Skip to main content
Main Test Scripts: See QA_TEST_SCRIPTS.md Environment: the active QA deployment URL

Quick Start Checklist

Before You Begin

  • Get test account credentials (admin + regular user)
  • Access to test email account
  • Browser: Chrome, Firefox, or Safari (latest)
  • Mobile device or browser dev tools for responsive testing
  • Optional: Airtable account, Plaid sandbox credentials
  • Optional: webhook.site for webhook testing

Test Data to Prepare

  • Small PDF file (< 5MB) for file uploads
  • Large file (> 10MB) for size limit testing
  • Test image files (PNG, JPG)
  • Invalid files (.exe, .php) for security testing

3-Day Testing Plan at a Glance

Day 1 (6-8 hours) - Core Functionality

Must complete these critical tests:
  1. ✅ TS-001: User Authentication
  2. ✅ TS-002: Create and Publish Form
  3. ✅ TS-003: Submit Public Form (Anonymous)
  4. ✅ TS-004: View Submissions in Admin
  5. ✅ TS-005: Form Status Management
  6. ✅ TS-006: Multiple Field Types
  7. ✅ TS-007: Form Validation
  8. ✅ TS-008: Form Share Links
  9. ✅ TS-009: Draft Submissions
  10. ✅ TS-010: Email Notifications
Goal: Verify basic form creation → publish → submit → view workflow

Day 2 (6-8 hours) - Advanced Features

Focus on settings and integrations: 11. ✅ TS-011: Conditional Logic 12. ✅ TS-012: Workspaces/Folders 13. ✅ TS-013: Team Management 14. ✅ TS-014: Form Versioning 15. ✅ TS-015: Import/Export 16. ⚠️ TS-016: Airtable Integration (skip if no account) 17. ⚠️ TS-017: Plaid Integration (skip if not configured) 18. ✅ TS-018: Webhooks 19. ✅ TS-019: Portal Applications 20. ✅ TS-020: Submission Status Management 21. ✅ TS-021: Analytics/Insights 22. ✅ TS-022: Mobile Responsive Goal: Test all settings pages and integrations

Day 3 (6-8 hours) - Edge Cases & Security

Critical security and edge case testing: 23. ✅ TS-023: Concurrent Editing 24. ✅ TS-024: Permission/Access Control (CRITICAL) 25. ✅ TS-025: Form Deletion/Archival 26. ✅ TS-026: Large Form Submission 27. ✅ TS-027: File Upload Security (CRITICAL) 28. ✅ TS-028: Form Scheduling 29. ✅ TS-029: Response Capacity 30. ✅ TS-030: XSS Prevention (CRITICAL) 31. ✅ TS-031: Session Timeout 32. ✅ TS-032: Form Duplication 33. ✅ TS-033: Multi-language 34. ✅ TS-034: Email Deliverability 35. ✅ TS-035: Draft Auto-Save 36. ✅ TS-036: Submission Export 37. ✅ TS-037: Applicant Profile/Vault 38. ✅ TS-038: Audit Log 39. ✅ TS-039: Error Handling 40. ✅ TS-040: Performance Goal: Ensure security, test edge cases, verify error handling

Critical Tests (Cannot Skip)

These tests MUST pass before production:
  1. TS-001: Authentication - Users can log in
  2. TS-002: Create/Publish Form - Core workflow works
  3. TS-003: Public Submission - Forms can be submitted
  4. TS-024: Access Control - Non-admins can’t access admin features
  5. TS-027: File Security - File uploads are validated
  6. TS-030: XSS Prevention - No script injection possible

Common Test Accounts

Document your test credentials here: Admin Account:
  • Email: ___________________________
  • Password: _______________________
Regular User Account:
  • Email: ___________________________
  • Password: _______________________
Test Email for Notifications:
  • Email: ___________________________

Feature Coverage Map

Authentication & Users

  • Login/Logout (TS-001)
  • Session persistence (TS-031)
  • Role-based access (TS-024)
  • Team management (TS-013)

Form Creation

  • Basic form builder (TS-002)
  • Field types (TS-006)
  • Conditional logic (TS-011)
  • Form duplication (TS-032)

Form Settings

  • Details/status (TS-005)
  • Share links (TS-008)
  • Notifications (TS-010, TS-034)
  • Webhooks (TS-018)
  • Translations (TS-033)
  • Versioning (TS-014)
  • Analytics (TS-021)
  • Import/Export (TS-015, TS-036)

Form Submissions

  • Public anonymous (TS-003)
  • Validation (TS-007)
  • File uploads (TS-006, TS-027)
  • Draft submissions (TS-009)
  • View in admin (TS-004)
  • Status management (TS-020)
  • Export data (TS-036)

Portal (Authenticated)

  • Application workflow (TS-019)
  • Draft auto-save (TS-035)
  • Profile/Vault (TS-037)

Integrations

  • Airtable sync (TS-016)
  • Plaid verification (TS-017)
  • Webhooks (TS-018)

Organization

  • Workspaces (TS-012)
  • Team members (TS-013)
  • Audit logs (TS-038)

Advanced

  • Scheduling (TS-028)
  • Capacity limits (TS-029)
  • Concurrent editing (TS-023)
  • Mobile responsive (TS-022)

