Approvals
Every stage gate, every critical requirement, every PR merge — a human signs off. Agents never finalise regulatory, financial, customer-facing, data-retention or security controls on their own.
Stage gate: Decomposition → Solution Design
Drafted 3 Epics and 14 User Stories for the 'Bureau Score v3 — SME segment' concept, with Acceptance Criteria.
+ Epic ECB-2401 Bureau Score v3 — SME segment + Story ECB-2402 As an SME applicant I want to view my score history… + Story ECB-2403 As a lender I want to compare SME scores across periods… + AC: score recomputed nightly; surfaced within 200 ms p95
Critical requirement validation — Data retention
Proposed retention of consumer dispute artifacts for 7 years in Azure Blob (UAE North) with WORM lock. Requires named approver under PDPL.
retention.consumer_disputes = 7y storage.tier = cool immutability = WORM residency = uae-north
PR merge approval — feature/sme-score-history
PR #884 — adds Score History screen, 6 new components, 14 unit tests. SonarQube quality gate: passed.
screens/ScoreHistory.tsx +182 -0 components/ScoreLineChart.tsx +96 -0 __tests__/ScoreHistory.test.tsx +154 -0 …
PR merge approval — tests/sme-score-history
PR #885 — Playwright + pytest coverage for SME Score History flow. 22 new tests, 0 flakes on 10x rerun.
tests/e2e/sme_score_history.spec.ts +212 -0 tests/api/test_score_history.py +88 -0
UAT sign-off — Bureau Score v3 release candidate
147/152 tests passing. 5 failures triaged as known-flaky (network). Performance NFRs met (p95 = 183ms).
Critical requirement validation — Authn change
Proposed switch of mobile auth from OTP-only to OTP + device-binding. Touches regulated authentication control AC-04.