Webchat QA and Rollout Guide
Quality gates, test plan, and rollout sequence for ReplyBase Webchat
Objective
Define the minimum quality and operations process before broad webchat rollout.
Quality Gates
- All webchat API routes pass integration tests.
- Embed script works on desktop and mobile breakpoints.
- CORS and domain restrictions are verified.
- AI fallback behavior is validated under failures.
- Dashboard setup can generate working snippet.
Test Plan
Unit tests
- token signing and verification
- token expiry behavior
- origin allow/deny logic
- request validation for init/message/config
Integration tests
- init creates/reuses visitor and conversation
- message persists inbound and outbound transcript
- config returns safe-only payload
- guards for invalid token, origin, and conversation
E2E tests
- embed boot sequence
- launcher open/close behavior
- message roundtrip rendering
- mobile viewport behavior
Chaos tests
- AI timeout
- engine unavailable
- CORS misconfiguration
- message storm and rate-limit pressure
Monitoring Dashboard
Admin monitoring is available at /admin/webchat-monitoring and should be reviewed before broadening rollout.
- active sites and sites with live traffic
- sessions, conversations, messages, widget events
- error-event rate and last-activity freshness
- incident counts by blocked-origin, token, rate-limit, rollout
- pilot-tenant summaries and rollout recommendation card
Rollout Sequence
- Enable behind webchat_enabled feature flag.
- Internal validation tenants only.
- Pilot 1 to 2 external tenants.
- Expand by plan tier when SLO targets are stable.
- Run post-rollout hardening and update playbook.
Current Gaps To Close
- add dedicated webchat test suite to CI
- add distributed rate limiter for multi-instance environments
- verify strict Origin + Referer enforcement in production
- add external telemetry dashboards and alerts