fix: harden spp_alerts module for public release

[gonzalesedwin1123]

Summary

• Address 78 findings from two rounds of staff engineer and UX expert reviews
• Fix security issues: remove user browse record from safe_eval context, add multi-company enforcement, add domain filter validation
• Fix priority ordering bug (alerts now sort critical > high > medium > low instead of alphabetically)
• Add state guards on acknowledge/resolve to prevent double-transitions
• Add kanban view with state grouping, progressbar, and dropdown quick actions
• Add stat buttons (View Source, Related Alerts, Alert Count), hotkeys, domain widget, and chatter on rule form
• Add mail.thread on alert rules for audit compliance with field tracking
• Rewrite DESCRIPTION.md to accurately describe module capabilities
• Add comprehensive QA UI testing guide (USAGE.md) with 14 sections and ~50 test cases
• Expand test suite to 104 tests with ~99% model coverage

Changes by area

Security

• Remove user browse record from safe_eval domain context (prevent relationship traversal)
• Add _check_company_auto = True and check_company=True on rule_id
• Add _check_domain_filter constraint to validate domain expressions on save

Bug fixes

• Add priority_sequence stored computed field for correct semantic sort order
• Add state guard on action_acknowledge — only active alerts can be acknowledged
• Add state guard on action_resolve — already-resolved alerts raise UserError
• Remove required attribute on resolution_notes that blocked unrelated form saves

Models

• spp.alert.rule: add mail.thread inheritance with tracking on key fields
• spp.alert: add res_name computed field, action_view_source, action_view_related_alerts
• Extract _domain_eval_context() helper, add model_name related field for domain widget
• Use named placeholders in all translation strings

Views

• Kanban view with default_group_by="state", progressbar, dropdown Acknowledge/Resolve actions
• Stat buttons: View Source, Related Alerts (alert form), Alert Count (rule form)
• Domain widget for visual filter configuration on rules
• Resolution tab info banner, chatter on rule form, named groups for extensibility
• Fix <group name="groupby"> syntax for Odoo 19 compatibility
• Add hotkeys (Alt+A, Alt+R), sample data, row decorations, optional columns

Tests

• 29 new tests added (104 total, ~99% model coverage)
• Replace skipTest guards with env.ref() for vocabulary codes
• Fix 2 tests broken by new domain validation constraint (SQL bypass for error-path testing)

Documentation

• Rewrite readme/DESCRIPTION.md to match actual implementation
• Add readme/USAGE.md — QA UI testing guide covering all user-facing functionality

Test plan

• All 104 tests pass (./scripts/test_single_module.sh spp_alerts)
• Downstream spp_drims tests pass (215 tests)
• Pre-commit hooks pass (ruff, prettier, pylint, semgrep)
• Manual UI verification of kanban view, domain widget, and resolution flow

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly hardens the spp_alerts module, preparing it for public release by addressing numerous findings from staff engineer and UX expert reviews. The changes focus on bolstering security, improving user experience through new views and features, enhancing data integrity with better state management and audit trails, and providing comprehensive documentation and test coverage. The overall impact is a more secure, user-friendly, and maintainable alert management system.

Highlights

• Security Enhancements: Removed user browse record from safe_eval context, added multi-company enforcement, and implemented domain filter validation to prevent security vulnerabilities.
• Improved Alert Prioritization: Fixed priority ordering to semantically sort alerts as critical > high > medium > low, rather than alphabetically.
• Robust State Management: Introduced state guards on acknowledge/resolve actions to prevent invalid double-transitions and ensure consistent alert lifecycle.
• Enhanced User Interface: Added a Kanban view with state grouping, a progress bar, and quick actions, along with stat buttons (View Source, Related Alerts, Alert Count), hotkeys, and a domain widget for rule forms.
• Audit and Traceability: Integrated mail.thread on alert rules for audit compliance, enabling field tracking and chatter functionality.
• Comprehensive Documentation: Rewrote DESCRIPTION.md to accurately reflect module capabilities and added a detailed USAGE.md as a QA UI testing guide with numerous test cases.
• Expanded Test Coverage: Increased the test suite to 104 tests, achieving approximately 99% model coverage, and fixed existing tests for new validation constraints.

