Skip to content

Testing

Status: Audit v0.1 (2026-05-09).

1. The headline finding

There are zero project-owned automated tests in this repository.

Confirmed by:

find . -path ./node_modules -prune \
       -o -path ./node_modules.backup -prune \
       -o -path ./polotno-editor/node_modules -prune \
       -o -path ./polotno-editor/node_modules.backup -prune \
       -o -path ./.git -prune \
       -o -path ./.nuxt -prune \
       -o -path ./dist -prune \
       -o \( -name '*.test.*' -o -name '*.spec.*' \) -print
# (no output)

The 164 *.test.* matches that initially appeared in inventory commands are all inside node_modules/ of dependencies (e.g., polotno-editor/node_modules/polotno/utils/__tests__/).

There is no:

  • Test framework configured (package.json has no jest, vitest, mocha, vue-test-utils, @vue/test-utils, or similar)
  • Test runner script (package.json:7-13 shows dev, build, start, generate, format — no test script)
  • E2E framework (no cypress, playwright, puppeteer in deps)
  • CI test step (.github/workflows/dev_app.yml runs yarn build only)
  • Coverage reporting configuration

This is Finding WC-TEST-1 (Severity: Critical for due-diligence purposes). Every change is verified by manual review and manual testing only. Regression risk is unbounded. The project carries 159K LOC with no automated safety net.

2. CMMI implications

For the Testing & Quality Gates pillar in the maturity assessment:

  • Current: Level 1 (Initial). Testing is ad-hoc, performed by individual engineers in the browser before opening a PR. Non-repeatable.
  • 12-month target (proposed): Level 2 (Repeatable) — at minimum, a smoke-test harness covering the auth + content-planner happy paths. Adding even 3 Cypress/Playwright e2e tests would be a step change.
  • 24-month target: Level 3 (Defined) — coverage thresholds, gate on every PR.

3. Recommendations — phased

Phase 0a (this week)

  • Choose a stack: Vitest + @vue/test-utils@v1 (Vue 2 compatible) for unit; Playwright for E2E.
  • Add a test script to package.json even if it's a no-op initially — establishes the convention.

Phase 0 (months 0–3)

  • Write 3 E2E smoke tests covering the auth-critical paths:
  • Email/password login → land on /<accid>/contentplanner.
  • Content planner loads, a post can be opened.
  • Logout clears cookies + localStorage and redirects to /#login.
  • Add the smoke-test run to .github/workflows/dev_app.yml as a required gate.
  • Add Lighthouse-CI checks (a11y baseline, performance baseline) as informational.

Phase 1 (months 3–9)

  • Unit-test coverage for helpers/helper.js (post-status state machine, plan filter, formatters) — this is pure-function code, easy to test, high leverage.
  • Unit-test coverage for store/api.js (cache TTL behaviour, force refresh).
  • Component snapshots for the most-edited components (top 10 by git log activity).
  • Coverage gate at modest 30% line coverage; ratchet up over time.

Phase 2 (months 9–18)

  • Visual regression testing (Chromatic or Percy) on the design-system primitives.
  • Cross-browser testing (Playwright supports multi-browser).
  • Accessibility CI (pa11y-ci or axe-core integrated into Playwright).

4. Manual QA practice — what is currently done

[VERIFY-TEST-1]: ask the team:

  • Who is responsible for QA on a feature PR?
  • Is there a manual test plan or checklist for the major flows?
  • How are regressions caught?
  • Who tests Polotno editor changes?

These are not in the repo, so the audit cannot answer. Anything found should land in this doc.

5. Polotno editor testing

The Polotno SDK is third-party. The team's responsibility is to verify integration (mount, save, load, state restore). No tests of the integration exist in the repo.

The standalone editor (polotno-editor/yarn dev) exists for manual testing of editor behaviour without the rest of the Nuxt app.

6. Open questions

Tracked in ./verify-markers.md:

  • [VERIFY-TEST-1] Documented QA process / checklist