🏠 Overview ✅ Implementation Tasks ✅ epic-peer-mentor-pause-management-foundation-task-012

Write unit and integration tests for repository layer

epic-peer-mentor-pause-management-foundation-task-012 — Write unit tests for PeerMentorStatusRepository and CertificationStatusRepository covering CRUD operations, RPC call contracts, error handling, and realtime subscription behavior. Write integration tests against a local Supabase instance to validate RLS policies block unauthorized access and RPC functions perform correct atomic transitions.

high priority medium complexity testing pending testing specialist Tier 3

Acceptance Criteria

Unit tests cover all public methods of PeerMentorStatusRepository: fetchStatus, updateStatus, pauseMentor, reactivateMentor, suspendMentor, and the realtime subscription stream
Unit tests cover all public methods of CertificationStatusRepository: fetchCertification, updateExpiry, markExpired
Each unit test mocks the Supabase client interface — no real network calls in unit tests
Error handling unit tests verify that Supabase PostgrestException is mapped to a domain-level RepositoryException with a meaningful message
Realtime subscription unit tests verify stream emits correct state change events when the mock channel broadcasts a payload
Integration tests run against a local Supabase instance (docker-compose or supabase CLI) seeded with test data
Integration tests verify that an unauthenticated request to peer_mentor_status table returns 401/403 (RLS enforced)
Integration tests verify that a coordinator cannot update a mentor's status record they do not own (RLS cross-tenant check)
Integration tests verify that the pause RPC function atomically sets status=paused and records paused_at timestamp in a single transaction
Integration tests verify that calling reactivate RPC on an already-active mentor returns an error or is idempotent as per spec
All tests pass with flutter test and produce zero flaky failures across 3 consecutive runs
Test coverage for repository files is ≥90% line coverage

Technical Requirements

frameworks
Flutter
flutter_test
mockito or mocktail
apis
Supabase PostgREST REST API
Supabase Realtime WebSocket
Supabase RPC (pause_mentor, reactivate_mentor, suspend_mentor)
data models
PeerMentorStatus
CertificationStatus
PeerMentorStatusRecord
CertificationRecord
performance requirements
Unit test suite must complete in under 10 seconds
Integration tests must complete in under 60 seconds with local Supabase
security requirements
Integration tests must assert RLS blocks cross-tenant data access
Test credentials must never be committed — use environment variables or .env.test files excluded from VCS
Supabase service role key used only in migration setup, not in app-level test clients

Execution Context

Execution Tier
Tier 3

Tier 3 - 413 tasks

Can start after Tier 2 completes

Implementation Notes

Abstract the Supabase client behind a SupabaseClientProvider interface to enable injection in tests. Use mocktail rather than mockito to avoid code generation overhead. For realtime subscription tests, inject a fake RealtimeChannel that you can manually trigger with test payloads — do not rely on timing. For integration tests, use a separate supabase project config (config.test.toml) pointing to localhost:54321.

Seed data with SQL fixtures applied via supabase db reset --local. Ensure each integration test cleans up after itself (DELETE WHERE id IN test_ids) to remain idempotent. Pay special attention to the pause RPC atomicity test: wrap the call in a begin/rollback block to verify both status and timestamp are set before commit, and neither is set if an error occurs mid-transaction.

Testing Requirements

Unit tests: use mocktail to mock SupabaseClient, SupabaseQueryBuilder, and RealtimeChannel. Test each repository method in isolation. For streams, use StreamController in tests. Integration tests: spin up local Supabase via supabase CLI (supabase start), apply migrations, seed with fixture data covering: a coordinator user, two mentor users (one in active state, one in paused state), and expired certification records.

Run integration tests as a separate test target (flutter test integration_test/repository/). Verify RLS, RPC atomicity, and realtime event delivery end-to-end.

Component
Peer Mentor Status Repository
data medium
Dependencies (2)
Implement the CertificationStatusRepository Dart class with methods to query, insert, update, and stream certification records from Supabase. Include typed data models, error handling, and Riverpod provider registration. epic-peer-mentor-pause-management-foundation-task-003 Implement the PeerMentorStatusRepository Dart class with methods for reading current pause status, writing status transitions via RPC, subscribing to realtime status changes, and querying the status log history. Register Riverpod providers for dependency injection. epic-peer-mentor-pause-management-foundation-task-006
Epic Risks (3)
high impact medium prob security

Supabase RLS policies for coordinator-scoped status queries may be difficult to express correctly, especially for peer mentors assigned to multiple coordinators or chapters, leading to data leakage or overly restrictive access blocking valid queries.

Mitigation & Contingency

Mitigation: Design RLS policies using security-definer RPCs rather than table-level policies for complex multi-coordinator scenarios. Write a comprehensive RLS test matrix covering all role and assignment permutations before marking complete.

Contingency: Fall back to application-level filtering in the repository layer with explicit coordinator_id parameter checks if RLS proves intractable, and document the trade-off for security review.

high impact medium prob dependency

The HLF Dynamics portal API contract may be undocumented or subject to change, causing the DynamicsPortalClient to break during development or production rollout.

Mitigation & Contingency

Mitigation: Obtain the full Dynamics portal API specification and credentials early in the sprint. Build the client behind a well-defined interface so the HLF-specific implementation can be swapped without affecting upstream services.

Contingency: If the Dynamics API is unavailable or unstable, stub the client with a feature-flag-guarded no-op implementation so all other epics can proceed to completion independently.

medium impact low prob technical

Supabase Edge Functions used as the nightly scheduler host may have cold-start latency or execution time limits that prevent reliable nightly certification checks on large mentor rosters.

Mitigation & Contingency

Mitigation: Benchmark Edge Function execution time against the expected roster size. Design the expiry check to process in paginated batches to stay within execution limits. Use pg_cron with a direct database function as an alternative trigger if Edge Functions prove unreliable.

Contingency: Migrate the scheduler trigger to pg_cron invoking a Postgres function directly, removing the Edge Function dependency entirely for the scheduling layer.

Quick Links
All Tasks Execution Plan