Webchat QA and Rollout Guide
Tenant-facing quality gates and rollout sequence for MVP production webchat deployments
Objective
Define the minimum quality and operational checks before broad customer-facing webchat rollout.
Quality Gates
- All webchat API routes pass integration tests.
- Embed script works on desktop and mobile breakpoints.
- CORS and domain restrictions are verified.
- AI fallback behavior is validated under failures.
- Dashboard setup can generate working snippet.
Test Plan
Unit tests
- token signing and verification
- token expiry behavior
- origin allow/deny logic
- request validation for init/message/config
Integration tests
- init creates/reuses visitor and conversation
- message persists inbound and outbound transcript
- config returns safe-only payload
- guards for invalid token, origin, and conversation
E2E tests
- embed boot sequence
- launcher open/close behavior
- message roundtrip rendering
- mobile viewport behavior
Chaos tests
- AI timeout
- engine unavailable
- CORS misconfiguration
- message storm and rate-limit pressure
Monitoring Guidance
Use your available monitoring and diagnostics surfaces before broadening rollout to additional domains and campaigns.
- active sites and sites with live traffic
- sessions, conversations, messages, and widget events
- error-event rate and activity freshness
- blocked-origin, token, and rate-limit incidents
- site-level readiness before larger rollouts
Rollout Sequence
- Enable behind webchat_enabled feature flag.
- Validate on one low-risk production domain.
- Pilot 1 to 2 external tenants.
- Expand by plan tier when SLO targets are stable.
- Run post-rollout hardening and update playbook.
Current Gaps To Close
- add dedicated webchat test suite to CI
- add distributed rate limiter for multi-instance environments
- verify strict Origin + Referer enforcement in production
- add external telemetry dashboards and alerts