Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/sdurutr436/stay-sidekick/llms.txt

Use this file to discover all available pages before exploring further.

Stay Sidekick maintains a comprehensive test suite across both backend (Python/pytest) and frontend (Angular/Vitest) with a minimum 90% coverage threshold enforced in CI on every push and pull request. The strategy combines HTTP integration tests for the Flask API with unit tests for both backend services and Angular components, services, and guards — ensuring that behavioural regressions are caught before any code reaches the main branch.

Backend tests — pytest

The backend test suite is located at backend/tests/ and is executed with pytest. It covers both HTTP-level integration testing of Flask routes and unit-level testing of service logic.

92 test cases · 12 files

The full suite spans 12 test files split across two categories:7 HTTP integration suites — each mounts the relevant Flask Blueprint with a signed test JWT and exercises its routes end-to-end:
  • auth — login, token refresh, logout
  • empresas — company CRUD and multi-tenant isolation
  • usuarios — user management and role changes
  • perfil — per-company profile and integration settings
  • vault — communication template CRUD and AI usage logging
  • apartamentos — apartment catalogue and PMS sync
  • heatmap — date-range heatmap data processing
5 unit suites — test service-layer logic in isolation:
  • mail_service, contact, solicitud, usuarios, export_csv

Isolation strategy

Each test instantiates the Flask app in test mode with a HS256-signed JWT — no live database or external API connection is required.External dependencies are replaced at the call site using unittest.mock.patch:
  • Database — repository calls are patched to return fixture data
  • PMS clients (Smoobu, etc.) — HTTP clients are fully mocked
  • AI providerai_service.py calls are patched with canned responses
  • Mailgun / Discord — outbound HTTP calls are stubbed out
This keeps the suite fast, deterministic, and runnable without any service infrastructure.

Running backend tests

cd backend
python -m pytest tests/ -v
To run with coverage reporting (matching the CI command exactly):
python -m pytest tests/ -v \
  --cov=app \
  --cov-config=backend/.coveragerc \
  --cov-report=term \
  --cov-report=html:backend/htmlcov \
  --cov-report=xml:backend/coverage.xml \
  --cov-fail-under=90
The coverage HTML report is written to backend/htmlcov/ and the XML report to backend/coverage.xml. The --cov-fail-under=90 flag causes pytest to exit with a non-zero code if coverage drops below 90%, which is what CI checks.

Lint step

In CI, ruff runs as a separate job that must pass before pytest is allowed to start:
ruff check backend/app
This enforces code style and catches common Python errors across the entire backend/app/ source tree. To run it locally before committing:
pip install ruff
ruff check backend/app

Frontend tests — Vitest

The Angular SPA uses Vitest as its test runner (configured via frontend/vitest.config.ts) with Istanbul for coverage instrumentation. The test suite covers the full component and service hierarchy.

297 tests · 38 specs

Tests are organized by Angular architectural layer:
  • Services — all injectable services covering API calls, state management, and business logic
  • Organisms — complex page-level components with multiple children
  • Molecules — mid-level composite components
  • Atoms — low-level presentational components
  • Guards — route guards protecting authenticated and role-gated routes
  • HTTP interceptor — the JWT attachment and CSRF double-submit cookie interceptor

Coverage thresholds

Istanbul enforces a minimum 90% threshold across all four metrics, defined in frontend/vitest.config.ts:
MetricThreshold
Statements90%
Branches90%
Functions90%
Lines90%
Any pull request that drops below 90% on any metric causes the CI — Tests y cobertura workflow to fail, blocking the merge.

Running frontend tests

cd frontend
pnpm install --frozen-lockfile
pnpm exec ng test --watch=false
The --watch=false flag runs the full suite once and exits, which is the same mode used in CI. To run in interactive watch mode during development, omit the flag:
pnpm exec ng test
Coverage reports are written to frontend/coverage/ in three formats:
FormatPathUse case
Text summarystdoutQuick terminal review
HTMLfrontend/coverage/index.htmlDetailed browser inspection
lcovfrontend/coverage/lcov.infoThird-party coverage tools

Running tests locally

Use these commands to run the full test suite for each layer before opening a pull request:
cd backend
pip install -r requirements.txt pytest ruff
ruff check backend/app
python -m pytest tests/ -v --cov=app --cov-fail-under=90

Security auditing — Trivy

In addition to the functional test suites, the trivy.yml workflow performs automated security auditing using Aqua Security Trivy.

Scan scope

Trivy scans the full filesystem and all IaC configuration files (Docker Compose, railway.toml, Dockerfiles, nginx.conf) for known vulnerabilities and misconfigurations.

Severity filter

Only HIGH and CRITICAL severity findings are reported. Unfixed vulnerabilities (no patch available upstream) are suppressed with ignore-unfixed: true to reduce noise.

Results destination

Results are published as SARIF to GitHub SecurityCode Scanning, where they appear as alerts on the repository. The raw SARIF file is also uploaded as a workflow artifact for 14 days.
Trivy runs on three triggers:
  • Every push to main
  • Every pull request targeting main that modifies backend, frontend, web, nginx, workflows, Docker Compose, or package.json
  • Weekly schedule — every Monday at 04:23 UTC, catching newly published CVEs for unchanged dependencies
  • Manual dispatch (workflow_dispatch) for on-demand audits
The coverage report for both backend and frontend is uploaded as a CI artifact with 14 days retention. To review coverage for a specific run, open the Actions tab on GitHub, select the relevant workflow run, and download the artifact from the Artifacts section at the bottom of the summary page.

Build docs developers (and LLMs) love