Changelog

• spp_alerts/README.rst
  • Updated module description to reflect new capabilities and evaluation methods.
  • Revised key capabilities list to detail rule definition, evaluation, comparison operators, duplicate prevention, and visual domain builder.
  • Updated model descriptions for spp.alert and spp.alert.rule.
  • Refined configuration steps and UI location details.
  • Expanded security section with a detailed access matrix for different user groups.
  • Modified extension points to include custom evaluation logic overrides and UI-configurable rules.
• spp_alerts/manifest.py
  • Removed the 'assets' key from the manifest file.
• spp_alerts/models/alert.py
  • Added PRIORITY_SEQUENCE dictionary for semantic priority ordering.
  • Updated _order to use priority_sequence for consistent sorting.
  • Added _check_company_auto = True for multi-company enforcement.
  • Added priority_sequence computed field for numeric priority ordering.
  • Added check_company=True to rule_id field.
  • Added res_name computed field to display the name of the source record.
  • Implemented state guards in action_acknowledge to only allow active alerts to be acknowledged.
  • Implemented state guards in action_resolve to prevent resolving already resolved alerts and enforce resolution notes.
  • Added action_view_related_alerts method to open a list of other alerts from the same rule.
  • Added action_view_source method to open the source record in a form view.
• spp_alerts/models/alert_rule.py
  • Inherited mail.thread for spp.alert.rule to enable chatter and tracking.
  • Added tracking=True to model_id, priority, active, rule_type, threshold_value, and days_before fields.
  • Added model_name related field for use with the domain widget.
  • Added alert_count computed field to show the number of alerts created by a rule.
  • Added action_view_alerts method to open a list of alerts associated with the rule.
  • Introduced _domain_eval_context helper to define a safe evaluation context for domain filters.
  • Added _check_domain_filter constraint to validate domain expressions on save.
  • Wrapped _evaluate_rule call in action_evaluate with a try-except block to catch and surface evaluation errors.
  • Updated notification message in action_evaluate to use named placeholders.
  • Removed user browse record from safe_eval context in _evaluate_rule for security.
  • Improved logging messages in _evaluate_rule to include rule name and ID.
  • Adjusted _prepare_alert_vals to conditionally include threshold_value only when current_value is present.
  • Added comment explaining cron job execution as superuser and its implications.
• spp_alerts/readme/DESCRIPTION.md
  • Updated the module's main description to reflect new features and capabilities.
  • Revised the 'Key Capabilities' section to detail rule definition, evaluation, comparison operators, duplicate prevention, visual domain builder, and stat buttons.
  • Updated 'Key Models' descriptions for spp.alert and spp.alert.rule.
  • Refined 'Configuration' steps and 'UI Location' details, including new views and form elements.
  • Expanded 'Security' section with a detailed access matrix.
  • Modified 'Extension Points' to include custom evaluation logic overrides and UI-configurable rules.
• spp_alerts/readme/USAGE.md
  • Added a new comprehensive UI testing guide covering all user-facing functionality.
• spp_alerts/security/ir.model.access.csv
  • Updated access control record IDs for consistency and clarity.
• spp_alerts/static/description/index.html
  • Updated the HTML version of the README to reflect all changes made in DESCRIPTION.md.
• spp_alerts/tests/common.py
  • Updated vocabulary code retrieval to use env.ref() for direct reference, removing skipTest guards.
• spp_alerts/tests/test_alert.py
  • Removed skipTest guards for alert type vocabulary codes.
  • Added test_action_acknowledge_non_active_raises to verify state guard on acknowledge.
  • Added test_action_resolve_already_resolved_raises to verify state guard on resolve.
  • Added test_resolve_directly_from_active to confirm direct resolution from active state.
  • Added test_priority_sequence_values to test the new priority sequence computation.
  • Added test_res_name_computed and test_res_name_empty_when_no_source for the new res_name field.
