> ## Documentation Index
> Fetch the complete documentation index at: https://docs.encoreos.io/llms.txt
> Use this file to discover all available pages before exploring further.

# AI Browser Testing Configuration

> Version: 1.1.0 Last Updated: 2026-05-13 Purpose: Environment-based credentials and workflows for AI/browser testing.

**Version:** 1.1.0\
**Last Updated:** 2026-05-13\
**Purpose:** Environment-based credentials and workflows for AI/browser testing.

***

## Credential Policy

Do not store plaintext credentials in this file.

Use environment variables instead:

* `TEST_USER_ADMIN_EMAIL`
* `TEST_USER_ADMIN_PASSWORD`
* `TEST_USER_STAFF_EMAIL`
* `TEST_USER_STAFF_PASSWORD`
* `TEST_USER_MANAGER_EMAIL`
* `TEST_USER_MANAGER_PASSWORD`
* `TEST_USER_VIEWER_EMAIL`
* `TEST_USER_VIEWER_PASSWORD`

If these are not set, stop and configure them before testing authentication flows.

***

## Login Flow

1. Open the app preview or dev URL.
2. If already authenticated, continue testing.
3. If at `/auth`, sign in using `TEST_USER_ADMIN_EMAIL` / `TEST_USER_ADMIN_PASSWORD`.
4. Verify redirect to an authenticated page.
5. Continue with the target workflow.

***

## Standard Browser Testing Workflow

```text theme={null}
1. Open app
2. Observe current state
3. Login if needed (env-based credentials only)
4. Navigate to feature route
5. Exercise core workflow (CRUD and validation)
6. Capture evidence (screenshots, logs, failures)
7. Summarize findings
```

***

## Recommended Scenarios

1. Form submission and validation
2. CRUD lifecycle
3. Navigation and breadcrumbs
4. Permission-protected routes
5. Mobile/responsive layout
6. Cross-module journey transitions

***

## Security Notes

* Use test accounts only.
* Never commit or document raw credentials.
* Never include PHI/PII in prompts, screenshots, or logs.
* Keep tenant isolation and RLS behavior validated during tests.

***

## Troubleshooting

### Login Fails

1. Confirm env vars are present in the running environment.
2. Verify test users exist in the target Supabase project.
3. Check browser console and network logs for auth errors.

### No Organization Access

1. Verify role assignments in `pf_user_role_assignments`.
2. Confirm org/site records exist.
3. Verify permissions and RLS policies.

***

## Related Documentation

* `docs/testing/TESTING_SETUP_AND_RUN.md`
* `docs/testing/SPEC_TEST_COVERAGE.md`
* `AGENTS.md`
* `constitution.md`