QA How-To
Testing an AI search feature (2026)
A hands-on guide to testing an AI search feature for relevance, grounding, filters, permissions, freshness, resilience, latency, analytics, and drift.
19 min read | 3,511 words
TL;DR
Testing an AI search feature requires a labeled query-document set and layer-specific checks for query parsing, retrieval recall, reranking quality, filters, answers, permissions, freshness, and UI behavior. Combine deterministic contracts with ranking metrics and case-level review, then monitor drift by intent and corpus segment.
Key Takeaways
- Define separate contracts for query understanding, candidate retrieval, reranking, filters, answer generation, and presentation.
- Build a versioned query set with graded relevance, intent, expected filters, permissions, freshness, and answerability labels.
- Measure recall before reranking and rank quality after reranking so an attractive answer cannot hide missing evidence.
- Test lexical, semantic, hybrid, typo, multilingual, empty, ambiguous, and adversarial queries as distinct slices.
- Verify authorization before retrieval and again before display, including caches, snippets, counts, facets, and citations.
- Monitor zero-result, reformulation, click, abandonment, latency, freshness, and quality drift with privacy-aware analytics.
Testing an AI search feature means proving that users can find the right authorized content for the right reasons, even when queries are vague, conversational, misspelled, multilingual, or adversarial. A fluent generated answer is not sufficient. QA must inspect query interpretation, retrieval, ranking, filtering, grounding, citations, freshness, latency, and the complete user experience.
AI search can combine keyword retrieval, embeddings, query rewriting, metadata filters, reranking, and answer generation. Each component can fail while the final page still looks convincing. This guide gives QA and SDET engineers a layer-by-layer strategy, a practical relevance dataset, runnable Playwright coverage, security cases, metrics, and release gates for a 2026 search stack without depending on one vendor.
TL;DR
| Layer | Main oracle | Failure it exposes |
|---|---|---|
| Query understanding | expected intent, entities, and filters | wrong interpretation |
| Candidate retrieval | relevant document recall at k | evidence never retrieved |
| Reranking | graded relevance near the top | poor ordering |
| Answer generation | claims supported by visible results | fabricated synthesis |
| Authorization | every result allowed for current user | data leakage |
| Freshness | current version indexed and stale version removed | obsolete results |
| Experience | state, links, filters, and analytics behave correctly | UI or workflow defect |
Use a versioned set of realistic queries and corpus snapshots. Evaluate retrieval and ranking independently, preserve raw results, and inspect failures by query intent, language, permission, freshness, and content type. Generated answers must never become a shortcut around missing retrieval evidence.
1. Define the Contract for Testing an AI Search Feature
Start with the kinds of search the product promises. Navigational search finds a known page. Informational search discovers content about a topic. Transactional search locates an item to act on. Enterprise search may cross documents, tickets, and messages under user permissions. An answer engine may synthesize results. Each intent needs different success criteria.
Document the indexed sources, supported languages, freshness target, ranking objectives, personalization, filter semantics, safe-search policy, authorization model, and generated-answer boundary. Clarify whether the system can answer only from indexed content, use the public web, or invoke tools. Define behavior for no evidence, conflicting evidence, deleted content, and inaccessible but semantically relevant content.
A testable search response contains stable result IDs, source and version IDs, scores or rank signals where appropriate, applied filters, snippets with provenance, retrieval and ranking version identifiers, and timing stages. If an answer is generated, include citations that map claims to accessible results. Do not expose secret scoring internals to end users, but retain enough diagnostic metadata in controlled test traces.
Define unacceptable outcomes explicitly: cross-tenant leakage, a deleted document appearing after the freshness window, a fabricated answer without evidence, silent removal of an explicit filter, a sponsored result without disclosure, or a result URL that points somewhere different from its label. These hard requirements complement relevance metrics. Search quality is a product contract, not just model similarity.
