TEST_SESSION_ISOLATION.md

🧪 Session Isolation Testing Guide

Test Scenario: Verify Per-User Session Isolation

This guide will help you test that different users have completely isolated sessions in your IDWeekAgents app.

---

Prerequisites

✅ App is running at: https://huggingface.co/spaces/John-jero/IDWeekAgents
✅ You have at least 2 test user accounts (from AUTH_CREDENTIALS)
✅ Two browser windows (or one normal + one incognito)

---

Test Accounts Available

Based on your AUTH_CREDENTIALS, use any two different accounts:

Format: username:password

Example accounts (if you followed the setup):
- user1:password1
- user2:password2
- doctor1:pass123
- pharmacist:stewardship

---

🔬 Test Suite

TEST 1: Simple Chat Isolation ✨ (Should Work Now!)

Purpose: Verify that each user has their own chat history in Simple Chat

Steps:

1. Browser 1 (User A):

   • Go to: https://huggingface.co/spaces/John-jero/IDWeekAgents
   • Login with first account (e.g., user1:password1)
   • Click on "Simple Chat" tab
   • Send message: Hello, I'm User 1!
   • You should see the bot's response
   • Send another message: This is my private conversation

2. Browser 2 (User B):

   • Open incognito window or different browser
   • Go to: https://huggingface.co/spaces/John-jero/IDWeekAgents
   • Login with second account (e.g., user2:password2)
   • Click on "Simple Chat" tab
   • CHECK: Chat should be EMPTY (you should NOT see User 1's messages)
   • Send message: Hello, I'm User 2!
   • You should see the bot's response

3. Verify:

   • ✅ Browser 1 should ONLY show User 1's messages
   • ✅ Browser 2 should ONLY show User 2's messages
   • ✅ No cross-contamination between users

Expected Result: ✅ PASS - Each user sees only their own chat history

If it fails: ⚠️ The simple chat isolation didn't work. Check console logs.

---

TEST 2: Deployed Agent Chat Isolation ✨ (Should Work Now!)

Purpose: Verify that deployed agent chats are isolated per user

Prerequisites: You need at least one deployed agent in the app

Steps:

1. Browser 1 (User A):

   • Go to "Agent Builder" tab
   • Build a simple agent (or use existing agent)
   • Deploy it by clicking "Save"
   • Go to "Chat Panel" tab
   • Select your agent from dropdown
   • Chat with it: Hi, I'm testing User A

2. Browser 2 (User B):

   • Login as different user
   • Go to "Chat Panel" tab
   • CHECK: The dropdown should show available agents
   • Select an agent
   • CHECK: Chat history should be EMPTY (no User A messages)
   • Chat with it: Hi, I'm testing User B

3. Verify:

   • ✅ Each user has separate chat history with the same agent
   • ✅ User B doesn't see User A's conversation

Expected Result: ✅ PASS - Agent chats are isolated per user

If it fails: ⚠️ Check if chatpanel_handle is being called correctly

---

TEST 3: Agent Builder Isolation ⚠️ (May Not Work Yet)

Purpose: Verify that agent building is isolated per user

Steps:

1. Browser 1 (User A):

   • Go to "Agent Builder" tab
   • Create an agent:
     • Name: User1 Agent
     • Mission: Help User 1 with tasks
   • Click "Build Agent"

2. Browser 2 (User B):

   • Login as different user
   • Go to "Agent Builder" tab
   • CHECK: The builder should be empty or have User B's agents
   • CHECK: "Active Agents" should NOT show "User1 Agent"
   • Create different agent:
     • Name: User2 Agent
     • Mission: Help User 2 with tasks

3. Verify:

   • ✅ User A sees only their agents
   • ✅ User B sees only their agents

Expected Result: ⚠️ May FAIL - This feature needs more updates (see guide)

---

TEST 4: Concurrent User Activity 🔥

Purpose: Verify users can work simultaneously without interference

Steps:

1. Both browsers simultaneously:

   • User A: Chat in Simple Chat
   • User B: Chat in Simple Chat at the same time
   • Both users send messages back and forth

2. Verify:

   • ✅ Both users can chat simultaneously
   • ✅ No crashes or errors
   • ✅ No messages mixed up between users
   • ✅ Each user's responses are correct and isolated

