@open-mercato/cli 0.4.9-develop-7afbe1e834 → 0.4.9-develop-94fb251ed3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@open-mercato/cli",
-  "version": "0.4.9-develop-7afbe1e834",
+  "version": "0.4.9-develop-94fb251ed3",
   "type": "module",
   "main": "./dist/index.js",
   "exports": {
@@ -58,16 +58,16 @@
     "@mikro-orm/core": "^6.6.2",
     "@mikro-orm/migrations": "^6.6.2",
     "@mikro-orm/postgresql": "^6.6.2",
-    "@open-mercato/shared": "0.4.9-develop-7afbe1e834",
+    "@open-mercato/shared": "0.4.9-develop-94fb251ed3",
     "pg": "8.20.0",
     "testcontainers": "^11.12.0",
     "typescript": "^5.9.3"
   },
   "peerDependencies": {
-    "@open-mercato/shared": "0.4.9-develop-7afbe1e834"
+    "@open-mercato/shared": "0.4.9-develop-94fb251ed3"
   },
   "devDependencies": {
-    "@open-mercato/shared": "0.4.9-develop-7afbe1e834",
+    "@open-mercato/shared": "0.4.9-develop-94fb251ed3",
     "@types/jest": "^30.0.0",
     "jest": "^30.2.0",
     "ts-jest": "^29.4.6"

package/src/lib/generators/__tests__/module-subset.test.ts

@@ -71,6 +71,50 @@ function readGenerated(tmpDir: string, filename: string): string | null {
   return fs.readFileSync(filePath, 'utf8')
 }
 
+// Inline CommonJS generators.ts that provides the security generator plugins.
+// Written as plain JS (no TypeScript) so it can be dynamically imported from tmpDir
+// without ts-jest transpilation.
+const SECURITY_GENERATORS_CONTENT = `'use strict'
+function buildMfaOutput({ importSection, entriesLiteral }) {
+  return '// AUTO-GENERATED by mercato generate registry\\n'
+    + (importSection ? importSection + '\\n' : '')
+    + 'type SecurityMfaProviderEntry = { moduleId: string; providers: unknown[] }\\n\\n'
+    + 'export const securityMfaProviderEntries: SecurityMfaProviderEntry[] = [\\n'
+    + (entriesLiteral ? '  ' + entriesLiteral + '\\n' : '')
+    + ']\\n'
+}
+function buildSudoOutput({ importSection, entriesLiteral }) {
+  return '// AUTO-GENERATED by mercato generate registry\\n'
+    + "import type { SecuritySudoTarget, SecuritySudoTargetEntry } from '@open-mercato/enterprise/modules/security'\\n"
+    + (importSection ? '\\n' + importSection + '\\n' : '\\n') + '\\n'
+    + 'type SecuritySudoTargetEntryRaw = { moduleId: string; targets: Array<Record<string, unknown>> }\\n\\n'
+    + 'const entriesRaw: SecuritySudoTargetEntryRaw[] = [\\n'
+    + (entriesLiteral ? '  ' + entriesLiteral + '\\n' : '')
+    + ']\\n\\n'
+    + 'export const securitySudoTargetEntries: SecuritySudoTargetEntry[] = entriesRaw.map(function(e) { return { moduleId: e.moduleId, targets: e.targets } })\\n'
+}
+module.exports = {
+  generatorPlugins: [
+    {
+      id: 'security.mfa-providers',
+      conventionFile: 'security.mfa-providers.ts',
+      importPrefix: 'SECURITY_MFA_PROVIDERS',
+      configExpr: function(n, id) { return "{ moduleId: '" + id + "', providers: ((" + n + ".default ?? " + n + ".mfaProviders ?? []) as unknown[]) }" },
+      outputFileName: 'security-mfa-providers.generated.ts',
+      buildOutput: buildMfaOutput,
+    },
+    {
+      id: 'security.sudo',
+      conventionFile: 'security.sudo.ts',
+      importPrefix: 'SECURITY_SUDO',
+      configExpr: function(n, id) { return "{ moduleId: '" + id + "', targets: ((" + n + ".default ?? " + n + ".sudoTargets ?? []) as Array<Record<string, unknown>>) }" },
+      outputFileName: 'security-sudo.generated.ts',
+      buildOutput: buildSudoOutput,
+    },
+  ],
+}
+`
+
 beforeEach(() => {
   tmpDir = createTmpDir()
 })
@@ -361,7 +405,7 @@ describe('generateModuleRegistryCli with module subsets', () => {
 })
 
