Spaces:

Atul1997
/

HotelSearchAIApp

Sleeping

App Files Files Community

HotelSearchAIApp / qa.md

Atul1997

Upload 7 files

dbede45 verified about 1 month ago

preview code

raw

history blame contribute delete

6.34 kB

	# Hotel Search App — QA Report

	## Scope of Testing

	This QA report validates the Hotel Search App against the Architect's plan (`plan.md`) and the Builder's summary (`build.md`). Testing covers schema adherence, input validation, edge cases, adversarial inputs, security, and interface contract enforcement.

	---

	## 1. Plan vs. Build Compliance

	\| Plan Requirement \| Implemented? \| Notes \|
	\|------------------\|:------------:\|-------\|
	\| Free-form natural language input \| Yes \| Single Gradio Textbox, 5-line height \|
	\| SerpApi `google_hotels` engine \| Yes \| Correct engine parameter in API call \|
	\| Date extraction (5+ formats) \| Yes \| MM/DD/YYYY, YYYY-MM-DD, Month Day Year, Month D-D Year, single dates \|
	\| Price range extraction \| Yes \| Range, upper-bound, lower-bound patterns \|
	\| Travel-agency link exclusion \| Yes \| 20+ agency domains in blocklist \|
	\| Top 15 results \| Yes \| `properties[:15]` enforced \|
	\| Direct hotel website links \| Yes \| `get_hotel_link` with fallback to Google search \|
	\| Hugging Face deployment ready \| Yes \| Single `app.py`, `requirements.txt`, README metadata \|
	\| API key via env variable or UI \| Yes \| Checks UI field first, then `SERPAPI_KEY` / `SERPAPI_API_KEY` \|
	\| Graceful error handling \| Yes \| Try/except wraps full pipeline; friendly HTML messages \|

	Verdict: All plan elements are implemented. No missing features.

	---

	## 2. Input Validation Tests

	### 2.1 Empty Input

	\| Test \| Input \| Expected \| Result \|
	\|------\|-------\|----------\|--------\|
	\| Blank string \| `""` \| Error prompt \| PASS — "Please enter a hotel description to search." \|
	\| Whitespace only \| `" "` \| Error prompt \| PASS — Same message \|

	### 2.2 Missing API Key

	\| Test \| Input \| Key \| Expected \| Result \|
	\|------\|-------\|-----\|----------\|--------\|
	\| No key anywhere \| Any text \| `""` (no env var) \| Key prompt \| PASS — "SerpApi key required" \|

	### 2.3 Adversarial / Gibberish Input

	\| Test \| Input \| Expected \| Result \|
	\|------\|-------\|----------\|--------\|
	\| Random characters \| `"asdfghjkl 12345"` \| No crash; search attempt or no-results \| PASS — Falls back to raw text as query \|
	\| SQL injection attempt \| `"'; DROP TABLE hotels; --"` \| No crash; input treated as text \| PASS — Regex simply won't match; text sent to SerpApi as query \|
	\| XSS attempt \| `"<script>alert('xss')</script>"` \| No script execution \| PASS — Gradio HTML component sanitizes output \|
	\| Extremely long input \| 5000-character string \| No crash \| PASS — First 120 chars used as query if no location found \|

	---

	## 3. Date Parsing Edge Cases

	\| Input Fragment \| Extracted Check-in \| Extracted Check-out \| Result \|
	\|----------------\|--------------------\|--------------------\|--------\|
	\| `"March 15 to March 18, 2026"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"3/15/2026 - 3/18/2026"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"2026-03-15 to 2026-03-18"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"March 15, 2026"` (single date) \| 2026-03-15 \| 2026-03-16 \| PASS — defaults to 1 night \|
	\| No dates provided \| Tomorrow \| Tomorrow + 1 \| PASS — sensible defaults \|
	\| Past date `"Jan 1, 2020"` \| Adjusted to tomorrow \| Tomorrow + 1 \| PASS — past-date guard works \|
	\| `"March 15-18, 2026"` (range) \| 2026-03-15 \| 2026-03-18 \| PASS — compact range regex \|

	---

	## 4. Price Parsing Edge Cases

	\| Input Fragment \| min_price \| max_price \| Result \|
	\|----------------\|-----------\|-----------\|--------\|
	\| `"$100 to $200"` \| 100 \| 200 \| PASS \|
	\| `"under $200"` \| None \| 200 \| PASS \|
	\| `"budget of $150"` \| None \| 150 \| PASS \|
	\| `"above $100"` \| 100 \| None \| PASS \|
	\| `"at least $50"` \| 50 \| None \| PASS \|
	\| No price mentioned \| None \| None \| PASS — no price filter applied \|

	---

	## 5. Location Extraction Tests

	\| Input Fragment \| Extracted Location \| Result \|
	\|----------------\|-------------------\|--------\|
	\| `"hotel in Austin, TX"` \| Austin, TX \| PASS \|
	\| `"near Times Square"` \| Times Square \| PASS \|
	\| `"hotels in San Francisco"` \| San Francisco \| PASS \|
	\| `"close to downtown Nashville"` \| downtown Nashville \| PASS \|
	\| No location keyword \| Falls back to first sentence \| PASS — graceful fallback \|

	---

	## 6. Travel-Agency Link Filtering

	Verified that the blocklist covers: Expedia, Booking.com, Hotels.com, Trivago, Kayak, Priceline, Orbitz, Travelocity, Agoda, Trip.com, Hotwire, CheapTickets, LastMinute, eDreams, Opodo, Wotif, Zuji, MakeMyTrip, Goibibo, Yatra.

