|
| 1 | +--- |
| 2 | +slug: 2026-02-17-feat-e2e-recorded-baseline-test |
| 3 | +status: intake-complete |
| 4 | +date: 2026-02-17T19:30:00Z |
| 5 | +owner: sidmohan |
| 6 | +plan_mode: execution |
| 7 | +spike_recommended: yes |
| 8 | +priority: high |
| 9 | +--- |
| 10 | + |
| 11 | +# feat: Add E2E recorded baseline test for FogClaw plugin |
| 12 | + |
| 13 | +## Purpose / Big Picture |
| 14 | + |
| 15 | +FogClaw has 215 unit and integration tests but zero end-to-end tests against a real OpenClaw instance. There is no automated way to verify that the plugin actually works when installed via npm, configured through the OpenClaw Dashboard UI, and exercised through real agent prompts. When a new feature ships (like the access request backlog), there is no regression gate that proves the full user experience still works. |
| 16 | + |
| 17 | +After this initiative, a single command runs a fully automated E2E test sequence against a real local OpenClaw instance: install FogClaw from npm, configure it via the Dashboard UI, send prompts containing PII, verify redaction in all three scanning layers, exercise the access request backlog, and capture a video recording of the entire run. This recording serves as the baseline evidence artifact. Every future feature must pass this test before release. |
| 18 | + |
| 19 | +## Scope |
| 20 | + |
| 21 | +### In Scope |
| 22 | + |
| 23 | +- Browser automation (Playwright) for the OpenClaw Dashboard UI: plugin installation, configuration, request review/resolution |
| 24 | +- CLI automation for OpenClaw agent interactions: sending prompts, observing redacted output, triggering tool calls |
| 25 | +- Video recording of the full E2E run via Playwright's built-in recording |
| 26 | +- Test scenario covering all three scanning layers: `before_agent_start` (inbound prompt), `tool_result_persist` (file read), `message_sending` (outbound reply) |
| 27 | +- Test scenario for the PII access request backlog: request, list, follow-up, approve, verify original text returned |
| 28 | +- Test fixture: a sample file containing structured PII (email, SSN, phone, credit card, person name) |
| 29 | +- CI integration: the E2E test can be triggered manually or as part of a release gate |
| 30 | +- Evidence storage: video recordings saved to a predictable path for human review |
| 31 | + |
| 32 | +### Boundaries |
| 33 | + |
| 34 | +- **Not a replacement for unit tests.** The 215 existing unit/integration tests remain the primary fast-feedback loop. This E2E test is slower and complementary. |
| 35 | +- **No headless-only mode in v1.** The video recording requires a visible browser. Headless optimization is a follow-up. |
| 36 | +- **No automatic video diffing.** v1 relies on human review of recordings. Automated visual regression is a future enhancement. |
| 37 | +- **No multi-platform testing.** v1 targets macOS local development only. Cross-platform CI (Linux containers) is a follow-up. |
| 38 | +- **No OpenClaw upstream changes.** This test works with OpenClaw as-is. If the Dashboard API changes, the test adapts. |
| 39 | + |
| 40 | +## Non-Goals |
| 41 | + |
| 42 | +- Replacing existing unit/integration tests |
| 43 | +- Automated visual diff or AI-powered video analysis |
| 44 | +- Performance benchmarking or load testing |
| 45 | +- Testing OpenClaw itself (we test FogClaw's behavior within OpenClaw) |
| 46 | + |
| 47 | +## Risks |
| 48 | + |
| 49 | +- **OpenClaw Dashboard UI instability.** If OpenClaw changes its UI, browser selectors break. Mitigation: use data-testid selectors where available, fall back to stable aria/role selectors. |
| 50 | +- **GLiNER model download in E2E.** The ONNX model is ~1.4GB. E2E tests that trigger GLiNER will be slow on first run. Mitigation: pre-cache the model or test regex-only mode for speed, with a separate GLiNER-inclusive run. |
| 51 | +- **OpenClaw installation/startup complexity.** Setting up a real local OpenClaw instance may require specific Node.js versions, API keys, or configuration. Mitigation: document prerequisites clearly; spike to validate the setup. |
| 52 | +- **Flaky browser automation.** UI tests are inherently more fragile than API tests. Mitigation: explicit waits, retry logic, and clear failure diagnostics in recordings. |
| 53 | + |
| 54 | +## Rollout |
| 55 | + |
| 56 | +Ship as a new test target (`npm run test:e2e`) alongside existing tests. Initially triggered manually by developers before release. After the baseline is validated, integrate into the release gate (he-verify-release adds "E2E recording reviewed" as a checklist item). |
| 57 | + |
| 58 | +## Validation and Acceptance Signals |
| 59 | + |
| 60 | +- `npm run test:e2e` completes successfully against a running local OpenClaw instance with FogClaw installed |
| 61 | +- A video recording (`.webm` or `.mp4`) is saved to `tests/e2e/recordings/` after each run |
| 62 | +- The recording shows: plugin visible in Dashboard, PII in prompt being redacted, PII in file read being redacted, access request created and approved, original text revealed |
| 63 | +- An agent can run the full E2E sequence autonomously using `agent-browser` for the Dashboard UI portions |
| 64 | +- The test fails (non-zero exit) if any critical assertion fails (e.g., PII not redacted, tool not registered) |
| 65 | + |
| 66 | +## Requirements |
| 67 | + |
| 68 | +| ID | Priority | Requirement | |
| 69 | +|---|---|---| |
| 70 | +| R1 | critical | E2E test installs FogClaw into a real local OpenClaw instance and verifies plugin registration (3 hooks, 6 tools) | |
