@open-mercato/cli 0.4.9-develop-7afbe1e834 → 0.4.9-develop-94fb251ed3

package/src/lib/testing/integration.ts

@@ -141,12 +141,13 @@ type EphemeralEnvironmentState = {
 
 type PlaywrightRunOptions = Pick<InteractiveIntegrationOptions, 'verbose' | 'captureScreenshots' | 'workers' | 'retries'>
 
-const APP_READY_TIMEOUT_MS = 90_000
+const DEFAULT_APP_READY_TIMEOUT_MS = 90_000
 const APP_READY_INTERVAL_MS = 1_000
 const DEFAULT_EPHEMERAL_APP_PORT = 5001
 const EPHEMERAL_ENV_LOCK_TIMEOUT_MS = 60_000
 const EPHEMERAL_ENV_LOCK_POLL_MS = 500
 const DEFAULT_BUILD_CACHE_TTL_SECONDS = 600
+const APP_READY_TIMEOUT_ENV_VAR = 'OM_INTEGRATION_APP_READY_TIMEOUT_SECONDS'
 const BUILD_CACHE_TTL_ENV_VAR = 'OM_INTEGRATION_BUILD_CACHE_TTL_SECONDS'
 const PLAYWRIGHT_ENV_UNAVAILABLE_PATTERNS: RegExp[] = [
   /net::ERR_CONNECTION_REFUSED/i,
@@ -161,7 +162,6 @@ const PLAYWRIGHT_QUICK_FAILURE_THRESHOLD = 6
 const PLAYWRIGHT_QUICK_FAILURE_MAX_DURATION_MS = 1_500
 const PLAYWRIGHT_HEALTH_PROBE_INTERVAL_MS = 3_000
 const ANSI_ESCAPE_REGEX = /\x1b\[[0-?]*[ -/]*[@-~]/g // NOSONAR — ANSI escape sequence pattern
-const NEXT_STATIC_ASSET_PATTERN = /\/_next\/static\/[^"'`\s)]+?\.(?:js|css)/g
 const resolver = createResolver()
 const projectRootDirectory = resolver.getRootDir()
 const EPHEMERAL_ENV_FILE_PATH = path.join(projectRootDirectory, '.ai', 'qa', 'ephemeral-env.json')
@@ -250,6 +250,24 @@ type CommandMonitoringOptions = {
   playwrightFailureHealthCheck?: PlaywrightFailureHealthCheckOptions
 }
 
+type LoginPageProbeResult = {
+  status: number | null
+  healthy: boolean
+  detail: string
+}
+
+type BackendLoginProbeResult = {
+  status: number | null
+  healthy: boolean
+  detail: string
+}
+
+type ApplicationReadinessProbeResult = {
+  ready: boolean
+  frontend: LoginPageProbeResult
+  backend: BackendLoginProbeResult
+}
+
 type PlaywrightFailureHealthCheckOptions = {
   baseUrl: string
   consecutiveFailureThreshold?: number
@@ -678,6 +696,21 @@ export function resolveBuildCacheTtlSeconds(logPrefix: string): number {
   return parsed
 }
 
+export function resolveAppReadyTimeoutMs(logPrefix: string): number {
+  const rawValue = process.env[APP_READY_TIMEOUT_ENV_VAR]
+  if (!rawValue) {
+    return DEFAULT_APP_READY_TIMEOUT_MS
+  }
+  const parsedSeconds = Number.parseInt(rawValue, 10)
+  if (!Number.isFinite(parsedSeconds) || parsedSeconds < 1) {
+    console.warn(
+      `[${logPrefix}] Invalid ${APP_READY_TIMEOUT_ENV_VAR} value "${rawValue}". Using default ${DEFAULT_APP_READY_TIMEOUT_MS / 1000}s.`,
+    )
+    return DEFAULT_APP_READY_TIMEOUT_MS
+  }
+  return parsedSeconds * 1000
+}
+
 function buildCacheDefaults(overrides: BuildCacheOptions = {}): {
   artifactPaths: string[]
   inputPaths: string[]
@@ -1089,59 +1122,58 @@ export async function readEphemeralEnvironmentState(): Promise<EphemeralEnvironm
   }
 }
 
