🏠 Overview ✅ Implementation Tasks ✅ epic-peer-mentor-pause-management-automated-expiry-task-011

Integration test: HLF website sync end-to-end flow

epic-peer-mentor-pause-management-automated-expiry-task-011 — Write integration tests for HLFWebsiteSyncService covering: mentor paused triggers removal from Dynamics portal listing; mentor expired_cert triggers removal; mentor reinstated with valid cert triggers restoration; retry logic fires on transient API errors; failure alerting fires after max retries; audit log entries are correct for all scenarios. Use a mocked Dynamics portal API for deterministic test control.

high priority high complexity testing pending testing specialist Tier 6

Acceptance Criteria

Test: mentor status set to 'paused' → sync_queue row created with operation='remove' → queue processor runs → mocked Dynamics API receives a remove request for the correct contact record ID → hlf_sync_audit_log entry written with outcome='success'
Test: mentor status set to 'expired_cert' → sync_queue row created with operation='remove' → remove request dispatched to Dynamics mock → audit log entry written
Test: mentor status set to 'reinstated' with a valid certification → sync_queue row created with operation='restore' → restore request dispatched to Dynamics mock → audit log entry written
Test: mentor status set to 'reinstated' with no valid certification → no sync_queue row created → warning log entry written → no Dynamics API call made
Test: mocked Dynamics API returns 503 on first 2 attempts, then 200 on 3rd attempt → retry logic fires exactly 2 times with exponential backoff → final outcome='success' → audit log retry_count=2
Test: mocked Dynamics API returns 503 on all max_attempts → operation dead-lettered → sync_dead_letter_queue row created → FCM mock receives a failure alert notification → audit log outcome='dead_lettered'
Test: 4xx (403) response from mocked Dynamics API → no retry attempted → operation immediately dead-lettered → audit log retry_count=0, outcome='dead_lettered'
Test: two concurrent mentor sync operations process independently — one failure does not block the other (per-mentor isolation)
Test: NHF mentor status change does NOT trigger any sync_queue row (HLF-only filter validation)
All tests use a mocked Dynamics portal API (HTTP mock server) — no real Dynamics credentials or network calls
All tests use the dedicated Supabase test instance with clean state per test run

Technical Requirements

frameworks
flutter_test
Supabase test instance
HTTP mock server (e.g., WireMock or a custom Deno HTTP stub) for Dynamics API simulation
apis
Supabase PostgreSQL (test instance)
Supabase Edge Functions (sync queue processor, HLFWebsiteSyncService)
FCM mock (HTTP stub)
Microsoft Dynamics 365 REST API mock
data models
assignment
certification
performance requirements
Full integration test suite must complete within 5 minutes including backoff wait times (use reduced backoff delays in test mode)
Mocked Dynamics API must respond within 50ms for deterministic timing in retry tests
security requirements
All tests run against isolated Supabase test project — never production
Mocked Dynamics API must not require real Azure AD tokens — stub accepts any Authorization header in test mode
Test credentials managed via CI environment secrets

Execution Context

Execution Tier
Tier 6

Tier 6 - 158 tasks

Can start after Tier 5 completes

Implementation Notes

The key challenge in these tests is the async nature of the queue processor — triggering a status change and then asserting downstream effects requires polling or explicit invocation. Prefer direct Edge Function invocation in tests (call the queue processor HTTP endpoint explicitly after seeding the sync_queue row) over relying on pg_cron timing. This makes tests deterministic and fast. For backoff delay testing, inject a configurable delay multiplier via an Edge Function env var so tests use 10ms instead of 2000ms base delay.

For the concurrent isolation test, seed two pending sync operations, configure the mock to fail the first permanently (403) and succeed the second (200), invoke the queue processor with SKIP LOCKED semantics active, and assert both rows reach their expected final states independently. Reuse the TestCertificationSeeder helper from task-010 for any certification seeding needs.