  • Added test_action_view_source and test_action_view_source_no_source for the new view source action.
  • Added test_action_view_related_alerts and test_action_view_related_alerts_no_rule for the new related alerts action.
  • Added test_res_name_deleted_record and test_res_name_invalid_model to test robustness of res_name computation.
  • Added test_resolve_with_preset_resolution_notes to ensure resolution works with pre-filled notes.
• spp_alerts/tests/test_alert_rule.py
  • Removed skipTest guards for alert type vocabulary codes.
  • Added test_domain_filter_validation_valid, test_domain_filter_validation_invalid, and test_domain_filter_validation_non_list for the new domain filter validation.
  • Added test_alert_count_computed for the new alert count field.
  • Added test_action_view_alerts for the new view alerts action.
  • Added test_model_name_related_field for the new model_name field.
  • Added test_action_evaluate_surfaces_errors to test error surfacing during rule evaluation.
  • Added test_action_evaluate_no_model_raises to test error when evaluating rule without a model.
• spp_alerts/tests/test_rule_evaluation.py
  • Removed skipTest guards for alert type vocabulary codes and fields.
  • Modified test_cron_continues_on_error to corrupt domain via SQL, bypassing validation for error-path testing.
  • Modified test_invalid_domain_returns_zero to corrupt domain via SQL for error-path testing.
  • Added test_company_propagation_no_company_on_rule to verify default company assignment.
  • Added test_get_existing_alert_keys_empty_ids for edge case testing.
  • Added test_prepare_alert_vals_threshold_includes_threshold_value and test_prepare_alert_vals_date_excludes_threshold_value for alert value preparation logic.
  • Added test_res_name_on_rule_generated_alert to verify res_name on rule-generated alerts.
  • Added test_evaluate_rule_model_not_found to test handling of missing models during evaluation.
  • Added test_date_rule_skips_empty_date_field to test date rule behavior with empty date fields.
• spp_alerts/views/alert_rule_views.xml
  • Added sample='1' to the list view for sample data display.
  • Added a stat button for alert_count to the form view.
  • Moved web_ribbon for 'Archived' outside the button box.
  • Reorganized form view groups for better layout.
  • Added options="{'no_create': True}" to alert_type_id to prevent creation from dropdown.
  • Moved description field outside the notebook and made it nolabel.
  • Added model_name field (invisible) and configured domain_filter widget to use it.
  • Added chatter to the form view for message logging and tracking.
  • Updated groups attribute for 'Run Now' button to use explicit module prefix.
  • Fixed <group name="groupby"> syntax for Odoo 19 compatibility in search view.
• spp_alerts/views/alert_views.xml
  • Added sample='1' to the list view.
  • Added decoration-muted="state == 'resolved'" to list view for resolved alerts.
  • Changed create_date field to be optional="show" in list view.
  • Added data-hotkey="a" to Acknowledge button and data-hotkey="r" to Resolve button.
  • Updated Resolve button visibility to invisible="state == 'resolved'".
  • Added stat buttons for action_view_source and action_view_related_alerts to the form view.
  • Reorganized form view layout, moving title field.
  • Added options="{'no_create': True}" to alert_type_id in form view.
  • Grouped metric fields (current_value, threshold_value, days_until) under a threshold_info group.
  • Grouped source fields (rule_id, res_model, res_id, res_name) under a source_info group.
  • Made description field nolabel in the details page.
  • Added an info banner to the Resolution tab, visible when the alert is not resolved.
  • Removed required="state == 'resolved'" from resolution_notes field.
  • Added Kanban view (spp_alert_view_kanban) with state grouping, progress bar, and dropdown quick actions.
  • Updated action_spp_alert to include kanban in view_mode.
  • Updated help text for action_spp_alert to reflect 'No active alerts'.
• spp_alerts/views/menus.xml
  • Updated groups attributes for all menu items to use explicit module prefix (spp_alerts.group_alerts_viewer, spp_alerts.group_alerts_manager).

