e2e: Playwright + axe browser regressions in CI; a11y contrast fix (#14)#15
Merged
Conversation
…ast & a flaky fuzz Addresses Issue #14 items 4 (browser e2e in CI) and 5 (color contrast). - e2e/ Playwright suite (13 tests) + .github/workflows/e2e.yml (playwright install --with-deps chromium). Permanently guards the browser-only bugs that node coverage can't reach: - CSRF rejected cross-origin AND cross-port-loopback (BUG-N), X-Frame-Options + CSP (BUG-M), XSS escaped/not-executed - editor save + keyboard (Esc from path input, Ctrl+Enter — BUG-O), traversal refused, double-click re-entrancy - axe-core = 0 WCAG 2 A/AA violations on main/editor/light-theme (BUG-P) - Color contrast fixed at root (styles.css): raised --dim/--dimmer in both themes (dark --dimmer was ~2.6:1) and gave the light-theme run button white text (dark-on-dark-lime was 4:1). axe reports 0 contrast violations. - Fix flaky fuzz.test.ts INV-4: replace the load-sensitive wall-clock assertion with a deterministic structural ReDoS check (no adjacent [^/]+[^/]+); the loop still tests a 5000-char hostile path so a real ReDoS trips the test timeout. Full suite green twice (no flake), typecheck 7/7, e2e 13/13.
…r the web server The e2e job built only @truspec/web, but its server imports the built @truspec/core; on a clean CI checkout core/dist did not exist. Verified by wiping all dist/ locally, running pnpm build, and passing 13/13 e2e.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses #14 items 4 (browser e2e in CI) and 5 (color contrast). Items 1–3 (expand mutation, continuous 1M-exec fuzz, throughput-SLO load) remain open in #14.
Playwright + axe e2e (item 4)
A real-browser regression suite (
e2e/, 13 tests) wired into CI viaplaywright install --with-deps chromium(.github/workflows/e2e.yml). This permanently guards the bugs that only a real browser exposed — previously verified only manually:X-Frame-Options: DENY+ CSP on every response (BUG-M).<h1>exists.Color contrast (item 5)
Fixed the
axeseriouscontrast finding at root: raised--dim/--dimmerin both themes (dark--dimmerwas ~2.6:1) and gave the light-theme run button white text (dark text on the dark-green lime was 4:1). axe now reports 0 contrast violations in both themes.Drive-by: fix a flaky test
fuzz.test.tsINV-4 asserted a wall-clockslowest < 100ms, which spikes under parallel-suite load (it failed intermittently). Replaced with a deterministic structural ReDoS check (the regex must never contain adjacent[^/]+[^/]+); the loop still.test()s a 5000-char hostile path, so a real ReDoS trips the vitest timeout.Verification
312 vitest tests green (twice, no flake), typecheck 7/7, e2e 13/13 locally.