b2703b37d5
* fix: resolve all 44 failing CI E2E tests - Bypass non-critical rate limiters in test env (MC_DISABLE_RATE_LIMIT=1) to prevent 429s when 165 tests share the same IP bucket - Make admin seed idempotent (INSERT OR IGNORE) to fix UNIQUE constraint race when multiple Next.js workers initialize concurrently - Add distinct x-forwarded-for headers to login-flow tests so they never share the critical login rate-limit bucket with other test suites - Add missing 018_token_usage migration that the heartbeat POST handler depends on, fixing the 500 on inline token reporting * docs: update README with latest features and test count - Update migration count from 15 to 18 - Update E2E test count from 146 to 165 - Move Direct CLI, OpenAPI docs, and GitHub sync to completed roadmap - Add Direct CLI and GitHub sync feature descriptions - Add /api/connect and /api/github to API reference - Remove resolved known limitation (vitest stubs) - Update repo description * fix: prevent build-time admin seed with wrong credentials in CI Move `cp .env.test .env` before `pnpm build` in CI workflow so env vars are present during build. Add NEXT_PHASE guard to skip seed during build as belt-and-suspenders — env vars may not be available at build time. Root cause: `next build` imports db.ts, triggering seedAdminUserFromEnv() with undefined AUTH_USER/AUTH_PASS, seeding user `admin` instead of `testadmin`. Runtime seed then sees count > 0 and skips. Tests login as `testadmin` which doesn't exist → 401. |
||
|---|---|---|
| .. | ||
| README.md | ||
| agent-costs.spec.ts | ||
| agents-crud.spec.ts | ||
| alerts-crud.spec.ts | ||
| auth-guards.spec.ts | ||
| csrf-validation.spec.ts | ||
| delete-body.spec.ts | ||
| direct-cli.spec.ts | ||
| github-sync.spec.ts | ||
| helpers.ts | ||
| legacy-cookie-removed.spec.ts | ||
| limit-caps.spec.ts | ||
| login-flow.spec.ts | ||
| notifications.spec.ts | ||
| openapi.spec.ts | ||
| quality-review.spec.ts | ||
| rate-limiting.spec.ts | ||
| search-and-export.spec.ts | ||
| task-comments.spec.ts | ||
| tasks-crud.spec.ts | ||
| timing-safe-auth.spec.ts | ||
| user-management.spec.ts | ||
| webhooks-crud.spec.ts | ||
| workflows-crud.spec.ts | ||
README.md
E2E Tests
Playwright end-to-end specs for Mission Control API and UI.
Running
# Start the dev server first (or let Playwright auto-start via reuseExistingServer)
pnpm dev --hostname 127.0.0.1 --port 3005
# Run all tests
pnpm test:e2e
# Run a specific spec
pnpm exec playwright test tests/tasks-crud.spec.ts
Test Environment
Tests require .env.local with:
API_KEY=test-api-key-e2e-12345MC_DISABLE_RATE_LIMIT=1(bypasses mutation/read rate limits, keeps login rate limit active)
Spec Files
Security & Auth
auth-guards.spec.ts— All API routes return 401 without authcsrf-validation.spec.ts— CSRF origin header validationlegacy-cookie-removed.spec.ts— Old cookie format rejectedlogin-flow.spec.ts— Login, session, redirect lifecyclerate-limiting.spec.ts— Login brute-force protectiontiming-safe-auth.spec.ts— Constant-time API key comparison
CRUD Lifecycle
tasks-crud.spec.ts— Tasks POST/GET/PUT/DELETE with filters, Aegis gateagents-crud.spec.ts— Agents CRUD, lookup by name/id, admin-only deletetask-comments.spec.ts— Threaded comments on tasksworkflows-crud.spec.ts— Workflow template CRUDwebhooks-crud.spec.ts— Webhooks with secret masking and regenerationalerts-crud.spec.ts— Alert rule CRUD with full lifecycleuser-management.spec.ts— User admin CRUD
Features
notifications.spec.ts— Notification delivery and read trackingquality-review.spec.ts— Quality reviews with batch lookupsearch-and-export.spec.ts— Global search, data export, activity feed
Infrastructure
limit-caps.spec.ts— Endpoint limit caps enforceddelete-body.spec.ts— DELETE body standardization
Shared
helpers.ts— Factory functions (createTestTask,createTestAgent, etc.) and cleanup helpers