Test with a non-production API key and the onboarding test environment. Use real devices and final packaged artifacts in addition to emulators or development runs.
Consent matrix
Section titled “Consent matrix”| Scenario | Expected result |
|---|---|
| Clean install, accept | Verified accepted result returns exactly one SDK instance |
| Clean install, decline | No instance; the current version remains declined |
| Close/cancel window | No instance; deliberate retry remains possible |
| Invalid or malformed accepted decision | Local error; no native handle |
| Expired decision | Local error; no native handle |
| Decision for another API key or identity | Rejected; no native handle |
| Existing accepted state after restart | Wrapper restores the scoped decision and creates normally |
| Successful revoke | Local state becomes revoked and active instance closes |
| Failed revoke | Accepted state and instance remain available for retry |
Connection matrix
Section titled “Connection matrix”- Attach lifecycle handlers before calling
connect(). - Confirm
connect()can return before the connected event. - Wait for connected, then verify
isOnlineis true. - Disable network access and capture the disconnected reason.
- Restore connectivity and confirm policy-driven reconnect without an application retry loop.
- Exercise DNS failure, TLS interception, proxy/firewall restrictions, and inaccurate device time in the test environment.
- Confirm low-battery behavior does not trigger a competing manual reconnect loop.
Ownership and race tests
Section titled “Ownership and race tests”- Repeated start requests must not create unowned duplicate peers.
- Disconnect while connecting must leave the wrapper responsive.
- Final close/free/dispose must be idempotent at the application owner boundary even if only invoked once on the SDK.
- No callback may use UI or managed state after terminal release.
- Native applications must not free a handle during another call or callback.
Background matrix
Section titled “Background matrix”| Platform | Required tests |
|---|---|
| Android | Foreground/minimized, screen off, notification denied, OS-rejected service start, force-stop |
| iOS | Background/foreground, device lock, suspension, termination, low battery |
| Electron | All windows closed with background mode on/off, force quit, sleep/resume |
| Node.js | Signal shutdown, parent supervisor restart, system sleep |
| Windows | Minimize, hide/show, lock, sleep/resume, process exit |
| Linux | Daemon/service lifecycle owned by the host, signals, process exit |
Package-consumer test
Section titled “Package-consumer test”Create a minimal clean application outside the SDK repository, install only the delivered package, build a release artifact, and launch it from the final directory. This catches accidental dependencies on source-tree files, environment variables, or development library paths.
Security checks
Section titled “Security checks”- Search source maps, logs, crash reports, and packaged configuration for receipts, tokens, private keys, and registry credentials.
- Confirm Electron renderer code cannot import native packages.
- Confirm Android/iOS/WPF cannot create an instance by passing a boolean around the SDK-owned consent UI.
- Verify debug mode is disabled in release configuration.
Exit criteria
Section titled “Exit criteria”An integration is ready only when the platform matrix, consent/revoke flow, network interruption, final shutdown, and sanitized telemetry all pass using the exact artifacts intended for release.