Activity

• The pull request addresses 78 findings from two rounds of staff engineer and UX expert reviews.
• Security issues were fixed, including removing user browse record from safe_eval context, adding multi-company enforcement, and implementing domain filter validation.
• A priority ordering bug was resolved, ensuring alerts sort semantically (critical > high > medium > low).
• State guards were added to acknowledge/resolve actions to prevent double-transitions.
• A Kanban view with state grouping, progress bar, and dropdown quick actions was introduced.
• Stat buttons (View Source, Related Alerts, Alert Count), hotkeys, a domain widget, and chatter were added to the rule form.
• Mail.thread inheritance was added to alert rules for audit compliance with field tracking.
• The DESCRIPTION.md was rewritten to accurately describe module capabilities.
• A comprehensive QA UI testing guide (USAGE.md) with 14 sections and approximately 50 test cases was added.
• The test suite was expanded to 104 tests, achieving approximately 99% model coverage.
• Two tests broken by the new domain validation constraint were fixed using SQL bypass for error-path testing.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[codecov]

Codecov Report

❌ Patch coverage is 97.10145% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.22%. Comparing base (9c2376e) to head (85d5a26).

Files with missing lines	Patch %	Lines
spp_alerts/models/alert_rule.py	94.28%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             19.0     #102      +/-   ##
==========================================
+ Coverage   71.17%   71.22%   +0.05%     
==========================================
  Files         704      704              
  Lines       38554    38616      +62     
==========================================
+ Hits        27439    27504      +65     
+ Misses      11115    11112       -3     

Flag	Coverage Δ
spp_alerts	96.77% <97.10%> (+2.68%)	⬆️
spp_base_common	90.26% <ø> (ø)
spp_drims	79.55% <ø> (ø)
spp_drims_sl_demo	68.91% <ø> (ø)
spp_programs	45.51% <ø> (ø)
spp_security	66.66% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
spp_alerts/__manifest__.py	0.00% <ø> (ø)
spp_alerts/models/alert.py	100.00% <100.00%> (ø)
spp_alerts/models/alert_rule.py	95.73% <94.28%> (+3.13%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gemini-code-assist]

Code Review

This is an excellent and comprehensive pull request that significantly hardens the spp_alerts module for public release. The changes address security vulnerabilities, fix bugs like priority sorting, and add numerous valuable features such as a Kanban view, stat buttons, and improved UI/UX with a domain widget. The codebase is cleaner, more robust with added state guards and validation, and better audited with mail.thread tracking. The expanded test suite and detailed documentation, including a new UI testing guide, are also great additions that improve the module's quality and maintainability. I have one suggestion regarding the documentation to improve its structure.

[gemini-code-assist]

The addition of a comprehensive UI testing guide is excellent for maintainability and QA. However, including the entire guide in the main README.rst makes the file very long and hard to navigate. This content appears to be duplicated from spp_alerts/readme/USAGE.md.

To improve readability and avoid duplication, I suggest keeping the README.rst concise and linking to the detailed USAGE.md file instead.

