This document provides instructions for testing the Xero CFO Assistant Agent to ensure all components are functioning correctly.
Before running tests, ensure you have:
- Node.js (v16 or higher) installed
- npm (v7 or higher) installed
- A test Xero account with API credentials
- The application installed and configured according to the README.md
-
Create a
.env.testfile based on the provided.env.example:cp .env.example .env.test -
Update the
.env.testfile with your test Xero API credentials and other configuration options. -
Install development dependencies:
npm install --include=dev
The application includes a comprehensive test suite using Jest. To run all tests:
npm test
To run specific test categories:
npm test -- --testPathPattern=auth # Run authentication tests
npm test -- --testPathPattern=xero # Run Xero API integration tests
npm test -- --testPathPattern=bookkeeping # Run bookkeeping tests
npm test -- --testPathPattern=analysis # Run financial analysis tests
npm test -- --testPathPattern=n8n # Run n8n integration tests
To run tests with coverage report:
npm test -- --coverage
-
User Registration
- Create a new user account
- Verify email validation
- Test password strength requirements
- Verify successful registration
-
User Login
- Login with valid credentials
- Test invalid credentials handling
- Verify JWT token generation
- Test token expiration
-
Xero OAuth
- Initiate Xero OAuth flow
- Authorize application in Xero
- Verify callback handling
- Check token storage
- Test tenant selection
-
Tenant Management
- List connected Xero tenants
- Set active tenant
- Switch between tenants
-
Contacts
- List Xero contacts
- Test pagination
- Test filtering
-
Accounts
- List Xero accounts
- Verify account types
- Test filtering
-
Invoices
- List Xero invoices
- Test status filtering
- Verify invoice details
-
Bills
- List Xero bills
- Test status filtering
- Verify bill details
-
Bank Transactions
- List Xero bank transactions
- Test date range filtering
- Verify transaction details
-
Bank Reconciliation
- Reconcile bank transaction with invoice
- Verify reconciliation status
- Test multiple reconciliations
-
Transaction Categorization
- Categorize transactions manually
- Test automatic categorization with rules
- Verify category assignment
-
Category Management
- List transaction categories
- Create new category
- Update existing category
- Delete category
-
Rule Management
- List categorization rules
- Create new rule
- Test rule pattern matching
- Update existing rule
- Delete rule
-
KPI Calculation
- Get financial KPIs
- Verify profitability metrics
- Verify liquidity metrics
- Verify efficiency metrics
- Test comparison with previous period
-
Cash Flow Forecasting
- Get cash flow forecast
- Verify forecast accuracy
- Test different forecast periods
- Check lowest balance detection
-
Anomaly Detection
- Get financial anomalies
- Test different anomaly types
- Verify anomaly severity
- Test threshold adjustment
-
Report Generation
- List financial reports
- Get specific report
- Verify report content
- Test different report types
-
API Endpoints
- Test all n8n API endpoints
- Verify API key authentication
- Test rate limiting
-
Workflow Templates
- Import daily reconciliation workflow
- Import invoice reminder workflow
- Import monthly report workflow
- Test workflow execution
-
Webhook System
- Register new webhook
- List registered webhooks
- Update webhook
- Test webhook
- Delete webhook
-
Input Validation
- Test valid inputs
- Test invalid inputs
- Verify validation error messages
-
CSRF Protection
- Verify CSRF token generation
- Test CSRF token validation
- Test CSRF protection bypass attempts
-
Rate Limiting
- Test standard rate limits
- Test authentication rate limits
- Test API rate limits
- Verify rate limit headers
-
Audit Logging
- Verify audit log entries for sensitive operations
- Check log redaction of sensitive data
- Test log retrieval
-
Data Encryption
- Verify token encryption
- Test encrypted data retrieval
- Verify encryption key handling