Security

  • Access control (TS-024)
  • XSS prevention (TS-030)
  • File validation (TS-027)
  • Session timeout (TS-031)

Bug Severity Guidelines

Critical (Blocks Production)

  • Authentication broken
  • Cannot create/publish forms
  • Cannot submit forms
  • Data loss or corruption
  • Security vulnerabilities (XSS, unauthorized access)
  • System crashes

High (Should fix before release)

  • Features don’t work as expected
  • Incorrect data displayed
  • Email notifications not sending
  • Integrations failing
  • Poor error handling

Medium (Should fix soon)

  • UI/UX issues
  • Minor validation problems
  • Performance issues
  • Non-critical features broken

Low (Nice to have)

  • Cosmetic issues
  • Minor text/label errors
  • Enhancement suggestions

Testing Tips

General

  • Use incognito/private windows for testing public forms and different user sessions
  • Take screenshots of every bug immediately
  • Record submission IDs when testing - makes bugs easier to debug
  • Test in different browsers (Chrome, Firefox, Safari) if you have time
  • Clear cache if you see stale data

Form Testing

  • Create test forms with prefix “QA” so they’re easy to identify and delete
  • Test both simple (3-5 fields) and complex (20+ fields) forms
  • Test every field type at least once
  • Always test required field validation

Submission Testing

  • Keep a spreadsheet of test submissions for reference
  • Use consistent test data (e.g., “Test User”, “test@example.com”) for easy identification
  • Test edge cases: empty submissions, maximum character limits, special characters

Admin Testing

  • Test with both admin and non-admin accounts
  • Verify non-admins cannot access admin routes
  • Test team member roles: Owner, Editor, Viewer

Integration Testing

  • Skip Airtable/Plaid tests if you don’t have accounts - mark as “SKIP”
  • Use webhook.site for webhook testing (free, no account needed)
  • Test notification emails - check spam folder

Known Limitations / Out of Scope

The following are NOT in scope for this QA round:
  • Agency multi-tenant features (unless specifically requested)
  • SMS notifications (unless Twilio configured)
  • Payment integrations
  • Custom code execution (TS-016 mentions but may not be active)
  • Extensive load testing (just basic performance - TS-040)

Reporting Bugs

What to Include

  1. Test Script # (e.g., TS-003)
  2. Clear title (e.g., “Form submission fails with file upload”)
  3. Steps to reproduce (numbered list)
  4. Expected vs Actual result
  5. Screenshot or video
  6. Browser and device info
  7. Submission/Form ID if applicable

Where to Report

  • Use Bug Report Template in QA_TEST_SCRIPTS.md
  • Create GitHub issue (if you have repo access)
  • Share in Slack/email with dev team

Bug Report Example

BUG-001: Form validation not showing for required fields

Test Script: TS-007 (Form Validation)
Date: 2024-01-15
Severity: High
Browser: Chrome 120 on macOS

Steps to Reproduce:
1. Visit form /f/qa-test-1
2. Leave "First Name" field empty
3. Click Submit

Expected: Error message "This field is required"
Actual: Form submits without validation error

Screenshot: [attach]
Form ID: abc-123

End-of-Day Checklist

At the end of each day:
  • Update test completion count in daily summary
  • Document all bugs found
  • Note any blockers for tomorrow
  • Flag critical issues immediately to dev team
  • Save all screenshots to organized folder
  • Update pass/fail status for each test

Final Report Checklist

After 3 days, prepare final report:
  • Total tests executed (target: 35-40 out of 40)
  • Pass rate percentage
  • Bug summary (Critical/High/Medium/Low counts)
  • Recommendation: Ready for production? Yes/No
  • List any blockers or areas not tested
  • Provide prioritized bug fix list

Quick Command Reference

Accessing Different Environments

  • QA deployment: the active QA deployment URL
  • Local (if running): localhost:3000

Key URLs to Test

  • / - Dashboard
  • /forms - Forms list
  • /forms/[id]/edit - Form builder
  • /forms/[id]/settings - Form settings
  • /forms/[id]/submissions - Submissions list
  • /f/[slug] - Public form
  • /portal - Applicant portal
  • /portal/applications/[id] - Application detail
  • /settings - Organization settings
  • /applicants - Applicants list

Browser Dev Tools

  • F12 or Cmd+Opt+I - Open dev tools
  • Cmd+Shift+M - Toggle mobile view
  • Application tab - View cookies/storage
  • Network tab - Monitor API calls
  • Console tab - Check for JavaScript errors

Questions During Testing?

If you encounter:
  • Unclear requirements - Flag and continue, note in bug report
  • Environment issues - Check with dev team (credentials, integrations)
  • Test blockers - Document and move to next test
  • Assumed functionality - Document assumption, test anyway
Contact:
  • Dev team: [Slack channel / Email]
  • Questions: [Contact person]

Success Criteria

QA is successful if:
  • ✅ All Critical tests pass
  • ✅ All High priority tests pass (or bugs documented)
  • ✅ No Critical or High security issues
  • ✅ Core workflow (create → publish → submit → view) works flawlessly
  • ✅ 80%+ overall pass rate
  • ✅ All bugs clearly documented with repro steps
Ready to start? Begin with Day 1, TS-001 in the main test scripts document. Good luck! 🚀