Skip to main content
Main Test Scripts: See QA_TEST_SCRIPTS.md Environment: the active QA deployment URL

​
Quick Start Checklist

​
Before You Begin

  • Get test account credentials (admin + regular user)
  • Access to test email account
  • Browser: Chrome, Firefox, or Safari (latest)
  • Mobile device or browser dev tools for responsive testing
  • Optional: Airtable account, Plaid sandbox credentials
  • Optional: webhook.site for webhook testing

​
Test Data to Prepare

  • Small PDF file (< 5MB) for file uploads
  • Large file (> 10MB) for size limit testing
  • Test image files (PNG, JPG)
  • Invalid files (.exe, .php) for security testing

​
3-Day Testing Plan at a Glance

​
Day 1 (6-8 hours) - Core Functionality

Must complete these critical tests:
  1. βœ… TS-001: User Authentication
  2. βœ… TS-002: Create and Publish Form
  3. βœ… TS-003: Submit Public Form (Anonymous)
  4. βœ… TS-004: View Submissions in Admin
  5. βœ… TS-005: Form Status Management
  6. βœ… TS-006: Multiple Field Types
  7. βœ… TS-007: Form Validation
  8. βœ… TS-008: Form Share Links
  9. βœ… TS-009: Draft Submissions
  10. βœ… TS-010: Email Notifications
Goal: Verify basic form creation β†’ publish β†’ submit β†’ view workflow

​
Day 2 (6-8 hours) - Advanced Features

Focus on settings and integrations: 11. βœ… TS-011: Conditional Logic 12. βœ… TS-012: Workspaces/Folders 13. βœ… TS-013: Team Management 14. βœ… TS-014: Form Versioning 15. βœ… TS-015: Import/Export 16. ⚠️ TS-016: Airtable Integration (skip if no account) 17. ⚠️ TS-017: Plaid Integration (skip if not configured) 18. βœ… TS-018: Webhooks 19. βœ… TS-019: Portal Applications 20. βœ… TS-020: Submission Status Management 21. βœ… TS-021: Analytics/Insights 22. βœ… TS-022: Mobile Responsive Goal: Test all settings pages and integrations

​
Day 3 (6-8 hours) - Edge Cases & Security

Critical security and edge case testing: 23. βœ… TS-023: Concurrent Editing 24. βœ… TS-024: Permission/Access Control (CRITICAL) 25. βœ… TS-025: Form Deletion/Archival 26. βœ… TS-026: Large Form Submission 27. βœ… TS-027: File Upload Security (CRITICAL) 28. βœ… TS-028: Form Scheduling 29. βœ… TS-029: Response Capacity 30. βœ… TS-030: XSS Prevention (CRITICAL) 31. βœ… TS-031: Session Timeout 32. βœ… TS-032: Form Duplication 33. βœ… TS-033: Multi-language 34. βœ… TS-034: Email Deliverability 35. βœ… TS-035: Draft Auto-Save 36. βœ… TS-036: Submission Export 37. βœ… TS-037: Applicant Profile/Vault 38. βœ… TS-038: Audit Log 39. βœ… TS-039: Error Handling 40. βœ… TS-040: Performance Goal: Ensure security, test edge cases, verify error handling

​
Critical Tests (Cannot Skip)

These tests MUST pass before production:
  1. TS-001: Authentication - Users can log in
  2. TS-002: Create/Publish Form - Core workflow works
  3. TS-003: Public Submission - Forms can be submitted
  4. TS-024: Access Control - Non-admins can’t access admin features
  5. TS-027: File Security - File uploads are validated
  6. TS-030: XSS Prevention - No script injection possible

​
Common Test Accounts

Document your test credentials here: Admin Account:
  • Email: ___________________________
  • Password: _______________________
Regular User Account:
  • Email: ___________________________
  • Password: _______________________
Test Email for Notifications:
  • Email: ___________________________

​
Feature Coverage Map

​
Authentication & Users

  • Login/Logout (TS-001)
  • Session persistence (TS-031)
  • Role-based access (TS-024)
  • Team management (TS-013)

​
Form Creation

  • Basic form builder (TS-002)
  • Field types (TS-006)
  • Conditional logic (TS-011)
  • Form duplication (TS-032)

​
Form Settings

  • Details/status (TS-005)
  • Share links (TS-008)
  • Notifications (TS-010, TS-034)
  • Webhooks (TS-018)
  • Translations (TS-033)
  • Versioning (TS-014)
  • Analytics (TS-021)
  • Import/Export (TS-015, TS-036)

​
Form Submissions

  • Public anonymous (TS-003)
  • Validation (TS-007)
  • File uploads (TS-006, TS-027)
  • Draft submissions (TS-009)
  • View in admin (TS-004)
  • Status management (TS-020)
  • Export data (TS-036)

​
Portal (Authenticated)

  • Application workflow (TS-019)
  • Draft auto-save (TS-035)
  • Profile/Vault (TS-037)

​
Integrations

  • Airtable sync (TS-016)
  • Plaid verification (TS-017)
  • Webhooks (TS-018)

​
Organization

  • Workspaces (TS-012)
  • Team members (TS-013)
  • Audit logs (TS-038)

​
Advanced

  • Scheduling (TS-028)
  • Capacity limits (TS-029)
  • Concurrent editing (TS-023)
  • Mobile responsive (TS-022)