 describe('all generated files are valid with varying subsets', () => {
-  it('produces all 9 generated files even when no modules have matching content', async () => {
+  it('produces all generated files even when no modules have matching content', async () => {
     scaffoldModule(tmpDir, 'bare_mod', 'pkg', ['acl.ts'])
     const enabled: ModuleEntry[] = [
       { id: 'bare_mod', from: '@open-mercato/core' },
@@ -380,6 +424,8 @@ describe('all generated files are valid with varying subsets', () => {
       'events.generated.ts',
       'analytics.generated.ts',
       'translations-fields.generated.ts',
+      'frontend-middleware.generated.ts',
+      'backend-middleware.generated.ts',
     ]
     for (const file of expectedFiles) {
       const content = readGenerated(tmpDir, file)
@@ -433,6 +479,50 @@ describe('all generated files are valid with varying subsets', () => {
     expect(aiTools).not.toContain('no_ai')
   })
 
+  it('security generated registries are empty when no module provides security convention files', async () => {
+    scaffoldModule(tmpDir, 'no_security', 'pkg', ['setup.ts'])
+    touchFile(
+      path.join(tmpDir, 'packages', 'core', 'src', 'modules', 'no_security', 'generators.ts'),
+      SECURITY_GENERATORS_CONTENT,
+    )
+    const resolver = createMockResolver(tmpDir, [
+      { id: 'no_security', from: '@open-mercato/core' },
+    ])
+    await generateModuleRegistry({ resolver, quiet: true })
+
+    const mfaProviders = readGenerated(tmpDir, 'security-mfa-providers.generated.ts')!
+    const sudoTargets = readGenerated(tmpDir, 'security-sudo.generated.ts')!
+
+    expect(mfaProviders).toContain('export const securityMfaProviderEntries')
+    expect(mfaProviders).not.toContain('no_security')
+    expect(sudoTargets).toContain('export const securitySudoTargetEntries')
+    expect(sudoTargets).toContain('const entriesRaw: SecuritySudoTargetEntryRaw[] = [\n]')
+    expect(sudoTargets).not.toContain('no_security')
+  })
+
+  it('discovers security convention files into dedicated generated registries', async () => {
+    scaffoldModule(tmpDir, 'security_ext', 'pkg', [
+      'security.mfa-providers.ts',
+      'security.sudo.ts',
+    ])
+    touchFile(
+      path.join(tmpDir, 'packages', 'core', 'src', 'modules', 'security_ext', 'generators.ts'),
+      SECURITY_GENERATORS_CONTENT,
+    )
+    const resolver = createMockResolver(tmpDir, [
+      { id: 'security_ext', from: '@open-mercato/core' },
+    ])
+    await generateModuleRegistry({ resolver, quiet: true })
+
+    const mfaProviders = readGenerated(tmpDir, 'security-mfa-providers.generated.ts')!
+    const sudoTargets = readGenerated(tmpDir, 'security-sudo.generated.ts')!
+
+    expect(mfaProviders).toContain('security_ext')
+    expect(mfaProviders).toContain('mfaProviders')
+    expect(sudoTargets).toContain('security_ext')
+    expect(sudoTargets).toContain('sudoTargets')
+  })
+
   it('notifications.generated.ts uses typed fallback for legacy "types" export', async () => {
     scaffoldModule(tmpDir, 'notif_mod', 'pkg', ['notifications.ts'])
     const resolver = createMockResolver(tmpDir, [
@@ -444,4 +534,20 @@ describe('all generated files are valid with varying subsets', () => {
     expect(notifications).toContain('as any).types')
     expect(notifications).toContain('as NotificationTypeDefinition[]')
   })
+
+  it('discovers frontend and backend middleware conventions', async () => {
+    scaffoldModule(tmpDir, 'security', 'pkg', [
+      'frontend/middleware.ts',
+      'backend/middleware.ts',
+    ])
+    const resolver = createMockResolver(tmpDir, [
+      { id: 'security', from: '@open-mercato/core' },
+    ])
+    await generateModuleRegistry({ resolver, quiet: true })
+
+    const frontendMiddleware = readGenerated(tmpDir, 'frontend-middleware.generated.ts')!
+    const backendMiddleware = readGenerated(tmpDir, 'backend-middleware.generated.ts')!
+    expect(frontendMiddleware).toContain("moduleId: 'security'")
+    expect(backendMiddleware).toContain("moduleId: 'security'")
+  })
 })

