To ensure "Repeatable Quality" across contributors. Tests are not just for bugs; they are for confidence.
2. The Standard (The Floor)
[MUST] The Pyramid: Tests MUST follow the distribution:
Unit (Vitest): 70% of tests. Fast, isolated, logic-heavy.
Integration (Vitest/TSX): 20% of tests. Checking components and services together.
E2E (Playwright): 10% of tests. Critical "Golden Routes" only.
[MUST] Smoke Tests: Every Stable module MUST have at least one E2E Smoke Test covering its primary "Happy Path" (The Golden Route).
[MUST] Minimum Coverage:
Services/Utils: 80% Unit coverage.
UI Components: 50% Component coverage (focus on interactivity).
2.5 Security Gates (The Moat)
[MUST] Shift-Left AuthZ: Authorization checks MUST be developed concurrently with the feature. "Zero-Trust TDD" means writing the test for the "Imposter" before writing the helper for the "User".
[MUST] Positive & Negative Testing:
Positive: Verify the Authorized User CAN perform the action.
Negative: Verify the Unauthorized User/Guest is BLOCKED (403 Forbidden).
[MUST] Gate 2 (Staging) Barrier: No code generally available on Staging without passing Security Unit Tests. Staging is for Acceptance, not for finding out you forgot to lock the door.
3. Best Practices (The Path)
[SHOULD] Golden Datasets: Use deterministic seeds (DataSeeder-Gold) for tests, not random data.
[SHOULD] Visual Regression: Critical UI (Dashboards, Landing) should be gated by Visual Regression (Snapshot) tests.