@riddledc/riddle-proof 0.7.117 → 0.7.118

package/README.md

@@ -203,6 +203,7 @@ The package includes generic starter profiles:
 - `examples/profiles/page-content-basic.json` for route/content/layout smoke profiles.
 - `examples/profiles/route-inventory-basic.json` for source-link and direct-route audits.
 - `examples/profiles/handled-recovery-list-load.json` for malformed list-load recovery profiles.
+- `examples/profiles/handled-recovery-action-malformed-success.json` for action recovery profiles where the request succeeds at HTTP level but returns an unusable body.
 
 Copy one of those shapes into a repository profile directory and replace the
 routes, selectors, mock URLs, and text checks with app-specific invariants.
@@ -220,6 +221,15 @@ when the list failed to load; and keep `no_fatal_console_errors` plus
 recovery-quality bugs and hidden browser-health debt without requiring a
 separate CI or wrapper-specific path.
 
+For handled action recovery profiles, assert the action itself as well as the
+recovery UI. Capture the request body when the action payload matters, preserve
+the surrounding page state, and reject the success modal, toast, or row that
+would imply the action completed. A useful malformed-success profile returns a
+successful HTTP status with an invalid JSON body, waits for one generic failure
+message, captures a recovery screenshot, and keeps parser text plus browser
+console/page errors out of the final proof. This catches action paths that look
+recovered to a user but still poison the browser evidence stream.
+
 Checks normally apply to every captured viewport. Add `viewports` (or
 `viewport_names`) to a check when responsive UI intentionally exposes an
 invariant only on named viewports, such as desktop-only helper copy while phone

package/examples/profiles/handled-recovery-action-malformed-success.json

@@ -0,0 +1,126 @@
+{
+  "version": "riddle-proof.profile.v1",
+  "name": "handled-recovery-action-malformed-success",
+  "target": {
+    "route": "/account",
+    "viewports": [
+      { "name": "mobile", "width": 390, "height": 844 },
+      { "name": "tablet", "width": 820, "height": 1180 },
+      { "name": "desktop", "width": 1440, "height": 1000 }
+    ],
+    "timeout_sec": 300,
+    "wait_ms": 800,
+    "network_mocks": [
+      {
+        "label": "account-summary",
+        "url": "**/api/account/summary",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "available_time": "4h 0m",
+          "active_jobs": 2
+        }
+      },
+      {
+        "label": "recent-jobs",
+        "url": "**/api/jobs?limit=10",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "jobs": [
+            {
+              "id": "job_action_template_survives",
+              "status": "completed"
+            }
+          ]
+        }
+      },
+      {
+        "label": "existing-api-keys",
+        "url": "**/api/api-keys",
+        "method": "GET",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "json": {
+          "keys": [
+            {
+              "id": "key_action_template_existing",
+              "name": "Existing action template key",
+              "last4": "0001",
+              "status": "active"
+            }
+          ]
+        }
+      },
+      {
+        "label": "create-api-key-malformed-success",
+        "url": "**/api/api-keys",
+        "method": "POST",
+        "status": 200,
+        "content_type": "application/json",
+        "required_hit_count": 3,
+        "max_hit_count": 3,
+        "capture_request_body": true,
+        "request_body_contains": ["Action template malformed success key"],
+        "body": "{not valid create success json"
+      }
+    ],
+    "setup_actions": [
+      { "type": "clear_storage", "storage": "both", "reload": true },
+      { "type": "wait_for_selector", "selector": "[data-testid='account-page']", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "4h 0m", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "job_action_template_survives", "timeout_ms": 30000 },
+      { "type": "wait_for_text", "selector": "body", "text": "Existing action template key", "timeout_ms": 30000 },
+      { "type": "fill", "selector": "[data-testid='new-key-name']", "value": "Action template malformed success key" },
+      { "type": "clear_console" },
+      { "type": "screenshot", "label": "before-malformed-success-action" },
+      { "type": "click", "selector": "[data-testid='create-key-button']", "text": "Create API key" },
+      { "type": "wait_for_text", "selector": "body", "text": "Failed to create API key", "timeout_ms": 30000 },
+      { "type": "assert_text_visible", "selector": "body", "text": "Existing action template key", "timeout_ms": 5000 },
+      { "type": "assert_text_visible", "selector": "body", "text": "Active", "timeout_ms": 5000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "API Key Created!", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "Expected property name", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "SyntaxError", "timeout_ms": 1000 },
+      { "type": "assert_text_absent", "selector": "body", "text": "[object Object]", "timeout_ms": 1000 },
+      { "type": "screenshot", "label": "malformed-success-action-visible-recovery" }
+    ]
+  },
+  "checks": [
+    { "type": "route_loaded", "expected_path": "/account" },
+    { "type": "selector_visible", "selector": "[data-testid='account-page']" },
+    { "type": "selector_visible", "selector": "[data-testid='api-key-create-error']" },
+    { "type": "text_visible", "text": "4h 0m" },
+    { "type": "text_visible", "text": "2 active" },
+    { "type": "text_visible", "text": "job_action_template_survives" },
+    { "type": "text_visible", "text": "Existing action template key" },
+    { "type": "text_visible", "text": "Failed to create API key" },
+    { "type": "text_visible", "text": "Active" },
+    { "type": "text_absent", "text": "API Key Created!" },
+    { "type": "text_absent", "text": "Expected property name" },
+    { "type": "text_absent", "text": "SyntaxError" },
+    { "type": "text_absent", "text": "[object Object]" },
+    { "type": "text_absent", "text": "Application error" },
+    { "type": "selector_count_equals", "selector": "[data-testid='api-key-create-error']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='recent-job-row']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='api-key-row']", "expected_count": 1 },
+    { "type": "selector_count_equals", "selector": "[data-testid='created-key-modal']", "expected_count": 0 },
+    { "type": "no_horizontal_overflow", "max_overflow_px": 1 },
+    { "type": "no_fatal_console_errors" },
+    { "type": "no_console_warnings" }
+  ],
+  "artifacts": ["screenshot", "console", "dom_summary", "proof_json"],
+  "baseline_policy": "invariant_only",
+  "failure_policy": {
+    "environment_blocked": "neutral",
+    "proof_insufficient": "fail",
+    "product_regression": "fail"
+  },
+  "metadata": {
+    "purpose": "Template for handled malformed action-success recovery: prove surrounding state still renders, the failed action shows one recovery message, success UI and raw parser text stay absent, the action request body is captured, and browser console evidence remains clean."
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@riddledc/riddle-proof",
-  "version": "0.7.117",
+  "version": "0.7.118",
   "description": "Reusable Riddle Proof contracts and helpers for evidence-backed agent changes.",
   "license": "MIT",
   "author": "RiddleDC",