package/src/lib/generators/__tests__/scanner.test.ts

@@ -339,7 +339,8 @@ describe('resolveModuleFile', () => {
     const conventionFiles = [
       'acl.ts', 'ce.ts', 'search.ts', 'notifications.ts',
       'ai-tools.ts', 'events.ts', 'analytics.ts', 'setup.ts',
-      'translations.ts', 'data/extensions.ts', 'data/fields.ts',
+      'translations.ts', 'security.mfa-providers.ts', 'security.sudo.ts',
+      'data/extensions.ts', 'data/fields.ts',
     ]
     for (const file of conventionFiles) {
       touch(file, 'pkg')

package/src/lib/generators/module-registry.ts

@@ -405,6 +405,8 @@ export async function generateModuleRegistry(options: ModuleRegistryOptions): Pr
   const eventsChecksumFile = path.join(outputDir, 'events.generated.checksum')
   const analyticsOutFile = path.join(outputDir, 'analytics.generated.ts')
   const analyticsChecksumFile = path.join(outputDir, 'analytics.generated.checksum')
+  const bootstrapRegsOutFile = path.join(outputDir, 'bootstrap-registrations.generated.ts')
+  const bootstrapRegsChecksumFile = path.join(outputDir, 'bootstrap-registrations.generated.checksum')
   const transFieldsOutFile = path.join(outputDir, 'translations-fields.generated.ts')
   const transFieldsChecksumFile = path.join(outputDir, 'translations-fields.generated.checksum')
   const enrichersOutFile = path.join(outputDir, 'enrichers.generated.ts')
@@ -419,8 +421,37 @@ export async function generateModuleRegistry(options: ModuleRegistryOptions): Pr
   const guardsChecksumFile = path.join(outputDir, 'guards.generated.checksum')
   const commandInterceptorsOutFile = path.join(outputDir, 'command-interceptors.generated.ts')
   const commandInterceptorsChecksumFile = path.join(outputDir, 'command-interceptors.generated.checksum')
+  const frontendMiddlewareOutFile = path.join(outputDir, 'frontend-middleware.generated.ts')
+  const frontendMiddlewareChecksumFile = path.join(outputDir, 'frontend-middleware.generated.checksum')
+  const backendMiddlewareOutFile = path.join(outputDir, 'backend-middleware.generated.ts')
+  const backendMiddlewareChecksumFile = path.join(outputDir, 'backend-middleware.generated.checksum')
 
