🏠 Overview ✅ Implementation Tasks ✅ epic-driver-and-confidentiality-management-core-services-task-017

Integration test: driver assignment fee routing

epic-driver-and-confidentiality-management-core-services-task-017 — Write integration tests for the driver assignment service covering both fee paths: low-value assignment confirmed directly, and high-value assignment routed to the expense approval workflow. Verify that org-scoped access controls prevent cross-org data access. Confirm that assignment history retrieval returns correct records sorted by date.

high priority medium complexity testing pending testing specialist Tier 10

Acceptance Criteria

Integration test exists that creates a low-value driver assignment and asserts it is confirmed directly without entering expense approval workflow
Integration test exists that creates a high-value driver assignment and asserts it is routed to expense approval workflow with status 'pending_approval'
Test verifies that the fee threshold boundary value (exactly at threshold) routes to the correct path
Test using Org A credentials cannot read, update, or delete driver assignments belonging to Org B
Cross-org access attempt returns HTTP 403 or throws PermissionException, not a data leak
Assignment history retrieval test asserts records are sorted descending by assignment date
Assignment history retrieval test includes at least 5 records to validate sort order
All tests run against a real Supabase test project (not mocked) to validate RLS policies
Test teardown cleans up all created records to maintain test isolation
All 6+ test cases pass consistently in CI without flakiness

Technical Requirements

frameworks
flutter_test
Dart
Supabase
apis
Supabase REST API
Supabase RLS policies
DriverAssignmentService internal API
data models
DriverAssignment
ExpenseApprovalWorkflow
Organization
performance requirements
Each integration test completes within 5 seconds
Test suite for this file completes within 60 seconds total
security requirements
Tests must use separate Supabase credentials per org to simulate real RLS enforcement
No test credentials or service role keys committed to source control
Cross-org tests must use unprivileged JWT tokens, not service role bypass

Execution Context

Execution Tier
Tier 10

Tier 10 - 11 tasks

Can start after Tier 9 completes

Implementation Notes

Use two separate Supabase auth sessions (one per org) to properly test RLS — do not bypass with service role key for cross-org assertions. Seed assignments with known timestamps to reliably test sort order. The fee threshold value must match the constant defined in the DriverAssignmentService — import it rather than hardcoding. Use a test helper to create minimal valid assignment fixtures.

Consider a shared test utility for org-scoped Supabase client creation to avoid duplication across test files. Ensure the expense approval workflow routing assertion checks the assignment's status field AND that a corresponding approval record was created in the approvals table.

Testing Requirements

Integration tests only — no unit mocking of Supabase. Use flutter_test with a dedicated Supabase test project. Seed test data in setUp() and clean up in tearDown(). Cover: (1) low-value direct confirm path, (2) high-value approval routing path, (3) threshold boundary case, (4) cross-org read rejected, (5) cross-org write rejected, (6) history sort order with multiple records.

Aim for 100% branch coverage of the fee routing logic. Run tests in CI against the Supabase test environment.

Component
Driver Assignment Service
service medium
Dependencies (2)
Add the assignment history retrieval method to the driver assignment service. The method must query the driver assignment repository for all assignments belonging to a given driver within the calling org, return them sorted by assignment date descending, and enforce org-scoped RLS so coordinators from other orgs cannot access the data. epic-driver-and-confidentiality-management-core-services-task-007 Write end-to-end integration tests covering the full declaration lifecycle: template rendering → encryption → storage upload → notification dispatch → driver acknowledgement → audit event emission → coordinator alert. Tests must run against a local Supabase instance with seeded org, driver, and coordinator records. Assert that declaration status transitions are correct at every stage. epic-driver-and-confidentiality-management-core-services-task-016
Epic Risks (4)
high impact medium prob security

Org-scoped encryption key management is complex. If keys are not correctly isolated per organization, a breach in one org's key could expose another org's declarations. Additionally, key rotation is not specified but may be needed for compliance, and the current implementation may not support it.

Mitigation & Contingency

Mitigation: Use Supabase Vault or a dedicated secrets management approach for org-scoped key storage. Define the key derivation strategy (per-org master key) in a security design document reviewed before implementation begins. Include key isolation tests in the test suite.

Contingency: If a full per-org key management system cannot be safely implemented within the sprint, fall back to a single platform-level encryption key with strict RLS isolation as a temporary measure, flagging the key rotation gap as a security debt item with a defined resolution milestone.

medium impact medium prob integration

Push notification delivery to drivers depends on FCM token availability and device connectivity. If a driver has not granted notification permissions or has an expired FCM token, the declaration delivery notification will silently fail, leaving the coordinator unaware and the declaration unacknowledged.

Mitigation & Contingency

Mitigation: Implement delivery status tracking in declaration-notification-service. Fall back to in-app notification and SMS (if configured) when push delivery fails. Expose delivery failure status in the declaration status badge so coordinators can identify and manually follow up.

Contingency: If push delivery proves unreliable, implement a polling-based in-app notification fallback where drivers see pending declarations on next app open, ensuring the workflow can complete even without push notifications.

medium impact medium prob technical

The acknowledgement service is meant to validate that the driver has fully scrolled through the declaration before confirming. Implementing reliable scroll completion detection in Flutter across different screen sizes and font sizes is technically non-trivial and could be bypassed.

Mitigation & Contingency

Mitigation: Implement scroll position tracking using ScrollController with a threshold (e.g., 95% of content height reached) and record the validated state server-side before allowing acknowledgement submission. Document the approach in the legal sign-off checkpoint noted in the feature documentation.

Contingency: If reliable scroll detection cannot be implemented within the sprint, add a mandatory reading delay timer (e.g., estimated reading time based on word count) as an alternative validation mechanism, pending legal review of the approach.

medium impact low prob dependency

The driver assignment service must coordinate with the threshold-based expense approval workflow for fees above configured thresholds. If the expense approval workflow interface changes or is not yet stable, the integration point could break or produce incorrect routing behavior.

Mitigation & Contingency

Mitigation: Define a clear interface contract between driver-assignment-service and the expense approval workflow before implementation. Use dependency injection so the expense workflow client can be mocked in tests. Monitor the expense approval feature for interface changes.

Contingency: If the expense approval workflow interface is not stable, implement a direct database insert to the expense records table as a temporary bypass, with a flag indicating manual review is needed, until the stable interface is available.

Quick Links
All Tasks Execution Plan