https://blog.abhipraya.dev/tags/testing/Recent content in Testing on Daffa AbhiprayaHugoen-us© Daffa AbhiprayaWed, 15 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w3-tdd/Wed, 15 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w3-tdd/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>Two weeks on mutation testing across the SIRA codebase. The first week wired <a href="https://github.com/boxed/mutmut">mutmut</a> (Python) and <a href="https://stryker-mutator.io/">Stryker</a> (TypeScript) into the pipeline and uncovered the uncomfortable truth: 91% line coverage on the services layer translated to a mutation score just above zero in places. The second week closed that gap by writing 400+ targeted tests across two rounds, driving the API mutation score from ~66% to 80.3%. This blog tells the full arc.</p>https://blog.abhipraya.dev/ppl/part-a/tdd/Thu, 09 Apr 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/tdd/<p>We had 91% line coverage and felt good about it. Then we ran mutation testing and scored 0%. Every line of our service layer was executed by tests, but almost nothing was actually verified. This is the story of how we discovered the gap between &ldquo;code was run&rdquo; and &ldquo;code was checked,&rdquo; and what we changed to close it.</p> <blockquote> <p><strong>Note:</strong> Our project is hosted on an internal GitLab instance, so we use the term <strong>MR (Merge Request)</strong> throughout this blog. If you&rsquo;re coming from GitHub, MRs are the equivalent of <strong>Pull Requests (PRs)</strong>.</p>https://blog.abhipraya.dev/ppl/part-b/s2w2-tdd/Mon, 30 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w2-tdd/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>Three new features landed this week that each required TDD from scratch: multi-device session management (SIRA-214), invoice cancellation (SIRA-125), and blocking inactive accounts (SIRA-215). All three followed the red-green cycle and included mock isolation for external dependencies.</p> <hr> <h2 id="session-management-testing-stateful-logic-with-mocks"> <a class="anchor" href="#session-management-testing-stateful-logic-with-mocks" data-anchor="session-management-testing-stateful-logic-with-mocks" aria-hidden="true">#</a> Session Management: Testing Stateful Logic with Mocks </h2> <p>SIRA-214 (MR !120) introduced <code>SessionService</code>, which manages active sessions per user with a device limit. The service has non-trivial state: upsert if session already exists, kick oldest if at capacity, validate ownership before revoking.</p>https://blog.abhipraya.dev/ppl/part-b/s2w1-tdd/Mon, 23 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s2w1-tdd/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>This week I pushed our testing strategy well beyond standard unit tests. The project already had 433 backend and 200 frontend tests with 91% line coverage, but I wanted to answer a harder question: <strong>do our tests actually catch bugs, or do they just execute code?</strong></p> <p>I added four advanced testing approaches: property-based testing (Hypothesis + fast-check), behavioral testing (pytest-bdd with Gherkin), mutation testing (mutmut + Stryker), and test isolation verification (pytest-randomly). The results were eye-opening.</p>https://blog.abhipraya.dev/ppl/part-a/tdd-and-qa/Sun, 15 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-a/tdd-and-qa/<p>We had 91% line coverage and felt good about it. Then we ran mutation testing and scored 0%. Every line of our service layer was executed by tests; almost nothing was actually verified. This is the story of how six advanced testing tools exposed the gap between &ldquo;code was run&rdquo; and &ldquo;code was checked,&rdquo; and what that means for any team relying on coverage as a quality signal.</p> <blockquote> <p><strong>Note:</strong> Our project is hosted on an internal GitLab instance, so we use the term <strong>MR (Merge Request)</strong> throughout this blog. If you&rsquo;re coming from GitHub, MRs are the equivalent of <strong>Pull Requests (PRs)</strong>.</p>https://blog.abhipraya.dev/ppl/part-b/s1w3-tdd/Fri, 13 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s1w3-tdd/<h2 id="what-i-worked-on"> <a class="anchor" href="#what-i-worked-on" data-anchor="what-i-worked-on" aria-hidden="true">#</a> What I Worked On </h2> <p>This week shipped three full-stack features using strict TDD discipline: invoice management (CRUD + filtering), layout/dashboard (sidebar, header, dashboard with role-based navigation), and a payments sidebar navigation link. Each feature followed red-green-refactor with tagged commits.</p> <p>The project now has <strong>392 backend tests</strong> and <strong>195 frontend tests</strong> (587 total), up from 51 last week.</p> <h2 id="red-green-refactor-commit-discipline"> <a class="anchor" href="#red-green-refactor-commit-discipline" data-anchor="red-green-refactor-commit-discipline" aria-hidden="true">#</a> Red-Green-Refactor Commit Discipline </h2> <p>Every feature branch this week followed tagged commits so the TDD flow is auditable from the git history alone.</p>https://blog.abhipraya.dev/ppl/part-b/s1w2-tdd/Wed, 04 Mar 2026 00:00:00 +0700https://blog.abhipraya.dev/ppl/part-b/s1w2-tdd/<p>TDD forces you to think about the interface before the implementation. This post covers how it was applied in the Smart Invoice Reminder AI (SIRA) backend for Sprint 1.</p> <h2 id="test-distribution"> <a class="anchor" href="#test-distribution" data-anchor="test-distribution" aria-hidden="true">#</a> Test Distribution </h2> <p>The API currently has 51 test functions across 4 files:</p> <table> <thead> <tr> <th>File</th> <th>Tests</th> <th>Scope</th> </tr> </thead> <tbody> <tr> <td><code>tests/test_auth.py</code></td> <td>14</td> <td>JWT validation, RBAC, DB queries</td> </tr> <tr> <td><code>tests/test_payments.py</code></td> <td>24</td> <td>Payment CRUD, business logic, edge cases</td> </tr> <tr> <td><code>tests/test_db_schema_and_seed.py</code></td> <td>6</td> <td>Migration integrity, seed validation</td> </tr> <tr> <td><code>tests/test_logging_middleware.py</code></td> <td>7</td> <td>HTTP access logging, request/response capture</td> </tr> </tbody> </table> <h2 id="red-green-refactor"> <a class="anchor" href="#red-green-refactor" data-anchor="red-green-refactor" aria-hidden="true">#</a> Red-Green-Refactor </h2> <p>The authentication feature (<a href="https://linear.app/ppl-sira/issue/SIRA-26">SIRA-26</a>) followed strict TDD commit discipline. Each backend function got its own RED commit (failing test) followed by a GREEN commit (passing implementation) before any cleanup.</p>