   const enabled = resolver.loadEnabledModules()
+
+  // Pre-pass: collect generator plugins from each enabled module's generators.ts
+  const pluginRegistry = new Map<string, import('@open-mercato/shared/modules/generators').GeneratorPlugin>()
+  const pluginState = new Map<string, { imports: string[]; configs: string[] }>()
+  for (const entry of enabled) {
+    const roots = resolver.getModulePaths(entry)
+    const rawImps = resolver.getModuleImportBase(entry)
+    const isAppMod = entry.from === '@app'
+    const appImportBase = isAppMod ? `../../src/modules/${entry.id}` : rawImps.appBase
+    const imps: ModuleImports = { appBase: appImportBase, pkgBase: rawImps.pkgBase }
+    const resolved = resolveModuleFile(roots, imps, 'generators.ts')
+    if (!resolved) continue
+    try {
+      const pluginMod = await import(resolved.absolutePath)
+      const plugins: import('@open-mercato/shared/modules/generators').GeneratorPlugin[] =
+        pluginMod.generatorPlugins ?? pluginMod.default ?? []
+      for (const plugin of plugins) {
+        if (!pluginRegistry.has(plugin.id)) {
+          pluginRegistry.set(plugin.id, plugin)
+          pluginState.set(plugin.id, { imports: [], configs: [] })
+        }
+      }
+    } catch {}
+  }
+
   const imports: string[] = []
   const moduleDecls: string[] = []
   // Mutable ref so extracted helper functions can increment the shared counter
@@ -462,6 +493,10 @@ export async function generateModuleRegistry(options: ModuleRegistryOptions): Pr
   const guardImports: string[] = []
   const commandInterceptorConfigs: string[] = []
   const commandInterceptorImports: string[] = []
+  const frontendMiddlewareConfigs: string[] = []
+  const frontendMiddlewareImports: string[] = []
+  const backendMiddlewareConfigs: string[] = []
+  const backendMiddlewareImports: string[] = []
 
   // UMES conflict detection: collect file paths during module processing
   const umesConflictSources: Array<{
@@ -735,6 +770,18 @@ export async function generateModuleRegistry(options: ModuleRegistryOptions): Pr
       configExpr: (n, id) => `{ moduleId: '${id}', fields: (${n}.default ?? ${n}.translatableFields ?? {}) as Record<string, string[]> }`,
     })
 
+    // Generator plugins: process each registered plugin's convention file
+    for (const plugin of pluginRegistry.values()) {
+      processStandaloneConfig({
+        roots, imps, modId, importIdRef,
+        relativePath: plugin.conventionFile,
+        prefix: plugin.importPrefix,
+        standaloneImports: pluginState.get(plugin.id)!.imports,
+        standaloneConfigs: pluginState.get(plugin.id)!.configs,
+        configExpr: plugin.configExpr,
+      })
+    }
+
     // Inbox Actions: inbox-actions.ts
     {
       const resolved = resolveModuleFile(roots, imps, 'inbox-actions.ts')
@@ -768,6 +815,26 @@ export async function generateModuleRegistry(options: ModuleRegistryOptions): Pr
       configExpr: (n, id) => `{ moduleId: '${id}', interceptors: ((${n} as any).interceptors ?? (${n} as any).default ?? []) }`,
     })
 
+    // 10g. Frontend page middleware: frontend/middleware.ts
+    processStandaloneConfig({
+      roots, imps, modId, importIdRef,
+      relativePath: 'frontend/middleware.ts',
+      prefix: 'FRONTEND_MIDDLEWARE',
+      standaloneImports: frontendMiddlewareImports,
+      standaloneConfigs: frontendMiddlewareConfigs,
+      configExpr: (n, id) => `{ moduleId: '${id}', middleware: ((${n} as any).middleware ?? (${n} as any).default ?? []) }`,
+    })
+
+    // 10h. Backend page middleware: backend/middleware.ts
+    processStandaloneConfig({
+      roots, imps, modId, importIdRef,
+      relativePath: 'backend/middleware.ts',
+      prefix: 'BACKEND_MIDDLEWARE',
+      standaloneImports: backendMiddlewareImports,
+      standaloneConfigs: backendMiddlewareConfigs,
+      configExpr: (n, id) => `{ moduleId: '${id}', middleware: ((${n} as any).middleware ?? (${n} as any).default ?? []) }`,
+    })
+
     // 11. Setup: setup.ts
     {
       const setup = resolveConventionFile(roots, imps, 'setup.ts', 'SETUP', modId, importIdRef, imports)
@@ -1430,6 +1497,43 @@ export const allAiTools = aiToolConfigEntries.flatMap(e => e.tools)
   writeGeneratedFile({ outFile: analyticsOutFile, checksumFile: analyticsChecksumFile, content: analyticsOutput, structureChecksum, result, quiet })
   writeGeneratedFile({ outFile: transFieldsOutFile, checksumFile: transFieldsChecksumFile, content: transFieldsOutput, structureChecksum, result, quiet })
 