2. Map Keyword, Semantic, Hybrid, and Generative Layers
Most AI search systems are pipelines. Query processing may normalize text, detect language, correct spelling, extract entities, infer intent, and generate rewrites. Candidate generation can use lexical indexes, vector indexes, knowledge graphs, or multiple sources. A fusion stage merges lists, a reranker orders candidates, and a generator may compose an answer. Filters, permissions, and presentation surround the pipeline.
| Stage | Controlled input | Observable output |
|---|---|---|
| Query parser | raw query and user context | normalized query, intent, filters |
| Lexical retriever | tokens and corpus snapshot | candidate IDs and lexical ranks |
| Vector retriever | embedding and index version | semantic candidates and distances |
| Fusion | component result lists | merged candidate set |
| Reranker | query and candidates | ordered list with version |
| Policy layer | user, tenant, classification | allowed result IDs |
| Generator | allowed retrieved evidence | answer claims and citations |
| UI | response payload | rendered, actionable search state |
Test contracts at each boundary. If recall is poor before reranking, tuning the reranker cannot recover absent content. If retrieval is good but displayed results are wrong, inspect policy, deduplication, grouping, or UI mapping. Preserve intermediate IDs and scores in test environments so quality incidents are diagnosable.
Keep a small set of vertical journeys, but do not put every relevance case through a browser. Offline evaluations can score thousands of query-document judgments quickly. API tests validate filters, permissions, and schemas. Browser tests prove keyboard behavior, URL state, rendering, navigation, and analytics. The RAG hallucination testing guide is useful when search also synthesizes answers.
3. Build a Query, Corpus, and Judgment Dataset
Freeze a corpus snapshot and assign immutable document IDs and versions. For each query, store raw text, normalized form if expected, intent, locale, user role, tenant, explicit and inferred filters, relevant document grades, forbidden documents, expected freshness, answerability, and notes. A judgment should describe why a document is relevant, not only a number.
Collect query shapes that users actually produce: exact titles, acronyms, product codes, natural-language questions, partial names, misspellings, pasted error messages, long descriptions, quoted phrases, negation, date ranges, and mixed languages. Include head queries and rare tail queries. Protect production query privacy. De-identify and minimize before using logs, or construct synthetic equivalents when content is sensitive.
Use graded relevance such as 3 for directly satisfies, 2 for useful, 1 for related, and 0 for not relevant. Add a separate harm or permission label rather than using negative relevance to represent leakage. Have domain reviewers judge pooled candidates from multiple retrieval systems so the set is not biased toward the current implementation. Adjudicate disagreements and retain them as uncertainty.
Partition by query or intent family to avoid near-duplicate leakage. Maintain a locked release set, a developer set, and a recent-query set for drift. Refresh judgments when content changes because relevance is tied to a corpus version. The golden dataset guide describes useful review and version practices.
4. Test Query Understanding and Rewriting
Query transformations should improve retrieval without changing intent. Create exact expectations for extracted entities, dates, product identifiers, negation, and explicit filters. A query for incidents before July excluding resolved must not become a broad search for July incidents. Keep the raw query in the trace and verify each rewrite independently.
Use metamorphic cases. Capitalization, harmless punctuation, extra spaces, and Unicode normalization should usually preserve results. A common spelling correction should improve or maintain relevant recall, while a product code should not be autocorrected into an ordinary word. Quoted phrases, minus terms, or field syntax need explicit behavior if supported. Unknown syntax should fail clearly rather than apply a hidden interpretation.
Test ambiguity with competing meanings. Java may mean a programming language or an island. User context can help, but personalization should not erase alternate interpretations. Validate clarification behavior when the cost of guessing is high. If the system expands acronyms, test organization-specific and public meanings plus collisions.
Rewriting with a language model creates injection and drift risks. Queries may instruct the model to ignore policy, expose its prompt, remove filters, or search another tenant. Policy and authorization must be applied outside the rewrite prompt. Log structured transformations in a redacted test trace, set size and time limits, and fall back safely when the rewriter fails. The fallback's quality and latency deserve their own evaluation slice.
5. Measure Retrieval Recall and Ranking Quality
Evaluate candidate retrieval before reranking. Recall at k measures how many judged relevant items enter the candidate pool. If the expected troubleshooting guide never appears in the top 100 candidates, no later reranker or generator can use it. Report recall by lexical, semantic, and fused sources to see which channel adds value.
After reranking, use nDCG at the visible depth for graded relevance, mean reciprocal rank for known-item queries, success at k, and precision at k where appropriate. Choose cutoffs that match the product UI and generator context. A desktop results page, autocomplete menu, and answer context can have different k values. Report query-level values and worst cases alongside averages.
