@wopr-network/platform-ui-core 1.0.0

package/src/__tests__/use-image-status.test.ts

@@ -0,0 +1,77 @@
+import { act, renderHook, waitFor } from "@testing-library/react";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { useImageStatus } from "@/hooks/use-image-status";
+
+vi.mock("@/lib/api", () => ({
+  getImageStatus: vi.fn(),
+  apiFetch: vi.fn(),
+}));
+
+import { getImageStatus } from "@/lib/api";
+
+const mockGetImageStatus = vi.mocked(getImageStatus);
+
+describe("useImageStatus", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("returns error: null on success", async () => {
+    mockGetImageStatus.mockResolvedValue({
+      updateAvailable: true,
+      currentDigest: "sha256:abc",
+      latestDigest: "sha256:def",
+    });
+    const { result } = renderHook(() => useImageStatus("inst-1"));
+    await waitFor(() => expect(result.current.loading).toBe(false));
+    expect(result.current.error).toBeNull();
+    expect(result.current.updateAvailable).toBe(true);
+  });
+
+  it("sets error when getImageStatus returns null", async () => {
+    mockGetImageStatus.mockResolvedValue(null);
+    const { result } = renderHook(() => useImageStatus("inst-1"));
+    await waitFor(() => expect(result.current.loading).toBe(false));
+    expect(result.current.error).toBe("Failed to fetch image status");
+    expect(result.current.updateAvailable).toBe(false);
+  });
+
+  it("clears stale data when getImageStatus returns null", async () => {
+    mockGetImageStatus.mockResolvedValueOnce({
+      updateAvailable: true,
+      currentDigest: "sha256:abc",
+      latestDigest: "sha256:def",
+    });
+    const { result } = renderHook(() => useImageStatus("inst-1"));
+    await waitFor(() => expect(result.current.updateAvailable).toBe(true));
+
+    mockGetImageStatus.mockResolvedValue(null);
+    await act(async () => {
+      await result.current.refresh();
+    });
+    expect(result.current.error).toBe("Failed to fetch image status");
+    expect(result.current.updateAvailable).toBe(false);
+  });
+
+  it("clears error on successful retry after failure", async () => {
+    mockGetImageStatus.mockResolvedValueOnce(null);
+    const { result } = renderHook(() => useImageStatus("inst-1"));
+    await waitFor(() => expect(result.current.error).toBe("Failed to fetch image status"));
+
+    mockGetImageStatus.mockResolvedValue({
+      updateAvailable: false,
+      currentDigest: "sha256:abc",
+      latestDigest: "sha256:abc",
+    });
+    await act(async () => {
+      await result.current.refresh();
+    });
+    expect(result.current.error).toBeNull();
+  });
+
+  it("returns error: null when id is null", () => {
+    const { result } = renderHook(() => useImageStatus(null));
+    expect(result.current.error).toBeNull();
+    expect(result.current.loading).toBe(false);
+  });
+});

