Add smoke tests, JUnit reporting, and test summary script

- Add scripts/smoke.test.ts with 27 tests against live site (status codes,
  trailing slash redirects, security headers, content, static assets)
- Add JUnit XML reporters to vitest configs (test-results/unit.xml, smoke.xml)
- Add scripts/test-summary.mjs for aggregated test reporting (table + --md)
- Add prerender tests: /reader route, homepage noscript nav, sitemap, 404
- Add Makefile targets: smoke-test, test-all (unit + smoke + summary)
- Add test-results/ to .gitignore
- Exclude .mjs from eslint (Node globals)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: gmoon

.gitignore

@@ -6,3 +6,6 @@ coverage
 *.local
 .env
 .env.*
+
+# Test results (JUnit XML)
+test-results/

Makefile

@@ -1,4 +1,4 @@
-.PHONY: ci install format lint typecheck build build-ui test clean pre-commit pre-push
+.PHONY: ci install format lint typecheck build build-ui test smoke-test test-all clean pre-commit pre-push help
 
 # Pre-commit gate: fast checks (format + lint)
 pre-commit: format lint
@@ -33,15 +33,28 @@ build: build-ui
 test:
 	npm test
 
+# Smoke tests against live site (run after deploy)
+smoke-test:
+	npm run test:smoke
+
+# Run all tests (unit + smoke) with JUnit XML summary
+test-all:
+	@rm -rf test-results && mkdir -p test-results
+	npm test
+	npm run test:smoke
+	@node scripts/test-summary.mjs
+
 clean:
-	rm -rf dist packages/*/dist node_modules
+	rm -rf dist packages/*/dist node_modules test-results coverage
 
 help:
 	@echo "Available targets:"
-	@echo "  make pre-commit - Check formatting + lint (run before commit)"
-	@echo "  make pre-push   - Full check: format + lint + typecheck + test + build (run before push)"
-	@echo "  make ci         - Full CI with clean install"
-	@echo "  make build-ui   - Build @forkzero/ui package"
-	@echo "  make build      - Build for production"
-	@echo "  make test       - Run tests with coverage"
-	@echo "  make clean      - Remove dist and node_modules"
+	@echo "  make pre-commit  - Check formatting + lint (run before commit)"
+	@echo "  make pre-push    - Full check: format + lint + typecheck + test + build (run before push)"
+	@echo "  make ci          - Full CI with clean install"
+	@echo "  make build-ui    - Build @forkzero/ui package"
+	@echo "  make build       - Build for production"
+	@echo "  make test        - Run unit tests with coverage"
+	@echo "  make smoke-test  - Run smoke tests against live site"
+	@echo "  make test-all    - Run all tests with JUnit XML summary"
+	@echo "  make clean       - Remove dist, test-results, and node_modules"

eslint.config.js

@@ -3,7 +3,7 @@ import tseslint from 'typescript-eslint'
 import reactHooks from 'eslint-plugin-react-hooks'
 
 export default tseslint.config(
-  { ignores: ['dist', 'node_modules', 'packages/*/dist'] },
+  { ignores: ['dist', 'node_modules', 'packages/*/dist', 'scripts/*.mjs'] },
   js.configs.recommended,
   ...tseslint.configs.recommended,
   {

package.json

@@ -12,6 +12,7 @@
     "preview": "vite preview",
     "test": "vitest run --coverage",
     "test:fast": "vitest run",
+    "test:smoke": "vitest run --config vitest.smoke.config.ts",
     "test:watch": "vitest",
     "lint": "eslint src scripts packages/ui/src",
     "lint:fix": "eslint src scripts packages/ui/src --fix",

scripts/prerender.test.ts

@@ -44,6 +44,14 @@ describe('pre-rendered homepage', () => {
     expect(html).toContain('knowledge graph')
   })
 
+  it('has noscript navigation links', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<nav>')
+    expect(html).toContain('href="/getting-started"')
+    expect(html).toContain('href="/blog"')
+    expect(html).toContain('href="/privacy"')
+  })
+
   it('has Organization JSON-LD', () => {
     const html = readFileSync(file, 'utf-8')
     expect(html).toContain('application/ld+json')
@@ -105,6 +113,47 @@ describe('pre-rendered getting-started', () => {
   })
 })
 
