Skip to main content
The test suite can be run from the browser using the built-in test runner, or directly from the command line.
Tests run against a separate test_risk_monitor.db database. The conftest.py fixture overrides the FastAPI dependency that provides the database session, so seed data in risk_monitor.db is never read or modified by tests.

In-browser test runner

1

Start the app

Make sure the app is running locally. See Local setup.
2

Open the test page

Navigate to http://localhost:8000/test.The page loads immediately with a loading spinner. HTMX then sends a request to /test/run in the background.
3

View results

The /test/run endpoint runs pytest tests/ -v --tb=short as a subprocess, waits for it to complete, then returns the full output as a styled HTML partial. Each test’s pass or fail status is displayed inline on the page.

Command line

1

Run the full test suite

python -m pytest tests/ -v
The -v flag prints each test name and its result as tests run. Without it, pytest only prints a summary line at the end.
2

Run a single test file

python -m pytest tests/test_risk.py -v

Test structure

The suite is split across three files by concern:

tests/test_models.py

ORM model tests. Verifies that Business and RiskEvaluation models can be created, persisted, and queried via SQLAlchemy against the test database.

tests/test_risk.py

Risk engine tests. Because the engine uses controlled randomness, these tests are statistical: they run the evaluator many times and assert that the averages trend in the expected direction. For example:
  • High-risk industries (e.g. crypto) produce higher average scores than low-risk industries (e.g. healthcare) over 200 runs.
  • High-risk countries (e.g. Iran) produce higher average scores than safe countries (e.g. Canada) over 200 runs.
  • The risk_level string always matches the numeric risk_score thresholds (low < 25, medium < 50, high < 75, critical ≥ 75).
  • The factors field is always valid JSON with the keys base_score, industry_modifier, country_modifier, noise, and final_score.

tests/test_routes.py

HTTP endpoint tests using FastAPI’s TestClient (backed by httpx). Covers:
  • CRUD operations: listing, creating, and retrieving businesses
  • Risk evaluation and history endpoints
  • Filtering by name, industry, and date range; sorting; pagination (15 businesses per page)
  • Input validation: missing required fields, whitespace-only names, names over 255 characters, non-integer IDs
  • Error responses: 404 for missing resources, 422 for invalid input, correct HTML content in error pages
  • XSS and SQL injection: script tags and injection payloads in form fields and query parameters are escaped or rejected correctly

Build docs developers (and LLMs) love

Get started for freeTalk to us