package/src/__tests__/use-pagination-params.test.ts

@@ -0,0 +1,88 @@
+import { act, renderHook } from "@testing-library/react";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+const mockReplace = vi.fn();
+let mockSearchParams = new URLSearchParams();
+
+vi.mock("next/navigation", () => ({
+  useRouter: () => ({ replace: mockReplace }),
+  usePathname: () => "/admin/users",
+  useSearchParams: () => mockSearchParams,
+}));
+
+import { usePaginationParams } from "@/hooks/use-pagination-params";
+
+describe("usePaginationParams", () => {
+  beforeEach(() => {
+    mockReplace.mockClear();
+    mockSearchParams = new URLSearchParams();
+  });
+
+  it("defaults to page 1 with offset 0", () => {
+    const { result } = renderHook(() => usePaginationParams());
+    expect(result.current.page).toBe(1);
+    expect(result.current.offset).toBe(0);
+  });
+
+  it("uses default pageSize of 20", () => {
+    mockSearchParams = new URLSearchParams("page=3");
+    const { result } = renderHook(() => usePaginationParams());
+    expect(result.current.page).toBe(3);
+    expect(result.current.offset).toBe(40);
+  });
+
+  it("accepts custom pageSize", () => {
+    mockSearchParams = new URLSearchParams("page=2");
+    const { result } = renderHook(() => usePaginationParams(10));
+    expect(result.current.page).toBe(2);
+    expect(result.current.offset).toBe(10);
+  });
+
+  it("clamps invalid negative page param to 1", () => {
+    mockSearchParams = new URLSearchParams("page=-5");
+    const { result } = renderHook(() => usePaginationParams());
+    expect(result.current.page).toBe(1);
+    expect(result.current.offset).toBe(0);
+  });
+
+  it("clamps non-numeric page param to 1", () => {
+    mockSearchParams = new URLSearchParams("page=abc");
+    const { result } = renderHook(() => usePaginationParams());
+    expect(result.current.page).toBe(1);
+    expect(result.current.offset).toBe(0);
+  });
+
+  it("setPage(3) updates URL with page=3", () => {
+    const { result } = renderHook(() => usePaginationParams());
+    act(() => {
+      result.current.setPage(3);
+    });
+    expect(mockReplace).toHaveBeenCalledWith("/admin/users?page=3", { scroll: false });
+  });
+
+  it("setPage(1) removes page param from URL", () => {
+    mockSearchParams = new URLSearchParams("page=5");
+    const { result } = renderHook(() => usePaginationParams());
+    act(() => {
+      result.current.setPage(1);
+    });
+    expect(mockReplace).toHaveBeenCalledWith("/admin/users", { scroll: false });
+  });
+
+  it("setPage preserves other query params", () => {
+    mockSearchParams = new URLSearchParams("sort=name&page=1");
+    const { result } = renderHook(() => usePaginationParams());
+    act(() => {
+      result.current.setPage(2);
+    });
+    expect(mockReplace).toHaveBeenCalledWith("/admin/users?sort=name&page=2", { scroll: false });
+  });
+
+  it("setPage(0) removes page param (clamped to <=1)", () => {
+    const { result } = renderHook(() => usePaginationParams());
+    act(() => {
+      result.current.setPage(0);
+    });
+    expect(mockReplace).toHaveBeenCalledWith("/admin/users", { scroll: false });
+  });
+});

package/src/__tests__/use-plugin-setup-chat-stale-closure.test.ts

@@ -0,0 +1,53 @@
+import { act, renderHook } from "@testing-library/react";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { usePluginSetupChat } from "@/hooks/use-plugin-setup-chat";
+
+vi.mock("@/lib/api", () => ({
+  apiFetch: vi.fn().mockResolvedValue(undefined),
+  apiFetchRaw: vi.fn().mockResolvedValue({ body: null }),
+}));
+
+describe("usePluginSetupChat sendMessage stale closure", () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+
+  it("sendMessage uses current pluginId, not stale closure value", async () => {
+    const { apiFetch } = await import("@/lib/api");
+
+    const { result } = renderHook(() => usePluginSetupChat());
+
+    // Open setup and send a message in the SAME act() block — useEffect has not
+    // fired yet, so pluginIdRef must be set synchronously in openSetup.
+    act(() => {
+      result.current.openSetup("plugin-A", "Plugin A", "bot-1");
+      result.current.sendMessage("hello");
+    });
+
+    expect(apiFetch).toHaveBeenCalledWith(
+      "/chat/setup/message",
+      expect.objectContaining({ method: "POST" }),
+    );
+    const firstCall = (apiFetch as ReturnType<typeof vi.fn>).mock.calls[0][1] as { body: string };
+    const firstBody = JSON.parse(firstCall.body) as Record<string, unknown>;
+    expect(firstBody.pluginId).toBe("plugin-A");
+    expect(firstBody.botId).toBe("bot-1");
+    expect(typeof firstBody.sessionId).toBe("string");
+    expect(firstBody.text).toBe("hello");
+
+    // Open setup again with a DIFFERENT pluginId "plugin-B" and send in the same
+    // act() — verifies synchronous ref update prevents stale "plugin-A" being used.
+    act(() => {
+      result.current.openSetup("plugin-B", "Plugin B", "bot-2");
+      result.current.sendMessage("world");
+    });
+
+    const calls = (apiFetch as ReturnType<typeof vi.fn>).mock.calls;
+    const lastCall = calls[calls.length - 1][1] as { body: string };
+    const lastBody = JSON.parse(lastCall.body) as Record<string, unknown>;
+    expect(lastBody.pluginId).toBe("plugin-B");
+    expect(lastBody.botId).toBe("bot-2");
+    expect(typeof lastBody.sessionId).toBe("string");
+    expect(lastBody.text).toBe("world");
+  });
+});

