This is a walk-through of every feature currently live on console.raxx.app. Each entry tells you exactly how to test it and what "working as intended" means. Open the console in one tab, this doc in another, and tick through.
Login:
https://console.raxx.app/→ email-OTP via Cloudflare Access (your kris@moosequest.net Gmail). Session lasts 8 hours.Latest deploy: release v38 (commit visible in the footer; click the SHA to see the GitHub commit).
When you land on console.raxx.app/dashboard, you should see:
MooseQuest — operator only + v0.10.0 (sha) link to GitHub commit + console.raxx.appIf any of those are missing, that's a finding — note which one.
Where: /dashboard (default landing page after login)
What it does: real-time tile per surface (api.raxx.app, console.raxx.app, vault.raxx.app, etc.) showing OPERATIONAL / DEGRADED / DOWN with last-poll timestamp.
How to test:
1. Land on /dashboard. You should see a grid of tiles.
2. Each tile should have:
- Surface name (e.g., "api-prod")
- Status indicator (green/yellow/red dot)
- Last-poll timestamp (e.g., "30s ago")
3. Env-aware filter (#666 fix): at top, switch the env dropdown between prod and staging. The tile content should update — prod shows api.raxx.app, staging shows api-staging.raxx.app.
Expected current state:
- ✅ console-prod, console-staging, api-staging, tickets, customer-docs, status-page, raxx-app-previews, raxx-mockups, vault — should mostly be OPERATIONAL
- ⚠️ api-prod — likely DOWN (no slug deployed yet — tracked in #690 / #776)
- ⚠️ getraxx surface was removed from registry today (#689) — should NOT appear
- ⚠️ Some surfaces may show DEGRADED if CF Access service token isn't enrolled on them (tracked #692) — see "Known degraded tiles" below
Findings to flag: - Any tile showing the wrong URL for the selected env - Any tile labeled "getraxx" (should be gone) - Any DEGRADED tile that should be OPERATIONAL
Flag: FLAG_CONSOLE_SITE_LATENCY_CHART=1 ✅ (set on prod)
Where: click any tile from Feature 1 → /dashboard/sites/<surface_id>
What it does: drill-in view showing:
- Current status badge
- Last-poll timestamp + latency_ms
- 48h latency sparkline chart (Canvas, mouse-scrub tooltip)
- Window selector (24h / 48h / 7d / 30d via query param ?window=...)
- Empty state if no data: "Collecting history — chart available after first 30 minutes"
How to test:
1. Click any healthy tile (e.g., console-prod or customer-docs)
2. Confirm the detail page renders with status + latency value
3. Chart should be visible with a line graph of last-48h latency
4. Hover over the chart — a vertical line + tooltip should appear showing <timestamp> — <latency>ms — <status>
5. Try ?window=7d in URL — chart should re-render with wider window
6. New surfaces with no data → "Collecting history" message
Expected: working on prod since the flag is on.
Findings to flag: - Chart not rendering at all - Tooltip not appearing on hover - Window selector not working - Wrong axis labels
Flag: FLAG_CONSOLE_RECENTS_AUTOCOLLAPSE=1 ✅
Where: dashboard page (right side or top — wherever the Activity strip lives)
What it does: the activity panel reveals on page load with a slide-in animation, then auto-collapses after 3 seconds of no interaction. Click to re-expand (sticky); ESC to collapse immediately. Hover pauses the auto-collapse timer. Respects prefers-reduced-motion.
How to test:
1. Reload dashboard
2. The recents panel should slide open briefly (~300ms transition)
3. Wait ~3 seconds without moving the mouse
4. Panel should slide closed
5. Click the collapsed strip → expands and stays open
6. Hover inside the open panel → timer should pause; leave → timer resumes
7. Press ESC while expanded → collapses immediately
Expected: working on prod.
Findings to flag: - Panel never auto-collapses - Click doesn't re-expand - ESC doesn't collapse - Hover doesn't pause timer - Visible flash of unstyled content during reveal
Flag: FLAG_CONSOLE_LOCATION_GEOCODE=1 ✅
Where: bottom ticker — the "Location" item
What it does: on first console-page visit, prompts for geolocation. On approve, fetches lat/lng → reverse-geocodes via BigDataCloud free API (client-side only, coordinates never sent to backend) → displays City, Region (e.g., "Sacramento, California"). Cached in localStorage; only re-geocodes if you've moved >1km. Tooltip shows raw coords for debug.