Do not optimize offline metrics in isolation. Search diversity, source authority, freshness, and deduplication can improve user value without matching simple relevance labels. Conversely, click-through can rise because of position bias or a misleading title. Tie every metric to a documented product goal and preserve counter-metrics such as reformulation, quick return, and abandonment.
Analyze the cutoff and score distribution. Test stable ordering for identical requests when the contract promises it, deterministic tie breaking, pagination without duplicates or omissions, and consistent totals. If personalization or exploration changes ranks, make the behavior observable and include a control group. Never let a stochastic answer hide a deterministic permissions or filtering failure.
6. Validate Filters, Facets, Sorting, and Pagination
Filters are promises, not ranking hints. If a user selects type: PDF and updated: last 30 days, every result must satisfy both under the documented time-zone and boundary rules. Test empty values, unknown values, multiple selections, negation, nested fields, numeric ranges, date edges, and combinations that return zero results. Verify server enforcement, not only UI chips.
Facets and counts can leak information. A user who cannot view secret documents should not infer them from a category count, suggestion, spelling correction, or total result count. Test permissions before aggregation. Verify counts against the same query and filters as results, including eventual-indexing states and grouped duplicates.
Sorting by date, price, rating, or another field should bypass or combine with relevance exactly as specified. Check nulls, ties, locale collation, numeric strings, time zones, and stable pagination. Cursor-based pagination should reject a cursor from another query, user, tenant, or index version. Offset pagination needs change-handling rules when the corpus updates between pages.
Test URL and navigation state. Reloading or sharing an allowed search URL should restore query, filters, sort, and page without exposing personal or sensitive terms unnecessarily. Browser back and forward should be predictable. Clearing one filter should not clear unrelated filters or rerun an old query from stale state.
7. Automate Search UI Contracts With Playwright
Browser tests should focus on observable experience rather than rechecking thousands of relevance judgments. Mock a deterministic search API for UI behavior, then keep a few live API journeys for integration. Assert accessible controls, loading and empty states, filter state, result links, citations, error recovery, and analytics requests.
The following Playwright test intercepts a real browser request with page.route, fulfills a controlled JSON response, and verifies that a filter is sent and rendered. Save it as tests/ai-search.spec.ts in an existing Playwright TypeScript project.
import { test, expect } from '@playwright/test';
test('applies a type filter and renders an accessible result', async ({ page }) => {
let requestUrl = '';
await page.route('**/api/search**', async route => {
requestUrl = route.request().url();
await route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
queryId: 'q-101',
results: [{
id: 'doc-7',
title: 'Playwright timeout troubleshooting',
url: '/docs/playwright-timeouts',
snippet: 'Diagnose action, navigation, and assertion timeouts.',
type: 'guide'
}]
})
});
});
await page.goto('/search');
await page.getByRole('searchbox', { name: 'Search' }).fill('playwright timeout');
await page.getByLabel('Content type').selectOption('guide');
await page.getByRole('button', { name: 'Search' }).click();
await expect(page.getByRole('heading', { name: 'Search results' })).toBeVisible();
const result = page.getByRole('link', { name: 'Playwright timeout troubleshooting' });
await expect(result).toHaveAttribute('href', '/docs/playwright-timeouts');
const url = new URL(requestUrl);
expect(url.searchParams.get('q')).toBe('playwright timeout');
expect(url.searchParams.get('type')).toBe('guide');
});
Adapt the URL and control names to the application contract. Add tests for keyboard submission, debounce cancellation, request races, stale responses, slow loading, retry, and empty results. Do not assert exact generated prose in a UI test when the contract is semantic. Assert visible citations, safe no-answer behavior, and deterministic interface state instead.
8. Test Generated Answers, Snippets, and Citations
A generated answer is another consumer of retrieval, not a replacement for it. Save the exact allowed context supplied to generation. Decompose the answer into factual claims and verify that each is supported by at least one cited source. A citation must exist, be authorized, resolve to the correct version, and support the nearby claim. Test citation order, duplicate IDs, broken links, and sources that contradict the answer.