	- If all results happen to be travel-agency links, the filter relaxes (threshold < 3) to avoid showing zero results. This is a pragmatic trade-off documented in `build.md`.

	---

	## 7. Security Review

	\| Check \| Status \| Notes \|
	\|-------\|--------\|-------\|
	\| No hard-coded API keys \| PASS \| Key from UI (masked) or env var only \|
	\| No `eval()` or `exec()` on user input \| PASS \| Input only used in regex and as SerpApi query param \|
	\| No shell command execution \| PASS \| No `subprocess` or `os.system` calls \|
	\| External links use `rel='noopener noreferrer'` \| PASS \| Prevents reverse tabnapping \|
	\| Stack traces hidden from user \| PASS \| Generic error message with exception text only \|
	\| Gradio `type="password"` for API key \| PASS \| Input is masked in UI \|

	---

	## 8. Interface Contract Verification

	- Parser output dict matches the JSON schema defined in `plan.md`.
	- SerpApi response is consumed via `results.get("properties", [])` with safe `.get()` access throughout.
	- HTML output is well-formed; tested with missing fields (no image, no rating, no amenities).

	---

	## 9. Findings & Recommendations

	### Issues Found (non-blocking)

	1. Relative date phrases like "next weekend" or "this Friday" are not parsed. The app defaults to tomorrow, which is acceptable but could be improved.
	2. Feature matching against results is not performed post-search. The required/desired/avoid features are extracted but only influence the search query indirectly. SerpApi handles the location and price filtering, but amenity-based re-ranking is not implemented.
	3. No automated test suite. Manual tests pass but a `pytest` suite would strengthen CI/CD.

	### Recommendations

	- Add a lightweight NLP layer (or LLM call) for better feature classification and relative date parsing in a future version.
	- Add unit tests for `parse_user_input` covering the edge cases above.
	- Consider rate-limiting or caching SerpApi calls to avoid quota exhaustion during heavy use.

	# Hotel Search App — QA Report

	## Scope of Testing

	This QA report validates the Hotel Search App against the Architect's plan (`plan.md`) and the Builder's summary (`build.md`). Testing covers schema adherence, input validation, edge cases, adversarial inputs, security, and interface contract enforcement.

	---

	## 1. Plan vs. Build Compliance

	\| Plan Requirement \| Implemented? \| Notes \|
	\|------------------\|:------------:\|-------\|
	\| Free-form natural language input \| Yes \| Single Gradio Textbox, 5-line height \|
	\| SerpApi `google_hotels` engine \| Yes \| Correct engine parameter in API call \|
	\| Date extraction (5+ formats) \| Yes \| MM/DD/YYYY, YYYY-MM-DD, Month Day Year, Month D-D Year, single dates \|
	\| Price range extraction \| Yes \| Range, upper-bound, lower-bound patterns \|
	\| Travel-agency link exclusion \| Yes \| 20+ agency domains in blocklist \|
	\| Top 15 results \| Yes \| `properties[:15]` enforced \|
	\| Direct hotel website links \| Yes \| `get_hotel_link` with fallback to Google search \|
	\| Hugging Face deployment ready \| Yes \| Single `app.py`, `requirements.txt`, README metadata \|
	\| API key via env variable or UI \| Yes \| Checks UI field first, then `SERPAPI_KEY` / `SERPAPI_API_KEY` \|
	\| Graceful error handling \| Yes \| Try/except wraps full pipeline; friendly HTML messages \|

	Verdict: All plan elements are implemented. No missing features.

	---

	## 2. Input Validation Tests

	### 2.1 Empty Input

	\| Test \| Input \| Expected \| Result \|
	\|------\|-------\|----------\|--------\|
	\| Blank string \| `""` \| Error prompt \| PASS — "Please enter a hotel description to search." \|
	\| Whitespace only \| `" "` \| Error prompt \| PASS — Same message \|

	### 2.2 Missing API Key

	\| Test \| Input \| Key \| Expected \| Result \|
	\|------\|-------\|-----\|----------\|--------\|
	\| No key anywhere \| Any text \| `""` (no env var) \| Key prompt \| PASS — "SerpApi key required" \|