Suggested change

	Usage
	=====
	UI Testing Guide
	----------------
	This guide covers all user-facing functionality in the ``spp_alerts``
	module. Follow each section in order. Each test case includes the steps,
	what to verify, and the expected result.
	**Prerequisites:**
	- Install the ``spp_alerts`` module
	- Log in as **admin** (has all permissions by default)
	- Ensure at least one model is available (e.g., ``res.partner`` — always
	present)
	--------------
	1. Navigation and Menu Access
	-----------------------------
	**TC-1.1: Menu visibility**
	1. Navigate to **Settings > Technical**
	2. Scroll down to find the **Alerts** section
	**Verify:**
	- ☐ An **Alerts** menu group is visible under Settings > Technical
	- ☐ It contains two submenus: **Alerts** and **Alert Rules**
	**TC-1.2: URL paths**
	1. Navigate to **Settings > Technical > Alerts > Alerts**
	2. Check the browser URL
	**Verify:**
	- ☐ URL ends with ``/odoo/alerts``
	3. Navigate to **Settings > Technical > Alerts > Alert Rules**
	**Verify:**
	- ☐ URL ends with ``/odoo/alert-rules``
	--------------
	2. Alert Rules — List View
	--------------------------
	**TC-2.1: Empty state**
	1. Navigate to **Settings > Technical > Alerts > Alert Rules**
	2. Remove any active search filters
	**Verify (if no rules exist):**
	- ☐ Empty state shows smiley face icon
	- ☐ Message reads: "No alert rules configured"
	- ☐ Description mentions configuring rules for thresholds, expiry dates,
	and deadlines
	**TC-2.2: List view columns**
	1. Create at least one alert rule (see TC-3.1)
	2. Return to the list view
	**Verify:**
	- ☐ Columns visible: drag handle (sequence), Name, Alert Type, Model to
	Monitor, Rule Type, Priority, Threshold Value, Days Before, Active
	- ☐ Rule Type, Threshold Value, and Days Before have "optional column"
	toggles
	- ☐ Rows can be reordered by dragging the handle icon
	- ☐ Sample data appears in the background when the list is empty
	**TC-2.3: Search and filters**
	1. Click the search bar
	2. Try searching by Name, Alert Type, and Model
	**Verify:**
	- ☐ Filters available: Active, Inactive, Critical Priority, High
	Priority
	- ☐ Group By options: Alert Type, Model, Priority, Rule Type
	--------------
	3. Alert Rules — Form View
	--------------------------
	**TC-3.1: Create a threshold rule**
	1. Click **New** on the Alert Rules list
	2. Fill in:
	- **Rule Name**: "Test Low Color Warning"
	- **Alert Type**: select "Threshold Alert" from the dropdown (cannot
	type to create new)
	- **Default Priority**: "High"
	- **Model to Monitor**: select "Contact" (res.partner)
	- **Rule Type**: select "Threshold"
	3. Optionally add a **Description** in the text area below the main
	fields
	4. Observe the **Evaluation** tab appears after selecting Rule Type
	**Verify:**
	- ☐ Alert Type dropdown does NOT show a "Create" option
	- ☐ After selecting Model and Rule Type, the Evaluation tab appears
	- ☐ Evaluation tab shows **Threshold Settings** section with: Monitored
	Field, Comparison, Threshold Value
	5. In the Evaluation tab:
	- **Monitored Field**: select "Color Index" (or any numeric field)
	- **Comparison**: "Less Than (<)"
	- **Threshold Value**: 5
	6. Under **Record Filter**, observe the visual domain builder
	**Verify:**
	- ☐ Domain builder shows fields from the selected model
	(Contact/res.partner)
	- ☐ You can add filter conditions visually (e.g., "Active is set")
	7. Save the rule
	**Verify:**
	- ☐ Rule saves without errors
	- ☐ Chatter (message log) appears at the bottom of the form
	- ☐ An **Alerts** stat button appears in the top-right showing "0
	Alerts"
	**TC-3.2: Create a date rule**
	1. Create a new rule:
	- **Rule Name**: "Test Deadline Warning"
	- **Alert Type**: "Deadline Alert"
	- **Model to Monitor**: "Contact"
	- **Rule Type**: "Date / Deadline"
	**Verify:**
	- ☐ Evaluation tab shows **Date Settings** section (not Threshold
	Settings)
	- ☐ Date Settings has: Date Field and Days Before
	2. Fill in:
	- **Date Field**: select "Last Updated on" (write_date) or any
	date/datetime field
