Functional test generated by RoostGPT#71
Conversation
Using AI Model gpt-5
There was a problem hiding this comment.
Pull request overview
Adds a new RoostGPT-generated functional test suite (“functional-test-generation”) under functional_tests/, capturing a large set of API/UI scenarios and associated artifacts.
Changes:
- Add generated test artifacts for the “functional-test-generation” run (
.feature,.json,.csv,.xlsx) plus Roost metadata. - Append the new run’s entry to
functional_tests/README.md.
Reviewed changes
Copilot reviewed 4 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| functional_tests/functional-test-generation/functional-test-generation.feature | Adds a large Gherkin-style feature with many API/UI scenarios for an “Aegis Card” domain. |
| functional_tests/functional-test-generation/functional-test-generation.json | Adds structured scenario metadata for the generated suite. |
| functional_tests/functional-test-generation/functional-test-generation.csv | Adds a short index/list of scenario titles. |
| functional_tests/functional-test-generation/functional-test-generation.xlsx | Adds an Excel export of the generated suite. |
| functional_tests/functional-test-generation/.roost/roost_metadata.json | Adds Roost run metadata for traceability. |
| functional_tests/README.md | Adds a new entry linking to the generated outputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| **Input(s):** | ||
| 1. Aegis_WebCC_SRS.pdf | ||
| Path: /var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/Aegis_WebCC_SRS.pdf |
There was a problem hiding this comment.
The README entry records an absolute, ephemeral local path under /var/tmp for the input PDF. This reduces portability of the documentation and can leak environment-specific details; consider omitting the absolute path (or replacing with a repo-relative path / artifact name only).
| Path: /var/tmp/Roost/RoostGPT/functional-test-generation/36b11f32-a33a-4901-adf0-30d3869d995c/Aegis_WebCC_SRS.pdf | |
| Path: Aegis_WebCC_SRS.pdf |
| Given the API base URL is 'https://api.aegiscard.com' | ||
| And the Portal URL is 'https://portal.aegiscard.com' |
There was a problem hiding this comment.
The Background hard-codes the API/Portal URLs. Most other functional_tests feature files set the API base URL from the 'BASE_URL' environment variable for portability across environments; hard-coding a production-like domain makes these scenarios harder to run locally/CI and inconsistent with existing tests.
| Given the API base URL is 'https://api.aegiscard.com' | |
| And the Portal URL is 'https://portal.aegiscard.com' | |
| Given the API base URL is '${BASE_URL}' | |
| And the Portal URL is '${PORTAL_URL}' |
| "email": "user+test@domain.com", | ||
| "password": "weakPass1!", | ||
| "date_of_birth": "YYYY-17yo", | ||
| "phone_number": "+14165551234", | ||
| "ssn_last4": "1234", | ||
| "agree_terms": true | ||
| } | ||
| """ | ||
| And I include header 'X-CSRF-Token' with a valid CSRF token | ||
| Then the response status should be 422 | ||
| And the response should contain field errors for 'date_of_birth' and 'password' | ||
| When I resend a POST request to '/v2/auth/register' with JSON payload | ||
| """ | ||
| { | ||
| "first_name": "Jo", | ||
| "last_name": "Tester", | ||
| "email": "user+test@domain.com", | ||
| "password": "Stronger!Passw0rd", | ||
| "date_of_birth": "YYYY-18y-1d", | ||
| "phone_number": "+14165551234", | ||
| "ssn_last4": "1234", | ||
| "agree_terms": true | ||
| } | ||
| """ |
There was a problem hiding this comment.
The registration payload uses non-ISO placeholder values for date_of_birth (e.g., "YYYY-17yo", "YYYY-18y-1d"). As written this is not valid API input and will either break JSON/schema validation or require undocumented custom substitution logic. Prefer concrete ISO-8601 dates (or a documented test variable mechanism already used elsewhere in the repo).
| | <ac+0.01> | CAD | null | 5812 | OverLimit Rstr | OL01 | 402 | error 'INSUFFICIENT_FUNDS' and 'available_credit' returned | | ||
| | 1.00 | CAD | null | 5411 | Normal OK | OK01 | 200 | 'transaction_id' and 'auth_code' present | | ||
| | 10.00 | USD | 1.2345678 | 7011 | OverPrecision | OP01 | 400 | precision validation error for 'exchange_rate' | | ||
|
|
There was a problem hiding this comment.