-async function isApplicationReachable(baseUrl: string): Promise<boolean> {
+function isLoginHtmlHealthy(html: string): boolean {
+  return !/Application error: a client-side exception has occurred/i.test(html)
+}
+
+function isSuccessfulBrowserNavigationStatus(status: number): boolean {
+  return status === 200 || (status >= 300 && status < 400)
+}
+
+async function probeLoginPage(baseUrl: string): Promise<LoginPageProbeResult> {
   try {
     const response = await fetch(`${baseUrl}/login`, {
       method: 'GET',
       redirect: 'manual',
     })
-    if (response.status === 302) {
-      return true
+    if (!isSuccessfulBrowserNavigationStatus(response.status)) {
+      return {
+        status: response.status,
+        healthy: false,
+        detail: `GET /login returned ${response.status}`,
+      }
     }
     if (response.status !== 200) {
-      return false
+      return {
+        status: response.status,
+        healthy: true,
+        detail: `GET /login returned redirect ${response.status}`,
+      }
     }
-    const html = await response.text()
-    return isLoginHtmlHealthy(html) && await areReferencedNextAssetsReachable(baseUrl, html)
-  } catch {
-    return false
-  }
-}
-
-function isLoginHtmlHealthy(html: string): boolean {
-  return !/Application error: a client-side exception has occurred/i.test(html)
-}
-
-function extractReferencedNextAssets(html: string, maxAssets = 8): string[] {
-  const matches = html.match(NEXT_STATIC_ASSET_PATTERN) ?? []
-  const unique = Array.from(new Set(matches))
-  return unique.slice(0, maxAssets)
-}
-
-async function areReferencedNextAssetsReachable(baseUrl: string, html: string): Promise<boolean> {
-  const assets = extractReferencedNextAssets(html)
-  if (assets.length === 0) {
-    return false
-  }
-
-  for (const assetPath of assets) {
-    try {
-      const response = await fetch(`${baseUrl}${assetPath}`, {
-        method: 'GET',
-        redirect: 'manual',
-      })
-      if (response.status !== 200 && response.status !== 304) {
-        return false
+    const html = await response.text().catch(() => '')
+    if (!isLoginHtmlHealthy(html)) {
+      return {
+        status: response.status,
+        healthy: false,
+        detail: 'GET /login returned client-side exception HTML',
       }
-    } catch {
-      return false
+    }
+    return {
+      status: response.status,
+      healthy: true,
+      detail: 'GET /login returned healthy HTML',
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    return {
+      status: null,
+      healthy: false,
+      detail: `GET /login failed: ${message}`,
     }
   }
-
-  return true
 }
 
-async function isBackendLoginEndpointHealthy(baseUrl: string): Promise<boolean> {
+async function probeBackendLoginEndpoint(baseUrl: string): Promise<BackendLoginProbeResult> {
   try {
     const form = new URLSearchParams()
     form.set('email', 'integration-healthcheck@example.invalid')
@@ -1155,9 +1187,34 @@ async function isBackendLoginEndpointHealthy(baseUrl: string): Promise<boolean>
       body: form.toString(),
     })
 
-    return response.status === 200 || response.status === 400 || response.status === 401 || response.status === 403
-  } catch {
-    return false
+    const healthy = response.status === 200 || response.status === 400 || response.status === 401 || response.status === 403
+    return {
+      status: response.status,
+      healthy,
+      detail: healthy
+        ? `POST /api/auth/login returned ${response.status}`
+        : `POST /api/auth/login returned unexpected ${response.status}`,
+    }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : String(error)
+    return {
+      status: null,
+      healthy: false,
+      detail: `POST /api/auth/login failed: ${message}`,
+    }
+  }
+}
+
+async function probeApplicationReadiness(baseUrl: string): Promise<ApplicationReadinessProbeResult> {
+  const [frontend, backend] = await Promise.all([
+    probeLoginPage(baseUrl),
+    probeBackendLoginEndpoint(baseUrl),
+  ])
+
+  return {
+    ready: frontend.healthy && backend.healthy,
+    frontend,
+    backend,
   }
 }
 
