test(e2e): shared session, db reset, and admin spec #377
No reviewers
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol!377
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "test/e2e-infra-hardening"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hardens the Playwright e2e harness (#326), building on the merged suite in
apps/e2e/.What's here
Gated, destructive reset endpoint —
POST /api/test/reset(apps/api/app/api/test/reset/route.ts)404(via the existingnotFound()helper) unlessprocess.env.E2E_TEST_ROUTES === "1". No reveal, no per-user data out.{ includeIdentity?: boolean }(.strict()). Default = data-only: wipes every per-user domain table but preservesusers/local_identities/oauth_identities/sessionsso the shared session stays valid.includeIdentity: true= full wipe (used by the admin instance so the next registration is "first user = admin").deleteFromin child→parent order (derived from theDatabaseinterface) — notTRUNCATE(unsupported on SQLite), and not relying on FK cascade (documented as stale).EXACT_PUBLIC_ROUTES(the env gate is the real guard) and excluded from the OpenAPI contract viaopenapi-coverage.ts's exclusion set —openapi:check+openapi:coveragestay clean with no regeneratedopenapi.json.tests/api/test-reset.test.ts): gate cases (unset / non-"1" / prod-without-var → 404) plusdescribePerEngineproving data-only keeps the user+session andincludeIdentityclears them.storageState + reset model
tests/auth.setup.ts(thesetupproject) registers the shared user once on:3000and savesstorageStatetoapps/e2e/.auth/user.json.fixtures/test.tsextendstestwith an auto fixture that POSTs the data-only reset before each test, so authed specs start logged-in with a clean slate and run order-free.testfromfixtures/test, drop their per-specregisterFreshUser, and navigate straight in. The now-deadfixtures/auth.tsis removed; the profile-picturetest.fixmestays.Two-instance boot
serve.shis env-driven (PORT/DB_FILE/ pass-throughREGISTRATION_POLICY, alwaysexport E2E_TEST_ROUTES=1).playwright.config.tsboots a secondadmin-approvalinstance on:3100(separate DB file) and partitions projects:setup,chromium(depends on setup + storageState,:3000),smoke(:3000, no storageState),admin(:3100).Admin spec —
tests/admin.spec.ts(serial, full reset inbeforeEach): approval flow (first user = admin → second user in a second browser context registers into the pending screen and can't sign in → admin Approves in Account → second user signs in) + invite mint/reveal/Copy → revoke/confirm. Newaccount.admin.*/register.*catalog values added tofixtures/strings.ts.Heads-up: two stale assertions on
mainThe per-domain specs (#335) merged ~20 min after two client changes and were never re-run against them, so a couple of assertions were already broken on
main. Fixed here as part of the hardening:smoke.spec.ts+ the setup flow expected/notes; updated to/chat(Notes is reached by direct URL — it's no longer in the sidebar nav).network.spec.tsfilled the contact value / selected the key-person before revealing those forms; reordered to reveal-then-fill.Verification (all green locally)
pnpm -F @carol/api test→ 86 files, 1022 passed. Reset test green on SQLite + gate; Postgres leg runs in CI (TEST_POSTGRES_URLunset here).openapi:check+openapi:coverage→ clean.semgrep --config p/nodejsscan --config .semgrep apps/api→ 0 findings (277 files).setup→ 5 domain specs + smoke on:3000, 2 admin on:3100; the skip is the profile-picturetest.fixme).tsc --noEmit(e2e) +lint(api) clean.Closes #326
Refs #150
🤖 Generated with Claude Code
📊 Test coverage
Patch coverage: no testable lines changed.
Overall (
app/,lib/,db/, excluding UI per ADR-0019):Soft thresholds per ADR-0019. Coverage is informational and does not block merge.