Create answerable, partially answerable, conflicting, stale, and unanswerable queries. Expected behavior may be a direct answer, qualified answer, clarification, result list without synthesis, or abstention. The generator should not fill gaps from unsupported general knowledge if the product promises corpus-only answers. It should preserve important uncertainty and source disagreement.
Snippets require precise testing too. Verify that highlighted terms come from the document, do not cut Unicode incorrectly, and do not join distant passages into a misleading statement. Escape HTML and script content. A malicious document must not inject markup into the results page. Permission-sensitive text should not appear in snippets, autocomplete, previews, citations, or analytics.
Use deterministic rules for structure, URLs, access, and forbidden content, then calibrated semantic evaluation for support and usefulness. Any model judge should be validated against expert labels, versioned, and monitored for position or verbosity bias. Keep case-level artifacts so reviewers can see query, retrieved evidence, answer, citations, rubric scores, and versions.
9. Attack Permissions, Privacy, and Prompt Injection
Authorization must constrain candidate generation, not merely hide results after ranking. Post-filtering can leak through latency, scores, counts, snippets, answer text, facets, cache keys, or logs. Build users with overlapping and non-overlapping access, then query exact secret phrases, semantic paraphrases, document IDs, titles, authors, and metadata. Expect no observable evidence outside the permitted set.
Test tenant boundaries across lexical indexes, vector stores, reranker batches, caches, analytics, and export jobs. A query cache must include tenant, user or permission fingerprint, filters, corpus version, and other relevant policy inputs. Permission changes and document deletion should invalidate affected caches. Use synthetic canary documents with unique phrases to detect leaks.
Queries and indexed documents can both carry prompt injection. Seed text that asks a rewriter or answer generator to ignore policy, reveal system instructions, call a tool, or cite an attacker URL. The system should treat it as content, enforce permissions in code, restrict tools by allowlist and user authority, and render outputs safely. Search indexes should not give document text authority over the application.
Privacy tests cover query logs, personalization, retention, deletion, export, sensitive-query handling, and vendor payloads. Avoid putting secrets in URLs when they may be stored in browser history or proxies. Verify redaction in traces and screenshots. Test whether one user's private query influences another user's suggestions or rankings.
10. Test Freshness, Indexing, Deletion, and Consistency
Freshness testing needs controlled clocks and observable versions. Create, update, move, revoke access to, and delete a document, then measure each transition from source to index to UI. Define expected behavior during the propagation window. An updated document should not appear twice as old and new versions unless version search is a feature.
Test ingestion failures at every step: source connector timeout, malformed file, extraction error, embedding failure, partial batch, index write conflict, and unavailable deletion queue. Reconciliation jobs should find missing or extra index entries. Retries must be idempotent. A poison document should not block the rest of a batch indefinitely.
Deletion includes derived data. Verify lexical entries, vectors, cached answers, thumbnails, snippets, facets, suggestions, analytics where applicable, and backups under policy. Permission revocation may need faster handling than ordinary content refresh. Test a user who loses access while paginating or while a generated answer is streaming.
Distributed search can show inconsistent pages during a rollout. Pin pagination to an index snapshot or define how changes are handled. Test mixed schema versions, rolling reindexing, alias switches, rollback, and warm-up. Compare document inventories and sampled query results before and after cutover. Freshness is both a quality property and a security property.
11. Load, Resilience, and Cost Testing
Model realistic traffic by query class: autocomplete, interactive search, long semantic query, filtered search, generated answer, and pagination. Each uses different resources and latency budgets. Measure end-to-end percentiles plus query parsing, lexical and vector retrieval, reranking, generation, and rendering stages. Include cold caches, popular-query bursts, unique-query traffic, large tenants, and high-cardinality filters.
Test cancellation. When a user types a new query, the previous request should stop or its response should be ignored. A late response must not overwrite newer results. Exercise dependency timeouts, rate limits, malformed upstream responses, partial retriever failures, and circuit breakers. Define when hybrid search may degrade to lexical-only or result-list-only mode, and make degraded state observable.
Quality belongs in load testing. Compare a fixed probe set at normal and peak load to ensure timeouts or shortened candidate pools do not quietly reduce relevance or permissions. Track zero-result shifts, result counts, answer citation coverage, and error categories alongside latency. The LLM API load testing guide offers patterns for staged load and provider limits.
