Source: 32-V3-NETSUITE-PRODUCTION-TEST-RUNBOOK.md

What this source is

An operational runbook for Preston that closes the single remaining build-side item across the whole review series: proving the SuiteCentral 2.0 NetSuite connector works against a production-tier NetSuite instance (not just the TSTDRV sandbox it is validated against today), and updating the evidence so the connector proof cards stop saying “sandbox only.” ~15 minutes; touches no client data (it CRUDs its own tagged throwaway record and sweeps stragglers).

Key claims

1. Why it matters: every connector proof card still reads “tested against sandbox.” This is the last open engineering gap named in 31-suitecentral-evaluation-summary — closing it removes the “sandbox only” line and feeds both the SuiteApp/SDN certification track and the SOC 2 processing-integrity story. → squire-readiness-checklist
2. Who/where/cost: Preston runs it (full upstream repo access + production-tier NetSuite inside Squire). Running it on Squire’s own NetSuite is the stronger evidence — “built for ourselves first.” ~15 minutes. → preston-test-repo
3. What the test exercises: tests/integration/netsuite.connector.live.crud.test.ts — a full round-trip (testConnection → list → create tagged customer → read → update → search-by-tag → delete → read-after-delete-null), plus an afterAll tag-prefix sweep. It runs the same BaseConnector write path that triggers outbound governance/DLP, so a green run is real evidence of the production path, not just auth.
4. The skipped-suite trap (load-bearing caveat): with NETSUITE_LIVE_TESTS=1 but a missing credential var, the suite prints a warning and SKIPS — it does not fail. “The command passed” is therefore NOT proof the test ran; the operator must confirm the 8 blocks actually executed (Tests: 8 passed), not skipped. → production-vs-demo
5. Seven env vars gate it: NETSUITE_ACCOUNT_ID, NETSUITE_CONSUMER_KEY/SECRET, NETSUITE_TOKEN_ID/SECRET (Token-Based Auth / Integration Record + Access Token), optional NETSUITE_BASE_URL, and NETSUITE_LIVE_TESTS=1 to un-skip. Run via npm run test:netsuite:live.
6. Closing the claim: update the connector proof card docs/review/proof-cards/netsuite-connector.md and metrics.json statusEvidence (currently “…sandbox TSTDRV2698307”) to the production-tier wording + date, keeping the raw account ID out of committed text; re-run verify-metrics + audit-status-claims; commit in one PR. The reviewer mirror then drops “sandbox only” everywhere. → claim-proof-matrix
7. What it does NOT close: SOC 2 attestation and a production reference customer — both Squire org decisions, separate from this technical validation. An optional second live test (workflowCentral-render-netsuite.live.test.ts) adds a dated production-tier evidence point for the reference-based data-custody story (ADR-019 “we don’t host data, we fetch live”).

Cross-references

• This is the gate the two June-2026 leadership docs both name: 30-suitecentral-for-squire (“the honest gating item”) and 31-suitecentral-evaluation-summary (“the one open engineering item”) both point here. It blocks a paid client pilot, not an internal one.
• NetSuite OAuth1/TBA path is the production-proven connector path referenced in the portfolio recommendation (NetSuite-only pilot) — see squire and production-proof.
• The skipped-suite-exits-green caveat is the operational cousin of the platform’s broader demo-vs-production honesty discipline — production-vs-demo.

Pages updated

• squire-readiness-checklist — V3 captured as the single remaining OPEN build-side item with its closure procedure
• production-proof — the production-tier connector validation step and the “green != ran” skip caveat