@@ -1266,8 +1323,11 @@ function buildReusableEnvironment(baseUrl: string, captureScreenshots: boolean):
   return buildEnvironment({
     BASE_URL: baseUrl,
     NODE_ENV: 'production',
+    JWT_SECRET: process.env.JWT_SECRET ?? 'om-ephemeral-integration-jwt-secret',
+    OM_SECURITY_MFA_SETUP_SECRET: process.env.OM_SECURITY_MFA_SETUP_SECRET ?? 'om-ephemeral-integration-mfa-setup-secret',
     OM_ENABLE_ENTERPRISE_MODULES: process.env.OM_ENABLE_ENTERPRISE_MODULES ?? 'false',
     OM_ENABLE_ENTERPRISE_MODULES_SSO: process.env.OM_ENABLE_ENTERPRISE_MODULES_SSO ?? 'false',
+    OM_ENABLE_ENTERPRISE_MODULES_SECURITY: process.env.OM_ENABLE_ENTERPRISE_MODULES_SECURITY ?? 'false',
     OM_TEST_MODE: '1',
     ENABLE_CRUD_API_CACHE: 'true',
     NEXT_PUBLIC_OM_EXAMPLE_INJECTION_WIDGETS_ENABLED: 'true',
@@ -1338,46 +1398,27 @@ export async function tryReuseExistingEnvironment(options: EphemeralRuntimeOptio
   }
 }
 
-async function waitForApplicationReadiness(baseUrl: string, appProcess: ChildProcess): Promise<void> {
+async function waitForApplicationReadiness(
+  baseUrl: string,
+  appProcess: ChildProcess,
+  options: { timeoutMs: number },
+): Promise<void> {
   const startTimestamp = Date.now()
   const exitPromise = getProcessExitPromise(appProcess)
   const readinessStabilizationMs = 600
+  let lastProbe: ApplicationReadinessProbeResult | null = null
 
-  while (Date.now() - startTimestamp < APP_READY_TIMEOUT_MS) {
-    const responsePromise = fetch(`${baseUrl}/login`, {
-      method: 'GET',
-      redirect: 'manual',
-    })
-      .then(async (response) => ({
-        response,
-        body: response.status === 200 ? await response.text().catch(() => '') : '',
-      }))
-      .catch(() => null)
+  while (Date.now() - startTimestamp < options.timeoutMs) {
     const result = await Promise.race([
-      responsePromise.then((payload) => {
-        if (!payload) {
-          return { kind: 'network_error' as const }
-        }
-        return {
-          kind: 'response' as const,
-          status: payload.response.status,
-          body: payload.body,
-        }
-      }),
+      probeApplicationReadiness(baseUrl).then((probe) => ({ kind: 'probe' as const, probe })),
       exitPromise.then((code) => ({ kind: 'exit' as const, code })),
       delay(APP_READY_INTERVAL_MS).then(() => ({ kind: 'timeout' as const })),
     ])
 
-    if (result.kind === 'response' && (result.status === 200 || result.status === 302)) {
-      if (result.status === 200) {
-        const loginHtml = result.body ?? ''
-        if (!isLoginHtmlHealthy(loginHtml)) {
-          continue
-        }
-        const assetsReachable = await areReferencedNextAssetsReachable(baseUrl, loginHtml)
-        if (!assetsReachable) {
-          continue
-        }
+    if (result.kind === 'probe') {
+      lastProbe = result.probe
+      if (!result.probe.ready) {
+        continue
       }
       const processExited = await Promise.race([
         exitPromise.then(() => true),
@@ -1393,7 +1434,11 @@ async function waitForApplicationReadiness(baseUrl: string, appProcess: ChildPro
     }
   }
 
