Test Design: Sprint 1 (Core HR Platform)¶
Generated: 2025-11-22 Scope: End-to-end activation (signup → invite → magic link activation), platform scaffolding, tenant isolation baseline, read-only employee profile, instrumentation events.
1. Objectives¶
- Validate functional correctness of activation funnel.
- Ensure tenant isolation (no cross-tenant data exposure) for early entities.
- Establish baseline performance & observability for critical flows.
- Provide regression-ready scenario set for future SSO & profile expansion.
2. In-Scope Items¶
| Item | Stories/Reqs |
|---|---|
| Platform scaffolding | REQ-ARCH-1, REQ-ARCH-2 |
| Tenant isolation baseline | REQ-ARCH-3 |
| Signup provisioning | US-101 |
| Invitation flow | US-102 |
| Magic link activation | US-103 |
| Employee profile read-only | US-301 (subset) |
| Observability events | TECH-OBS-1 |
| Isolation & activation tests | TECH-QA-1 |
3. Traceability Matrix¶
| Story/Req | Scenario ID | Scenario Description | Test Type | Automation Priority |
|---|---|---|---|---|
| US-101 | TC-SIGNUP-01 | Successful signup creates tenant & redirects | E2E | High |
| US-101 | TC-SIGNUP-02 | Duplicate email rejected | API | High |
| US-101 | TC-SIGNUP-03 | Password policy enforcement | API | Medium |
| US-101 | TC-SIGNUP-04 | Tenant data isolation post-provision | Integration | High |
| US-102 | TC-INVITE-01 | Create invitation sets status Pending & sends email | API | High |
| US-102 | TC-INVITE-02 | Resend invitation updates audit log | API | Medium |
| US-102 | TC-INVITE-03 | Expired invitation access blocked | E2E | High |
| US-103 | TC-ACTIVATE-01 | Valid magic link activation path | E2E | High |
| US-103 | TC-ACTIVATE-02 | Magic link reuse prevented | API | High |
| US-103 | TC-ACTIVATE-03 | Expired token prompts resend flow | E2E | Medium |
| REQ-ARCH-3 | TC-ISOLATION-01 | Cross-tenant employee read blocked | Integration | High |
| REQ-ARCH-3 | TC-ISOLATION-02 | Tenant context injection present in logs | Observability | Medium |
| US-301 | TC-PROFILE-01 | HR reads employee profile fields | API | Medium |
| US-301 | TC-PROFILE-02 | Non-HR cannot edit protected fields | API | Medium |
| TECH-OBS-1 | TC-EVENTS-01 | Signup events emitted (SignupStarted, TenantProvisioned) | Observability | High |
| TECH-OBS-1 | TC-EVENTS-02 | Invite & Activation events emitted | Observability | High |
| TECH-QA-1 | TC-E2E-CHAIN-01 | Full chain: signup → invite → activation traceable | E2E | High |
4. Detailed Scenario Designs¶
TC-SIGNUP-01¶
Pre: Fresh environment, no user with email. Steps: Submit signup form → Follow redirect to dashboard. Assertions: 201 user; tenant record exists; dashboard loads; events (SignupStarted, TenantProvisioned) present; latency <2s.
TC-INVITE-03¶
Pre: Invitation created with expiry reduced (inject test config) & time advanced beyond TTL. Steps: Hit invite acceptance endpoint with token. Assertions: 410/Expired response; no account created; audit entry InvitationExpired.
TC-ACTIVATE-01¶
Pre: Pending invite; token not expired. Steps: Visit magic link → complete minimal profile/password. Assertions: User created, invitation status Accepted, ActivationCompleted event, single-use token invalidated.
TC-ISOLATION-01¶
Pre: Tenant A and Tenant B; each with distinct employee records. Steps: Use Tenant A auth context to request Tenant B employee ID. Assertions: 404 or forbidden; log includes tenant mismatch; no data leakage.
TC-E2E-CHAIN-01¶
Pre: None. Steps: Signup user (tenant owner) → create invite → accept invite via magic link. Assertions: All entities created; events chain correlates via trace ID; isolation maintained; final activation latency acceptable (<5s perceived).
5. Negative & Edge Cases¶
- Signup rate limiting (optional future) – placeholder.
- Invitation token tampering (altered token) returns invalid signature.
- Activation with missing required profile field triggers validation error.
- Tenant switch attempt before multiple tenants exist (graceful no-op).
6. Non-Functional Baseline Checks¶
| Metric | Target | Test Approach |
|---|---|---|
| Signup end-to-end latency p95 | < 2000ms | Time API + initial dashboard load |
| Invite creation latency p95 | < 300ms | API timing via integration test |
| Activation success rate | > 95% (no failures in controlled env) | E2E repeat runs |
| Isolation test pass rate | 100% | Automated suite |
7. Security Considerations¶
- Token entropy check (length & randomness) – static analysis or runtime sampling.
- Password hashing algorithm verification (Argon2/Bcrypt) – inspect configuration.
- No cross-tenant PII returned (validate JSON responses exclude other tenant IDs).
8. Observability & Logging¶
Event fields to assert (example): | Event | Required Fields | |-------|----------------| | SignupStarted | traceId, timestamp, email hash, tenantId (null pre-provision) | | TenantProvisioned | traceId, tenantId, ownerUserId | | InvitationCreated | traceId, tenantId, invitationId, status | | InvitationAccepted | traceId, tenantId, userId | | ActivationCompleted | traceId, tenantId, userId |
9. Test Data Strategy¶
- Use ephemeral tenants per test run to avoid cross-test contamination.
- Shared fixtures: password policy, token TTL overrides for expiry tests.
- Data teardown: schema truncate (isolated) or tenant-level cleanup.
10. Automation Architecture¶
- Layers: API integration (REST), E2E (browser / headless), isolation integration (service + DB asserts), observability verification (log/event capture adapter).
- Tagging: @e2e, @isolation, @observability for selective CI runs.
11. Risk-Based Prioritization¶
High priority automation: Activation chain, tenant isolation, token expiry, event emission. Medium: Duplicate email, invitation resend, profile read-only. Deferred: Rate limiting, advanced error states.
12. Execution Plan¶
Day 1–2: Scaffold test harness & isolation tests. Day 3–5: Implement signup/invite/activation scenarios. Day 6–7: Add profile read-only + observability assertions. Day 8–9: Non-functional baseline measurements + flaky test stabilization. Day 10: Final regression run & coverage report.
13. Coverage & Gaps¶
Functional coverage (Sprint 1 scope): ~85% (remaining: tenant switcher, not in committed scope). Non-functional deeper security (penetration, fuzzing) scheduled for later sprint.
14. Open Questions¶
- Tooling stack (Playwright vs Cypress) decision? (Affects E2E harness.)
- Event capture method – direct log scraping or analytics API?
- Do we assert PWA manifest presence in Sprint 1 or later?
Version: 1.0