stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Gaps fill up, fixes, ui restructuring

Browse Source
This commit is contained in:
master
2026-02-19 22:10:54 +02:00
parent b5829dce5c
commit 04cacdca8a
331 changed files with 42859 additions and 2174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

360
src/Web/StellaOps.Web/tests/e2e/critical-path.spec.ts Normal file
View File

@@ -0,0 +1,360 @@
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'orch:read',
'orch:operate',
'orch:quota',
'findings:read',
'vuln:view',
'vuln:investigate',
'vuln:operate',
'vuln:audit',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'exceptions:approve',
'aoc:verify',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope:
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try {
window.sessionStorage.clear();
} catch {
// ignore storage access errors in restricted contexts
}
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/config.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ keys: [] }),
})
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({
status: 400,
contentType: 'application/json',
body: JSON.stringify({ error: 'not-used-in-critical-path-e2e' }),
})
);
await page.route('**/api/v1/advisory-sources**', (route) => {
const url = new URL(route.request().url());
const path = url.pathname;
if (path === '/api/v1/advisory-sources') {
return route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
items: [
{
sourceId: 'src-nvd',
sourceKey: 'nvd',
sourceName: 'NVD',
sourceFamily: 'nvd',
sourceUrl: 'https://nvd.nist.gov',
priority: 10,
enabled: true,
lastSyncAt: '2026-02-19T08:00:00Z',
lastSuccessAt: '2026-02-19T08:00:00Z',
freshnessAgeSeconds: 1200,
freshnessSlaSeconds: 7200,
freshnessStatus: 'warning',
signatureStatus: 'signed',
lastError: null,
syncCount: 14,
errorCount: 0,
totalAdvisories: 12345,
signedAdvisories: 12300,
unsignedAdvisories: 45,
signatureFailureCount: 0,
},
],
totalCount: 1,
dataAsOf: '2026-02-19T08:00:00Z',
}),
});
}
if (path === '/api/v1/advisory-sources/summary') {
return route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
totalSources: 1,
healthySources: 1,
warningSources: 0,
staleSources: 0,
unavailableSources: 0,
disabledSources: 0,
conflictingSources: 0,
dataAsOf: '2026-02-19T08:00:00Z',
}),
});
}
if (path.endsWith('/impact')) {
return route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
sourceId: 'src-nvd',
sourceFamily: 'nvd',
region: null,
environment: null,
impactedDecisionsCount: 2,
impactSeverity: 'medium',
lastDecisionAt: '2026-02-19T08:05:00Z',
decisionRefs: [
{
decisionId: 'apr-001',
decisionType: 'approval',
label: 'Approval apr-001',
route: '/release-control/approvals/apr-001',
},
],
dataAsOf: '2026-02-19T08:00:00Z',
}),
});
}
if (path.endsWith('/conflicts')) {
return route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
sourceId: 'src-nvd',
status: 'open',
limit: 50,
offset: 0,
totalCount: 0,
items: [],
dataAsOf: '2026-02-19T08:00:00Z',
}),
});
}
if (path.endsWith('/freshness')) {
return route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({
source: {
sourceId: 'src-nvd',
sourceKey: 'nvd',
sourceName: 'NVD',
sourceFamily: 'nvd',
sourceUrl: 'https://nvd.nist.gov',
priority: 10,
enabled: true,
lastSyncAt: '2026-02-19T08:00:00Z',
lastSuccessAt: '2026-02-19T08:00:00Z',
freshnessAgeSeconds: 1200,
freshnessSlaSeconds: 7200,
freshnessStatus: 'warning',
signatureStatus: 'signed',
lastError: null,
syncCount: 14,
errorCount: 0,
totalAdvisories: 12345,
signedAdvisories: 12300,
unsignedAdvisories: 45,
signatureFailureCount: 0,
},
lastSyncAt: '2026-02-19T08:00:00Z',
lastSuccessAt: '2026-02-19T08:00:00Z',
lastError: null,
syncCount: 14,
errorCount: 0,
dataAsOf: '2026-02-19T08:00:00Z',
}),
});
}
return route.fulfill({
status: 404,
contentType: 'application/json',
body: JSON.stringify({ error: 'not mocked in critical-path e2e' }),
});
});
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
}
async function openSidebarGroupRoute(
page: Page,
groupLabel: string,
targetHref: string
): Promise<void> {
const sidebar = page.locator('aside.sidebar');
const targetLink = sidebar.locator(`a[href="${targetHref}"]`).first();
const isVisible = await targetLink.isVisible().catch(() => false);
if (!isVisible) {
await sidebar.getByRole('button', { name: groupLabel, exact: true }).click();
}
await expect(targetLink).toBeVisible();
await targetLink.click();
}
test.describe.configure({ mode: 'serial' });
test.describe('Critical path shell verification', () => {
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
test('dashboard to release-control setup/bundles/promotions/runs renders canonical flow', async ({
page,
}) => {
await go(page, '/dashboard');
await expect(page).toHaveURL(/\/dashboard$/);
await ensureShell(page);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Dashboard');