	- **Days Before**: 30
	3. Save
	**Verify:**
	- ☐ Rule saves without errors
	**TC-3.3: Run Now button**
	1. Open the threshold rule created in TC-3.1
	2. Click the **Run Now** button in the header
	**Verify:**
	- ☐ A notification appears: "X alert(s) created by rule 'Test Low Color
	Warning'"
	- ☐ The Alerts stat button count updates to reflect created alerts
	- ☐ Click the stat button — it opens a filtered list of alerts from this
	rule
	**TC-3.4: Archive and unarchive**
	1. Open any rule
	2. Click **Action > Archive**
	**Verify:**
	- ☐ A red **Archived** ribbon appears on the form
	- ☐ The rule disappears from the default list view (which filters active
	rules)
	3. In the list view, add the "Inactive" filter
	**Verify:**
	- ☐ The archived rule appears
	- ☐ Open it and click **Action > Unarchive** — ribbon disappears
	**TC-3.5: Validation errors**
	1. Create a new rule with Rule Type = "Threshold" but leave Monitored
	Field empty
	2. Try to save
	**Verify:**
	- ☐ Error: "A monitored field is required for threshold rules."
	3. Create a new rule with Rule Type = "Date / Deadline" but leave Date
	Field empty
	4. Try to save
	**Verify:**
	- ☐ Error: "A date field is required for date rules."
	5. Create a rule and set Domain Filter to an invalid expression (e.g.,
	type ``INVALID`` in the domain builder's code editor if available)
	6. Try to save
	**Verify:**
	- ☐ Error: "Invalid domain filter: ..."
	**TC-3.6: Run Now without configuration**
	1. Create a rule with no Rule Type and no Model
	2. Observe the header
	**Verify:**
	- ☐ The **Run Now** button is NOT visible (it requires both Rule Type
	and Model)
	--------------
	4. Alerts — Creating Manually
	-----------------------------
	**TC-4.1: Create a manual alert**
	1. Navigate to **Settings > Technical > Alerts > Alerts**
	2. Click **New**
	3. Fill in:
	- **Alert Type**: "Manual Alert"
	- **Priority**: "Critical"
	- **Title**: "Test Manual Alert"
	4. Go to the **Details** tab and add a description
	5. Save
	**Verify:**
	- ☐ Reference auto-generated in format ``ALR-YYYY-NNNNN`` (e.g.,
	ALR-2026-00001)
	- ☐ State shows "Active" in the statusbar
	- ☐ **Acknowledge** button (blue) is visible in the header
	- ☐ **Resolve** button (green) is visible in the header
	- ☐ Priority and Alert Type fields are editable
	- ☐ Chatter (message log) appears at the bottom
	- ☐ No "View Source" or "Related Alerts" stat buttons (manual alert has
	no source)
	**TC-4.2: Unique references**
	1. Create three alerts quickly
	**Verify:**
	- ☐ Each alert gets a unique, sequential reference number
	--------------
	5. Alerts — List View
	---------------------
	**TC-5.1: List view appearance**
	1. Navigate to **Settings > Technical > Alerts > Alerts**
	2. Ensure some alerts exist (use Run Now on a rule, or create manually)
	**Verify:**
	- ☐ Columns visible: Reference, Title, Alert Type, Priority (badge),
	State (badge), Created On
	- ☐ Critical-priority rows have a red tint
	- ☐ High-priority rows have an orange/warning tint
	- ☐ Resolved rows are muted/grayed out
	- ☐ Priority badges: Critical = red, High = orange, Medium = blue
	- ☐ State badges: Active = red, Acknowledged = orange, Resolved = green
	- ☐ Source Rule and Company columns are hidden by default (use optional
	column toggle)
	- ☐ Default filter shows only Active alerts (check search bar for
	"Active" filter chip)
	**TC-5.2: Search panel**
	1. Look at the left side of the list view
	**Verify:**
	- ☐ Search panel shows three filter groups: State, Priority, Alert Type
	- ☐ Each option shows a count of matching alerts
	- ☐ Clicking a filter value narrows the list immediately
	**TC-5.3: Search filters and Group By**
	1. Click the search bar
	**Verify:**
	- ☐ Can search by Reference, Title, Alert Type
	- ☐ Filters: Active, Acknowledged, Resolved, Critical, High Priority
	- ☐ Group By: State, Priority, Type
	--------------
	6. Alerts — Kanban View
	-----------------------
	**TC-6.1: Switch to kanban**
	1. On the Alerts list, click the kanban view icon (grid icon in the view