package/src/__tests__/use-webmcp.test.ts

@@ -0,0 +1,119 @@
+import { renderHook } from "@testing-library/react";
+import { beforeEach, describe, expect, it, vi } from "vitest";
+import { useWebMCP } from "@/hooks/use-webmcp";
+import { useSession } from "@/lib/auth-client";
+
+const mockRegisterWebMCPTools = vi.fn();
+const mockRouter = {
+  push: vi.fn(),
+  replace: vi.fn(),
+  prefetch: vi.fn(),
+  back: vi.fn(),
+  forward: vi.fn(),
+  refresh: vi.fn(),
+};
+const mockSession = { user: { id: "u1", name: "Test" } };
+
+vi.mock("next/navigation", () => ({
+  useRouter: () => mockRouter,
+}));
+
+vi.mock("@/lib/auth-client", () => ({
+  useSession: vi.fn(() => ({ data: { user: mockSession.user } })),
+}));
+
+vi.mock("@/lib/webmcp/register", () => ({
+  registerWebMCPTools: (...args: unknown[]) => mockRegisterWebMCPTools(...args),
+}));
+
+describe("useWebMCP", () => {
+  beforeEach(() => {
+    vi.resetAllMocks();
+    mockRegisterWebMCPTools.mockReturnValue(true);
+    vi.mocked(useSession).mockReturnValue({ data: { user: mockSession.user } } as ReturnType<
+      typeof useSession
+    >);
+  });
+
+  it("registers tools when user is authenticated", () => {
+    renderHook(() => useWebMCP());
+
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledOnce();
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledWith(true, expect.any(Function), {
+      router: mockRouter,
+    });
+  });
+
+  it("does not re-register on re-render (idempotent ref guard)", () => {
+    const { rerender } = renderHook(() => useWebMCP());
+    rerender();
+    rerender();
+
+    // Called once on mount, not again on re-renders
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledOnce();
+  });
+
+  it("passes isAuthenticated=false when session has no user", async () => {
+    const { useSession } = await import("@/lib/auth-client");
+    vi.mocked(useSession).mockReturnValue({
+      data: null,
+    } as ReturnType<typeof useSession>);
+
+    renderHook(() => useWebMCP());
+
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledWith(false, expect.any(Function), {
+      router: mockRouter,
+    });
+  });
+
+  it("resets registered ref when session becomes unauthenticated then re-registers on re-auth", async () => {
+    const { useSession } = await import("@/lib/auth-client");
+    const mockUseSession = vi.mocked(useSession);
+
+    // Start authenticated
+    mockUseSession.mockReturnValue({
+      data: { user: mockSession.user },
+    } as ReturnType<typeof useSession>);
+    const { rerender } = renderHook(() => useWebMCP());
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledTimes(1);
+
+    // Become unauthenticated
+    mockUseSession.mockReturnValue({ data: null } as ReturnType<typeof useSession>);
+    mockRegisterWebMCPTools.mockReturnValue(false);
+    rerender();
+
+    // Re-authenticate
+    mockUseSession.mockReturnValue({
+      data: { user: mockSession.user },
+    } as ReturnType<typeof useSession>);
+    mockRegisterWebMCPTools.mockReturnValue(true);
+    rerender();
+
+    // Should have called register again after re-auth
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledTimes(3);
+  });
+
+  it("retries registration on next effect when registerWebMCPTools returns false", async () => {
+    const { useSession } = await import("@/lib/auth-client");
+    const mockUseSession = vi.mocked(useSession);
+
+    // Start with registration failing
+    mockRegisterWebMCPTools.mockReturnValue(false);
+    mockUseSession.mockReturnValue({
+      data: { user: mockSession.user },
+    } as ReturnType<typeof useSession>);
+
+    const { rerender } = renderHook(() => useWebMCP());
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledTimes(1);
+
+    // Simulate a session change that re-triggers the effect
+    mockRegisterWebMCPTools.mockReturnValue(true);
+    mockUseSession.mockReturnValue({
+      data: { user: { ...mockSession.user, name: "Updated" } },
+    } as ReturnType<typeof useSession>);
+    rerender();
+
+    // Should retry since ref was never set to true
+    expect(mockRegisterWebMCPTools).toHaveBeenCalledTimes(2);
+  });
+});

