Test Coverage Plan

From zero automated tests to production-grade coverage

Prepared by Charlotte (COO) — February 23, 2026 | For: Stitch (CTO)

Automated Tests Today

~120

Test Cases Stubbed

45+

API Routes to Cover

12+

Services to Cover

Current State: Honest Assessment

The codebase has zero automated test files. No Vitest, no Jest, no Playwright test runner, no test scripts in package.json. The v3 cost analysis noted "Vitest configured, minimal tests" — that was inaccurate. All testing to date has been manual QA: a 60-test QA checklist, Stitch's 83 manual API tests (Layer 1), and Pixel's 124-test Pre-Launch UI Testing Plan (Layer 2, in progress).

The manual QA is thorough and has caught real bugs. But there is no regression safety net — any code change risks breaking something that was previously verified. This plan creates that safety net.

Grade Trajectory

→

Phase 1 gets us to B (2–3 days). Phase 2 gets us to B+ (3–4 more days). Phase 3 gets us to A (2–3 more days). Total: 7–10 AI-assisted days.

Phase 1: Foundation — C → B

Install Vitest, write critical-path backend tests. This is the highest-ROI phase — protects the routes that handle real money and real user data.

Auth Routes Critical

tests/routes/authRoutes.test.js 17 tests
Signup (email validation, password hashing, JWT generation, Kit tagging)
Login (credential validation, token return, analytics tracking)
Token validation (/me endpoint — valid, expired, malformed, missing)
Google OAuth (new user, existing email link, null password_hash)

Billing Routes Critical

tests/routes/billingRoutes.test.js 16 tests
Checkout session creation (Pro $99, Salon $199, annual 20% off)
Founding member pricing ($49 override, 100-slot cap, atomic counter)
Webhook handling (checkout.completed, subscription.updated/deleted, charge.failed)
Founding member slot count (public endpoint)
COMEBACK coupon create/retrieve

Auth & Feature Gate Middleware Critical

tests/middleware/auth.test.js 9 tests
tests/middleware/featureGate.test.js 10 tests
JWT validation (valid, expired, malformed, wrong secret)
Tier hierarchy enforcement (solo < pro < salon)
403 upgrade_required response format

Content Routes (Core CRUD) Critical

tests/routes/contentRoutes.test.js 28 tests
Week listing, post retrieval, AI generation (with style learning)
Photo uploads (transformation, carousel, single) with Cloudinary mock
Caption editing + style correction saving
Post deletion + cross-user protection
Stats endpoint (NO credits object — DECISIONS.md rule)
Path traversal protection on /image/:filename

Publish Routes Critical

tests/routes/publishRoutes.test.js 9 tests
Single post publish + schedule-all (Pro/Salon gate)
Solo tier rejection (403)
Instagram connection requirement
Booking CTA injection, 5-hashtag max
Publish status polling, error handling

Test cases:~89

Files:7 test files

Effort:2–3 days (AI-assisted)

Grade after:B

Phase 2: Services & Integrations — B → B+

Test the business logic layer: churn detection, retention emails, trial reminders, Instagram OAuth, onboarding.

Instagram Routes High

tests/routes/instagramRoutes.test.js 11 tests
OAuth flow (auth URL, callback, CSRF validation)
Token encryption (AES-256-GCM) + refresh
Connection status, disconnect, insights, optimal times

Churn Detection & Retention High

tests/services/churnDetection.test.js 9 tests
tests/services/retentionService.test.js 8 tests
Graduated thresholds (7d/14d/21d/28d classification)
Solo power user detection (20+ posts, 60+ days)
6 retention email flows + 48-hour dedup cooldown
COMEBACK coupon generation for Day 21 winback

Onboarding Routes High

tests/routes/onboardingRoutes.test.js 7 tests
Save onboarding + AI strategy generation
Strategy retrieval + inline editing
Kit tag: onboarding-complete

Admin Routes High

tests/routes/adminRoutes.test.js 7 tests
Admin auth gate (role check)
Six Engine health, analytics, users, billing endpoints

Test cases:~42

Files:5 test files

Effort:3–4 days (AI-assisted)

Grade after:B+

Phase 3: Full Coverage — B+ → A

Frontend component tests, E2E automation, CI pipeline with coverage thresholds.