-  throw new Error(`Application did not become ready within ${APP_READY_TIMEOUT_MS / 1000} seconds`)
+  const lastFrontendDetail = lastProbe?.frontend.detail ?? 'GET /login was never observed'
+  const lastBackendDetail = lastProbe?.backend.detail ?? 'POST /api/auth/login was never observed'
+  throw new Error(
+    `Application did not become ready within ${options.timeoutMs / 1000} seconds. Last probe: ${lastFrontendDetail}; ${lastBackendDetail}`,
+  )
 }
 
 export function parseOptions(rawArgs: string[]): IntegrationOptions {
@@ -2304,11 +2349,8 @@ async function runIntegrationTestSuiteOnce(
 }
 
 async function isEnvironmentUnavailable(baseUrl: string): Promise<boolean> {
-  const [applicationReachable, backendHealthy] = await Promise.all([
-    isApplicationReachable(baseUrl),
-    isBackendLoginEndpointHealthy(baseUrl),
-  ])
-  return !applicationReachable || !backendHealthy
+  const readiness = await probeApplicationReadiness(baseUrl)
+  return !readiness.ready
 }
 
 function isEnvironmentUnavailableError(error: unknown): boolean {
@@ -2496,7 +2538,8 @@ export async function startEphemeralEnvironment(options: EphemeralRuntimeOptions
     const commandEnvironment = buildEnvironment({
       DATABASE_URL: databaseUrl,
       BASE_URL: applicationBaseUrl,
-      JWT_SECRET: 'om-ephemeral-integration-jwt-secret',
+      JWT_SECRET: process.env.JWT_SECRET ?? 'om-ephemeral-integration-jwt-secret',
+      OM_SECURITY_MFA_SETUP_SECRET: process.env.OM_SECURITY_MFA_SETUP_SECRET ?? 'om-ephemeral-integration-mfa-setup-secret',
       NODE_ENV: 'production',
       DB_POOL_MIN: '0',
       DB_POOL_MAX: '5',
@@ -2506,6 +2549,7 @@ export async function startEphemeralEnvironment(options: EphemeralRuntimeOptions
       DB_IDLE_IN_TRANSACTION_TIMEOUT_MS: '30000',
       OM_ENABLE_ENTERPRISE_MODULES: process.env.OM_ENABLE_ENTERPRISE_MODULES ?? 'false',
       OM_ENABLE_ENTERPRISE_MODULES_SSO: process.env.OM_ENABLE_ENTERPRISE_MODULES_SSO ?? 'false',
+      OM_ENABLE_ENTERPRISE_MODULES_SECURITY: process.env.OM_ENABLE_ENTERPRISE_MODULES_SECURITY ?? 'false',
       OM_TEST_MODE: '1',
       OM_TEST_AUTH_RATE_LIMIT_MODE: 'opt-in',
       OM_DISABLE_EMAIL_DELIVERY: '1',
@@ -2537,6 +2581,7 @@ export async function startEphemeralEnvironment(options: EphemeralRuntimeOptions
     }
 
     try {
+      const appReadyTimeoutMs = resolveAppReadyTimeoutMs(options.logPrefix)
       const buildCacheTtlSeconds = resolveBuildCacheTtlSeconds(options.logPrefix)
       let sourceFingerprintValue: string | null = null
       let needsBuild = true
@@ -2614,8 +2659,15 @@ export async function startEphemeralEnvironment(options: EphemeralRuntimeOptions
       })
       applicationProcess = startedAppProcess
 
-      await runTimedStep(options.logPrefix, 'Waiting for application readiness', { expectedSeconds: 12 }, async () =>
-        waitForApplicationReadiness(applicationBaseUrl, startedAppProcess))
+      await runTimedStep(
+        options.logPrefix,
+        'Waiting for application readiness',
+        { expectedSeconds: Math.max(12, Math.ceil(appReadyTimeoutMs / 1000)) },
+        async () =>
+          waitForApplicationReadiness(applicationBaseUrl, startedAppProcess, {
+            timeoutMs: appReadyTimeoutMs,
+          }),
+      )
       console.log(`[${options.logPrefix}] Application is ready at ${applicationBaseUrl}`)
       await writeEphemeralEnvironmentState({
         baseUrl: applicationBaseUrl,