Service Realtime Auth Cleanup QA Matrix
Scopeβ
This matrix validates the attunelogic-service cleanup work around:
- centralizing socket authentication and connection defaults
- removing the nested dashboard
NotificationProvider - preserving realtime behavior for notifications, chat, geolocation, and job live updates
- ensuring logout fully clears client auth state and stops stale realtime activity
- confirming deployment workflow messaging matches current CI behavior
This matrix is service-first. API and mobile checklist sections are included for release coordination, but the primary execution target is the web service app.
Environmentsβ
- API version/branch: paired API environment used by service under test
- Mobile version/branch: not primary for this matrix; only cross-check if notification/chat payloads are shared with mobile producers
- Service version/branch: current service cleanup branch under QA
- App type: service / web app
- Test tenant(s): one internal admin tenant, one standard customer tenant, one tenant with active notifications/chat traffic
Pre-Test Setupβ
- Seed or prepare at least one account with unread notifications, one active chat conversation, and one dispatch record with live job or geolocation events available.
- Confirm the tenant does not require special feature toggles beyond standard notification/chat/realtime support.
- Prepare test users for at least these roles: admin/dispatcher and standard user.
- Open the service app in at least two browser tabs or browsers to verify realtime consistency and logout cleanup.
- If available, prepare a second client or admin tool that can generate a new notification, chat message, geolocation update, or job update on demand.
- Record the API environment URL and verify
/healthis reachable before starting.
Matrixβ
| ID | Area | Scenario | Steps | Expected Result |
|---|---|---|---|---|
| Q1 | Dashboard | Dashboard loads with app-level notification ownership only | Log in and open the main dashboard | Dashboard renders normally, notifications are available, and there is no duplicated notification container behavior |
| Q2 | Notifications | Existing notification list and unread stats load | Open notifications panel on first load | List loads, unread count matches backend state, and no empty/error regression appears for valid data |
| Q3 | Notifications | New notification arrives in realtime | While user is logged in on dashboard, trigger a new notification | One toast appears, unread badge updates, list refreshes, and the same event is not duplicated |
| Q4 | Notifications | Mark single notification as read | Mark one unread notification as read from the UI | Item read state updates, unread count decrements, and list/stats remain in sync after refresh |
| Q5 | Notifications | Mark all notifications as read | Use the mark-all action on a tenant with multiple unread items | All items become read, unread badge resets, and subsequent refresh still shows the same state |
| Q6 | Notifications | Delete notification | Delete an existing notification from the panel | Item disappears, stats update correctly, and no stale deleted record returns after refresh |
| Q7 | Chat | Realtime conversation update | Open chat widget and have another user send a message | Conversation list refreshes, active thread updates, and only one new message event is reflected |
| Q8 | Chat | Notification-to-chat handoff | Trigger a chat notification and click/open the related conversation path | Correct conversation opens, pending conversation handoff works, and no wrong thread is shown |
| Q9 | Geolocation | Live geolocation subscription updates | Open the geolocation or dispatch experience and trigger a location update | Location data refreshes live, connection status remains healthy, and cache invalidation updates the right entity |
| Q10 | Job Live Updates | Job or leg event refresh | Open a job that supports live updates and trigger a related change | Relevant job/leg data refreshes without full page reload and unrelated jobs are not incorrectly refreshed |
| Q11 | Auth | Logout clears realtime auth state | Stay logged in with active notifications/chat, then logout | User is redirected to login, auth storage is cleared, and no new realtime toasts/messages continue after logout |
| Q12 | Auth | Fresh login after logout | Log out, then log back in with the same user | Session restores correctly, notifications/chat reconnect, and realtime behavior resumes normally |
| Q13 | Regression | Multi-tab consistency | Open two tabs as the same user, trigger notification/chat updates, then logout in one tab | Data stays consistent across tabs, and protected access is eventually blocked after logout cleanup |
| Q14 | Failure | Reconnect after temporary disconnect | Simulate offline mode or disconnect/reconnect network while on dashboard | App recovers without hard crash, polling/refetch behavior fills gaps, and realtime resumes when connection returns |
| Q15 | Permissions | Standard user access | Repeat key notification/chat actions with a non-admin user | Allowed actions still work, unauthorized admin-only flows remain blocked, and no role regression is introduced |
| Q16 | Deployment Workflow | Service deploy messaging consistency | Review service deployment PR body or workflow summary output during a dry run | Workflow copy reflects build-only validation language and does not claim tests passed |
API Verification Checklistβ
- Endpoints touched: none intentionally changed by this service cleanup, but service depends on notification, chat, geolocation, job, and auth/logout endpoints remaining stable
- Request/response contract changes: none expected
- Error shape validation: confirm service still handles auth/logout, notifications, chat, and geolocation failures without contract mismatches
- Status/stage transition checks: verify logout and realtime reconnect behavior against the paired API environment
- Observability/log checks: confirm no unusual socket auth errors, repeated reconnect loops, or logout-related server warnings appear during QA
Mobile Verification Checklistβ
- Screen/CTA behavior: not primary to this matrix
- Loading/empty/error states: not primary to this matrix
- Offline queue/retry behavior: not primary to this matrix
- Navigation and state consistency: only cross-check if shared notification/chat payload generation is also being validated in the same release
Service Verification Checklistβ
- UI workflow behavior: dashboard, notifications panel, chat widget, geolocation/live dispatch surfaces, and logout/login flows behave as before or better
- Filters/status rendering consistency: unread counts, read/delete state, conversation updates, and live resource state remain consistent
- Loading/empty/error states: notifications/chat/geolocation surfaces handle initial load, empty state, and recoverable failure states
- Data refresh and cache consistency: RTK Query invalidation updates the correct lists/detail views without duplicate events or stale state
Regression Checklistβ
- Backward compatibility validated for existing customer workflows.
- Tenant config fallback behavior validated.
- No unrelated feature regressions observed.
- Dashboard layout still renders correctly after removing nested notification ownership.
- Legacy cookie/localStorage auth fallback remains functional until full auth migration is complete.
Exit Criteriaβ
- All critical/high matrix scenarios pass for at least one admin user and one standard user.
- No duplicate realtime events, stale post-logout socket behavior, or broken notification/chat flows remain.
- No unresolved blocker defects exist in notifications, chat, geolocation, or logout.
- Known risks are documented with mitigation and owner before release.
Known-Risk Notesβ
- The highest-risk regression area is stale socket state after logout.
- Secondary risk areas are duplicate realtime events and notification/chat cache desynchronization during reconnects.
- If any realtime issue is intermittent, require repeat validation across multiple tabs/browsers before sign-off.