Skip to main content
Version: 1.1.0
Status: 📋 Active
Last Updated: 2025-12-11
This document defines the strategy for generating, managing, and cleaning up test data in the Encore OS Platform.

Overview

This document establishes standards for test data generation, management, and cleanup across all platform tests. It is particularly important for features requiring multi-tenant isolation testing, such as PF-30 (Permissions System V2).

Principles

1. Synthetic Data Only

  • NEVER use real patient data (PHI)
  • NEVER use real employee data (PII)
  • NEVER use production data in tests
  • Generate realistic but fake data using libraries like @faker-js/faker

2. Deterministic & Repeatable

  • Tests should produce same results every run
  • Use seeded random generators
  • Document test data assumptions

3. Isolated & Clean

  • Each test creates its own data
  • Tests clean up after themselves
  • No shared mutable state between tests
  • Use transactions when possible for automatic rollback

4. Realistic & Representative

  • Data should reflect real-world scenarios
  • Include edge cases (empty values, maximum lengths, special characters)
  • Model actual business workflows

Planned Sections

Test Data Factory

Location: /tests/utils/test-data-factory.ts Responsibilities:
  • Create test organizations
  • Create test users with roles
  • Create test employees with credentials
  • Create test forms and submissions
  • Create test shifts and timesheets
  • Generate realistic fake data
Example Usage:

Seed Data Management

Local Development Seeds:
  • Sample organizations
  • Sample users for each role
  • Sample forms and templates
  • Sample employees and credentials
Test Seeds:
  • Minimal data for fast tests
  • Comprehensive data for integration tests
  • Edge case data for boundary tests

Data Cleanup Strategies

Per-Test Cleanup:
Transaction-Based Cleanup:
Cascade Deletes:
  • Configure foreign keys with CASCADE
  • Delete parent records to clean up children

Tenant Isolation Testing

Multi-Tenant Test Setup:

Performance Test Data

Volume Testing:
  • Generate 1000+ records
  • Measure query performance
  • Test pagination
  • Test search functionality
Realistic Distribution:
  • Model real-world data skew
  • Include inactive records
  • Include historical data

Data Generation Patterns

Employee Records

Form Submissions

Credentials


Compliance & Privacy

PHI/PII Guidelines

  • ❌ Never use real names from production
  • ❌ Never use real SSNs, DoBs, or medical record numbers
  • ❌ Never use real addresses or contact information
  • ✅ Use faker-generated synthetic data
  • ✅ Use obvious fake values (test@example.com)
  • ✅ Document that test data is synthetic

Data Retention

  • Test data in CI: Delete after test run
  • Local test data: Clean up regularly
  • Seed data: Version controlled, clearly marked as fake

Test Environment Setup

Local Development

CI/CD

  • Ephemeral test databases
  • Automatic cleanup after test run
  • Isolated per-PR environments

Database Fixtures

Fixture Files

Location: /tests/fixtures/ Structure:

Loading Fixtures


Snapshot Testing

When to Use

  • Form field configurations
  • Automation rule schemas
  • Report query results
  • API response formats

Snapshot Updates

  • Review snapshot changes in PRs
  • Update snapshots intentionally
  • Document breaking changes

PF-30 Permissions System Test Data

Multi-Tenant Permission Testing

The PF-30 Permissions System V2 requires comprehensive test data for validating:
  • Cross-organization isolation (users cannot see other org’s roles/permissions)
  • Role-based access control (org_admin-only operations)
  • Permission inheritance (custom roles inheriting from base system roles)
  • Site-scoped role assignments
  • Expiration-based access control

Test Organization Setup

Test User Personas

Custom Role Test Data

Permission Assignment Test Data

Site-Scoped Assignment Test Data

RLS Test Scenarios

Cleanup Strategy for PF-30 Tests


References

  • /tests/utils/test-data-factory.ts - Data factory implementation
  • /tests/utils/supabase-test-client.ts - Test client utilities
  • /docs/testing/index.md - Testing overview
  • /constitution.md - Security and privacy requirements (Section 5.7)
  • /specs/pf/PF-30-permissions-system-v2.md - Permissions System V2 specification
  • /specs/pf/PF-30-permissions-system-v2-PLAN.md - Implementation plan with test scenarios

Maintained by: Platform QA Team
Questions? Raise in #engineering Slack