QA Checklist: performance branch

[laughable-9]

QA Test Guide — performance branch

What changed: Auth flow, API response formats, query limits, admin dashboard stats, appointment handling, activity submission, approval slips, notifications. All changes are under-the-hood — no UI was redesigned.

How to test: Run both servers (npm run dev in sroapp/ and srobackend/). Test as each role.

Before testing: Run database/migrations/20260413_performance_safety_constraints.sql in Supabase SQL Editor. This adds unique constraints for account email, appointment slots, and activity IDs.

---

1. Login & Navigation

Changed: Token caching, user sync only fires once per session, lazy-loaded routes.

• Log in with a Student account → lands on /dashboard
• Log in with an Admin account → lands on /admin
• Log in with an Adviser account → lands on /adviser
• Navigate between pages via sidebar — pages load (brief skeleton on first visit to each page is expected)
• Log out, then log back in → sync works, not stuck on loading

2. Admin Dashboard

Changed: Stats use count queries instead of loading all rows. Calendar data capped at 200.

• Open /admin → all 6 stat cards show correct numbers
• Cross-check one stat against its actual list page
• Calendar shows events, clicking a date shows side panel
• Click an activity in side panel → dialog opens with full details

3. Student Activities List

Changed: /api/activities/incoming and /summary now return paginated responses.

• Open /admin/student-activities → table loads with activities
• Filters work (status, organization, activity type)
• Click a row → activity detail dialog opens correctly
• Approve or reject an activity → status updates

4. Student Requests Page

Changed: /activities/user/:id now returns paginated response.

• As Student, open /requests → activities appear in correct tabs
• Click a row → detail dialog opens with the right activity

5. Activity Submission

Changed: Activity IDs use 5-digit random with retry. Schedule failure cleans up activity record.

• As Student, submit a new activity request with a PDF attachment → succeeds
• New activity appears in /requests
• As Admin, submit via /admin/create-activity → appears as auto-approved

6. Activity Edit/Appeal

Changed: Schedule update failure now returns error instead of silent 200.

• As Student, edit an existing activity (appeal). Change schedule dates → update succeeds, new dates appear

7. Appointment Booking

Changed: Unique constraint on slots, 409 on conflict.

• Book an appointment at an available slot → succeeds
• Blocked dates/times are not selectable

8. Appointment Settings

Changed: Expired appointments detected server-side, queries limited to 200, narrowed selects.

• As Admin, open /admin/appointment-settings → appointments load
• If past-due scheduled appointments exist → auto-rejected with toast
• Approve/reject a reschedule request → processes correctly

9. Org Applications

Changed: Query capped at 200.

• Open /admin/org-applications → applications load and display
• Click an application → review dialog works (approval, status, save)

10. Approval Slip Generation

Changed: DB updates batched, fetch limited to 50, status uses count query.

• Trigger "Generate Approval Slips" from admin activities → completes with correct count

11. Notifications

Changed: Proper subscription cleanup, deduplication on real-time notifications.

• Trigger a notification (e.g., approve an activity) → bell icon shows it
• No duplicate notifications appear
• Navigate away and back → notifications still load

12. Email Notifications

Changed: SMTP transporter reused instead of created per request.

• Trigger an email-sending action (appointment booking, activity approval) → email received

---

What NOT to test

• UI styling/layout — nothing changed visually
• File uploads to Google Drive — upload flow unchanged
• Supabase auth (Google OAuth) — untouched
• Annual reports page — no changes
• Super admin page — no changes
• Organization profiles — no changes