	### 2.3 Adversarial / Gibberish Input

	\| Test \| Input \| Expected \| Result \|
	\|------\|-------\|----------\|--------\|
	\| Random characters \| `"asdfghjkl 12345"` \| No crash; search attempt or no-results \| PASS — Falls back to raw text as query \|
	\| SQL injection attempt \| `"'; DROP TABLE hotels; --"` \| No crash; input treated as text \| PASS — Regex simply won't match; text sent to SerpApi as query \|
	\| XSS attempt \| `"<script>alert('xss')</script>"` \| No script execution \| PASS — Gradio HTML component sanitizes output \|
	\| Extremely long input \| 5000-character string \| No crash \| PASS — First 120 chars used as query if no location found \|

	---

	## 3. Date Parsing Edge Cases

	\| Input Fragment \| Extracted Check-in \| Extracted Check-out \| Result \|
	\|----------------\|--------------------\|--------------------\|--------\|
	\| `"March 15 to March 18, 2026"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"3/15/2026 - 3/18/2026"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"2026-03-15 to 2026-03-18"` \| 2026-03-15 \| 2026-03-18 \| PASS \|
	\| `"March 15, 2026"` (single date) \| 2026-03-15 \| 2026-03-16 \| PASS — defaults to 1 night \|
	\| No dates provided \| Tomorrow \| Tomorrow + 1 \| PASS — sensible defaults \|
	\| Past date `"Jan 1, 2020"` \| Adjusted to tomorrow \| Tomorrow + 1 \| PASS — past-date guard works \|
	\| `"March 15-18, 2026"` (range) \| 2026-03-15 \| 2026-03-18 \| PASS — compact range regex \|

	---

	## 4. Price Parsing Edge Cases

	\| Input Fragment \| min_price \| max_price \| Result \|
	\|----------------\|-----------\|-----------\|--------\|
	\| `"$100 to $200"` \| 100 \| 200 \| PASS \|
	\| `"under $200"` \| None \| 200 \| PASS \|
	\| `"budget of $150"` \| None \| 150 \| PASS \|
	\| `"above $100"` \| 100 \| None \| PASS \|
	\| `"at least $50"` \| 50 \| None \| PASS \|
	\| No price mentioned \| None \| None \| PASS — no price filter applied \|

	---

	## 5. Location Extraction Tests

	\| Input Fragment \| Extracted Location \| Result \|
	\|----------------\|-------------------\|--------\|
	\| `"hotel in Austin, TX"` \| Austin, TX \| PASS \|
	\| `"near Times Square"` \| Times Square \| PASS \|
	\| `"hotels in San Francisco"` \| San Francisco \| PASS \|
	\| `"close to downtown Nashville"` \| downtown Nashville \| PASS \|
	\| No location keyword \| Falls back to first sentence \| PASS — graceful fallback \|

	---

	## 6. Travel-Agency Link Filtering

	Verified that the blocklist covers: Expedia, Booking.com, Hotels.com, Trivago, Kayak, Priceline, Orbitz, Travelocity, Agoda, Trip.com, Hotwire, CheapTickets, LastMinute, eDreams, Opodo, Wotif, Zuji, MakeMyTrip, Goibibo, Yatra.

	- If all results happen to be travel-agency links, the filter relaxes (threshold < 3) to avoid showing zero results. This is a pragmatic trade-off documented in `build.md`.

	---

	## 7. Security Review

	\| Check \| Status \| Notes \|
	\|-------\|--------\|-------\|
	\| No hard-coded API keys \| PASS \| Key from UI (masked) or env var only \|
	\| No `eval()` or `exec()` on user input \| PASS \| Input only used in regex and as SerpApi query param \|
	\| No shell command execution \| PASS \| No `subprocess` or `os.system` calls \|
	\| External links use `rel='noopener noreferrer'` \| PASS \| Prevents reverse tabnapping \|
	\| Stack traces hidden from user \| PASS \| Generic error message with exception text only \|
	\| Gradio `type="password"` for API key \| PASS \| Input is masked in UI \|

	---

	## 8. Interface Contract Verification

	- Parser output dict matches the JSON schema defined in `plan.md`.
	- SerpApi response is consumed via `results.get("properties", [])` with safe `.get()` access throughout.
	- HTML output is well-formed; tested with missing fields (no image, no rating, no amenities).

	---

	## 9. Findings & Recommendations

	### Issues Found (non-blocking)

	1. Relative date phrases like "next weekend" or "this Friday" are not parsed. The app defaults to tomorrow, which is acceptable but could be improved.
	2. Feature matching against results is not performed post-search. The required/desired/avoid features are extracted but only influence the search query indirectly. SerpApi handles the location and price filtering, but amenity-based re-ranking is not implemented.
	3. No automated test suite. Manual tests pass but a `pytest` suite would strengthen CI/CD.

	### Recommendations

	- Add a lightweight NLP layer (or LLM call) for better feature classification and relative date parsing in a future version.
	- Add unit tests for `parse_user_input` covering the edge cases above.
	- Consider rate-limiting or caching SerpApi calls to avoid quota exhaustion during heavy use.