-
Secure Headers
- Check Content-Security-Policy
- Verify X-XSS-Protection
- Check Strict-Transport-Security
- Verify X-Content-Type-Options
You can use tools like Postman or curl to test the API endpoints. Here are some example curl commands:
# Register a new user
curl -X POST http://localhost:3000/api/auth/register \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"securepassword","firstName":"Test","lastName":"User"}'
# Login
curl -X POST http://localhost:3000/api/auth/login \
-H "Content-Type: application/json" \
-d '{"email":"test@example.com","password":"securepassword"}'
# Get user profile
curl -X GET http://localhost:3000/api/auth/profile \
-H "Authorization: Bearer YOUR_JWT_TOKEN"# List Xero tenants
curl -X GET http://localhost:3000/api/xero/tenants \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
# List Xero invoices
curl -X GET http://localhost:3000/api/xero/invoices \
-H "Authorization: Bearer YOUR_JWT_TOKEN"# List transaction categories
curl -X GET http://localhost:3000/api/bookkeeping/categories \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
# Categorize transaction
curl -X POST http://localhost:3000/api/bookkeeping/categorize \
-H "Authorization: Bearer YOUR_JWT_TOKEN" \
-H "Content-Type: application/json" \
-d '{"bankTransactionId":"transaction123","categoryId":"category123"}'# Get financial KPIs
curl -X GET http://localhost:3000/api/analysis/kpis \
-H "Authorization: Bearer YOUR_JWT_TOKEN"
# Get cash flow forecast
curl -X GET http://localhost:3000/api/analysis/cash-flow/forecast \
-H "Authorization: Bearer YOUR_JWT_TOKEN"# Get financial KPIs for n8n
curl -X GET http://localhost:3000/api/n8n/kpis \
-H "X-API-Key: YOUR_API_KEY"
# Get overdue invoices for n8n
curl -X GET http://localhost:3000/api/n8n/invoices/overdue \
-H "X-API-Key: YOUR_API_KEY"To test the performance of the application:
-
Install Artillery:
npm install -g artillery -
Create a test scenario file (e.g.,
performance-test.yml):config: target: "http://localhost:3000" phases: - duration: 60 arrivalRate: 5 rampTo: 20 name: "Warm up phase" - duration: 120 arrivalRate: 20 name: "Sustained load phase" defaults: headers: Authorization: "Bearer YOUR_JWT_TOKEN" scenarios: - name: "Get financial KPIs" flow: - get: url: "/api/analysis/kpis" - name: "Get cash flow forecast" flow: - get: url: "/api/analysis/cash-flow/forecast" - name: "List invoices" flow: - get: url: "/api/xero/invoices"
-
Run the performance test:
artillery run performance-test.yml
To test the integration with n8n:
-
Install n8n:
npm install -g n8n -
Start n8n:
n8n start -
Import the workflow templates from the
n8n_workflowsdirectory. -
Configure the workflows with your API endpoint and API key.
-
Execute the workflows and verify the results.
-
Authentication Failures
- Check that your JWT token is valid and not expired
- Verify that your Xero OAuth tokens are valid
- Ensure your API key is correct for n8n endpoints
-
Xero API Errors
- Verify your Xero API credentials
- Check that your Xero app has the required scopes
- Ensure your Xero account has the necessary permissions
-
Database Connection Issues
- Verify your database connection string
- Check that the database exists and is accessible
- Ensure the database user has the necessary permissions
-
Rate Limiting
- If you encounter 429 errors, wait for the rate limit to reset
- Check the Retry-After header for the reset time
- Consider reducing the frequency of requests
The application includes detailed logging to help with debugging:
# Set log level to debug
LOG_LEVEL=debug npm start
Check the logs for error messages and stack traces.
If you encounter issues during testing, please report them with:
- A clear description of the issue
- Steps to reproduce
- Expected behavior
- Actual behavior
- Relevant logs or error messages
- Environment details (OS, Node.js version, etc.)
The application aims for at least 80% test coverage. You can check the current coverage with:
npm test -- --coverage
This will generate a coverage report in the coverage directory.