+  // Generator plugin outputs (registered via modules' generators.ts)
+  for (const [pluginId, plugin] of pluginRegistry) {
+    const state = pluginState.get(pluginId)!
+    const importSection = state.imports.join('\n')
+    const entriesLiteral = state.configs.join(',\n  ')
+    const content = plugin.buildOutput({ importSection, entriesLiteral })
+    const outFile = path.join(outputDir, plugin.outputFileName)
+    const checksumFile = outFile.replace('.ts', '.checksum')
+    writeGeneratedFile({ outFile, checksumFile, content, structureChecksum, result, quiet })
+  }
+
+  // Bootstrap registrations: aggregate all plugin bootstrap-registration hooks into one file.
+  // Always written (even when empty) so bootstrap.ts can unconditionally import it.
+  {
+    const bootstrapPlugins = [...pluginRegistry.values()].filter((p) => p.bootstrapRegistration)
+    const allEntryImports: string[] = []
+    const allRegImports: string[] = []
+    const allCalls: string[] = []
+    for (const plugin of bootstrapPlugins) {
+      const reg = plugin.bootstrapRegistration!
+      const outputBase = plugin.outputFileName.replace('.ts', '')
+      allEntryImports.push(`import { ${reg.entriesExportName} } from './${outputBase}'`)
+      allRegImports.push(...reg.registrationImports)
+      allCalls.push(reg.buildCall(reg.entriesExportName))
+    }
+    const uniqueImports = [...new Set([...allEntryImports, ...allRegImports])]
+    const importSection = uniqueImports.join('\n')
+    const body = allCalls.length ? `  ${allCalls.join('\n  ')}` : ''
+    const bootstrapRegsOutput = `// AUTO-GENERATED by mercato generate registry
+${importSection ? `${importSection}\n` : ''}
+export function runBootstrapRegistrations(): void {
+${body}
+}
+`
+    writeGeneratedFile({ outFile: bootstrapRegsOutFile, checksumFile: bootstrapRegsChecksumFile, content: bootstrapRegsOutput, structureChecksum, result, quiet })
+  }
+
   // Enrichers generated file
   const enricherEntriesLiteral = enricherConfigs.join(',\n  ')
   const enricherImportSection = enricherImports.join('\n')
@@ -1518,6 +1622,46 @@ ${commandInterceptorEntriesLiteral ? `  ${commandInterceptorEntriesLiteral}\n` :
 `
   writeGeneratedFile({ outFile: commandInterceptorsOutFile, checksumFile: commandInterceptorsChecksumFile, content: commandInterceptorsOutput, structureChecksum, result, quiet })
 
+  const frontendMiddlewareEntriesLiteral = frontendMiddlewareConfigs.join(',\n  ')
+  const frontendMiddlewareImportSection = frontendMiddlewareImports.join('\n')
+  const frontendMiddlewareOutput = `// AUTO-GENERATED by mercato generate registry
+import type { PageMiddlewareRegistryEntry, PageRouteMiddleware } from '@open-mercato/shared/modules/middleware/page'
+${frontendMiddlewareImportSection ? `\n${frontendMiddlewareImportSection}\n` : '\n'}type FrontendMiddlewareEntry = { moduleId: string; middleware: PageRouteMiddleware[] }
+
+const entriesRaw: FrontendMiddlewareEntry[] = [
+${frontendMiddlewareEntriesLiteral ? `  ${frontendMiddlewareEntriesLiteral}\n` : ''}]
+
+export const frontendMiddlewareEntries: PageMiddlewareRegistryEntry[] = entriesRaw
+`
+  writeGeneratedFile({
+    outFile: frontendMiddlewareOutFile,
+    checksumFile: frontendMiddlewareChecksumFile,
+    content: frontendMiddlewareOutput,
+    structureChecksum,
+    result,
+    quiet,
+  })
+
+  const backendMiddlewareEntriesLiteral = backendMiddlewareConfigs.join(',\n  ')
+  const backendMiddlewareImportSection = backendMiddlewareImports.join('\n')
+  const backendMiddlewareOutput = `// AUTO-GENERATED by mercato generate registry
+import type { PageMiddlewareRegistryEntry, PageRouteMiddleware } from '@open-mercato/shared/modules/middleware/page'
+${backendMiddlewareImportSection ? `\n${backendMiddlewareImportSection}\n` : '\n'}type BackendMiddlewareEntry = { moduleId: string; middleware: PageRouteMiddleware[] }
+
+const entriesRaw: BackendMiddlewareEntry[] = [
+${backendMiddlewareEntriesLiteral ? `  ${backendMiddlewareEntriesLiteral}\n` : ''}]
+
+export const backendMiddlewareEntries: PageMiddlewareRegistryEntry[] = entriesRaw
+`
+  writeGeneratedFile({
+    outFile: backendMiddlewareOutFile,
+    checksumFile: backendMiddlewareChecksumFile,
+    content: backendMiddlewareOutput,
+    structureChecksum,
+    result,
+    quiet,
+  })
+
   return result
 }
 

