Comprehensive testing approach for production-ready quality.

Last Updated: January 31, 2026 Coverage Target: 80%+ (v0.9.8), 85%+ (v1.0)

           /\
          /E2E\         20 tests
         /------\
        /  INT   \      150 tests  
       /----------\
      /    UNIT    \    500+ tests
     /--------------\

Purpose: Test individual functions and modules in isolation

Coverage: 85%

Tools: Bash test framework, ShellSpec (optional)

Examples:

• Configuration parsing
• Environment variable handling
• String manipulation
• File operations
• Validation logic

Location: src/tests/unit/

Purpose: Test service interactions and workflows

Coverage: 75%

Tools: Docker Compose, PostgreSQL, Hasura

Examples:

• Database migrations
• Multi-tenant isolation (RLS)
• Authentication flows
• GraphQL queries
• Backup/restore operations

Location: src/tests/integration/

Purpose: Test complete user workflows

Coverage: 70%

Tools: Real deployments, actual services

Examples:

• Init → Build → Start → Deploy workflow
• User signup → Login → API call flow
• Billing subscription lifecycle
• White-label tenant setup
• Production deployment

Location: src/tests/e2e/

Purpose: Validate security measures

Tools: Security scanner, SQL injection tester

Examples:

• SQL injection prevention
• XSS protection
• Command injection prevention
• Secrets detection
• Permission checks

Location: src/tests/security/

Purpose: Ensure performance targets

Tools: Time measurements, benchmarking

Examples:

• Build time < 30s
• Start time < 60s
• Query performance < 100ms
• API latency < 200ms

Location: src/tests/performance/

# Run all tests
bash src/tests/run-tests.sh

# Run specific test category
bash src/tests/unit/run-unit-tests.sh
bash src/tests/integration/run-integration-tests.sh
bash src/tests/e2e/run-e2e-tests.sh

# Run single test file
bash src/tests/unit/test-init.sh

Triggers:

• Every push
• Every pull request
• Daily scheduled run

Matrix:

• Ubuntu 22.04 + Bash 5.x
• Ubuntu 22.04 + Bash 3.2
• macOS Latest + Bash 3.2

Workflows:

1. Portability Check
2. Unit Tests
3. Integration Tests
4. Security Scan
5. Platform Compatibility

• Code lints successfully
• New code has tests
• All tests pass locally

• All tests pass
• Coverage maintained or improved
• No security issues introduced

• All tests passing (100%)
• Coverage ≥ 80%
• Performance benchmarks met
• Cross-platform validated
• Security audit clean

test_validate_port() {
  local result
  
  # Test valid port
  validate_port "3000" && result=$? || result=$?
  assert_equals "0" "$result" "Valid port should return 0"
  
  # Test invalid port
  validate_port "99999" && result=$? || result=$?
  assert_not_equals "0" "$result" "Invalid port should fail"
}

test_tenant_isolation() {
  # Create two tenants
  local tenant_a=$(create_tenant "Tenant A")
  local tenant_b=$(create_tenant "Tenant B")
  
  # Create data in tenant A
  create_tenant_data "$tenant_a" "secret data"
  
  # Verify tenant B cannot see it
  local data=$(query_as_tenant "$tenant_b" "SELECT * FROM data")
  assert_empty "$data" "Tenant B should not see Tenant A data"
}

Billing (150 tests):

• Subscription creation
• Plan upgrades/downgrades
• Usage tracking
• Invoice generation
• Payment failures
• Webhook handling

White-Label (100 tests):

• Custom domains
• Branding customization
• Email template overrides
• Theme configuration
• Logo management

• Test count
• Coverage percentage
• Test execution time
• Flaky test rate
• Bug escape rate

• Identify coverage gaps
• Remove redundant tests
• Fix flaky tests
• Improve test speed
• Update test data

See Also:

• Quality Metrics
• Performance Benchmarks
• CI/CD Configuration