Frontend Component Tests Phase 3

Install React Testing Library + Vitest for frontend
AuthScreen (login/signup forms, Google OAuth button, validation)
ContentCalendar (post cards, week navigation, post creation modal)
Settings (accordion sections, Instagram connect/disconnect, voice selection)
Onboarding (step progression, data validation, submission)
Dashboard (stat cards, daily suggestions rendering)

E2E Critical Path Tests Phase 3

Install Playwright test runner (proper framework, not MCP agent)
Journey 1: Signup → onboard → generate first week
Journey 2: Create post → edit caption → approve → copy to clipboard
Journey 3: Calendar week navigation → day view → post detail
Journey 4: Settings → change voice → connect Instagram
Journey 5: Subscription upgrade (Stripe test mode)

CI/CD Pipeline Phase 3

GitHub Actions workflow (test on push/PR)
Backend coverage threshold: 75%
Frontend coverage threshold: 60%
Fail builds below thresholds
Coverage reports as PR comments

Effort:2–3 days (AI-assisted)

Grade after:A

Pre-Work Package (Ready for Stitch)

Charlotte has prepared the following files in documents/test-prep/. These are ready to copy into the codebase and fill in.

File	What It Is	Action
`backend/vitest.config.ts`	Vitest configuration with v8 coverage, thresholds, test patterns	Copy to backend/
`backend/tests/setup.js`	Global test setup — mocks for ALL external services (Supabase, Stripe, AI, Kit, Cloudinary, Resend, Twilio, Instagram)	Copy to backend/tests/
`backend/tests/routes/authRoutes.test.js`	17 test stubs for auth routes	Fill in test bodies
`backend/tests/routes/billingRoutes.test.js`	16 test stubs for billing/Stripe	Fill in test bodies
`backend/tests/routes/contentRoutes.test.js`	28 test stubs for content CRUD + AI generation	Fill in test bodies
`backend/tests/routes/publishRoutes.test.js`	9 test stubs for Instagram publishing	Fill in test bodies
`backend/tests/routes/instagramRoutes.test.js`	11 test stubs for Instagram OAuth + insights	Fill in test bodies
`backend/tests/routes/onboardingRoutes.test.js`	7 test stubs for onboarding flow	Fill in test bodies
`backend/tests/routes/adminRoutes.test.js`	7 test stubs for admin dashboard	Fill in test bodies
`backend/tests/middleware/auth.test.js`	9 test stubs for JWT middleware	Fill in test bodies
`backend/tests/middleware/featureGate.test.js`	10 test stubs for tier gating	Fill in test bodies
`backend/tests/services/churnDetection.test.js`	9 test stubs for churn detection	Fill in test bodies
`backend/tests/services/retentionService.test.js`	8 test stubs for retention emails	Fill in test bodies
`backend/package-additions.json`	devDependencies + scripts to add to package.json	Merge into package.json
`ci/test.yml`	GitHub Actions workflow for automated test runs	Copy to .github/workflows/

Quick Start for Stitch

# Step 1: Install test dependencies cd backend npm install --save-dev vitest @vitest/coverage-v8 supertest # Step 2: Copy vitest config cp documents/test-prep/backend/vitest.config.ts ./vitest.config.ts # Step 3: Copy test setup + stubs cp -r documents/test-prep/backend/tests ./tests # Step 4: Add scripts to package.json # "test": "vitest run" # "test:watch": "vitest" # "test:coverage": "vitest run --coverage" # Step 5: Adjust mock imports in setup.js to match actual file paths # Then start filling in test bodies — stubs have Arrange/Act/Assert comments # Step 6: Run tests npm test

Important Notes for Stitch

Mock Adjustment Required

The setup.js mocks assume import paths like ../src/services/aiService. Stitch will need to verify these match the actual project structure. The mock implementations are realistic (returning plausible data shapes) but may need tweaking based on actual service return types.

DECISIONS.md Rules to Test Against

No credits system (removed 2026-02-14) — /stats endpoint must NOT return credits
5 hashtags max per post (Instagram limit since Dec 2025)
Founding members: 100 total, Pro at $49/mo, locked permanently
14-day free trial with full Pro access
Tier hierarchy: solo < pro < salon (not studio, not empire)
1 post/day/user architectural constraint
All 8 voice archetypes available to all tiers (no archetype gating)

Production Freeze Compatibility

Adding tests does NOT change application behavior and is safe during the Meta App Review production freeze. Test files, config, and devDependencies don't affect the production build.

Prepared by Charlotte (COO) • Stylify Test Coverage Plan • February 23, 2026
Pre-work package: documents/test-prep/