await go(page, '/release-control/setup');
await expect(page).toHaveURL(/\/release-control\/setup$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Setup');
await go(page, '/release-control/bundles');
await expect(page).toHaveURL(/\/release-control\/bundles$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Bundles');
await go(page, '/release-control/promotions');
await expect(page).toHaveURL(/\/release-control\/promotions$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Promotions');
await go(page, '/release-control/runs');
await expect(page).toHaveURL(/\/release-control\/runs$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Run Timeline');
});
test('security advisory sources preserves ownership split links', async ({ page }) => {
await go(page, '/security-risk/advisory-sources');
await expect(page).toHaveURL(/\/security-risk\/advisory-sources$/);
await ensureShell(page);
await expect(page.locator('body')).toContainText('Advisory Sources');
await expect(page.locator('a[href*="/integrations/feeds"]').first()).toBeVisible();
await expect(page.locator('a[href*="/platform-ops/feeds"]').first()).toBeVisible();
await expect(page.locator('a[href*="/security-risk/findings"]').first()).toBeVisible();
});
test('evidence routes expose replay, timeline, proofs, and trust ownership link', async ({ page }) => {
await go(page, '/evidence-audit');
await expect(page).toHaveURL(/\/evidence-audit$/);
await ensureShell(page);
await expect(page.locator('body')).toContainText('Evidence Surfaces');
await expect(page.locator('a[href="/administration/trust-signing"]').first()).toBeVisible();
await go(page, '/evidence-audit/replay');
await expect(page).toHaveURL(/\/evidence-audit\/replay$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Replay / Verify');
await go(page, '/evidence-audit/timeline');
await expect(page).toHaveURL(/\/evidence-audit\/timeline$/);
await expect(page.getByRole('heading', { name: /Timeline/i }).first()).toBeVisible();
await go(page, '/evidence-audit/proofs');
await expect(page).toHaveURL(/\/evidence-audit\/proofs$/);
await expect(page.locator('app-breadcrumb nav.breadcrumb')).toContainText('Proof Chains');
});
test('integrations and platform-ops split navigation remains intact', async ({ page }) => {
await go(page, '/dashboard');
await ensureShell(page);
await expect(page.locator('aside.sidebar')).toContainText('Integrations');
await openSidebarGroupRoute(page, 'Platform Ops', '/platform-ops/data-integrity');
await expect(page).toHaveURL(/\/platform-ops\/data-integrity$/);
await expect(page.locator('body')).toContainText('Data Integrity');
await expect(page.locator('a[href="/security-risk/advisory-sources"]').first()).toBeVisible();
});
});

244
src/Web/StellaOps.Web/tests/e2e/ia-v2-a11y-regression.spec.ts Normal file
View File

@@ -0,0 +1,244 @@
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'orch:read',
'orch:operate',
'orch:quota',
'findings:read',
'vuln:view',
'vuln:investigate',
'vuln:operate',
'vuln:audit',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'exceptions:approve',
'aoc:verify',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope:
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try {
window.sessionStorage.clear();
} catch {
// ignore storage access errors in restricted contexts
}
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/config.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ keys: [] }),
})
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({
status: 400,
contentType: 'application/json',
body: JSON.stringify({ error: 'not-used-in-a11y-e2e' }),
})
);
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
}
async function openSidebarGroupRoute(
page: Page,
groupLabel: string,
targetHref: string
): Promise<void> {
const sidebar = page.locator('aside.sidebar');
const targetLink = sidebar.locator(`a[href="${targetHref}"]`).first();
const isVisible = await targetLink.isVisible().catch(() => false);
if (!isVisible) {
await sidebar.getByRole('button', { name: groupLabel, exact: true }).click();
}
await expect(targetLink).toBeVisible();
await targetLink.click();
}
test.describe.configure({ mode: 'serial' });
test.describe('IA v2 accessibility and regression', () => {
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
test('canonical roots expose landmarks and navigation controls', async ({ page }) => {
const roots = [
'/dashboard',
'/release-control',
'/security-risk',
'/evidence-audit',
'/administration',
];
for (const path of roots) {
await go(page, path);
await ensureShell(page);
const landmarkCount = await page.locator('main, [role="main"], nav, [role="navigation"]').count();
expect(landmarkCount).toBeGreaterThan(1);
await expect(page.locator('aside.sidebar a, aside.sidebar button').first()).toBeVisible();
}
// /platform-ops and /integrations are proxy-captured in dev mode.
