stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

Harden live Playwright action sweeps for cold-loaded surfaces

Browse Source
This commit is contained in:
master
2026-03-11 09:44:42 +02:00
parent ae09af4e65
commit 7a1c090f2e
3 changed files with 89 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
docs/implplan/SPRINT_20260308_024_FE_live_frontdoor_playwright_auth_and_changed_surface_recheck.md
View File

@@ -60,6 +60,8 @@ Completion criteria:
| 2026-03-08 | Added reusable live-auth and changed-surface Playwright helpers under `src/Web/StellaOps.Web/scripts`, using the real Authority login flow and persisted session storage evidence so browser verification no longer depends on stub auth. | Codex |
| 2026-03-08 | Refined the changed-surface sweep to exercise real page actions: mission-board navigation, registry-admin audit-tab routing, Evidence Threads PURL search/empty-result flow, and missing-detail/back-navigation handling. | Codex |
| 2026-03-08 | Refreshed live evidence after the auth and contract fixes: mission-control, advisories/VEX, policy overview, Evidence Threads, timeline, deploy diff guard state, change trace, and registry-admin routes now complete without confirmed frontdoor defects in the scoped sweep. | Codex |
| 2026-03-11 | Reused the live-auth path after a full scratch rebuild and reran the canonical frontdoor sweep on the fresh stack; authenticated route coverage passed `111/111`, proving the rebuilt environment was stable enough for deeper action verification instead of only presence checks. | Codex |
| 2026-03-11 | Investigated fresh-stack action failures on mission-control and ops/policy and confirmed they were Playwright harness false positives, not product regressions: the pages lazy-rendered valid controls after the original selectors/timing windows had already declared failure. Hardened the sweeps with bounded element waits and product-specific selector disambiguation, then reran both slices cleanly with `0` failed actions and `0` runtime issues. | Codex |
## Decisions & Risks
- Current scratch probes proved the compose bootstrap Authority account exists and can reach the real `/connect/authorize` login page, but they are too ad hoc for sustained iteration.
@@ -67,6 +69,7 @@ Completion criteria:
- The changed-surface harness needed product-aware checks to avoid false negatives: registry-admin is identified by its workspace heading rather than the surrounding Integrations shell heading; Evidence Threads is PURL-driven and must be exercised through search plus missing-detail guard flows instead of phantom row clicks; deploy diff without digests is a guarded state, not a broken route.
- The compose demo stack currently exposes no seeded EvidenceLocker thread rows, so the live browser pass covers empty-result and missing-detail flows while positive-path detail normalization remains covered by focused frontend tests.
- If the real auth/session flow changes under parallel agent work, the live-auth helper must be updated instead of falling back to stub auth.
- Decision: live Playwright sweeps for cold-loaded pages must poll for expected controls within bounded time and prefer product-specific href disambiguation over generic first-match selectors, otherwise QA will mislabel lazy-rendered routes as product defects.
## Next Checkpoints
- Carry the same real-auth Playwright path into the next page/action iteration instead of regressing into status-code sweeps.