## Verification Results
 
@@ -39,10 +39,12 @@ Finalize Phase 4 contracts across integration coverage, docs, manual test guidan
 - ✅ `vendor/bin/phpunit --configuration phpunit.xml.dist --do-not-cache-result tests/Unit/PluginTest.php --filter test_mu_loader`
   - Passed (`5 tests`, `7 assertions`).
 
-## Blockers / Environment Notes
+## Final Closure Verification
 
-- ⛔ Integration tests are blocked by local DB auth in this environment:
-  - `composer test:integration -- tests/Integration/ActionRegistryTest.php --do-not-cache-result`
-  - `composer test:integration -- tests/Integration/WpGraphQLGatingTest.php --do-not-cache-result`
-  - Failure: `Access denied for user 'root'@'localhost' (using password: NO)`.
-- ⛔ Full static/lint gates (`composer analyse:phpstan`, `composer lint`) remain intermittently stalled/timed out in this runner.
+- ✅ Full quality gates were completed on `main` during release-readiness:
+  - `composer test:unit`
+  - `composer test:integration` (single-site)
+  - `WP_MULTISITE=1 composer test:integration`
+  - `composer analyse:phpstan`
+  - `composer analyse:psalm`
+  - `composer lint`
diff --git a/tests/MANUAL-TESTING.md b/tests/MANUAL-TESTING.md
@@ -1,6 +1,6 @@
 # WP Sudo Manual Testing Guide
 
-Manual verification tests for WP Sudo v2.6.0+. These complement the
+Manual verification tests for WP Sudo v2.12.0+. These complement the
 automated PHPUnit suite (`composer test`) and should be run against a
 real WordPress environment before each release.
 