Measure cost per successful search and per grounded answer, separated by embeddings, retrieval, reranking, generation, storage, and retries. Test budgets and maximum context limits. A cheaper configuration that loses permission filtering, critical recall, or source diversity is not an optimization. Cache hit rate is useful only when cache correctness and invalidation are proven.
12. A Release Checklist for Testing an AI Search Feature
Confirm the search contract: corpus, intents, languages, permission model, filters, freshness, personalization, answer scope, and degraded modes. Version the query set, judgments, corpus snapshot, schema, retrieval configuration, reranker, prompts, and model. Ensure every metric has a defined cutoff and denominator.
Run parser and rewrite contracts, candidate recall, reranking quality, filters, facets, sorting, pagination, generated-answer support, citations, and browser workflows. Review worst cases and query slices, especially zero-result, ambiguous, multilingual, high-value, permission-sensitive, and fresh-content cases. Compare the candidate release with the current version on identical snapshots.
Complete security and privacy coverage for cross-tenant retrieval, caches, counts, snippets, suggestions, prompt injection, HTML rendering, query logs, deletion, and vendor requests. Complete resilience coverage for dependency failure, partial indexes, cancellation, stale responses, retry storms, rollback, and degraded modes. Test latency and quality together under load.
Publish a release report containing case-level regressions, slice metrics, severe failures, known limits, freshness evidence, performance percentiles, cost, and rollback thresholds. After launch, monitor query reformulation, zero results, success, quick return, abandonment, latency, permissions incidents, and drift. Treat behavioral analytics as signals requiring investigation, not self-explanatory labels.
Interview Questions and Answers
Q: How would you test an AI search feature?
I would define intents and the corpus contract, then isolate query understanding, retrieval, reranking, filters, permissions, generation, and UI. A versioned query-document set provides graded relevance and authorization labels. I would measure recall before reranking, rank quality at the visible cutoff, and hard failures such as leakage or unsupported answers.
Q: Why measure retrieval separately from the final answer?
A final answer can look correct by chance or from model memory even when the index failed. Conversely, strong evidence can be damaged by generation. Saving candidates and context tells us whether the defect belongs to retrieval, ranking, policy, or synthesis and prevents an attractive answer from hiding missing sources.
Q: Which relevance metrics would you choose?
I would use recall at a candidate depth, nDCG at the visible result depth, reciprocal rank for known-item queries, and success or precision at k where appropriate. I would report per-query results and slices, then inspect failures around operational cutoffs. Metrics should match the actual user task.
Q: How would you test permissions in semantic search?
I would create users and tenants with controlled document overlap, then search exact and paraphrased secret phrases. I would verify candidate IDs, answers, snippets, facets, counts, suggestions, timing, caches, and logs. Authorization should restrict retrieval and every derived artifact, not only hide final rows.
Q: How do you test search nondeterminism?
I would freeze corpus and configuration versions, run repeated evaluations where variability remains, and report distributions plus top-result stability. Deterministic contracts such as filters, permissions, URLs, and citations remain hard assertions. I would never retry a relevance failure until it happens to pass.
Q: What should happen when the answer generator fails?
If retrieval is available, the product can fall back to a clearly labeled result list. The failure should not erase useful search results or fabricate a cached answer from another context. The degraded mode needs explicit latency, accessibility, analytics, and permission tests.
Q: How would you detect search drift after launch?
I would monitor versioned offline probes and privacy-aware behavioral signals by intent, language, source, and tenant size. Zero results, reformulation, quick return, abandonment, cutoff quality, freshness, and permission alerts provide clues. Validated patterns become new judged queries and corpus fixtures.
Common Mistakes
- Evaluating only the generated answer. This hides query, retrieval, reranking, and permission failures.
- Using clicks as unquestioned relevance labels. Position, presentation, and curiosity bias affect clicks.
- Applying explicit filters as soft ranking features. A filter is a hard contract unless the UI says otherwise.
- Testing permission only in the visible result list. Counts, snippets, facets, suggestions, caches, and timing can leak content.
- Freezing the query set but not the corpus. Relevance and freshness judgments are tied to document versions.
- Reporting only average nDCG. Rare intents, tail queries, and severe cases disappear inside an average.