Expected Result: ✅ PASS - Concurrent usage works smoothly

---

TEST 5: Session Persistence

Purpose: Verify that data persists during the session

Steps:

1. Browser 1 (User A):

   • Chat in Simple Chat: Message 1
   • Navigate to "Agent Builder" tab
   • Navigate back to "Simple Chat" tab
   • CHECK: Your chat history should still be there

2. Refresh the page:

   • Refresh the browser (F5)
   • Login again
   • Go to "Simple Chat"
   • CHECK: Chat history is cleared (expected - sessions are in-memory)

Expected Result:

• ✅ Session persists during navigation
• ✅ Session clears after refresh (expected behavior)

---

TEST 6: Clear Chat Isolation

Purpose: Verify that clearing chat only affects the current user

Steps:

1. Browser 1 (User A):

   • Chat in Simple Chat with several messages

2. Browser 2 (User B):

   • Chat in Simple Chat with several messages

3. Browser 1 (User A):

   • Click "Clear" button (if available)
   • CHECK: Only User A's chat is cleared

4. Browser 2 (User B):

   • CHECK: User B's chat is still there (unchanged)

Expected Result: ✅ PASS - Clear only affects current user

---

📊 Test Results Template

Copy and fill this out:

🧪 SESSION ISOLATION TEST RESULTS
Date: ___________
Tester: ___________

[ ] TEST 1: Simple Chat Isolation
    Status: PASS / FAIL
    Notes: ___________

[ ] TEST 2: Deployed Agent Chat Isolation
    Status: PASS / FAIL
    Notes: ___________

[ ] TEST 3: Agent Builder Isolation
    Status: PASS / FAIL / SKIPPED
    Notes: ___________

[ ] TEST 4: Concurrent User Activity
    Status: PASS / FAIL
    Notes: ___________

[ ] TEST 5: Session Persistence
    Status: PASS / FAIL
    Notes: ___________

[ ] TEST 6: Clear Chat Isolation
    Status: PASS / FAIL
    Notes: ___________

Overall Status: ___________
Issues Found: ___________

---

🐛 Troubleshooting

Issue: Both users see the same chat

Cause: Session isolation not working Solution:

1. Check browser console for errors
2. Verify AUTH_CREDENTIALS is set in HF Spaces
3. Check that you're using DIFFERENT user accounts

Issue: "request has no attribute username"

Cause: Authentication not enabled or user not logged in Solution:

1. Ensure you're logged in with valid credentials
2. Check AUTH_CREDENTIALS secret in HF Spaces settings

Issue: App crashes with multiple users

Cause: Race condition or thread safety issue Solution:

1. Check server logs in HF Spaces
2. Report the error stack trace

---

📈 What to Expect

✅ SHOULD WORK (Implemented):

• Simple Chat isolation
• Deployed Agent Chat isolation
• Concurrent user access
• Thread-safe operations

⚠️ MAY NOT WORK YET (Needs more updates):

• Agent Builder isolation
• Patient data isolation
• Other advanced features

---

🎯 Success Criteria

Minimum Requirements:

• ✅ TEST 1 (Simple Chat): MUST PASS
• ✅ TEST 2 (Agent Chat): MUST PASS
• ✅ TEST 4 (Concurrent): MUST PASS

Nice to Have:

• ✅ TEST 3, 5, 6: Would be great but may need more work

---

📝 Quick Test Script

Super Quick 2-Minute Test:

1. Open app in 2 browsers
2. Login as user1 in browser 1
3. Login as user2 in browser 2
4. Both go to "Simple Chat"
5. Both send: "Hello from [username]"
6. Each should see ONLY their own message

If this works: ✅ Session isolation is working! If this fails: ❌ Need to debug

---

🆘 Need Help?

If tests fail or you see issues:

1. Check console logs:

   • Open browser DevTools (F12)
   • Look for errors in Console tab

2. Check HF Spaces logs:

   • Go to your space page
   • Click "Logs" tab
   • Look for Python errors

3. Verify setup:

   • AUTH_CREDENTIALS secret is set
   • Using different user accounts
   • Both logged in successfully

---

🎉 Expected Outcome

After running these tests:

• You'll know exactly what's working
• You'll know what still needs work
• You'll have concrete examples for debugging

Goal: Tests 1, 2, and 4 should PASS ✅

---

Ready to test? Start with the Quick Test Script above! 🚀