// Validate both via in-app navigation.
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Platform Ops', '/platform-ops/data-integrity');
await expect(page).toHaveURL(/\/platform-ops\/data-integrity$/);
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Integrations', '/integrations');
await expect(page).toHaveURL(/\/integrations$/);
});
test('keyboard navigation moves focus across shell controls', async ({ page }) => {
await go(page, '/dashboard');
await ensureShell(page);
const focusedElements: string[] = [];
for (let i = 0; i < 10; i += 1) {
await page.keyboard.press('Tab');
const focused = await page.evaluate(() => {
const element = document.activeElement as HTMLElement | null;
if (!element) return 'none';
return `${element.tagName.toLowerCase()}::${element.className || element.id || 'no-id'}`;
});
focusedElements.push(focused);
}
expect(new Set(focusedElements).size).toBeGreaterThan(3);
});
test('deprecated root labels are absent from primary nav', async ({ page }) => {
await go(page, '/dashboard');
await ensureShell(page);
const navText = (await page.locator('aside.sidebar nav').textContent()) ?? '';
expect(navText).not.toContain('Operations');
expect(navText).not.toContain('Policy Studio');
expect(navText).not.toContain('\nSecurity\n');
expect(navText).not.toContain('\nEvidence\n');
});
test('breadcrumbs render canonical ownership on key shell routes', async ({ page }) => {
const checks: Array<{ path: string; expected: string }> = [
{ path: '/release-control/setup', expected: 'Setup' },
{ path: '/security-risk/advisory-sources', expected: 'Advisory Sources' },
{ path: '/evidence-audit/replay', expected: 'Replay / Verify' },
{ path: '/platform-ops/data-integrity', expected: 'Data Integrity' },
{ path: '/administration/trust-signing', expected: 'Trust & Signing' },
];
for (const check of checks) {
if (check.path === '/platform-ops/data-integrity') {
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Platform Ops', '/platform-ops/data-integrity');
} else {
await go(page, check.path);
}
await ensureShell(page);
const breadcrumb = page.locator('app-breadcrumb nav.breadcrumb');
await expect(breadcrumb).toHaveCount(1);
await expect(breadcrumb).toContainText(check.expected);
}
});
test('mobile viewport keeps shell usable without horizontal overflow', async ({ page }) => {
await page.setViewportSize({ width: 390, height: 844 });
await go(page, '/dashboard');
await expect(page.locator('.topbar__menu-toggle')).toBeVisible();
const hasHorizontalScroll = await page.evaluate(
() => document.documentElement.scrollWidth > document.documentElement.clientWidth
);
expect(hasHorizontalScroll).toBe(false);
});
});

316
src/Web/StellaOps.Web/tests/e2e/nav-shell.spec.ts Normal file
View File

@@ -0,0 +1,316 @@
import { expect, test, type Page } from '@playwright/test';
import { policyAuthorSession } from '../../src/app/testing';
const shellSession = {
...policyAuthorSession,
scopes: [
...new Set([
...policyAuthorSession.scopes,
'ui.read',
'admin',
'orch:read',
'orch:operate',
'orch:quota',
'findings:read',
'vuln:view',
'vuln:investigate',
'vuln:operate',
'vuln:audit',
'authority:tenants.read',
'advisory:read',
'vex:read',
'exceptions:read',
'exceptions:approve',
'aoc:verify',
]),
],
};
const mockConfig = {
authority: {
issuer: 'http://127.0.0.1:4400/authority',
clientId: 'stella-ops-ui',
authorizeEndpoint: 'http://127.0.0.1:4400/authority/connect/authorize',
tokenEndpoint: 'http://127.0.0.1:4400/authority/connect/token',
logoutEndpoint: 'http://127.0.0.1:4400/authority/connect/logout',
redirectUri: 'http://127.0.0.1:4400/auth/callback',
postLogoutRedirectUri: 'http://127.0.0.1:4400/',
scope:
'openid profile email ui.read authority:tenants.read advisory:read vex:read exceptions:read exceptions:approve aoc:verify findings:read orch:read vuln:view vuln:investigate vuln:operate vuln:audit',
audience: 'http://127.0.0.1:4400/gateway',
dpopAlgorithms: ['ES256'],
refreshLeewaySeconds: 60,
},
apiBaseUrls: {
authority: '/authority',
scanner: '/scanner',
policy: '/policy',
