Integration tests: repository and RPC bulk insert

epic-proxy-activity-registration-foundation-task-012 — Write integration tests for `ProxyActivityRepository` against a local Supabase test instance. Verify: single proxy insert populates both registered_by and attributed_to correctly; bulk insert via RPC rolls back on partial failure; RLS blocks non-coordinator inserts; fetchByAttributedTo returns only records attributed to the queried peer mentor. Confirm defaults provider hydrates correctly from persisted SharedPreferences.

high priority medium complexity testing pending testing specialist Tier 4

Acceptance Criteria

Integration test suite runs against a local Supabase instance (Docker or supabase start) with a dedicated test schema/seed

Single proxy insert test: after insertProxyActivity(), the resulting row has registered_by_user_id = coordinator_id AND attributed_to_user_id = peer_mentor_id

Bulk RPC rollback test: inserting a batch where one record has an invalid/constraint-violating value results in zero rows inserted (full rollback, not partial commit)

RLS enforcement test: attempting an insert with a Supabase client authenticated as a peer_mentor role returns a Postgres RLS error (or PostgREST 403), not a silent success

fetchByAttributedTo test: after inserting records attributed to peer_mentor_A and peer_mentor_B, fetchByAttributedTo(peer_mentor_A) returns only peer_mentor_A records

BulkRegistrationDefaultsProvider hydration test: after writing an activity_type key to SharedPreferences and reinitialising the provider, the restored activity_type matches what was written

All integration tests clean up their inserted rows in a tearDown/tearDownAll block to leave the test DB in a pristine state

Tests are tagged with @Tags(['integration']) so they can be excluded from standard CI unit test runs

No test hardcodes Supabase URLs or service role keys — values are read from environment variables or a .env.test file

Technical Requirements

frameworks

Flutter

flutter_test

Supabase Flutter SDK

Riverpod (ProviderContainer)

apis

Supabase REST API

Supabase RPC (bulk insert stored procedure)

Supabase Row Level Security policies

data models

ProxyActivityRecord

BulkRegistrationRequest

BulkParticipant

performance requirements

Each integration test must complete within 5 seconds against a local Supabase instance

Test setup (seed data insertion) must use a single batch RPC call to minimise test startup time

security requirements

Use a dedicated test service role key stored in environment variables — never commit credentials

RLS tests must authenticate as a real non-coordinator JWT (not bypass via service role) to genuinely exercise the policy

Seed data must use synthetic UUIDs that cannot collide with any production data

Execution Context

Execution Tier

Tier 4

Tier 4 - 323 tasks

Can start after Tier 3 completes

View Full Execution Plan

Implementation Notes

Set up a supabase/seed.sql script under test/supabase/ that creates the minimum schema and roles needed for these tests — run it via supabase db reset before the suite. For the RLS test, create a helper createTestJwt(role: UserRole) that mints a valid JWT signed with the local JWT secret; inject it into a fresh SupabaseClient instance. For the bulk rollback test, craft a BulkRegistrationRequest where one BulkParticipant has a peer_mentor_id that violates a foreign key constraint — verify via a SELECT that the table is empty after the failed RPC call. Keep all Supabase credentials in a test/.env.test file loaded via dotenv in the test bootstrap, and add test/.env.test to .gitignore.

Structure tests so they can run in parallel (each suite inserts/deletes its own uniquely-prefixed rows) to keep total integration test time low.

Testing Requirements

Integration tests using flutter_test with real Supabase connections to a local Docker-based Supabase instance. Each test group should have a setUpAll that seeds prerequisite data (coordinator user, peer mentor user, organisation) and a tearDownAll that deletes all rows inserted during the suite. Use separate Supabase clients with different JWT roles for RLS tests — create JWTs via the test helper using the local anon and service keys. For the SharedPreferences hydration test, use shared_preferences_platform_interface's InMemorySharedPreferencesStore to avoid filesystem side effects.

Tag all tests with @Tags(['integration']) and document the required environment variables in a comment at the top of each test file.

Component

Proxy Activity Repository

data medium

Dependencies (3)

Implement `BulkRegistrationDefaultsProvider` as a Riverpod StateNotifierProvider that pre-populates form defaults for bulk registration: today's date, 30-minute duration, the coordinator's organisation id, and the last-used activity type. Persist last-used values to SharedPreferences so they survive app restarts. Expose `reset()` and `applyDefaults(BulkRegistrationRequest)` helpers. epic-proxy-activity-registration-foundation-task-010 Write comprehensive unit tests for all four Dart model classes (ProxyActivityRecord, BulkParticipant, DuplicateConflict, BulkRegistrationRequest) and CoordinatorRoleGuard. Cover serialisation/deserialisation, copyWith edge cases, equality, enum boundary values, and role guard permission enforcement. Use flutter_test with mockito for Riverpod container setup. epic-proxy-activity-registration-foundation-task-011 Implement `ProxyActivityRepository` backed by Supabase. Expose: `insertProxyActivity(ProxyActivityRecord)`, `bulkInsert(BulkRegistrationRequest)` (delegates to the bulk_register_activities RPC), `fetchByAttributedTo(String peerId)`, and `fetchByRegisteredBy(String coordinatorId)`. Apply error mapping to domain exceptions. Inject SupabaseClient via Riverpod. epic-proxy-activity-registration-foundation-task-008

Epic Risks (3)

high impact medium prob technical

The activities table migration adding registered_by and attributed_to columns may conflict with existing RLS policies or FK constraints if the user profile table structure differs from assumptions, blocking all subsequent epics.

Mitigation & Contingency

Mitigation: Review existing activities table schema and RLS policies before writing the migration. Run the migration against a staging database clone first. Write rollback scripts alongside the migration.

Contingency: If migration fails in staging, isolate the conflict with a targeted schema audit, adjust FK references or RLS policy scope, and re-run before touching production.

high impact medium prob security

The RLS policy must filter proxy inserts to the coordinator's chapter scope. If the chapter-scope resolver pattern differs between organisations (multi-chapter coordinators in NHF vs single-chapter in HLF), the policy may be too broad or too restrictive.

Mitigation & Contingency

Mitigation: Design the RLS policy to accept a coordinator's full set of assigned chapter IDs (array) rather than a single chapter_id. Validate the policy against NHF multi-chapter test fixtures during the integration test phase.

Contingency: If the policy is found to be incorrect after deployment, introduce a server-side validation edge function as a safety net while the RLS policy is corrected.

medium impact low prob technical

The bulk_register_activities RPC function may time out or cause lock contention when inserting large participant batches (e.g. 40+ peer mentors in a single group session), degrading the user experience.

Mitigation & Contingency

Mitigation: Benchmark the RPC function with 50-participant batches during development. Use unnest-based bulk insert rather than row-by-row PL/pgSQL loops. Set a reasonable statement_timeout.

Contingency: If performance is insufficient, split the client-side submission into chunks of 20 participants with progress feedback, rather than a single RPC call.

Quick Links

All Tasks Execution Plan