+describe('pre-rendered reader', () => {
+  const file = join(distDir, 'reader', 'index.html')
+
+  it('exists', () => {
+    expect(existsSync(file)).toBe(true)
+  })
+
+  it('has correct title', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<title>Lattice Dashboard — Forkzero</title>')
+  })
+
+  it('has meta description', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<meta name="description"')
+    expect(html).toContain('Interactive viewer')
+  })
+
+  it('has og:type website', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('og:type" content="website"')
+  })
+
+  it('has noscript fallback', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<noscript>')
+    expect(html).toContain('Lattice Dashboard')
+  })
+
+  it('has WebPage JSON-LD', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('"@type":"WebPage"')
+  })
+
+  it('has BreadcrumbList JSON-LD', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('"@type":"BreadcrumbList"')
+    expect(html).toContain('Dashboard')
+  })
+})
+
 describe('pre-rendered blog listing', () => {
   const file = join(distDir, 'blog', 'index.html')
 
@@ -216,3 +265,55 @@ describe('pre-rendered blog post', () => {
     expect(html).toContain('"position":3')
   })
 })
+
+describe('sitemap.xml', () => {
+  const file = join(distDir, 'sitemap.xml')
+
+  it('exists', () => {
+    expect(existsSync(file)).toBe(true)
+  })
+
+  it('contains all pages', () => {
+    const xml = readFileSync(file, 'utf-8')
+    expect(xml).toContain('https://forkzero.ai/')
+    expect(xml).toContain('https://forkzero.ai/getting-started')
+    expect(xml).toContain('https://forkzero.ai/blog')
+    expect(xml).toContain('https://forkzero.ai/privacy')
+  })
+
+  it('contains all blog posts', () => {
+    const xml = readFileSync(file, 'utf-8')
+    for (const post of blogPosts) {
+      expect(xml).toContain(`https://forkzero.ai/blog/${post.slug}`)
+    }
+  })
+
+  it('has lastmod dates', () => {
+    const xml = readFileSync(file, 'utf-8')
+    expect(xml).toMatch(/<lastmod>\d{4}-\d{2}-\d{2}<\/lastmod>/)
+  })
+})
+
+describe('404.html', () => {
+  const file = join(distDir, '404.html')
+
+  it('exists', () => {
+    expect(existsSync(file)).toBe(true)
+  })
+
+  it('has noindex meta tag', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<meta name="robots" content="noindex"')
+  })
+
+  it('has correct title', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<title>Page not found — Forkzero</title>')
+  })
+
+  it('has noscript fallback with link to homepage', () => {
+    const html = readFileSync(file, 'utf-8')
+    expect(html).toContain('<noscript>')
+    expect(html).toContain('href="/"')
+  })
+})

