een-api-toolkit 0.0.8 → 0.0.11

package/CHANGELOG.md

@@ -2,222 +2,125 @@
 
 All notable changes to this project will be documented in this file.
 
-## [0.0.8] - 2025-12-27
+## [0.0.11] - 2025-12-27
 
-### 📋 Release Summary
+### Release Summary
 
-#### PR #9: Release v0.0.8: Dependency upgrades and release notes enhancement
+#### PR #10: Release v0.0.8: Workflow improvements
 ## Summary
 
-This release upgrades development dependencies to resolve security vulnerabilities and enhances the release workflow with auto-generated release notes from PR descriptions.
-
-### Dependency Upgrades
-| Package | From | To |
-|---------|------|-----|
-| @types/node | ^20.10.0 | ^22.0.0 |
-| @vitejs/plugin-vue | ^5.0.0 | ^6.0.0 |
-| typescript | ^5.3.0 | ~5.8.0 |
-| vite | ^5.0.0 | ^7.3.0 |
-| vite-plugin-dts | ^3.7.0 | ^4.5.4 |
-| vitest | ^1.2.0 | ^4.0.16 |
-| vue-tsc | ^1.8.0 | ^3.2.1 |
-
-### Build Warning Fixes
-- Reorder package.json exports (`types` before `import`/`require`)
-- Pin TypeScript to ~5.8.0 for API Extractor compatibility
-- Suppress dynamic/static import warning (not applicable to single-file library)
-- Make lazy-loader concurrency-safe by caching promise
-
-### Release Notes Enhancement
-- Auto-generate release summary from merged PR descriptions
-- Include `RELEASE-NOTES-vX.X.X.md` as GitHub release asset
-- Add direct link to release notes in Slack success notification
-
-## Test plan
-- [x] Unit tests pass (7/7)
-- [x] Lint passes (0 errors)
-- [x] TypeScript type checking passes
-- [x] Build succeeds with no warnings
-- [x] Package verification passes
-
-🤖 Generated with [Claude Code](https://claude.com/claude-code)
-
-#### PR #7: Release v0.0.6
-## Summary
-Release v0.0.6 with workflow reliability improvements.
-
-## Changes
-
-### Version
-- Bump: 0.0.5 → 0.0.6
+This release improves the CI/CD workflow by splitting testing and publishing into separate stages, and fixes release notes to only include changes since the last release.
 
 ### Workflow Improvements
-- Add version check to skip publish if version already exists on npm
-- Skip GitHub Release and Slack notification if already published
-- Add repository link to success Slack notification
-- Enhance failure Slack notification with:
-  - Repository link
-  - Direct link to failed workflow run
+- **Split workflows**: Separated testing (`test-release.yml`) from publishing (`npm-publish.yml`)
+  - Test workflow runs lint, typecheck, tests, and package verification
+  - Publish workflow triggers only after tests pass
+- **Release notes fix**: Now only includes PRs merged in the current release (not all historical PRs)
 
-## Why
-PR #6 merge triggered the publish workflow, but version 0.0.5 was already published, causing failure. The new version check prevents this.
+## Test plan
+- [x] Workflow files have valid YAML syntax
+- [x] Test workflow triggers on PR merge to production
+- [x] Publish workflow triggers on test success via `workflow_run`
+- [x] Both workflows support manual dispatch
 
 🤖 Generated with [Claude Code](https://claude.com/claude-code)
 
-#### PR #6: feat: Enhanced release notifications and GitHub Releases
+#### PR #11: Release v0.0.8: Vue-basic example improvements and e2e tests
 ## Summary
-- Add GitHub Release creation alongside npm publish
-- Enhance Slack notifications with more details and links
 
-## Changes
-
-### GitHub Release (`npm-publish.yml`)
-- Creates GitHub Release with version tag (e.g., `v0.0.6`)
-- Attaches npm tarball to the release
-- Generates release notes with:
-  - Installation command
-  - Package details (npm link, version, size, release time in CST)
-  - Links to npm, documentation, and changelog
+- Update vue-basic example dependencies to match main package (fix vulnerabilities)
+- Improve example README with clearer setup instructions and proxy link
+- Add stop script to kill port 3333 before starting dev server
+- Include examples folder in npm package releases
+- Add Playwright e2e tests for vue-basic example (7 test cases)
+- Add example e2e tests to test-release workflow
 
-### Enhanced Slack Notification
-- Clickable link to npm package
-- Clickable link to GitHub Release
-- Package size
-- Release timestamp in America/Chicago timezone
+## Commits
 