package/src/lib/testing/__tests__/integration.test.ts

@@ -14,10 +14,12 @@ import {
   readEphemeralEnvironmentState,
   clearEphemeralEnvironmentState,
   resolveBuildCacheTtlSeconds,
+  resolveAppReadyTimeoutMs,
   shouldReuseBuildArtifacts,
 } from '../integration'
 
 const CACHE_TTL_ENV_VAR = 'OM_INTEGRATION_BUILD_CACHE_TTL_SECONDS'
+const APP_READY_TIMEOUT_ENV_VAR = 'OM_INTEGRATION_APP_READY_TIMEOUT_SECONDS'
 const resolver = createResolver()
 const projectRootDirectory = resolver.getRootDir()
 
@@ -36,6 +38,7 @@ describe('integration cache and options', () => {
   const ephemeralEnvFilePath = path.join(projectRootDirectory, '.ai', 'qa', 'ephemeral-env.json')
   const ephemeralLegacyEnvFilePath = path.join(projectRootDirectory, '.ai', 'qa', 'ephemeral-env.md')
   const originalCacheTtl = process.env[CACHE_TTL_ENV_VAR]
+  const originalAppReadyTimeout = process.env[APP_READY_TIMEOUT_ENV_VAR]
   let originalEphemeralEnvState: string | null = null
   let originalEphemeralLegacyEnvState: string | null = null
 
@@ -61,6 +64,11 @@ describe('integration cache and options', () => {
     } else {
       process.env[CACHE_TTL_ENV_VAR] = originalCacheTtl
     }
+    if (originalAppReadyTimeout === undefined) {
+      delete process.env[APP_READY_TIMEOUT_ENV_VAR]
+    } else {
+      process.env[APP_READY_TIMEOUT_ENV_VAR] = originalAppReadyTimeout
+    }
     await restoreEphemeralStateFiles(originalEphemeralEnvState, originalEphemeralLegacyEnvState)
   })
 
@@ -68,6 +76,9 @@ describe('integration cache and options', () => {
     const baseUrl = 'http://127.0.0.1:5001'
     const fetchSpy = jest.spyOn(global, 'fetch').mockImplementation(async (input) => {
       const url = typeof input === 'string' ? input : String(input)
+      if (url.endsWith('/api/auth/login')) {
+        return { status: 401, text: async () => '' } as unknown as Response
+      }
       if (url.endsWith('/login')) {
         return {
           status: 200,
@@ -77,9 +88,6 @@ describe('integration cache and options', () => {
       if (url.includes('/_next/static/chunks/app-healthcheck.js')) {
         return { status: 200, text: async () => '' } as unknown as Response
       }
-      if (url.endsWith('/api/auth/login')) {
-        return { status: 401, text: async () => '' } as unknown as Response
-      }
       return { status: 200, text: async () => '' } as unknown as Response
     })
 
@@ -113,6 +121,87 @@ describe('integration cache and options', () => {
     }
   }, 20000)
 
