HASSAR.AI Platform Documentation
Testing & Implementation Plan
This document outlines a clear plan for testing the full request flow of HASSAR.AI — from the user's browser, through Cloudflare and the firewall/VPN, to the Agentic Controller (AGIM), and back to the customer with a response.
The goal is to confirm that every layer of the chain is connected, secured, and performing correctly before handoff.
The Flow Being Tested
Customer
Customer Browser
HASSAR.AI App
Layer 1
Cloudflare
DNS · DDoS protection · SSL termination
Layer 2
Firewall & VPN
Network-level access control
Layer 3 & 4
Agentic Controller (AGIM)
AI processing · Blueprint reasoning
Response
Customer Browser
Response delivered
Each layer must be verified independently, then verified as a complete end-to-end chain.
Pre-Test Requirements
Before testing begins, confirm the following are in place:
| Item | Who Provides | Status |
|---|---|---|
| HASSAR.AI app accessible at production URL | Vlass Studio | |
| Cloudflare DNS pointing to production backend | Vlass Studio | |
| Firewall rules configured for AGIM access | ACAIEAC / Network team | |
| VPN credentials / access for testing (if needed) | ACAIEAC | |
| AGIM endpoint URL and API key active | ACAIEAC | |
| Admin account for HASSAR.AI | Vlass Studio | |
| Test user account for HASSAR.AI | Tester |
Layer 1
App → Cloudflare
Goal: Confirm the app is reachable through Cloudflare and SSL is working.
Test 1.1
HTTPS & SSL Certificate
- Open a browser and navigate to the production HASSAR.AI URL.
- Check the padlock icon in the browser address bar.
- Click the padlock → verify the certificate is valid, issued by Cloudflare or a trusted CA.
Expected Result
Site loads over HTTPS. Certificate is valid and not expired. No browser security warnings.
Test 1.2
Cloudflare Proxy Active
- Run a DNS lookup on the production domain:
nslookup yourdomain.com(Windows) ordig yourdomain.com(Mac/Linux) - Check the returned IP address.
Expected Result
The IP resolves to a Cloudflare IP range (e.g. 104.x.x.x or 172.x.x.x), not the origin server IP directly. This confirms Cloudflare is proxying traffic.
Test 1.3
App Login Works Through Cloudflare
- Navigate to the HASSAR.AI login page.
- Log in with a valid test account.
Expected Result
Login succeeds and dashboard loads. No Cloudflare challenge pages or 5xx error responses.
Layer 2
Cloudflare → Firewall & VPN
Goal: Confirm only authorised traffic passes through the firewall, and the VPN layer is functioning.
Test 2.1
Direct Origin Access Is Blocked
- Obtain the origin server IP (provided by Vlass Studio separately — do not publish).
- Attempt to reach the backend API directly via IP:
http://<origin-ip>:8000/health
Expected Result
The request is blocked or times out. The firewall should prevent direct access — all traffic must go through Cloudflare.
Test 2.2
Backend Health Check via Cloudflare
- In a browser or via curl, access the health endpoint through the production domain:
GET https://yourdomain.com/health
Expected Result
{"status": "ok"}
HTTP 200. This confirms Cloudflare → Firewall → Backend is connected.
Test 2.3
VPN Connectivity (if applicable)
If AGIM is behind a VPN:
- Connect to the VPN using the provided credentials.
- Confirm VPN connection is active (VPN client shows connected).
- Ping or reach the AGIM internal endpoint from inside the VPN.
Expected Result
AGIM endpoint is reachable from within the VPN. Without VPN, it should not be reachable.
Layer 3
Firewall/VPN → Agentic Controller (AGIM)
Goal: Confirm the backend can successfully reach AGIM and receive a valid AI response.
Test 3.1
AGIM Reachability from Backend
Run from the backend server (Railway console or SSH):
curl -X POST <AGIM_URL>/chat \
-H "Authorization: Bearer <AGIM_API_KEY>" \
-H "Content-Type: application/json" \
-d '{"message": "Hello, this is a connectivity test."}'
Expected Result
AGIM returns a valid JSON response with AI reply. HTTP 200. If this fails, the firewall or VPN is blocking the backend-to-AGIM connection.
Test 3.2
AGIM via Admin AI Config
- Log in to HASSAR.AI as admin.
- Navigate to System Admin → AI Config.
- Verify the AGIM URL and API Key fields are populated correctly.
- Click Save Configuration.
Expected Result
Settings saved without error. This confirms the backend has the correct AGIM credentials loaded.
Layer 4
Agentic Controller → Customer
Goal: Confirm full round-trip — customer sends a message, AGIM processes it, response arrives in browser.
Test 4.1
Basic AI Response Round-Trip
- Log in to HASSAR.AI as a test user.
- Navigate to Talk to Jim.
- Type: What is the best smart home protocol for a large property?
- Press Send.
- Observe the chat — Jim should show a loading indicator, then display a response.
Expected Result
A coherent, relevant response appears within a reasonable time (under 10 seconds for standard queries). Response comes from AGIM via the full chain: App → Cloudflare → Firewall → AGIM → Cloudflare → App.
Test 4.2
Blueprint-Contextual AI Response
Verifies AGIM receives and reasons over structured data, not just a plain question.
- In the Talk to Jim page, upload an encrypted blueprint file (a
.hassarfile created via My IoT Blueprint). - Enter the blueprint passphrase when prompted.
- Confirm Jim acknowledges the blueprint is loaded.
- Ask: Based on my setup, what security improvements would you recommend?
Expected Result
Jim's response references specific details from the blueprint (devices, network setup, or goals). This confirms the full payload — user message + blueprint context — travels successfully through the chain.
Test 4.3
Fallback to Ollama (AGIM Down Scenario)
Verifies the system degrades gracefully if AGIM is unreachable.
- In System Admin → AI Config, temporarily set the AGIM URL to an invalid address (e.g.
http://invalid-agim-test). - Click Save.
- Go to Talk to Jim and send a message.
Expected Result
Jim still responds, now routed through Ollama (local fallback). Response may differ in quality but should not be a blank error. System logs in System Admin → Logs should show AGIM failure and Ollama fallback event.
- Restore the correct AGIM URL and save.
End-to-End Summary Checklist
| # | Test | Layer | Result |
|---|---|---|---|
| 1.1 | HTTPS & SSL certificate valid | App → Cloudflare | |
| 1.2 | Cloudflare proxy active (IP check) | App → Cloudflare | |
| 1.3 | Login works through Cloudflare | App → Cloudflare | |
| 2.1 | Direct origin access blocked | Cloudflare → Firewall | |
| 2.2 | Backend health check via Cloudflare | Cloudflare → Firewall → Backend | |
| 2.3 | VPN connectivity (if applicable) | Firewall → VPN | |
| 3.1 | AGIM reachable from backend (curl test) | Firewall → AGIM | |
| 3.2 | AGIM config set correctly in admin panel | Backend → AGIM | |
| 4.1 | AI response round-trip (basic question) | Full chain | |
| 4.2 | Blueprint-contextual AI response | Full chain | |
| 4.3 | Graceful fallback to Ollama if AGIM fails | Full chain |
What to Report
For any test that does not pass, please provide:
- Which test failed (e.g. "Test 2.2 — Health Check")
- What happened (e.g. "Got HTTP 502", "No response", "Error message in chat")
- Screenshot or error message if available
- Network / environment details (on VPN or not, which browser, location)
Send findings to
Rizky Irawan — Vlass Studio