Sample Analysis

This is what Ovi posts on every PR and ticket.

Below is a real Ovi QA analysis — the same comment that lands on your team's PRs and Linear tickets. No signup, no demo gate.

github.com/acme/web · feat(checkout): persist cart across sessions · #412
Open feat(checkout): persist cart across sessions #412
opened by @sarah-eng · 3 commits · +247 / -82 across 8 files
O
oviai-by-firstqa Bot
QA Analysis – by Ovi (the AI QA)
✅ Analyzing 3 commits across 8 files in this PR.
🎯 Pulse
MetricValueDetails
Decision⏸ Hold2 medium-severity issues — see Bugs & Risks below
RiskMediumCart-persistence touches auth state + cross-session data
ImpactCheckout, cart, session, anonymous-user flow
🔍 Bugs & Risks
🐛 Cart not cleared on logout checkout/CartProvider.tsx:142
Severity: P0 — privacy leak. When user A logs out and user B logs in on the same browser, A's cart items persist in B's session via the localStorage cart_state key. The logout handler clears auth tokens but not the cart provider state.
🐛 Anonymous → authenticated merge logic missing checkout/useCart.ts:88
Severity: P1. When an anonymous user adds items and then signs in, the new code overwrites their server-side saved cart instead of merging. Existing customers who built up a cart before logging in will lose those items.
🧪 Test Recipe
ScenarioExpectedPriority
Anonymous user adds item → logs in → cart preservedBoth new + existing items merged in cartP0
User A adds item → logs out → User B logs inUser B sees empty cart (or B's own saved cart)P0
Cart persists across browser tabsAdd in tab 1 → opens in tab 2 with same itemsP1
Cart persists after page refreshRefresh preserves items + quantitiesP1
Cart expires after 30-day inactivityStale carts removed silentlyP2
Server-side merge handles concurrent editsLast-write-wins with no item lossRegression
🤖 Test Code
Was this useful?
linear.app/acme · feat: Add user search to admin dashboard · ADM-318
In progress feat: Add user search to admin dashboard ADM-318
created by @pm-mia · 2 comments · assigned to @alex-eng
O
Ovi AI Bot
QA Analysis – by Ovi (the AI QA)
Ticket reviewed before dev starts. Flags below should be resolved before estimating.
🎯 Pulse
MetricValue
DecisionNeeds Clarification
RiskMedium
ImpactAdmin dashboard, user table, audit log
🔍 Requirement Gaps
Search scope undefined: Does "search by user" cover email, name, organization, or all? Each requires different indexes and UI affordances.
Permissions not specified: Can support agents see all users, or only their assigned org's? PII visibility matters for SOC2.
Pagination strategy: Cursor-based or offset? At current user count (50k), offset will degrade past page 100.
Empty-state copy: "No results" vs "No users match — try a partial email." Spec'd or designer's call?
Audit logging: Should user lookups be recorded in the admin audit log? Likely yes for compliance.
🧪 Test Recipe
ScenarioExpectedPriority
Search by exact emailMatching user shown firstP0
Search by partial name (case-insensitive)All matching users listed alphabeticallyP0
Search returns 0 resultsFriendly empty-state with suggested next actionP1
Search with admin who has no PII accessNames and emails redacted; UID still shownP0
Search loads next page (cursor or offset)No duplicates; pagination order stableP1
Lookup recorded in audit_log table1 row per search with admin_id + queryP1
Search by deleted user's emailReturns soft-deleted result with bannerP2
🧠 Edge Cases
What if two users share an email (legacy data)? Show both? Show newer?
Rate-limit search to prevent enumeration attacks. 5/sec per admin reasonable.
Unicode / emoji in display names — check truncation behavior.
Was this useful?
Run this on your own PRs and tickets.

Apply for early access. We approve every team personally and get you onboarded within 24 hours.

Apply for early access
Founding 10 — $299/mo locked forever · 7-day free trial · cancel anytime