package/src/__tests__/validate-elevenlabs-key.test.ts

@@ -0,0 +1,95 @@
+import { beforeEach, describe, expect, it, vi } from "vitest";
+
+const mockTestProviderKey = vi.fn();
+const mockSaveProviderKey = vi.fn();
+
+vi.mock("@/lib/settings-api", () => ({
+  testProviderKey: (...args: unknown[]) => mockTestProviderKey(...args),
+  saveProviderKey: (...args: unknown[]) => mockSaveProviderKey(...args),
+}));
+
+// Still need these mocks because api.ts imports them at module level
+const mockFetch = vi.fn();
+global.fetch = mockFetch;
+
+vi.mock("@/lib/api-config", () => ({
+  API_BASE_URL: "http://localhost:3001/api",
+  PLATFORM_BASE_URL: "http://localhost:3001",
+}));
+
+vi.mock("@/lib/fetch-utils", () => ({
+  handleUnauthorized: vi.fn(() => {
+    throw new Error("Unauthorized");
+  }),
+  UnauthorizedError: class extends Error {
+    constructor(msg = "Session expired") {
+      super(msg);
+      this.name = "UnauthorizedError";
+    }
+  },
+}));
+
+vi.mock("@/lib/trpc", () => ({
+  trpcVanilla: {},
+}));
+
+import { validateElevenLabsKey } from "@/lib/api";
+
+describe("validateElevenLabsKey", () => {
+  beforeEach(() => {
+    mockTestProviderKey.mockReset();
+    mockSaveProviderKey.mockReset();
+    mockFetch.mockReset();
+  });
+
+  it("does NOT call elevenlabs.io directly", async () => {
+    mockTestProviderKey.mockResolvedValue({ valid: true });
+    mockSaveProviderKey.mockResolvedValue({ ok: true, id: "1", provider: "elevenlabs" });
+
+    await validateElevenLabsKey("test-key");
+
+    // fetch should NOT have been called with any elevenlabs.io URL
+    for (const call of mockFetch.mock.calls) {
+      const url = typeof call[0] === "string" ? call[0] : (call[0]?.toString?.() ?? "");
+      expect(url).not.toContain("elevenlabs.io");
+    }
+  });
+
+  it("calls testProviderKey with provider=elevenlabs", async () => {
+    mockTestProviderKey.mockResolvedValue({ valid: true });
+    mockSaveProviderKey.mockResolvedValue({ ok: true, id: "1", provider: "elevenlabs" });
+
+    const result = await validateElevenLabsKey("test-key");
+
+    expect(mockTestProviderKey).toHaveBeenCalledWith("elevenlabs", "test-key");
+    expect(result.valid).toBe(true);
+  });
+
+  it("stores key after successful validation", async () => {
+    mockTestProviderKey.mockResolvedValue({ valid: true });
+    mockSaveProviderKey.mockResolvedValue({ ok: true, id: "1", provider: "elevenlabs" });
+
+    await validateElevenLabsKey("test-key");
+
+    expect(mockSaveProviderKey).toHaveBeenCalledWith("elevenlabs", "test-key");
+  });
+
+  it("does NOT store key when validation fails", async () => {
+    mockTestProviderKey.mockResolvedValue({ valid: false, error: "Invalid API key" });
+
+    const result = await validateElevenLabsKey("bad-key");
+
+    expect(result.valid).toBe(false);
+    expect(result.message).toBe("Invalid API key");
+    expect(mockSaveProviderKey).not.toHaveBeenCalled();
+  });
+
+  it("returns error when testProviderKey throws", async () => {
+    mockTestProviderKey.mockRejectedValue(new Error("Network error"));
+
+    const result = await validateElevenLabsKey("any-key");
+
+    expect(result.valid).toBe(false);
+    expect(result.message).toBe("Could not validate key. Please try again.");
+  });
+});