- Ignoring late responses and cancellation. An older slow query can overwrite a newer result set.
- Treating index deletion as deletion from the source only. Derived indexes, caches, answers, and previews need verification.
Conclusion
Testing an AI search feature is the disciplined evaluation of an evidence path from user intent to an authorized, useful result. The reliable approach freezes queries and corpus versions, measures candidate recall before rank quality, validates filters and permissions as hard contracts, and treats generated answers as grounded consumers of retrieval rather than independent truth.
Begin with a compact query set that represents known-item, discovery, filtered, ambiguous, no-answer, multilingual, fresh, and permission-sensitive searches. Instrument each layer, review the worst cases, add browser and load contracts, then monitor drift with privacy-aware signals. That gives the team a search quality program that can explain both why a result succeeded and exactly where a failure began.
Interview Questions and Answers
How would you test an AI search feature end to end?
I would define intents, corpus, freshness, and permissions, then isolate query parsing, retrieval, reranking, filters, generation, and UI contracts. A versioned judged dataset supports recall and ranking metrics. I would add hard gates for leakage, unsupported answers, stale content, and broken user state.
Why must retrieval be measured separately from answer quality?
A model may produce a plausible answer even when the needed document was never retrieved, and it may damage a correct evidence set during synthesis. Capturing candidates and context localizes the failure. It also verifies that the answer came from authorized current sources.
Which relevance metrics would you use?
I would use recall at the candidate depth, nDCG at the display depth, reciprocal rank for known-item tasks, and precision or success at k when applicable. I would publish per-query and slice results, not only averages. The cutoff must reflect real user or generator consumption.
How would you test authorization in vector search?
I would build controlled user, tenant, and document permissions and query exact plus semantic variants of secret content. I would inspect raw candidates, visible results, generated text, snippets, facets, counts, caches, timing, and logs. Policy enforcement should precede any user-visible or model-consumable artifact.
How do you handle nondeterministic ranking tests?
I freeze corpus, query, index, and model versions and run repeated trials only where the system intentionally varies. I report quality distributions and top-k stability while keeping permissions, filters, and URL behavior deterministic. I preserve failures instead of retrying to green.
What is a safe degraded mode for generative search?
If retrieval still works, the system can present an accessible result list with a clear notice that synthesis is unavailable. It must retain permissions and current filters and must not reuse an answer from an incompatible cache. The fallback needs its own reliability and analytics tests.
How would you monitor search quality after release?
I would combine fixed offline probes with privacy-aware signals such as zero results, reformulation, quick return, abandonment, latency, and freshness. I would slice by intent, language, source, and permission scenario. Confirmed patterns become newly judged regression cases.
Frequently Asked Questions
How do you test an AI search feature?
Use a versioned corpus and a query set with intent, graded relevance, filters, permissions, freshness, and answerability labels. Test query understanding, retrieval, reranking, generation, and UI separately, then add representative end-to-end journeys.
What metrics measure semantic search quality?
Common choices include recall at k for candidate retrieval, nDCG at k for graded ranking, reciprocal rank for known-item queries, and success or precision at k. Choose k values that match what users or the answer generator actually consume.
How is hybrid search tested?
Measure lexical and semantic candidate lists separately, then evaluate fusion and reranking on the same judged queries. Include exact identifiers, vocabulary mismatch, misspellings, rare terms, and paraphrases to expose each channel's strengths and failures.
How do you test AI search permissions?
Search controlled secret phrases as users with different access and verify candidates, results, snippets, answers, citations, counts, facets, suggestions, caches, and logs. Authorization should constrain retrieval and all derived artifacts.
What should AI search do when it has no evidence?
It should follow the documented no-evidence contract, such as returning no results, asking for clarification, or abstaining from a generated answer. It should not invent a source or answer from unsupported model memory.
How do you test search index freshness?
Create, update, revoke, and delete versioned documents, then observe source, index, cache, answer, and UI transitions against the stated freshness window. Include failed ingestion, retries, reconciliation, and rolling reindex scenarios.
What production metrics indicate search drift?
Track offline probe quality plus zero results, reformulation, quick return, abandonment, latency, freshness, and permission incidents by intent and content slice. Treat clicks and other behavior as diagnostic signals, not perfect relevance labels.