​
Security

  • Access control (TS-024)
  • XSS prevention (TS-030)
  • File validation (TS-027)
  • Session timeout (TS-031)

​
Bug Severity Guidelines

​
Critical (Blocks Production)

  • Authentication broken
  • Cannot create/publish forms
  • Cannot submit forms
  • Data loss or corruption
  • Security vulnerabilities (XSS, unauthorized access)
  • System crashes

​
High (Should fix before release)

  • Features don’t work as expected
  • Incorrect data displayed
  • Email notifications not sending
  • Integrations failing
  • Poor error handling

​
Medium (Should fix soon)

  • UI/UX issues
  • Minor validation problems
  • Performance issues
  • Non-critical features broken

​
Low (Nice to have)

  • Cosmetic issues
  • Minor text/label errors
  • Enhancement suggestions

​
Testing Tips

​
General

  • Use incognito/private windows for testing public forms and different user sessions
  • Take screenshots of every bug immediately
  • Record submission IDs when testing - makes bugs easier to debug
  • Test in different browsers (Chrome, Firefox, Safari) if you have time
  • Clear cache if you see stale data

​
Form Testing

  • Create test forms with prefix β€œQA” so they’re easy to identify and delete
  • Test both simple (3-5 fields) and complex (20+ fields) forms
  • Test every field type at least once
  • Always test required field validation

​
Submission Testing

  • Keep a spreadsheet of test submissions for reference
  • Use consistent test data (e.g., β€œTest User”, β€œtest@example.com”) for easy identification
  • Test edge cases: empty submissions, maximum character limits, special characters

​
Admin Testing

  • Test with both admin and non-admin accounts
  • Verify non-admins cannot access admin routes
  • Test team member roles: Owner, Editor, Viewer

​
Integration Testing

  • Skip Airtable/Plaid tests if you don’t have accounts - mark as β€œSKIP”
  • Use webhook.site for webhook testing (free, no account needed)
  • Test notification emails - check spam folder

​
Known Limitations / Out of Scope

The following are NOT in scope for this QA round:
  • Agency multi-tenant features (unless specifically requested)
  • SMS notifications (unless Twilio configured)
  • Payment integrations
  • Custom code execution (TS-016 mentions but may not be active)
  • Extensive load testing (just basic performance - TS-040)

​
Reporting Bugs

​
What to Include

  1. Test Script # (e.g., TS-003)
  2. Clear title (e.g., β€œForm submission fails with file upload”)
  3. Steps to reproduce (numbered list)
  4. Expected vs Actual result
  5. Screenshot or video
  6. Browser and device info
  7. Submission/Form ID if applicable

​
Where to Report

  • Use Bug Report Template in QA_TEST_SCRIPTS.md
  • Create GitHub issue (if you have repo access)
  • Share in Slack/email with dev team

​
Bug Report Example

BUG-001: Form validation not showing for required fields

Test Script: TS-007 (Form Validation)
Date: 2024-01-15
Severity: High
Browser: Chrome 120 on macOS

Steps to Reproduce:
1. Visit form /f/qa-test-1
2. Leave "First Name" field empty
3. Click Submit

Expected: Error message "This field is required"
Actual: Form submits without validation error

Screenshot: [attach]
Form ID: abc-123

​
End-of-Day Checklist

At the end of each day:
  • Update test completion count in daily summary
  • Document all bugs found
  • Note any blockers for tomorrow
  • Flag critical issues immediately to dev team
  • Save all screenshots to organized folder
  • Update pass/fail status for each test

​
Final Report Checklist

After 3 days, prepare final report:
  • Total tests executed (target: 35-40 out of 40)
  • Pass rate percentage
  • Bug summary (Critical/High/Medium/Low counts)
  • Recommendation: Ready for production? Yes/No
  • List any blockers or areas not tested
  • Provide prioritized bug fix list

​
Quick Command Reference

​
Accessing Different Environments

  • QA deployment: the active QA deployment URL
  • Local (if running): localhost:3000

​
Key URLs to Test

  • / - Dashboard
  • /forms - Forms list
  • /forms/[id]/edit - Form builder
  • /forms/[id]/settings - Form settings
  • /forms/[id]/submissions - Submissions list
  • /f/[slug] - Public form
  • /portal - Applicant portal
  • /portal/applications/[id] - Application detail
  • /settings - Organization settings
  • /applicants - Applicants list

​
Browser Dev Tools

  • F12 or Cmd+Opt+I - Open dev tools
  • Cmd+Shift+M - Toggle mobile view
  • Application tab - View cookies/storage
  • Network tab - Monitor API calls
  • Console tab - Check for JavaScript errors

​
Questions During Testing?

If you encounter:
  • Unclear requirements - Flag and continue, note in bug report
  • Environment issues - Check with dev team (credentials, integrations)
  • Test blockers - Document and move to next test
  • Assumed functionality - Document assumption, test anyway
Contact:
  • Dev team: [Slack channel / Email]
  • Questions: [Contact person]

​
Success Criteria

QA is successful if:
  • βœ… All Critical tests pass
  • βœ… All High priority tests pass (or bugs documented)
  • βœ… No Critical or High security issues
  • βœ… Core workflow (create β†’ publish β†’ submit β†’ view) works flawlessly
  • βœ… 80%+ overall pass rate
  • βœ… All bugs clearly documented with repro steps
Ready to start? Begin with Day 1, TS-001 in the main test scripts document. Good luck! πŸš€