How to test:
1. Open console in incognito/private window (so localStorage is fresh)
2. Browser should prompt: "console.raxx.app wants to know your location"
3. Click Allow → ticker shows Sacramento, California (or wherever you are)
4. Hover over the location item → tooltip should show the raw lat/lng
5. Reload → no second prompt; cached city shown immediately
6. (Advanced) DevTools → Sensors → set custom location far from current → reload → should re-geocode to new city
7. Test deny flow: incognito + click Block on prompt → ticker shows (location declined) (NO error toast)
Expected: working on prod.
Findings to flag: - Prompt doesn't appear on first visit - Approves but shows raw coords instead of city - Doesn't cache (re-prompts every reload) - Deny shows red error instead of polite "(location declined)" - Coords leak to backend (check Network tab — should only see request to bigdatacloud.net)
Flag: FLAG_CONSOLE_IP_GEO_WIDGET=1 ✅
Where: bottom ticker — different slot from the location widget (should be its own item)
What it does: reads Cloudflare's CF-IPCity / CF-Region / CF-IPCountry request headers (server-side, no permission prompt) and renders City, Region, Country. Tooltip shows lat/lng if CF provides them.
How to test:
1. On console (any page) → look at the ticker
2. Should see a separate ticker item showing your IP-based location (e.g., "Sacramento, California, US")
3. Hover → tooltip shows lat/lng
4. This is independent of Feature 4 — even if you deny browser geolocation, IP Geo should still display because it's server-derived.
5. (If running locally without CF in front) shows (local dev) instead
Expected: working on prod.
Findings to flag:
- IP Geo widget missing entirely
- Same value as Feature 4 (they should be from different sources, may differ if you're on VPN or mobile vs desktop)
- Shows (local dev) on prod (means CF headers aren't reaching the app)
Where: /dashboard — look for a "Tickets (FreeScout)" tile
What it does: new surface registered in the status grid. Probes https://tickets.raxx.app/login (open path, no CF Access). Shows OPERATIONAL when 200, DEGRADED on 502/503, DOWN on timeout.
How to test: 1. On dashboard → confirm the tile appears 2. Display name should be "Tickets (FreeScout)" 3. Status should be OPERATIONAL (FreeScout login is live at tickets.raxx.app/login per today's earlier verification) 4. Click the tile → goes to its detail page (Feature 2 works for this tile too)
Findings to flag: - Tile missing - Wrong display name - Status DEGRADED/DOWN despite tickets.raxx.app/login returning 200
Where: Heroku surface tiles (api-prod, console-prod, etc.)
What it does: these now probe via the direct .herokuapp.com URL instead of the CF-Access-gated *.raxx.app custom domain. Removes false-DEGRADED state caused by CF Access intercepting probes.
How to test:
1. Look at console-prod tile — should be OPERATIONAL (it's the app you're using right now)
2. Look at api-staging tile — should be OPERATIONAL (probed at raxx-api-staging-*.herokuapp.com)
3. api-prod will still be DOWN (real outage, no slug deployed; tracked #690/#776)
Findings to flag:
- console-prod showing DEGRADED while you're successfully using it
- api-staging showing DEGRADED if it's actually responding (verify via gh run view <latest deploy run> showing success)
Where: /dashboard (the absence of something)
What it does: previously there was a getraxx tile pointing at a CF Pages project that doesn't exist (getraxx, returns CF error 1014). Now removed from registry.
How to test: 1. Search the dashboard for any tile labeled "getraxx" or "getraxx.com" 2. Should not exist. If it does, the registry change didn't propagate.
Note: the actual getraxx.com domain bug is separate (#691) — this is just about the dashboard tile.
Flag: FLAG_CONSOLE_ENV_GATE=1 ✅ (active), FLAG_CONSOLE_ENV_SWITCHER_BANNER=0 (banner hidden — by your earlier decision)
Where: dropdown in header, top-right
What it does: switches the entire console between prod and staging views. Surface tiles, secrets, audit logs all reflect the selected env.
How to test:
1. Click the env dropdown (top-right of nav)
2. Switch to staging → tile URLs should change to *-staging.raxx.app / *-staging.herokuapp.com
3. Switch back to prod → URLs flip back
4. Banner is currently OFF (no big red/purple banner across the top) — that's intentional per your earlier "too prominent" feedback
Findings to flag: - Switching doesn't change URLs in tiles - Both envs show the same data - Banner appearing despite flag being off
/secrets)Flag: FLAG_CONSOLE_ROTATION_MODE_A=1 ✅
Where: /secrets (nav: Secrets)
What it does: rotation table for every secret in vault. Per-secret state badge (set / not-setup / pending), last-rotated timestamp, link to issue/SOP. Click into a secret → rotation Mode A flow.