concelier: '/concelier',
attestor: '/attestor',
gateway: '/gateway',
},
quickstartMode: true,
setup: 'complete',
};
const oidcConfig = {
issuer: mockConfig.authority.issuer,
authorization_endpoint: mockConfig.authority.authorizeEndpoint,
token_endpoint: mockConfig.authority.tokenEndpoint,
jwks_uri: 'http://127.0.0.1:4400/authority/.well-known/jwks.json',
response_types_supported: ['code'],
subject_types_supported: ['public'],
id_token_signing_alg_values_supported: ['RS256'],
};
async function setupShell(page: Page): Promise<void> {
await page.addInitScript((session) => {
try {
window.sessionStorage.clear();
} catch {
// ignore storage access errors in restricted contexts
}
(window as { __stellaopsTestSession?: unknown }).__stellaopsTestSession = session;
}, shellSession);
await page.route('**/platform/envsettings.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/config.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(mockConfig),
})
);
await page.route('**/authority/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/.well-known/openid-configuration', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify(oidcConfig),
})
);
await page.route('**/authority/.well-known/jwks.json', (route) =>
route.fulfill({
status: 200,
contentType: 'application/json',
body: JSON.stringify({ keys: [] }),
})
);
await page.route('**/authority/connect/**', (route) =>
route.fulfill({
status: 400,
contentType: 'application/json',
body: JSON.stringify({ error: 'not-used-in-shell-e2e' }),
})
);
}
async function go(page: Page, path: string): Promise<void> {
await page.goto(path, { waitUntil: 'domcontentloaded' });
await page.waitForLoadState('networkidle', { timeout: 5000 }).catch(() => null);
}
async function ensureShell(page: Page): Promise<void> {
await expect(page.locator('aside.sidebar')).toHaveCount(1, { timeout: 15000 });
}
async function openSidebarGroupRoute(
page: Page,
groupLabel: string,
targetHref: string
): Promise<void> {
const sidebar = page.locator('aside.sidebar');
const targetLink = sidebar.locator(`a[href="${targetHref}"]`).first();
const isVisible = await targetLink.isVisible().catch(() => false);
if (!isVisible) {
await sidebar.getByRole('button', { name: groupLabel, exact: true }).click();
}
await expect(targetLink).toBeVisible();
await targetLink.click();
}
function collectConsoleErrors(page: Page): string[] {
const errors: string[] = [];
page.on('console', (msg) => {
if (msg.type() === 'error') errors.push(msg.text());
});
page.on('pageerror', (err) => errors.push(err.message));
return errors;
}
test.describe.configure({ mode: 'serial' });
test.beforeEach(async ({ page }) => {
await setupShell(page);
});
test.describe('Nav shell canonical domains', () => {
test('sidebar renders all canonical root labels', async ({ page }) => {
await go(page, '/dashboard');
await ensureShell(page);
const navText = (await page.locator('aside.sidebar').textContent()) ?? '';
const labels = [
'Dashboard',
'Release Control',
'Security and Risk',
'Evidence and Audit',
'Integrations',
'Platform Ops',
'Administration',
];
for (const label of labels) {
expect(navText).toContain(label);
}
});
test('sidebar excludes deprecated v1 labels', async ({ page }) => {
await go(page, '/dashboard');
await ensureShell(page);
const navText = (await page.locator('aside.sidebar').textContent()) ?? '';
expect(navText).not.toContain('Operations');
expect(navText).not.toContain('Policy Studio');
});
});
test.describe('Nav shell critical legacy redirects', () => {
const redirects: Array<{ from: string; expectedPrefix: string }> = [
{ from: '/findings', expectedPrefix: '/security-risk/findings' },
{ from: '/vulnerabilities', expectedPrefix: '/security-risk/vulnerabilities' },
{ from: '/evidence-packs', expectedPrefix: '/evidence-audit/packs' },
{ from: '/admin/audit', expectedPrefix: '/evidence-audit/audit' },
{ from: '/ops/health', expectedPrefix: '/platform-ops/health' },
{ from: '/admin/notifications', expectedPrefix: '/administration/notifications' },
{ from: '/release-orchestrator/releases', expectedPrefix: '/release-control/releases' },