scripts/smoke.test.ts

@@ -0,0 +1,156 @@
+/**
+ * Smoke tests against the live deployed site.
+ *
+ * Run manually after deploys:
+ *   npx vitest run scripts/smoke.test.ts
+ *
+ * These tests hit forkzero.ai over HTTPS and verify HTTP status codes,
+ * redirects, headers, and basic content expectations.
+ */
+
+import { describe, it, expect } from 'vitest'
+import { blogPosts } from '../src/data/blog-posts.js'
+
+const BASE = process.env.SITE_URL ?? 'https://forkzero.ai'
+
+async function head(path: string, opts?: { redirect?: RequestRedirect }) {
+  const res = await fetch(`${BASE}${path}`, {
+    method: 'HEAD',
+    redirect: opts?.redirect ?? 'manual',
+  })
+  return res
+}
+
+async function get(path: string) {
+  const res = await fetch(`${BASE}${path}`, { redirect: 'manual' })
+  const text = await res.text()
+  return { res, text }
+}
+
+// --- HTTP status codes ---
+
+describe('status codes', () => {
+  it.each(['/', '/blog', '/getting-started', '/privacy', '/reader'])('%s returns 200', async (path) => {
+    const res = await head(path)
+    expect(res.status).toBe(200)
+  })
+
+  it.each(blogPosts.map((p) => `/blog/${p.slug}`))('%s returns 200', async (path) => {
+    const res = await head(path)
+    expect(res.status).toBe(200)
+  })
+
+  it('non-existent page returns 404', async () => {
+    const res = await head('/this-page-does-not-exist-' + Date.now())
+    expect(res.status).toBe(404)
+  })
+})
+
+// --- Trailing slash redirects ---
+
+describe('trailing slash redirects', () => {
+  it.each(['/blog/', '/getting-started/', '/privacy/', '/reader/'])('%s redirects to non-trailing', async (path) => {
+    const res = await head(path)
+    expect(res.status).toBe(301)
+    const location = res.headers.get('location')
+    expect(location).toBe(path.slice(0, -1))
+  })
+})
+
+// --- Security headers ---
+
+describe('security headers', () => {
+  it('has HSTS', async () => {
+    const res = await head('/')
+    expect(res.headers.get('strict-transport-security')).toContain('max-age=')
+  })
+
+  it('has X-Frame-Options', async () => {
+    const res = await head('/')
+    expect(res.headers.get('x-frame-options')).toBe('DENY')
+  })
+
+  it('has X-Content-Type-Options', async () => {
+    const res = await head('/')
+    expect(res.headers.get('x-content-type-options')).toBe('nosniff')
+  })
+
+  it('has Referrer-Policy', async () => {
+    const res = await head('/')
+    expect(res.headers.get('referrer-policy')).toBe('strict-origin-when-cross-origin')
+  })
+
+  it('has Permissions-Policy', async () => {
+    const res = await head('/')
+    expect(res.headers.get('permissions-policy')).toContain('geolocation=()')
+  })
+})
+
+// --- Content checks ---
+
+describe('page content', () => {
+  it('homepage has correct title', async () => {
+    const { text } = await get('/')
+    expect(text).toContain('<title>Lattice by Forkzero')
+  })
+
+  it('homepage has JSON-LD', async () => {
+    const { text } = await get('/')
+    expect(text).toContain('application/ld+json')
+    expect(text).toContain('"@type":"Organization"')
+  })
+
+  it('blog post has BlogPosting schema', async () => {
+    const { text } = await get(`/blog/${blogPosts[0].slug}`)
+    expect(text).toContain('"@type":"BlogPosting"')
+  })
+
+  it('404 page has noindex', async () => {
+    const { text } = await get('/this-does-not-exist-' + Date.now())
+    expect(text).toContain('content="noindex"')
+  })
+
+  it('404 page has correct title', async () => {
+    const { text } = await get('/this-does-not-exist-' + Date.now())
+    expect(text).toContain('<title>Page not found')
+  })
+})
+
+// --- Static assets ---
+
+describe('static assets', () => {
+  it('robots.txt is accessible', async () => {
+    const { res, text } = await get('/robots.txt')
+    expect(res.status).toBe(200)
+    expect(text).toContain('Sitemap:')
+  })
+
+  it('sitemap.xml is accessible', async () => {
+    const { res, text } = await get('/sitemap.xml')
+    expect(res.status).toBe(200)
+    expect(text).toContain('<urlset')
+    expect(text).toContain('forkzero.ai')
+  })
+
+  it('llms.txt is accessible', async () => {
+    const { res, text } = await get('/llms.txt')
+    expect(res.status).toBe(200)
+    expect(text).toContain('Lattice')
+  })
+
+  it('og-default.png is accessible', async () => {
+    const res = await head('/og-default.png')
+    expect(res.status).toBe(200)
+  })
+
+  it('hashed assets have immutable cache', async () => {
+    // Fetch homepage to find a hashed asset URL
+    const { text } = await get('/')
+    const match = text.match(/\/assets\/[^"]+\.js/)
+    expect(match).not.toBeNull()
+
+    const res = await head(`${match![0]}`)
+    expect(res.status).toBe(200)
+    expect(res.headers.get('cache-control')).toContain('immutable')
+  })
+})