DIREKT Test Strategy¶
Quality model¶
Test at the lowest reliable layer, then prove critical journeys end to end.
Layers¶
- static analysis/format/type checks;
- domain unit tests;
- repository/data tests;
- database/API integration;
- contract tests;
- Android ViewModel/Compose;
- admin component/browser;
- security/authorization;
- performance/resilience;
- pilot acceptance.
Risk priority¶
Highest coverage:
- trust-state transitions;
- evidence access;
- location privacy;
- provider/tenant authorization;
- payment idempotency;
- review eligibility;
- expiry/revocation;
- offline upload;
- complaint/enforcement;
- account/session security.
Environments¶
- local synthetic;
- CI ephemeral;
- shared development;
- staging/pilot with synthetic/approved test data;
- production smoke tests that do not mutate sensitive state unexpectedly.
Test data¶
Factories and deterministic synthetic fixtures. No copied production identity/evidence.
CI¶
Every push runs relevant checks. Phase checkpoint runs full suites, migration verification, docs and security scans. Flaky tests are defects.
Evidence¶
Store machine-readable reports/artifacts with retention appropriate to public repository privacy.
Phase 9 commercial validation¶
Permanent Phase 9 tests cover actor-resolved provider scope, hashed idempotency and fingerprint conflicts, subscription states, immutable invoice lines, signed/timestamped webhook processing, replay/conflict handling, amount/currency mismatch reconciliation, balanced append-only ledger posting, two-approver adjustments, production-disabled adapters, credential/privacy leak assertions, Android process-death recovery and accessible commercial states, portal finance-permission separation, API-only architecture and before/after trust independence. Promotion requires backend, Android, portal and documentation gates on one exact reviewed head.