+  it('reuses an existing environment when /login returns a redirect status other than 302', async () => {
+    const baseUrl = 'http://127.0.0.1:5001'
+    const fetchSpy = jest.spyOn(global, 'fetch').mockImplementation(async (input) => {
+      const url = typeof input === 'string' ? input : String(input)
+      if (url.endsWith('/api/auth/login')) {
+        return { status: 401, text: async () => '' } as unknown as Response
+      }
+      if (url.endsWith('/login')) {
+        return { status: 308, text: async () => '' } as unknown as Response
+      }
+      return { status: 200, text: async () => '' } as unknown as Response
+    })
+
+    try {
+      await writeEphemeralEnvironmentState({
+        baseUrl,
+        port: 5001,
+        logPrefix: 'integration',
+        captureScreenshots: true,
+      })
+
+      const environment = await tryReuseExistingEnvironment({
+        verbose: false,
+        captureScreenshots: true,
+        logPrefix: 'integration',
+        forceRebuild: false,
+      })
+
+      expect(environment).not.toBeNull()
+      expect(environment).toMatchObject({
+        baseUrl,
+        port: 5001,
+        ownedByCurrentProcess: false,
+      })
+    } finally {
+      fetchSpy.mockRestore()
+    }
+  }, 20000)
+
+  it('reuses an existing environment when /login returns healthy HTML without static asset references', async () => {
+    const baseUrl = 'http://127.0.0.1:5001'
+    const fetchSpy = jest.spyOn(global, 'fetch').mockImplementation(async (input) => {
+      const url = typeof input === 'string' ? input : String(input)
+      if (url.endsWith('/api/auth/login')) {
+        return { status: 401, text: async () => '' } as unknown as Response
+      }
+      if (url.endsWith('/login')) {
+        return {
+          status: 200,
+          text: async () => '<!doctype html><html><body><form data-auth-ready="0"></form></body></html>',
+        } as unknown as Response
+      }
+      return { status: 200, text: async () => '' } as unknown as Response
+    })
+
+    try {
+      await writeEphemeralEnvironmentState({
+        baseUrl,
+        port: 5001,
+        logPrefix: 'integration',
+        captureScreenshots: false,
+      })
+
+      const environment = await tryReuseExistingEnvironment({
+        verbose: false,
+        captureScreenshots: false,
+        logPrefix: 'integration',
+        forceRebuild: false,
+      })
+
+      expect(environment).not.toBeNull()
+      expect(environment).toMatchObject({
+        baseUrl,
+        port: 5001,
+        ownedByCurrentProcess: false,
+      })
+    } finally {
+      fetchSpy.mockRestore()
+    }
+  })
+
   it('falls back to rebuilding when the ephemeral environment state is unreachable', async () => {
     const baseUrl = 'http://127.0.0.1:5001'
     const fetchSpy = jest.spyOn(global, 'fetch').mockResolvedValue({ status: 500 } as unknown as Response)
@@ -223,6 +312,20 @@ describe('integration cache and options', () => {
     warn.mockRestore()
   })
 
+  it('resolves app readiness timeout from env variable', () => {
+    delete process.env[APP_READY_TIMEOUT_ENV_VAR]
+    expect(resolveAppReadyTimeoutMs('integration')).toBe(90_000)
+
+    process.env[APP_READY_TIMEOUT_ENV_VAR] = '180'
+    expect(resolveAppReadyTimeoutMs('integration')).toBe(180_000)
+
+    const warn = jest.spyOn(console, 'warn').mockImplementation(() => {})
+    process.env[APP_READY_TIMEOUT_ENV_VAR] = '0'
+    expect(resolveAppReadyTimeoutMs('integration')).toBe(90_000)
+    expect(warn).toHaveBeenCalledWith(expect.stringContaining('Invalid'))
+    warn.mockRestore()
+  })
+
   it('reuses build artifacts only with matching source fingerprint and fresh cache state', async () => {
     const tempRoot = await mkdtemp(path.join(os.tmpdir(), 'om-int-cache-test-'))
     try {