HASSAR.AI Platform Documentation

Testing & Implementation Plan

Version 1.0
Date July 2026
Prepared by Rizky Irawan (Vlass Studio)
Prepared for Dale Lomax (ACAIEAC)

This document outlines a clear plan for testing the full request flow of HASSAR.AI — from the user's browser, through Cloudflare and the firewall/VPN, to the Agentic Controller (AGIM), and back to the customer with a response.

The goal is to confirm that every layer of the chain is connected, secured, and performing correctly before handoff.

The Flow Being Tested
Customer
Customer Browser
HASSAR.AI App
Layer 1
Cloudflare
DNS · DDoS protection · SSL termination
Layer 2
Firewall & VPN
Network-level access control
Layer 3 & 4
Agentic Controller (AGIM)
AI processing · Blueprint reasoning
Response
Customer Browser
Response delivered

Each layer must be verified independently, then verified as a complete end-to-end chain.

Pre-Test Requirements

Before testing begins, confirm the following are in place:

ItemWho ProvidesStatus
HASSAR.AI app accessible at production URLVlass Studio
Cloudflare DNS pointing to production backendVlass Studio
Firewall rules configured for AGIM accessACAIEAC / Network team
VPN credentials / access for testing (if needed)ACAIEAC
AGIM endpoint URL and API key activeACAIEAC
Admin account for HASSAR.AIVlass Studio
Test user account for HASSAR.AITester
Layer 1
App → Cloudflare
Goal: Confirm the app is reachable through Cloudflare and SSL is working.
Test 1.1 HTTPS & SSL Certificate
  1. Open a browser and navigate to the production HASSAR.AI URL.
  2. Check the padlock icon in the browser address bar.
  3. Click the padlock → verify the certificate is valid, issued by Cloudflare or a trusted CA.
Expected Result
Site loads over HTTPS. Certificate is valid and not expired. No browser security warnings.
Test 1.2 Cloudflare Proxy Active
  1. Run a DNS lookup on the production domain:
    nslookup yourdomain.com (Windows) or dig yourdomain.com (Mac/Linux)
  2. Check the returned IP address.
Expected Result
The IP resolves to a Cloudflare IP range (e.g. 104.x.x.x or 172.x.x.x), not the origin server IP directly. This confirms Cloudflare is proxying traffic.
Test 1.3 App Login Works Through Cloudflare
  1. Navigate to the HASSAR.AI login page.
  2. Log in with a valid test account.
Expected Result
Login succeeds and dashboard loads. No Cloudflare challenge pages or 5xx error responses.
Layer 2
Cloudflare → Firewall & VPN
Goal: Confirm only authorised traffic passes through the firewall, and the VPN layer is functioning.
Test 2.1 Direct Origin Access Is Blocked
  1. Obtain the origin server IP (provided by Vlass Studio separately — do not publish).
  2. Attempt to reach the backend API directly via IP: http://<origin-ip>:8000/health
Expected Result
The request is blocked or times out. The firewall should prevent direct access — all traffic must go through Cloudflare.
Test 2.2 Backend Health Check via Cloudflare
  1. In a browser or via curl, access the health endpoint through the production domain:
GET https://yourdomain.com/health
Expected Result
{"status": "ok"}
HTTP 200. This confirms Cloudflare → Firewall → Backend is connected.
Test 2.3 VPN Connectivity (if applicable)

If AGIM is behind a VPN:

  1. Connect to the VPN using the provided credentials.
  2. Confirm VPN connection is active (VPN client shows connected).
  3. Ping or reach the AGIM internal endpoint from inside the VPN.
Expected Result
AGIM endpoint is reachable from within the VPN. Without VPN, it should not be reachable.
Layer 3
Firewall/VPN → Agentic Controller (AGIM)
Goal: Confirm the backend can successfully reach AGIM and receive a valid AI response.
Test 3.1 AGIM Reachability from Backend

Run from the backend server (Railway console or SSH):

curl -X POST <AGIM_URL>/chat \
  -H "Authorization: Bearer <AGIM_API_KEY>" \
  -H "Content-Type: application/json" \
  -d '{"message": "Hello, this is a connectivity test."}'
Expected Result
AGIM returns a valid JSON response with AI reply. HTTP 200. If this fails, the firewall or VPN is blocking the backend-to-AGIM connection.
Test 3.2 AGIM via Admin AI Config
  1. Log in to HASSAR.AI as admin.
  2. Navigate to System Admin → AI Config.
  3. Verify the AGIM URL and API Key fields are populated correctly.
  4. Click Save Configuration.
Expected Result
Settings saved without error. This confirms the backend has the correct AGIM credentials loaded.
Layer 4
Agentic Controller → Customer
Goal: Confirm full round-trip — customer sends a message, AGIM processes it, response arrives in browser.
Test 4.1 Basic AI Response Round-Trip
  1. Log in to HASSAR.AI as a test user.
  2. Navigate to Talk to Jim.
  3. Type: What is the best smart home protocol for a large property?
  4. Press Send.
  5. Observe the chat — Jim should show a loading indicator, then display a response.
Expected Result
A coherent, relevant response appears within a reasonable time (under 10 seconds for standard queries). Response comes from AGIM via the full chain: App → Cloudflare → Firewall → AGIM → Cloudflare → App.
Test 4.2 Blueprint-Contextual AI Response

Verifies AGIM receives and reasons over structured data, not just a plain question.

  1. In the Talk to Jim page, upload an encrypted blueprint file (a .hassar file created via My IoT Blueprint).
  2. Enter the blueprint passphrase when prompted.
  3. Confirm Jim acknowledges the blueprint is loaded.
  4. Ask: Based on my setup, what security improvements would you recommend?
Expected Result
Jim's response references specific details from the blueprint (devices, network setup, or goals). This confirms the full payload — user message + blueprint context — travels successfully through the chain.
Test 4.3 Fallback to Ollama (AGIM Down Scenario)

Verifies the system degrades gracefully if AGIM is unreachable.

  1. In System Admin → AI Config, temporarily set the AGIM URL to an invalid address (e.g. http://invalid-agim-test).
  2. Click Save.
  3. Go to Talk to Jim and send a message.
Expected Result
Jim still responds, now routed through Ollama (local fallback). Response may differ in quality but should not be a blank error. System logs in System Admin → Logs should show AGIM failure and Ollama fallback event.
  1. Restore the correct AGIM URL and save.
End-to-End Summary Checklist
#TestLayerResult
1.1HTTPS & SSL certificate validApp → Cloudflare
1.2Cloudflare proxy active (IP check)App → Cloudflare
1.3Login works through CloudflareApp → Cloudflare
2.1Direct origin access blockedCloudflare → Firewall
2.2Backend health check via CloudflareCloudflare → Firewall → Backend
2.3VPN connectivity (if applicable)Firewall → VPN
3.1AGIM reachable from backend (curl test)Firewall → AGIM
3.2AGIM config set correctly in admin panelBackend → AGIM
4.1AI response round-trip (basic question)Full chain
4.2Blueprint-contextual AI responseFull chain
4.3Graceful fallback to Ollama if AGIM failsFull chain
What to Report

For any test that does not pass, please provide:

  1. Which test failed (e.g. "Test 2.2 — Health Check")
  2. What happened (e.g. "Got HTTP 502", "No response", "Error message in chat")
  3. Screenshot or error message if available
  4. Network / environment details (on VPN or not, which browser, location)
Send findings to Rizky Irawan — Vlass Studio