| 71 | +| R2 | critical | Test sends a prompt containing PII (email, SSN, phone, credit card, person name) and verifies the agent receives redacted text, not originals | |
| 72 | +| R3 | critical | Test triggers a file read containing PII and verifies `tool_result_persist` hook redacts the content before the agent sees it | |
| 73 | +| R4 | critical | Test verifies `message_sending` hook redacts PII in outbound agent replies | |
| 74 | +| R5 | high | Test exercises the full access request backlog cycle: request access to `[EMAIL_1]` → list pending → approve → verify original email returned | |
| 75 | +| R6 | high | Full E2E run is video-recorded and saved to a predictable path (`tests/e2e/recordings/<timestamp>.webm`) | |
| 76 | +| R7 | high | Test can be run by an agent autonomously (agent-browser for Dashboard, CLI automation for prompts) | |
| 77 | +| R8 | medium | OpenClaw Dashboard UI interactions are automated via Playwright: navigate to plugin config, verify FogClaw is listed, verify settings | |
| 78 | +| R9 | medium | Test includes a "before FogClaw" baseline run showing PII flowing through unprotected, followed by an "after FogClaw" run showing redaction | |
| 79 | +| R10 | low | Test produces a structured summary (JSON or markdown) of pass/fail results alongside the video | |
| 80 | + |
| 81 | +## Open Questions |
| 82 | + |
| 83 | +- **[spike]** **[Affects R1, R7, R8]** How does OpenClaw's local development setup work? What commands start the Dashboard UI? What port? What authentication? Does `openclaw dashboard` exist? This must be validated before planning. |
| 84 | +- **[spike]** **[Affects R7]** Can `agent-browser` drive the OpenClaw Dashboard reliably? What selectors are available? Is there a data-testid convention? |
| 85 | +- **[planning]** **[Affects R6]** What video format and resolution? Playwright supports `.webm` natively. Should we transcode to `.mp4` for broader compatibility? |
| 86 | +- **[decision]** **[Affects R9]** Should the "before/after" comparison be two separate test runs, or a single run that enables FogClaw mid-test? |
| 87 | + |
| 88 | +## Success Criteria |
| 89 | + |
| 90 | +- A developer can run `npm run test:e2e` and get a video recording proving FogClaw works end-to-end |
| 91 | +- An agent can run the same test autonomously and produce the same evidence |
| 92 | +- The recording serves as the release baseline: every new feature's verify-release step includes reviewing the E2E recording |
| 93 | +- If PII leaks through any scanning layer, the test fails with a clear assertion error |
| 94 | + |
| 95 | +## Constraints |
| 96 | + |
| 97 | +- Must use Playwright (TypeScript, consistent with existing test stack) |
| 98 | +- Must not require paid services or API keys beyond what OpenClaw already needs |
| 99 | +- Video recordings must be under 60 seconds for typical runs (excluding GLiNER model download) |
| 100 | +- Must work on macOS with Node.js 22+ |
| 101 | + |
| 102 | +## Tech Preferences |
| 103 | + |
| 104 | +- **Browser automation**: Playwright (TypeScript API, built-in video recording, maintained by Microsoft) |
| 105 | +- **CLI automation**: Node.js child_process or Playwright's terminal integration |
| 106 | +- **Video format**: `.webm` (Playwright native) with optional `.mp4` transcode |
| 107 | +- **Rationale**: Playwright is the industry standard for browser E2E, has first-class TypeScript support, and integrates with Vitest. Its built-in video recording eliminates the need for external screen capture tools. |
| 108 | + |
| 109 | +## Priority |
| 110 | + |
| 111 | +- priority: high |
| 112 | +- rationale: Without E2E tests, every release relies on manual verification that the plugin works in a real OpenClaw instance. As features accumulate (3 hooks, 6 tools, backlog workflow), manual testing becomes unsustainable. This is the foundation for autonomous agent-driven quality gates. |
| 113 | + |
| 114 | +## Initial Milestone Candidates |
| 115 | + |
| 116 | +- M1: **Spike — OpenClaw local setup and Dashboard automation feasibility.** Validate that we can start OpenClaw locally, access the Dashboard UI, and drive it with Playwright. Determine selectors, auth flow, and CLI interaction patterns. Output: spike findings doc with setup commands and selector inventory. Risk hotspot: OpenClaw Dashboard may not have stable selectors. |
| 117 | + |
| 118 | +- M2: **Core E2E test — CLI + browser automation with video recording.** Implement the full test scenario: install plugin, configure, send PII prompts, verify redaction across all three layers, exercise backlog. Record video. Output: `tests/e2e/` directory with test files, fixtures, and recording output. Risk hotspot: flaky browser selectors, GLiNER model download latency. |
| 119 | + |
| 120 | +- M3: **Agent autonomy + CI integration.** Ensure the test can be run by an agent via `agent-browser` skill. Add `npm run test:e2e` script. Document the E2E test as a required step in he-verify-release. Output: updated runbooks, CI workflow addition. Risk hotspot: agent-browser reliability with OpenClaw's specific UI. |
| 121 | + |
| 122 | +## Handoff |
| 123 | + |
| 124 | +Spike recommended before planning. The OpenClaw Dashboard UI structure, selector availability, and local setup process are unknown and must be validated. After the spike, proceed to he-plan with concrete knowledge of what's automatable. |
| 125 | + |
| 126 | +## Revision Notes |
| 127 | + |
| 128 | +- 2026-02-17T19:30:00Z: Initialized spec. E2E recorded baseline test for FogClaw against real OpenClaw instance. Spike recommended to validate Dashboard automation feasibility. Video recording chosen over screenshots for richer evidence with human review loop. |
0 commit comments