package/src/__tests__/validate-redirect-url.test.ts

@@ -0,0 +1,61 @@
+import { beforeEach, describe, expect, it } from "vitest";
+import { ALLOWED_REDIRECT_ORIGINS, isAllowedRedirectUrl } from "@/lib/validate-redirect-url";
+
+describe("isAllowedRedirectUrl", () => {
+  beforeEach(() => {
+    // Ensure window.location is set to a real origin for same-origin tests
+    Object.defineProperty(window, "location", {
+      value: { href: "http://localhost/", origin: "http://localhost" },
+      writable: true,
+      configurable: true,
+    });
+  });
+
+  it("allows Stripe checkout URLs", () => {
+    expect(isAllowedRedirectUrl("https://checkout.stripe.com/c/pay_abc123")).toBe(true);
+  });
+
+  it("allows Stripe billing portal URLs", () => {
+    expect(isAllowedRedirectUrl("https://billing.stripe.com/p/session/test_abc")).toBe(true);
+  });
+
+  it("allows Coinbase Commerce URLs", () => {
+    expect(isAllowedRedirectUrl("https://commerce.coinbase.com/charges/ABC123")).toBe(true);
+  });
+
+  it("allows PayRam URLs", () => {
+    expect(isAllowedRedirectUrl("https://payram.io/checkout/abc")).toBe(true);
+    expect(isAllowedRedirectUrl("https://app.payram.io/pay/abc")).toBe(true);
+  });
+
+  it("allows same-origin URLs", () => {
+    // jsdom defaults to http://localhost
+    expect(isAllowedRedirectUrl("http://localhost/billing/success")).toBe(true);
+    expect(isAllowedRedirectUrl("/billing/success")).toBe(true);
+  });
+
+  it("blocks unknown origins", () => {
+    expect(isAllowedRedirectUrl("https://evil.com/steal-creds")).toBe(false);
+  });
+
+  it("blocks javascript: URLs", () => {
+    expect(isAllowedRedirectUrl("javascript:alert(1)")).toBe(false);
+  });
+
+  it("blocks data: URLs", () => {
+    expect(isAllowedRedirectUrl("data:text/html,<script>alert(1)</script>")).toBe(false);
+  });
+
+  it("blocks empty string", () => {
+    expect(isAllowedRedirectUrl("")).toBe(false);
+  });
+
+  it("blocks Stripe subdomain spoofing", () => {
+    expect(isAllowedRedirectUrl("https://checkout.stripe.com.evil.com/pay")).toBe(false);
+  });
+
+  it("exports the allowlist set", () => {
+    expect(ALLOWED_REDIRECT_ORIGINS).toBeInstanceOf(Set);
+    expect(ALLOWED_REDIRECT_ORIGINS.has("https://checkout.stripe.com")).toBe(true);
+  });
+});