{ from: '/release-orchestrator/approvals', expectedPrefix: '/release-control/approvals' },
{ from: '/release-orchestrator/environments', expectedPrefix: '/release-control/environments' },
{ from: '/settings/release-control', expectedPrefix: '/release-control/setup' },
];
for (const redirect of redirects) {
test(`${redirect.from} redirects correctly`, async ({ page }) => {
await go(page, redirect.from);
const finalUrl = new URL(page.url());
expect(finalUrl.pathname.startsWith(redirect.expectedPrefix)).toBe(true);
});
}
test('redirect preserves query parameters', async ({ page }) => {
await go(page, '/findings?filter=critical&sort=severity');
const finalUrl = page.url();
expect(finalUrl).toContain('/security-risk/findings');
expect(finalUrl).toContain('filter=critical');
expect(finalUrl).toContain('sort=severity');
});
test('redirect preserves fragments', async ({ page }) => {
await go(page, '/admin/audit#recent');
const finalUrl = page.url();
expect(finalUrl).toContain('/evidence-audit/audit');
expect(finalUrl).toContain('#recent');
});
test('release-orchestrator root redirect does not loop', async ({ page }) => {
await go(page, '/release-orchestrator');
const finalUrl = new URL(page.url());
expect(finalUrl.pathname).not.toBe('/release-orchestrator');
});
});
test.describe('Nav shell breadcrumbs and stability', () => {
const breadcrumbRoutes: Array<{ path: string; expected: string }> = [
{ path: '/release-control/releases', expected: 'Release Control' },
{ path: '/release-control/setup', expected: 'Setup' },
{ path: '/security-risk/advisory-sources', expected: 'Advisory Sources' },
{ path: '/evidence-audit/replay', expected: 'Replay / Verify' },
{ path: '/platform-ops/data-integrity', expected: 'Data Integrity' },
{ path: '/administration/trust-signing', expected: 'Trust & Signing' },
];
for (const route of breadcrumbRoutes) {
test(`breadcrumb renders on ${route.path}`, async ({ page }) => {
if (route.path === '/platform-ops/data-integrity') {
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Platform Ops', '/platform-ops/data-integrity');
} else {
await go(page, route.path);
}
await ensureShell(page);
const breadcrumb = page.locator('app-breadcrumb nav.breadcrumb');
await expect(breadcrumb).toHaveCount(1);
await expect(breadcrumb).toContainText(route.expected);
});
}
test('canonical roots produce no app runtime errors', async ({ page }) => {
const errors = collectConsoleErrors(page);
const routes = [
'/dashboard',
'/release-control',
'/security-risk',
'/evidence-audit',
'/administration',
];
for (const route of routes) {
await go(page, route);
await ensureShell(page);
}
// /platform-ops and /integrations are proxy-captured in dev mode.
// Validate them through client-side navigation instead of direct reload.
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Platform Ops', '/platform-ops/data-integrity');
await expect(page).toHaveURL(/\/platform-ops\/data-integrity$/);
await go(page, '/dashboard');
await openSidebarGroupRoute(page, 'Integrations', '/integrations');
await expect(page).toHaveURL(/\/integrations$/);
const appErrors = errors.filter(
(error) =>
!error.includes('ERR_FAILED') &&
!error.includes('ERR_BLOCKED') &&
!error.includes('ERR_CONNECTION_REFUSED') &&
!error.includes('404') &&
error.length > 0
);
expect(appErrors).toEqual([]);
});
});
test.describe('Nav shell responsive layout', () => {
test('desktop viewport shows sidebar', async ({ page }) => {
await page.setViewportSize({ width: 1440, height: 900 });
await go(page, '/dashboard');
await expect(page.locator('aside.sidebar')).toBeVisible();
});
test('mobile viewport remains usable without horizontal overflow', async ({ page }) => {
await page.setViewportSize({ width: 390, height: 844 });
await go(page, '/dashboard');
await expect(page.locator('.topbar__menu-toggle')).toBeVisible();
const hasHorizontalScroll = await page.evaluate(
() => document.documentElement.scrollWidth > document.documentElement.clientWidth
);
expect(hasHorizontalScroll).toBe(false);
});
});