Skip to content

Testing

No tests exist.

  • package.json scripts.test is the placeholder: "test": "echo \"Error: no test specified\" && exit 1" (verify; observed pattern across the platform)
  • No test framework in dependencies or devDependencies
  • No __tests__/, test/, spec/, e2e/ directories

What "verification" looks like today

Manual: spin up the admin FE (admin_console_R) against a local copy of this API, click around, eyeball the responses. The FE is the only test harness in practice.

Where to start, if testing is to be added

For a 40-endpoint internal API, the highest-value tests would be:

  1. Auth tests — verify that every authenticated endpoint returns 401 without a token, with a tampered token, with a revoked token.
  2. Role-gating tests — for handlers that filter by role, verify a low-privilege role sees fewer rows than a high-privilege role.
  3. Smoke tests per endpoint — assert a 200 response shape; catch handler-level crashes.
  4. Webhook signature tests (if the webhook handlers are ever implemented here).

A supertest + vitest setup with a seeded MySQL test database (probably easiest as a docker-compose test fixture) would cover these. ~1 week of engineer time for an initial pass.

Coverage in the broader platform

No backend in the Someli platform has automated tests at audit time. This repo follows the pattern. If testing infrastructure is introduced platform-wide, the admin API is a reasonable pilot (small, low-traffic, internal users) before tackling the harder targets (someli-api's 22 000-LoC route file).