edge-casesdraft
Edge Cases: Curator session loop (intake → analysis → send)
Feature Overview
The consented-session pipeline: intake → transcript/diarization → depersonalisation → reproducible analysis → editable draft → coach send. Sensitive data + AI + human-in-the-loop make safety and integration edges first-class.
Related Documents: 13-deliver-prd.md, 14-deliver-user-stories.md, 15-deliver-acceptance-criteria.md
Edge Case Categories
| Scenario |
Expected Behavior |
Priority |
Notes |
| Recording uploaded with no consent record |
Refuse processing; prompt to capture consent |
P1 |
Hard safety gate |
| Unsupported audio format/corrupt file |
Reject with clear message; no partial processing |
P2 |
List supported formats |
| Empty/near-silent recording |
Flag "no analysable content"; no fabricated analysis |
P2 |
Avoid hallucinated output |
| Wrong language vs configured |
Flag mismatch; do not silently mis-transcribe |
P2 |
Target language set per deployment |
Boundary Conditions
| Scenario |
Expected Behavior |
Priority |
Notes |
| Very long session (e.g. > 90 min) |
Process in chunks; consistent attribution across chunks |
P2 |
Pipeline chunking |
| Single-speaker (no client audio) |
Warn; analysis quality limited |
P2 |
Diarization needs both |
| Heavy speaker overlap |
Low-confidence flags on affected turns |
P1 |
Don't assert silently |
Error States
| Scenario |
Expected Behavior |
Priority |
Notes |
| Depersonalisation cannot be verified |
Halt before external LLM; alert coach |
P1 |
PII guarantee (AC-5) |
| Analysis pipeline partial failure |
Return partial with explicit gaps, not a confident whole |
P1 |
No silent gaps |
| Send channel error |
Don't mark sent; preserve draft; allow retry |
P1 |
AC-7 |
| Out-of-scope/clinical signal detected |
Alert coach; system takes no client action |
P1 |
Human decides referral |
Concurrency
| Scenario |
Expected Behavior |
Priority |
Notes |
| Coach edits draft in two tabs |
Last-write-wins with a stale-edit warning |
P2 |
Conflict surfaced |
| Re-run analysis while editing draft |
Don't overwrite coach edits without confirmation |
P1 |
Protect human work |
Integration Failures
| Scenario |
Expected Behavior |
Priority |
Notes |
| ASR vendor unavailable |
Queue + retry; tell coach it's pending |
P1 |
No data loss |
| LLM provider error/timeout |
Fail safe; retry/alternate provider (switchable) |
P1 |
ADR-001 switchability |
| Calendar/messenger integration down |
Degrade gracefully; manual fallback |
P2 |
Non-blocking |
Error Messages
| Error State |
User Message |
Additional Action |
| No consent |
"This session has no recorded consent. Capture consent to process." |
[Capture consent] |
| Depersonalisation unverified |
"We paused — we couldn't confirm personal data was removed before AI analysis." |
[Retry] / [Contact support] |
| Send failed |
"Your summary wasn't sent. Your edits are saved." |
[Retry send] |
| Out-of-scope signal |
"This session may include topics outside coaching. Review before deciding next steps." |
[Review] |
Recovery Paths
Depersonalisation unverified
User sees: processing paused banner. Recovery: retry; if persistent, contact support. Data preservation: transcript retained in protected perimeter; nothing sent externally.
Send failed
User sees: non-blocking error. Recovery: retry send; edit further. Data preservation: draft + edits preserved intact.
Test Scenarios
Must Test (P1)
- [ ] No-consent refusal blocks all processing.
- [ ] PII-leak audit = 0 raw identifiers sent externally.
- [ ] Out-of-scope signal alerts coach, system takes no action.
- [ ] Re-run does not overwrite coach edits.
- [ ] Send failure preserves draft and doesn't mark sent.
Should Test (P2)
- [ ] Long-session chunking keeps consistent attribution.
- [ ] Heavy overlap produces low-confidence flags.
Nice to Test (P3)
- [ ] Graceful degradation when messenger integration is down.