Auth Route Tester
This workflow verifies that an authenticated route works end-to-end: correct response, correct side effects, and no obvious regressions.
Purpose & Scope
Use this workflow when:
- •You created or modified an authenticated route
- •You need to verify a route鈥檚 functional behavior and side effects
Out of scope:
- •Exhaustive negative testing (unless the task explicitly requires it)
Inputs & Preconditions
Inputs:
- •Route method + full URL
- •Expected request payload (if any)
- •Expected response shape/status
- •Expected side effects (DB writes, queue messages, logs, monitoring events)
Preconditions:
- •Identify authentication method (cookie/session/bearer/API key) and how to obtain test credentials safely.
- •Record test inputs and assumptions in workdocs for repeatability.
Steps
- •Locate the route implementation
- •Confirm route registration and handler wiring (route 鈫?controller 鈫?service as applicable).
- •Construct a reproducible request
- •Prefer a dedicated test helper under
/scripts/or a registered ability, if available. - •Otherwise, use a plain HTTP client (curl/Postman) with explicit headers/cookies.
- •Prefer a dedicated test helper under
- •Run the happy-path test
- •Confirm status code and response body shape match expectations.
- •Verify side effects
- •Check the authoritative data store or observable artifact (DB rows, files, emitted events).
- •Quick sanity checks
- •Run a minimal failure test if the task is auth-related (e.g., request without auth should be 401/403).
- •Report
- •Record what was tested, results, and any fixes performed.
Outputs
- •A short test report in workdocs (request, response, verification steps, findings)
- •Optional: small fixes if testing revealed clear implementation bugs
Safety Notes
- •Do not hardcode secrets or real credentials in SSOT docs.
- •Prefer test identities and development/test environments.