Write integration tests for full expiry notification pipeline
epic-certificate-expiry-notifications-orchestration-services-task-017 — Write integration tests covering the full expiry notification lifecycle: seed test mentor records at each expiry threshold, invoke the edge function in test mode, assert that the orchestrator created correct in-app notification records with accurate threshold tiers, verify FCM payloads were enqueued with deep links, confirm lapsed mentors were suppressed from visibility, and validate acknowledgement service correctly clears banners and writes audit records.
Acceptance Criteria
Technical Requirements
Execution Context
Tier 5 - 253 tasks
Can start after Tier 4 completes
Implementation Notes
Use Supabase's local development stack (supabase start) to run a local Postgres + Edge Function runtime — do not hit production or staging. Create a dedicated test schema or use row-level teardown via a service role client. The edge function must accept a test_mode: true body parameter that swaps the real FCM sender for a no-op stub and routes enqueue writes to a test_fcm_queue table instead of the live queue. Threshold tier constants must be imported from a shared config module (not hardcoded in tests) so a single constant change propagates everywhere.
For the visibility suppression assertion, query through the same RLS-aware view used by the Flutter app (not raw table) to ensure the test validates the real access path. Consider a test helper function `seedMentorAtDaysBeforeExpiry(int days)` to keep test bodies readable. Group tests by pipeline stage (orchestrator → visibility → ack) so failures are immediately attributable to a specific service.
Testing Requirements
Integration tests written in Dart using flutter_test and Supabase local emulator (supabase start). Each test case seeds the required mentor certificate rows directly via Supabase service role client, invokes the edge function via HTTP with a test-mode header, then asserts database state using select queries. Use a shared setUp/tearDown that truncates affected tables between cases. Cover: (1) all threshold tier rows generate correct notification records, (2) FCM enqueue table has correct payload shape, (3) lapsed mentor visibility suppression query returns empty set, (4) ack service clears banner and writes audit row, (5) idempotency — second invocation produces no new rows.
Use group() blocks to separate orchestration, visibility, and acknowledgement concerns. Target 100% coverage of all pipeline branches defined in the orchestrator service.
If the daily edge function runs more than once in a 24-hour window due to a Supabase scheduling anomaly or manual re-trigger, the orchestrator could dispatch duplicate push notifications to the same mentor and coordinator for the same threshold, eroding user trust.
Mitigation & Contingency
Mitigation: Implement idempotency at the notification record level using a unique constraint on (mentor_id, threshold_days, certification_id). The orchestrator checks for an existing record before dispatching. Use a database-level upsert with ON CONFLICT DO NOTHING.
Contingency: If duplicate notifications are reported in production, add a rate-limiting guard in the edge function that aborts if a notification for the same mentor and threshold was created within the last 20 hours, and add an alerting rule to Supabase logs for duplicate dispatch attempts.
The mentor visibility suppressor relies on the daily edge function to detect expiry and update suppression_status. A mentor whose certificate expires at midnight may remain visible for up to 24 hours if the cron runs at a fixed time, violating HLF's requirement that expired mentors disappear promptly.
Mitigation & Contingency
Mitigation: Schedule the edge function to run at 00:05 UTC to minimise lag after midnight transitions. Additionally, the RLS policy can include a direct date comparison (certification_expiry_date < now()) as a secondary predicate that does not rely on suppression_status, providing real-time enforcement at the database level.
Contingency: If the cron lag is unacceptable after launch, implement a Supabase database trigger on the certifications table that fires on UPDATE of expiry_date and calls the suppressor immediately, reducing lag to near-zero for renewal and expiry events.
The orchestrator needs to resolve the coordinator assigned to a specific peer mentor to dispatch coordinator-side notifications. If the assignment relationship is not normalised or is missing for some mentors, coordinator notifications will silently fail.
Mitigation & Contingency
Mitigation: Query the coordinator assignment from the existing assignments or user_roles table before dispatch. Log a structured warning (missing_coordinator_assignment: mentor_id) when no coordinator is found. Add a data quality check in the edge function that reports mentors without coordinators.
Contingency: If coordinator assignments are missing at scale, fall back to notifying the chapter-level admin role for the mentor's chapter, and surface a data quality report to the admin dashboard showing mentors without assigned coordinators.
The course enrollment prompt service generates deep-link URLs targeting the course administration feature. If the course administration feature changes its deep-link schema or the Dynamics portal URL structure changes, enrollment prompts will navigate to broken destinations.
Mitigation & Contingency
Mitigation: Define the deep-link contract between the certificate expiry feature and the course administration feature as a shared constant in a cross-feature navigation config. Version the deep-link schema and validate the generated URL format in unit tests.
Contingency: If the deep-link breaks in production, the course enrollment prompt service should gracefully fall back to opening the course administration feature root screen with a query parameter indicating the notification context, allowing the user to manually locate the correct course.