package/src/__tests__/verify-page.test.tsx

@@ -0,0 +1,140 @@
+import { act, render, screen } from "@testing-library/react";
+import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
+
+const mockPush = vi.fn();
+let mockSearchParams = new URLSearchParams();
+
+vi.mock("next/navigation", () => ({
+  useRouter: () => ({ push: mockPush }),
+  useSearchParams: () => mockSearchParams,
+  usePathname: () => "/auth/verify",
+}));
+
+vi.mock("better-auth/react", () => ({
+  createAuthClient: () => ({
+    useSession: () => ({ data: null, isPending: false, error: null }),
+    signIn: { email: vi.fn(), social: vi.fn() },
+    signUp: { email: vi.fn() },
+    signOut: vi.fn(),
+    sendVerificationEmail: vi.fn().mockResolvedValue({ data: {}, error: null }),
+  }),
+}));
+
+vi.mock("framer-motion", () => ({
+  motion: {
+    div: ({ children, ...props }: React.PropsWithChildren<Record<string, unknown>>) => (
+      <div {...props}>{children}</div>
+    ),
+    p: ({ children, ...props }: React.PropsWithChildren<Record<string, unknown>>) => (
+      <p {...props}>{children}</p>
+    ),
+  },
+}));
+
+describe("VerifyPage", () => {
+  beforeEach(() => {
+    vi.useFakeTimers();
+    mockPush.mockClear();
+    mockSearchParams = new URLSearchParams();
+  });
+
+  afterEach(() => {
+    vi.useRealTimers();
+  });
+
+  it("renders success state and shows redirect countdown", async () => {
+    mockSearchParams = new URLSearchParams("status=success");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Email verified")).toBeInTheDocument();
+    expect(screen.getByText(/verified successfully/)).toBeInTheDocument();
+    expect(screen.getByText(/\$5 signup credit/)).toBeInTheDocument();
+    expect(screen.getByRole("link", { name: /Continue to setup/ })).toHaveAttribute(
+      "href",
+      "/onboarding",
+    );
+  });
+
+  it("redirects to dashboard after countdown on success", async () => {
+    mockSearchParams = new URLSearchParams("status=success");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    await act(async () => {
+      vi.advanceTimersByTime(3000);
+    });
+
+    expect(mockPush).toHaveBeenCalledWith("/onboarding");
+  });
+
+  it("renders token-expired error with resend button when email param present", async () => {
+    mockSearchParams = new URLSearchParams(
+      "status=error&reason=token-expired&email=test@example.com",
+    );
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Link expired")).toBeInTheDocument();
+    expect(screen.getByText(/link has expired/)).toBeInTheDocument();
+    expect(screen.getByRole("button", { name: /Resend verification email/ })).toBeInTheDocument();
+  });
+
+  it("renders token-expired error with fallback login link when no email param", async () => {
+    mockSearchParams = new URLSearchParams("status=error&reason=token-expired");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Link expired")).toBeInTheDocument();
+    expect(screen.getByText(/link has expired/)).toBeInTheDocument();
+    const loginLinks = screen.getAllByRole("link", { name: /Back to sign in/ });
+    expect(loginLinks.length).toBeGreaterThanOrEqual(1);
+    expect(loginLinks[0]).toHaveAttribute("href", "/login");
+  });
+
+  it("renders already-verified state with login link", async () => {
+    mockSearchParams = new URLSearchParams("status=error&reason=already-verified");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Already verified")).toBeInTheDocument();
+    expect(screen.getByText(/already been verified/)).toBeInTheDocument();
+    expect(screen.getByRole("link", { name: /Sign in/ })).toHaveAttribute("href", "/login");
+  });
+
+  it("renders invalid-token error", async () => {
+    mockSearchParams = new URLSearchParams("status=error&reason=invalid-token");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Invalid link")).toBeInTheDocument();
+    expect(screen.getByText(/invalid or malformed/)).toBeInTheDocument();
+    expect(screen.getByRole("link", { name: /Back to sign in/ })).toHaveAttribute("href", "/login");
+  });
+
+  it("renders fallback error for unknown reason", async () => {
+    mockSearchParams = new URLSearchParams("status=error&reason=something-unexpected");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Verification failed")).toBeInTheDocument();
+    expect(screen.getByText(/went wrong/)).toBeInTheDocument();
+  });
+
+  it("renders fallback error when no status param", async () => {
+    mockSearchParams = new URLSearchParams("");
+
+    const { default: VerifyPage } = await import("@/app/auth/verify/page");
+    render(<VerifyPage />);
+
+    expect(screen.getByText("Verification failed")).toBeInTheDocument();
+    expect(screen.getByText(/No verification status provided/)).toBeInTheDocument();
+  });
+});

package/src/__tests__/verify-redirect.test.tsx

@@ -0,0 +1,41 @@
+import { act, render } from "@testing-library/react";
+import { describe, expect, it, vi } from "vitest";
+
+const mockPush = vi.fn();
+vi.mock("next/navigation", () => ({
+  useRouter: () => ({ push: mockPush }),
+  useSearchParams: () => new URLSearchParams("status=success"),
+}));
+
+vi.mock("@/components/auth/auth-shell", () => ({
+  AuthShell: ({ children }: { children: React.ReactNode }) => <div>{children}</div>,
+}));
+vi.mock("@/components/auth/resend-verification-button", () => ({
+  ResendVerificationButton: () => null,
+}));
+vi.mock("framer-motion", () => ({
+  motion: {
+    div: ({ children, ...props }: React.PropsWithChildren<Record<string, unknown>>) => (
+      <div {...props}>{children}</div>
+    ),
+    p: ({ children, ...props }: React.PropsWithChildren<Record<string, unknown>>) => (
+      <p {...props}>{children}</p>
+    ),
+  },
+}));
+
+import VerifyPage from "@/app/auth/verify/page";
+
+describe("VerifyPage success redirect", () => {
+  it("redirects to /onboarding on success", async () => {
+    vi.useFakeTimers();
+    render(<VerifyPage />);
+
+    await act(async () => {
+      vi.advanceTimersByTime(3000);
+    });
+
+    expect(mockPush).toHaveBeenCalledWith("/onboarding");
+    vi.useRealTimers();
+  });
+});