Skip to content

test(e2e): Wave 2+3 — real-backend UI journeys + PR-smoke gate; fix pause/resume-by-token#192

Merged
mastermanas805 merged 2 commits into
mainfrom
feat/wave2-3-ui-realbackend-journeys
Jun 5, 2026
Merged

test(e2e): Wave 2+3 — real-backend UI journeys + PR-smoke gate; fix pause/resume-by-token#192
mastermanas805 merged 2 commits into
mainfrom
feat/wave2-3-ui-realbackend-journeys

Conversation

@mastermanas805

Copy link
Copy Markdown
Member

What

Wave 2 + Wave 3 of the CI integration design (docs/ci/01-CI-INTEGRATION-DESIGN.md): drive the actual dashboard in a browser against the real prod api with a multi-tier minted cohort account, then reap (rule 24, no leak). This catches the UI-against-real-backend breakage class (the login-broke regression) that mocked Playwright + tsc + vitest all miss.

Wave 3 — factory + named real-backend UI journeys

  • e2e/factory.ts — thin TS wrapper over POST/DELETE /internal/e2e/account: mintUser({tier}), mintUserWithResources, mintAtDeployCap() (hobby, deployments_apps=1), reap(). Cohort-tagged + ledger-registered for the afterAll + out-of-process reaper backstop. Token-gated (skip-clean when unset).
  • e2e/ui-helpers.ts — same-origin preview-proxy harness. The prod api CORS allowlist returns allow-origin only for https://instanode.dev (AUTH-004), so a direct cross-origin fetch from the preview origin is CORS-blocked. The preview server proxies api paths to prod (vite.config.ts preview.proxy) and the SPA api base is pinned same-origin → exercises the real backend with no CORS wall (exactly like a user on instanode.dev).
  • e2e/live-ui-{auth,resources,deploy,team-vault}.spec.ts — the 7 named journeys:
    1. auth round-trip/app renders the authed shell (not /login) + the UserMenu shows the minted email/tier from real /auth/me (decisive anti-false-pass); magic-link form submits against real /auth/email/start.
    2. provision → view → metrics stream → creds reveal → delete.
    3. deploy lifecycle + build-log SSE connects + make-permanent (TtlBadge "Keep" flips to Permanent).
    4. delete-when-exhausted → replace (headline): hobby (cap=1) → deploy feat(pricing): mark Team tier as Coming Soon #1 renders → deploy feat(pricing): replace unverified Team-tier promises with Coming Soon #2 hits the 402 cap wall → delete feat(pricing): mark Team tier as Coming Soon #1 → UI empties → replacement deploy succeeds + renders.
    5. pause/resume + 402 tier gate (free → upgrade prompt; pro → paused pill → resume).
    6. vault add → reveal (audited) → delete.
    7. team invite → Pending list row → revoke.
  • Manifest: live-ui.coverage.ts + done-bar wiring; adds GET /deploy/:id/logs (the build-log SSE).

Wave 2 — UI real-backend smoke on the PR path

REAL UI-vs-backend bug found + fixed

PauseResumeButton addressed the resource by the UUID id, but the api resolves :id against the token column — so every pause/resume 404'd ("Resource not found") through the dashboard (a never-working Pro feature). Verified live: pause by id → 404, pause by token → 200, for both seeded and fully-provisioned resources. Fixed to use resource.token (matching getResource/rotate/delete). Proven by journey #5.

Verification (real prod)

  • All 10 live-ui tests green vs api.instanode.dev; ledger empty + reap 200 every run (no leak).
  • npm run gate green (tsc + build + vitest, 1129 tests) incl. updated PauseResumeButton tests + the prod-coverage done-bar guard.

🤖 Generated with Claude Code

…ause/resume by token

Drive the ACTUAL dashboard in the browser against the real prod api with a
multi-tier minted cohort account, then reap (rule 24, no leak). Catches the
UI-against-real-backend breakage class (login-broke) that mocked Playwright +
tsc + vitest all miss.

Wave 3 — factory + named journeys (all proven green vs api.instanode.dev):
- e2e/factory.ts: thin wrapper over POST/DELETE /internal/e2e/account —
  mintUser({tier}), mintUserWithResources, mintAtDeployCap (hobby cap=1), reap;
  cohort-tagged + ledger-registered for the afterAll/out-of-process backstop.
- e2e/ui-helpers.ts: same-origin preview-proxy harness. The prod api CORS
  allowlist returns allow-origin ONLY for https://instanode.dev (AUTH-004), so a
  direct cross-origin fetch from the preview origin is CORS-blocked. The preview
  server proxies api paths to prod (vite.config.ts preview.proxy) and the SPA's
  api base is pinned same-origin → real backend, no CORS wall.
- e2e/live-ui-{auth,resources,deploy,team-vault}.spec.ts: journeys
  #1 auth round-trip (authed shell + /auth/me identity; magic-link form),
  #2 provision→view→metrics stream→creds reveal→delete,
  #3 deploy lifecycle + build-log SSE connect + make-permanent,
  #4 delete-when-exhausted→replace (hobby cap=1: #1 renders → #2 hits the 402
     wall → delete #1 → replacement succeeds) — the headline scenario,
  #5 pause/resume + 402 tier gate, #6 vault add→reveal→delete, #7 team invite.
- Manifest: live-ui.coverage.ts + done-bar wiring; add GET /deploy/:id/logs.

Wave 2 — PR-smoke gate:
- .github/workflows/e2e-pr-smoke.yml runs the @pr-smoke subset (#1/#2/#3) on
  every web PR via a minted+reaped account; no-ops cleanly on fork/secret-less
  PRs; full suite stays on the e2e-prod 30-min schedule.

REAL UI bug found + fixed (PauseResumeButton): pause/resume addressed the
resource by the UUID `id`, but the api resolves :id against the TOKEN column —
so every pause/resume 404'd ("Resource not found") through the dashboard. Now
uses resource.token (matches getResource/rotate/delete). Proven via journey #5.

Verified: all 10 live-ui tests green vs prod, ledger empty, reap 200; npm run
gate green (1129 tests).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mastermanas805
mastermanas805 enabled auto-merge (squash) June 5, 2026 22:45
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

size-limit report 📦

Path Size
dist/assets/index-CAUaKl6R.js 0 B (-100% 🔽)
dist/assets/index-BsJUZYRr.css 6.13 KB (0%)
dist/assets/index-XisJSLgD.js 162.07 KB (+100% 🔺)

Comment thread e2e/live-ui-resources.spec.ts Fixed
…lity)

All three resource journeys use mintUserWithResources; mintUser was imported but
never referenced. Flagged by github-code-quality on PR #192.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mastermanas805
mastermanas805 merged commit 3113ae9 into main Jun 5, 2026
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant