roost-io · Divyeshzb · Apr 28, 2026 · Copilot · Apr 28, 2026
diff --git a/functional_tests/README.md b/functional_tests/README.md
@@ -65,3 +65,20 @@
 
 ---
 
+**Execution Date:** 4/28/2026, 7:14:16 AM
+
+**Test Unique Identifier:** "functional-test-generation"
+
+**Input(s):**
+   1. Aegis_WebCC_SRS.pdf
+      Path: /var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/Aegis_WebCC_SRS.pdf
-      Path: /var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/Aegis_WebCC_SRS.pdf
+      Path: Aegis_WebCC_SRS.pdf
-      Path: /var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/Aegis_WebCC_SRS.pdf
+      Path: Aegis_WebCC_SRS.pdf
+
+**Test Output Folder:**
+   1. [functional-test-generation.json](functional-test-generation/functional-test-generation.json)
+   2. [functional-test-generation.feature](functional-test-generation/functional-test-generation.feature)
+   3. [functional-test-generation.csv](functional-test-generation/functional-test-generation.csv)
+   4. [functional-test-generation.xlsx](functional-test-generation/functional-test-generation.xlsx)
+   5. [functional-test-generation.docx](functional-test-generation/functional-test-generation.docx)
+
+---
+
diff --git a/functional_tests/functional-test-generation/.roost/roost_metadata.json b/functional_tests/functional-test-generation/.roost/roost_metadata.json
@@ -0,0 +1,24 @@
+{
+  "project": {
+    "name": "functional-test-generation",
+    "created_at": "2026-04-28T07:14:16.361Z",
+    "updated_at": "2026-04-28T07:14:16.361Z"
+  },
+  "files": {
+    "input_files": [
+      {
+        "fileName": "functional-test-generation.txt",
+        "fileURI": "/var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/functional_tests/functional-test-generation/functional-test-generation.txt",
+        "fileSha": "cf83e1357e"
+      },
+      {
+        "fileName": "Aegis_WebCC_SRS.pdf",
+        "fileURI": "/var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/functional_tests/functional-test-generation/Aegis_WebCC_SRS.pdf",
+        "fileSha": "dcebdb1a12"
+      }
+    ]
+  },
+  "api_files": {
+    "input_files": []
+  }
+}
diff --git a/functional_tests/functional-test-generation/functional-test-generation.csv b/functional_tests/functional-test-generation/functional-test-generation.csv
@@ -0,0 +1,31 @@
+End-to-end registration, verification, MFA login, 3-step application, approval for FICO > 680, and masked PAN returned by summary
+Application decision PENDING and DECLINED with duplicate application control and signature requirement
+Login lockout after five failures, rate limiting, MFA enforcement, and remember_me cookie TTL
+Refresh token rotation with single-use invalidation and concurrent refresh behavior
+Application sequencing, conditional employment fields, sin_consent enforcement, and X-App-Session 30-minute expiry
+Application Step 1 address and identity validation failures and success
+Application Step 3 validation for invalid product id, malformed e_signature, and marketing_opt_in default/explicit
+CSRF enforcement and SameSite=Strict cross-site POST rejection across endpoints
+Transactions exchange rate precision, zero amount, foreign fee rounding, and non-essential over-limit rejection
+Essential MCC 5% over-limit buffer boundary approvals and rejections vs non-essential MCC
+Freeze card prevents transactions, unfreeze via OTP, essential buffer boundary, and 60-minute frequency limit with MFA requirement
+Report card stolen is irreversible, forbids PIN and status changes, denies transactions, schedules replacement, and handles duplicates
+List transactions with date boundaries, pagination limits, category filter, and owner-only access
+Payments validation for minimum amount, bank account validity, date scheduling, owner-only access, and success cases
+Account summary include_rewards toggle, owner-only access enforcement, not-found and unauthorized handling
+Foreign purchase, fee and rewards, statements JSON/PDF, payment CSRF negative/positive, late fee webhook idempotency, session timeout and right to rescind
+ADB interest calculation and grace period across consecutive cycles
+Rewards accrual 1x with floor for non-travel and 3x for travel MCC in CAD
+Set PIN with OTP success, mismatch/format errors, OTP invalid, and allowed while Frozen
+Freeze/Unfreeze OTP attempt limits, resend OTP resets attempts, and successful transitions
+Owner-only card controls and report-lost: IDOR prevention and invalid status value handling
+WebSocket live transaction feed authentication, event delivery, unauthorized connection, and reconnect
+Registration field validations and duplicate email handling with secure cookie attributes
+Registration password complexity and leap-year age validation
+Email verification invalid/tampered, expired, resend rate-limit, and successful activation
+Credit limit change audit trail immutability and visibility, and role-based access
+Notifications webhook validation, multi-channel delivery, and idempotency per-account scope
+Right to rescind deletion leads to 404 on subsequent endpoints and idempotent DELETE
+Dashboard displays masked PAN and no PII leakage
+Application Step 1 draft auto-save every 60 seconds, restore, sanitize, and cleanup after submission
+Session timeout warning at 13 minutes and expiry at 15 minutes
diff --git a/functional_tests/functional-test-generation/functional-test-generation.docx b/functional_tests/functional-test-generation/functional-test-generation.docx