How to test: 1. Go to Secrets 2. Should see a table grouped by vendor (Cloudflare, Heroku, Postmark, AWS, Anthropic, etc.) 3. Each row: secret name, vendor, state, last-rotated, action button 4. Click a row → drill-in view with the rotation runbook + "rotate now" affordance (Mode A flow)
Findings to flag: - Empty table on prod (means vault auth broken in console — not the same as our session vault auth) - Missing secrets you expect to see - "Not setup" state on a secret you know IS set - Wrong vendor grouping - Stale "last rotated" data - (Known gap) Most secrets won't have an issue/SOP link yet — covered by per-vendor rotation runbook follow-ups
/status)Where: nav: Status
What it does: placeholder for status.raxx.app integration. Currently shows "coming soon" with link to issue #422.
How to test: click → see placeholder. No findings expected; it's a stub.
Where: nav: Issues
What it does: opens tickets.raxx.app in a new tab — the FreeScout admin surface for customer support tickets.
How to test:
1. Click "Issues" in nav
2. New tab opens to https://tickets.raxx.app/... (or help.raxx.app per CONSOLE_TICKETS_URL config)
3. Today's known issue: the URL probably routes to tickets.raxx.app/admin which 404s — should be tickets.raxx.app/login per today's findings. Check CONSOLE_TICKETS_URL Heroku config var.
Findings to flag:
- Click does nothing (broken anchor)
- Opens in same tab (should be target="_blank")
- Lands on a 404 page
Flag: FLAG_CONSOLE_BILLING=0 (currently OFF on prod)
Where: would appear in nav as "Billing" if flag flipped
What it does: placeholder for the billing telemetry dashboard (Path B, scoped under epic #757 with 13 sub-cards). Not implemented yet — flag-gated to hide the nav until the dashboard ships.
How to test: confirm "Billing" is NOT visible in nav (because flag is off). If you flip FLAG_CONSOLE_BILLING=1 it would appear but render an empty placeholder.
No findings expected; it's intentionally hidden.
Flag: FLAG_CONSOLE_CLAUDE_MENU=0 (currently OFF on prod)
Where: would appear in nav as "Ops" dropdown if flag flipped (per memory project_claude_menu_current_vs_future.md — this is the GH Actions workflow dispatch panel, not actual Claude SDK sessions)
What it does: operator clicks an Ops menu → triggers workflow_dispatch on registered workflows (nightly-security-scan, deploy-heroku, card-groomer, etc.). Status polled.
How to test: confirm "Ops" is NOT visible in nav (flag off). If flipped on, you'd see it as a header dropdown with workflow buttons.
No findings expected; intentionally hidden until you decide to flip it.
Where: bottom of every page
What it does: displays v0.10.0 (a93f3a3) (or similar). The version comes from console/app/version.py. The SHA is read from HEROKU_SLUG_COMMIT env var (Heroku injects this when heroku labs:enable runtime-dyno-metadata is enabled).
Today's note: the SHA piece will only show after heroku labs:enable runtime-dyno-metadata --app raxx-console-prod is run AND a redeploy happens. Until then, the footer falls back to v0.10.0 linking to commits/main.
How to test:
1. Look at footer (right side)
2. If SHA is present: click (a93f3a3) → opens GitHub commit page for the deployed code
3. If SHA is absent: click v0.10.0 → opens GitHub commits/main page (no longer 404s on console-v* tag)
Findings to flag: - Link still 404s (means PR #775 hasn't been deployed yet) - Wrong SHA shown (would mean HEROKU_SLUG_COMMIT is stale)
These tiles will likely show DEGRADED on prod until follow-up cards are completed:
| Tile | Why | Tracker |
|---|---|---|
api-prod |
No slug deployed — first-deploy never happened | #690, fix path #776 |
internal-docs |
CF Access service token not enrolled on this app | #692 |
raxx-app-previews |
CF Access service token not enrolled | #692 |
raxx-mockups |
CF Access service token not enrolled | #692 |
Don't file new findings on these — they're tracked.
When you find an issue, paste back here:
Feature: <number from above>
Expected: <what should happen>
Actual: <what you saw>
Browser: <Safari iOS / Safari macOS / Chrome / etc.>
Reproducible: <yes / sometimes / once>
I'll convert each into a tracked issue + queue the fix.
Reading on GitHub: https://github.com/raxx-app/TradeMasterAPI/blob/docs/console-feature-qa/docs/console/feature-qa.md
(or any branch — this doc lives at docs/console/feature-qa.md)