	switcher)
	**Verify:**
	- ☐ Alerts are displayed as cards grouped into columns by State: Active,
	Acknowledged, Resolved
	- ☐ Each column header shows the state name and alert count
	- ☐ A colored progress bar appears at the top of each column showing
	priority distribution (gray = low, blue = medium, orange = high, red =
	critical)
	- ☐ Quick create is disabled (no "+" button at top of columns)
	**TC-6.2: Kanban card content**
	1. Examine an alert card
	**Verify:**
	- ☐ Card shows: priority stars, reference (bold), title, alert type,
	creation date
	- ☐ A three-dot dropdown menu appears on hover (top-right of card)
	**TC-6.3: Kanban dropdown actions**
	1. Hover over an **Active** alert card and click the three-dot menu
	**Verify:**
	- ☐ Dropdown shows: **Acknowledge** and **Resolve**
	2. Click **Acknowledge**
	**Verify:**
	- ☐ Card moves to the Acknowledged column
	3. Hover over the now-acknowledged card, open dropdown
	**Verify:**
	- ☐ Dropdown shows only **Resolve** (Acknowledge is gone)
	4. Click **Resolve**
	**Verify:**
	- ☐ A dialog or form opens requesting resolution notes (since the action
	requires notes)
	--------------
	7. Alert State Transitions
	--------------------------
	**TC-7.1: Active to Acknowledged**
	1. Open an Active alert
	2. Click the **Acknowledge** button
	**Verify:**
	- ☐ State changes to "Acknowledged"
	- ☐ Statusbar updates to highlight "Acknowledged"
	- ☐ Acknowledge button disappears
	- ☐ Resolve button remains visible
	- ☐ Fields (Alert Type, Priority, Title) are still editable
	- ☐ Chatter logs a state change message
	**TC-7.2: Acknowledged to Resolved**
	1. On the acknowledged alert, go to the **Resolution** tab
	**Verify:**
	- ☐ An info banner reads: "Please add resolution notes describing how
	this alert was addressed, then click Resolve."
	- ☐ Resolved By and Resolved At fields are empty
	2. Enter resolution notes in the text area
	3. Click the **Resolve** button
	**Verify:**
	- ☐ State changes to "Resolved"
	- ☐ Resolved By shows your user name
	- ☐ Resolved At shows the current timestamp
	- ☐ Resolution Notes are preserved and now read-only
	- ☐ Info banner disappears
	- ☐ Both Acknowledge and Resolve buttons disappear
	- ☐ All main fields (Alert Type, Priority, Title, Description) become
	read-only
	**TC-7.3: Active to Resolved directly (skip Acknowledge)**
	1. Create a new alert and leave it in Active state
	2. Go to the **Resolution** tab
	3. Enter resolution notes
	4. Click **Resolve**
	**Verify:**
	- ☐ Alert goes directly from Active to Resolved (skipping Acknowledged)
	- ☐ All resolution fields are populated correctly
	**TC-7.4: Resolve without notes**
	1. Create a new Active alert
	2. Click **Resolve** without entering resolution notes
	**Verify:**
	- ☐ Error message: "Please provide resolution notes before resolving the
	alert."
	- ☐ Alert remains in its current state
	**TC-7.5: Double-acknowledge prevention**
	1. Acknowledge an alert
	2. Try to acknowledge it again (via API or another browser tab)
	**Verify:**
	- ☐ Error: "Only active alerts can be acknowledged."
	- ☐ The Acknowledge button is not visible on the form (it only shows for
	Active alerts)
	**TC-7.6: Double-resolve prevention**
	1. Resolve an alert
	2. Try to resolve it again
	**Verify:**
	- ☐ Error: "Alert 'ALR-YYYY-NNNNN' is already resolved."
	- ☐ The Resolve button is not visible on the form
	--------------
	8. Alert Form — Rule-Generated Alerts
	-------------------------------------
	**TC-8.1: Source tracking fields**
	1. Run a rule (via **Run Now** on an alert rule)
	2. Open one of the generated alerts
	**Verify:**
	- ☐ Right side of the form shows a **Source** section with: Source Rule,
	Source Model, Source Record, Source Record Name
	- ☐ If the rule is a threshold rule, a **Metrics** section shows:
	Current Value, Threshold, Days Until
	- ☐ A **View Source** stat button appears in the top-right
	- ☐ A **Related Alerts** stat button appears (if rule created multiple
	alerts)
	**TC-8.2: View Source button**
	1. Click the **View Source** stat button
