45ad4a488b
Add comprehensive Playwright E2E test coverage for all major API routes: - tasks-crud (18 tests): full lifecycle, filters, Aegis approval gate - agents-crud (15 tests): CRUD, lookup by name/id, admin-only delete - task-comments (7 tests): threaded comments, validation - workflows-crud (8 tests): workflow template lifecycle - webhooks-crud (9 tests): secret masking, regeneration - alerts-crud (8 tests): alert rule lifecycle - notifications (7 tests): delivery tracking, read status - quality-review (6 tests): reviews with batch lookup - search-and-export (7 tests): global search, export, activities - user-management (8 tests): user admin CRUD - helpers.ts: shared factory functions and cleanup utilities Infrastructure fixes: - Move middleware.ts to src/middleware.ts (Next.js 16 Turbopack requires middleware in src/ when using src/app/ directory — the root-level file was silently ignored, breaking CSRF protection) - Add MC_DISABLE_RATE_LIMIT env var to bypass non-critical rate limiters during E2E runs (login limiter stays active via critical flag) - Fix limit-caps test: /api/activities caps at 500, not 200 - Set playwright workers=1, fullyParallel=false for serial execution - Add CSRF origin fallback to request.nextUrl.host Roadmap additions from user feedback: - Agent-agnostic gateway support (not just OpenClaw) - Direct CLI integration (Codex, Claude Code, etc.) - Native macOS app (Electron or Tauri) 146/146 E2E tests passing (up from 51). |
||
|---|---|---|
| .. | ||
| README.md | ||
| agents-crud.spec.ts | ||
| alerts-crud.spec.ts | ||
| auth-guards.spec.ts | ||
| csrf-validation.spec.ts | ||
| delete-body.spec.ts | ||
| helpers.ts | ||
| legacy-cookie-removed.spec.ts | ||
| limit-caps.spec.ts | ||
| login-flow.spec.ts | ||
| notifications.spec.ts | ||
| quality-review.spec.ts | ||
| rate-limiting.spec.ts | ||
| search-and-export.spec.ts | ||
| task-comments.spec.ts | ||
| tasks-crud.spec.ts | ||
| timing-safe-auth.spec.ts | ||
| user-management.spec.ts | ||
| webhooks-crud.spec.ts | ||
| workflows-crud.spec.ts | ||
README.md
E2E Tests
Playwright end-to-end specs for Mission Control API and UI.
Running
# Start the dev server first (or let Playwright auto-start via reuseExistingServer)
pnpm dev --hostname 127.0.0.1 --port 3005
# Run all tests
pnpm test:e2e
# Run a specific spec
pnpm exec playwright test tests/tasks-crud.spec.ts
Test Environment
Tests require .env.local with:
API_KEY=test-api-key-e2e-12345MC_DISABLE_RATE_LIMIT=1(bypasses mutation/read rate limits, keeps login rate limit active)
Spec Files
Security & Auth
auth-guards.spec.ts— All API routes return 401 without authcsrf-validation.spec.ts— CSRF origin header validationlegacy-cookie-removed.spec.ts— Old cookie format rejectedlogin-flow.spec.ts— Login, session, redirect lifecyclerate-limiting.spec.ts— Login brute-force protectiontiming-safe-auth.spec.ts— Constant-time API key comparison
CRUD Lifecycle
tasks-crud.spec.ts— Tasks POST/GET/PUT/DELETE with filters, Aegis gateagents-crud.spec.ts— Agents CRUD, lookup by name/id, admin-only deletetask-comments.spec.ts— Threaded comments on tasksworkflows-crud.spec.ts— Workflow template CRUDwebhooks-crud.spec.ts— Webhooks with secret masking and regenerationalerts-crud.spec.ts— Alert rule CRUD with full lifecycleuser-management.spec.ts— User admin CRUD
Features
notifications.spec.ts— Notification delivery and read trackingquality-review.spec.ts— Quality reviews with batch lookupsearch-and-export.spec.ts— Global search, data export, activity feed
Infrastructure
limit-caps.spec.ts— Endpoint limit caps enforceddelete-body.spec.ts— DELETE body standardization
Shared
helpers.ts— Factory functions (createTestTask,createTestAgent, etc.) and cleanup helpers