Testing Requirements

Integration tests using flutter_test with a Supabase test client. Each test: seeds required mentor/certification data; triggers a status change via direct Supabase insert/update; waits for queue processor Edge Function to run (or invokes it directly in test); asserts database state (sync_queue status, audit log rows, dead_letter_queue rows); asserts mock HTTP server received expected requests with correct payloads. Use a configurable backoff delay multiplier (e.g., BACKOFF_MULTIPLIER_MS=10 in test mode) to reduce actual wait times for retry tests. A test helper class TestDynamicsMockServer wraps WireMock configuration for common scenarios (always-success, always-503, fail-twice-then-succeed).

Run in CI as part of the standard test pipeline.

Component
HLF Website Sync Service
service high
Dependencies (2)
Instrument HLFWebsiteSyncService to write a structured audit log entry for every sync attempt, including mentor ID, sync direction (remove/restore), Dynamics portal response code, retry count, timestamp, and outcome (success/failure). Logs must be queryable for compliance audits and incident investigation, and must be retained according to HLF data retention policy. epic-peer-mentor-pause-management-automated-expiry-task-009 Write integration tests covering the full CertificationExpiryChecker pipeline: seed test mentors with certifications at 30d, 14d, 7d, and 0d thresholds; run the checker; assert correct status transitions, correct reminder notifications dispatched at each threshold, idempotency on repeated runs, and accurate audit log entries. Tests must run against a Supabase test instance. epic-peer-mentor-pause-management-automated-expiry-task-010
Epic Risks (4)
high impact medium prob technical

The nightly expiry checker may run multiple times due to scheduler retries or infrastructure issues, causing duplicate auto-transitions and duplicate coordinator notifications that erode trust in the notification system.

Mitigation & Contingency

Mitigation: Implement idempotency via a unique constraint on (mentor_id, threshold_day, certification_expiry_date) in the cert_expiry_reminders table. Auto-transitions should be wrapped in a Postgres RPC that checks current status before applying, making repeated invocations safe.

Contingency: Add a compensation query in the reconciliation log that detects duplicate log entries for the same certification period and alerts the operations team for manual review within 24 hours.

high impact medium prob integration

The HLF Dynamics portal API may have eventual-consistency behaviour or rate limits that cause website listing updates to lag behind status changes, leaving expired mentors visible on the public website for an unacceptable window.

Mitigation & Contingency

Mitigation: Design the sync service to be triggered immediately on status transitions (event-driven via database webhook) in addition to the nightly batch run. Implement a reconciliation job that verifies sync state against app state and re-triggers any divergent records.

Contingency: If real-time sync cannot be guaranteed, implement a manual 'force sync' action in the coordinator dashboard so coordinators can trigger an immediate re-sync for urgent cases. Document the expected sync lag in coordinator onboarding materials.

medium impact medium prob scope

Stakeholder requests to extend the expiry checker to handle additional certification types, grace periods, or organisation-specific threshold configurations may significantly increase scope beyond what is designed here, delaying delivery.

Mitigation & Contingency

Mitigation: Parameterise threshold day values (30, 14, 7) via configuration repository rather than hard-coding them, enabling per-organisation customisation without code changes. Document that grace period logic and additional cert types are out of scope for this epic and require a dedicated follow-up.

Contingency: Deliver the feature with hard-coded HLF-standard thresholds first and introduce the configuration repository as a follow-up task in the next sprint, using a feature flag to enable per-org threshold overrides.

high impact low prob security

Dynamics portal API credentials stored as environment secrets in Supabase Edge Function configuration may be rotated or invalidated by HLF IT without notice, causing silent sync failures that go undetected for multiple days.

Mitigation & Contingency

Mitigation: Implement credential health-check calls on each scheduler run and emit an immediate alert on auth failure rather than only alerting after N consecutive failures. Document the credential rotation procedure with HLF IT and establish a rotation notification protocol.

Contingency: Maintain a break-glass manual sync script accessible to HLF administrators that can re-execute the Dynamics sync with newly provided credentials while the automated system is restored.

Quick Links
All Tasks Execution Plan