	**Verify:**
	- ☐ Opens the source record's form view (e.g., a Contact form)
	- ☐ The correct record is displayed
	**TC-8.3: Related Alerts button**
	1. Go back to the alert and click the **Related Alerts** stat button
	**Verify:**
	- ☐ Opens a list of other alerts from the same rule (excluding the
	current alert)
	- ☐ Default filter shows Active alerts
	--------------
	9. Keyboard Shortcuts
	---------------------
	**TC-9.1: Hotkeys**
	1. Open an Active alert form
	2. Press **Alt+A** (or the platform equivalent for ``data-hotkey="a"``)
	**Verify:**
	- ☐ Alert is acknowledged
	3. Press **Alt+R**
	**Verify:**
	- ☐ Resolve action is triggered (will ask for notes if none provided)
	--------------
	10. Cron Job
	------------
	**TC-10.1: Scheduled action exists**
	1. Navigate to **Settings > Technical > Scheduled Actions**
	2. Search for "Alerts"
	**Verify:**
	- ☐ A scheduled action named **"Alerts: Evaluate Alert Rules"** exists
	- ☐ It is active
	- ☐ Interval is set to 1 day
	**TC-10.2: Cron execution**
	1. Ensure at least one active alert rule with matching records exists
	2. Click **Run Manually** on the scheduled action
	**Verify:**
	- ☐ New alerts are created for matching records
	- ☐ No duplicate alerts for records that already have
	active/acknowledged alerts
	--------------
	11. Security and Access Control
	-------------------------------
	Test with three different users. Create them via **Settings > Users &
	Companies > Users** and assign the appropriate group under the SPP Admin
	section.
	**TC-11.1: Viewer role**
	1. Log in as a user with **Alerts Viewer** group only
	2. Navigate to **Settings > Technical > Alerts > Alerts**
	**Verify:**
	- ☐ Can see the Alerts menu and list
	- ☐ Can open and read alert details
	- ☐ Cannot create new alerts (New button absent or errors on save)
	- ☐ Cannot edit existing alerts
	- ☐ Cannot acknowledge or resolve alerts (buttons error on click)
	- ☐ **Alert Rules** submenu is NOT visible
	**TC-11.2: Officer role**
	1. Log in as a user with **Alerts Officer** group
	2. Navigate to **Settings > Technical > Alerts > Alerts**
	**Verify:**
	- ☐ Can create new alerts
	- ☐ Can edit alerts (change priority, title, etc.)
	- ☐ Can acknowledge and resolve alerts
	- ☐ Cannot delete alerts
	- ☐ Can see **Alert Rules** submenu but rules are read-only
	- ☐ Cannot create or edit alert rules
	**TC-11.3: Manager role**
	1. Log in as a user with **Alerts Manager** group
	**Verify:**
	- ☐ Full access to alerts: create, read, update, delete
	- ☐ Full access to alert rules: create, read, update, delete
	- ☐ Can click **Run Now** on alert rules
	- ☐ Can archive/unarchive rules
	--------------
	12. Multi-Company (if applicable)
	---------------------------------
	Only test this section if multi-company is enabled.
	**TC-12.1: Company isolation**
	1. Create an alert in Company A
	2. Switch to Company B
	**Verify:**
	- ☐ The alert from Company A is not visible in Company B
	- ☐ New alerts default to the current company
	--------------
	13. Alert Types (Vocabulary)
	----------------------------
	**TC-13.1: Pre-installed types**
	1. Open any alert or rule form
	2. Click the **Alert Type** dropdown
	**Verify the following types are available:**
	- ☐ Threshold Alert
	- ☐ Expiry Alert
	- ☐ Deadline Alert
	- ☐ Manual Alert
	- ☐ System Alert
	- ☐ Cannot create new types from the dropdown (no "Create" option)
	--------------
	14. Edge Cases
	--------------
	**TC-14.1: Empty state**
	1. Delete or resolve all alerts
	2. Remove the "Active" default filter
	**Verify:**
	- ☐ Empty state shows: "No active alerts" with smiley face
	**TC-14.2: Sorting**
	1. Create alerts with different priorities (low, medium, high, critical)
	2. View the list (default sort)
	**Verify:**
	- ☐ Alerts are sorted by priority (critical first) then by creation date
	(newest first)
	- ☐ This is semantic ordering: critical > high > medium > low (not
	alphabetical)
	Usage
	=====
	For a comprehensive UI testing guide, please see `readme/USAGE.md <readme/USAGE.md>`_.