In this Scenario Outline, the Examples table includes non-literal values like <ac+0.01>. Because <amount> is injected unquoted into JSON ("transaction_amount": <amount>), substituting <ac+0.01> will produce invalid JSON (and an invalid numeric value) unless there is special-case pre-processing. Use a literal number in the Examples table, or change the step to compute an over-limit amount from available_credit and inject a resolved numeric value.
| | <ac+0.01> | CAD | null | 5812 | OverLimit Rstr | OL01 | 402 | error 'INSUFFICIENT_FUNDS' and 'available_credit' returned | | |
| | 1.00 | CAD | null | 5411 | Normal OK | OK01 | 200 | 'transaction_id' and 'auth_code' present | | |
| | 10.00 | USD | 1.2345678 | 7011 | OverPrecision | OP01 | 400 | precision validation error for 'exchange_rate' | | |
| | 1.00 | CAD | null | 5411 | Normal OK | OK01 | 200 | 'transaction_id' and 'auth_code' present | | |
| | 10.00 | USD | 1.2345678 | 7011 | OverPrecision | OP01 | 400 | precision validation error for 'exchange_rate' | | |
| @api @transactions | |
| Scenario: Non-essential over-limit transaction is rejected when amount exceeds available credit by 0.01 | |
| Given I have captured 'available_credit' from GET '/v2/accounts/<account_id>/summary' and card_status is Active | |
| When I POST a CAD transaction of 'available_credit + 0.01' with mcc_code '5812' (restaurant) | |
| Then the response status should be 402 | |
| And the response should contain error 'INSUFFICIENT_FUNDS' | |
| And the response should contain 'available_credit' |
| Scenario Outline: Payments validation for minimum amount, bank account validity, date scheduling, owner-only access, and success cases | ||
| Given I am logged in as 'user+pay@domain.com' with valid MFA and CSRF token | ||
| And I have captured 'total_balance' and 'minimum_payment_due' from account summary and statement | ||
| When I send a POST request to '/v2/accounts/<account>/payments' with JSON payload | ||
| """ | ||
| { | ||
| "payment_amount": <amount>, | ||
| "payment_type": "<ptype>", | ||
| "bank_account_id": "<bank>", | ||
| "scheduled_date": "<schedule>" | ||
| } | ||
| """ | ||
| And I include header 'X-CSRF-Token' with a valid CSRF token | ||
| Then the response status should be <status> | ||
| And the response should contain <expectation> | ||
|
|
||
| Examples: | ||
| | account | amount | ptype | bank | schedule | status | expectation | | ||
| | <own> | 0.99 | MINIMUM | BANK-OK | null | 400 | error 'BELOW_MINIMUM' and 'minimum_payment_due' field | | ||
| | <own> | 5.00 | CUSTOM | BANK-BAD | null | 422 | error 'INVALID_BANK_ACCOUNT' | | ||
| | <own> | 2.00 | CUSTOM | BANK-OK | yesterday | 400 | error 'PAST_DATE' | | ||
| | <own> | 1.00 | CUSTOM | BANK-OK | null | 200 | 'payment_id' and 'new_balance_estimate' | | ||
| | <own> | <stmt> | STATEMENT_BALANCE| BANK-OK | tomorrow | 200 | 'payment_id' and 'scheduled_date' | | ||
| | <other> | 1.00 | CUSTOM | BANK-OK | null | 403 | error 'FORBIDDEN' | | ||
| | <own> | <total>| FULL_BALANCE | BANK-OK | null | 200 | 'payment_id' and 'new_balance_estimate' near zero | | ||
|
|
There was a problem hiding this comment.
This Payments Scenario Outline mixes placeholders like <stmt> / <total> into the unquoted numeric payment_amount field, which will yield invalid JSON unless there is an extra substitution layer. Similarly, "scheduled_date": "<schedule>" turns null into the string "null" and tokens like "yesterday"/"tomorrow" into non-ISO dates. Prefer resolving these to real numbers/dates via prior capture/compute steps, or omit the field entirely when not used.
| [ | ||
| { | ||
| "type": "end-to-end", | ||
| "title": "Registration to Approved Application with JWT, PKCE, CSRF, and Masked PAN", | ||
| "description": "Validate full journey from user registration through email verification, secure login with MFA, multi-step credit application (Steps 1-3) using session_token and CSRF headers, FICO-based approval, and dashboard masked PAN display.", | ||
| "testId": "TC-AEGIS-001", |
There was a problem hiding this comment.
This JSON output uses a top-level array, while other Roost-generated functional_tests JSON artifacts in this repo use an object wrapper with a scenarios array (e.g., functional_tests/ZBIO-5136/ZBIO-5136.json). If any tooling expects the established { "scenarios": [...] } shape, this new file will be incompatible—consider aligning the schema for consistency.
| "uiScreen": "Dashboard, Transactions, Statements, Payments", | ||
| "role": "Cardholder", | ||
| "authType": "OAuth2-JWT", | ||
| "csrfTokenUsed": "both", |
There was a problem hiding this comment.
Field csrfTokenUsed has inconsistent values across entries (e.g., "both", "true for POST, false for WS", etc.) vs simple "true"/"false" elsewhere. If this JSON is consumed programmatically, these free-form values make it harder to parse reliably—consider normalizing to a boolean plus an optional descriptive field for mixed cases.
| "csrfTokenUsed": "both", | |
| "csrfTokenUsed": true, | |
| "csrfTokenUsageDetails": "Scenario covers both presence and absence of X-CSRF-Token on applicable state-changing requests.", |
RoostGPT Logs