-### Documentation
-- Updated CLAUDE.md to document GitHub Release functionality
+- `0ee7e87` fix: Update vue-basic example dependencies and docs
+- `de16d82` feat: Add stop script to vue-basic example
+- `c3bbf6f` feat: Include examples in npm package
+- `d2a3d25` feat: Add Playwright e2e tests for vue-basic example
 
 ## Test plan
-- [ ] Merge PR and verify GitHub Release is created
-- [ ] Verify Slack notification includes all new fields
-- [ ] Verify release notes are properly formatted
+
+- [ ] Verify test-release workflow runs example e2e tests
+- [ ] Verify npm package includes examples folder
+- [ ] Verify example app runs correctly with `npm run dev`
 
 🤖 Generated with [Claude Code](https://claude.com/claude-code)
 
-#### PR #5: ci: Add npm publish workflow
+#### PR #12: Release v0.0.11: Authenticated e2e tests and versioning improvements
 ## Summary
-- Add automated npm publish workflow triggered when PRs merge to production
-- Include manual trigger option with dry run mode for testing
-- Slack notifications for publish success/failure
+- Add authenticated e2e tests for vue-basic example that perform actual OAuth login through the UI
+- Fix version bump trigger to include examples/ and .github/workflows/ changes
+- Implement independent versioning for example app (separate from main package)
 
 ## Changes
-- New `.github/workflows/npm-publish.yml` workflow
+- **examples/vue-basic/e2e/auth.spec.ts**: 3 new authenticated test cases using real OAuth login flow
+- **.husky/pre-commit**: Separate version bumps for main package vs example
+- **.github/workflows/test-release.yml**: Pass auth secrets to example e2e tests
+- **examples/vue-basic/playwright.config.ts**: dotenv loading for local development
 
 ## Test plan
-- [ ] Verify workflow syntax is valid
-- [ ] After merge, manually trigger with dry_run=true to test
-- [ ] Manually trigger without dry_run to publish v0.0.5 to npm
+- [ ] Verify unauthenticated e2e tests pass
+- [ ] Verify authenticated e2e tests pass (require TEST_USER/TEST_PASSWORD secrets)
+- [ ] Verify tests skip gracefully when credentials not available
+- [ ] Verify version bumping works for both main package and example changes
 
 🤖 Generated with [Claude Code](https://claude.com/claude-code)
 
-#### PR #4: Release v0.0.5: Documentation system and example app
+#### PR #13: Release v0.0.12: Fix e2e test failures and improve test configuration
 ## Summary
-
-- Add comprehensive documentation system with TypeDoc and AI-CONTEXT.md
-- Create complete Vue 3 example application
-- Add disclaimer to README
+- Fix e2e test failures caused by Home.vue login button not triggering OAuth redirect
+- Consolidate test suites and remove Authenticated/Unauthenticated naming distinction
+- Add fail-fast configuration to stop tests on first failure
+- Rename npm-publish workflow to "Publish Release"
 
 ## Changes
-
-### Documentation System
-- **TypeDoc integration** - Auto-generates API docs from JSDoc comments
-- **AI-CONTEXT.md** - Single-file comprehensive reference for AI assistants (~700 lines)
-- **Enhanced JSDoc** - All exports documented with examples, @param, @returns, @category
-- **npm scripts** - `docs`, `docs:api`, `docs:ai-context`
-
-### Example Application
-- Complete Vue 3 app in `examples/vue-basic/`
-- OAuth flow (login, callback, logout)
-- User list with pagination using composables
-- Auth guards for protected routes
-- Configured for EEN IDP requirement (http://127.0.0.1:3333)
-
-### README Updates
-- Added disclaimer (no warranty, not associated with EEN)
-- Added Documentation section with links
-
-## New Exports
-- `getRedirectUri()` - Config function for OAuth redirect URI
-- `TokenResponse` - Type for OAuth token response
-- `UseCurrentUserOptions`, `UseUsersOptions`, `UseUserOptions` - Composable option types
+- **examples/vue-basic/src/views/Home.vue**: Login button now calls `getAuthUrl()` directly instead of routing to /login
+- **examples/vue-basic/e2e/auth.spec.ts**: Consolidated tests, added proxy accessibility check, tests skip when proxy unavailable
+- **examples/vue-basic/e2e/app.spec.ts**: Renamed suite from "Unauthenticated" to "App"
+- **examples/vue-basic/playwright.config.ts**: Added `maxFailures: 1`, disabled retries, sequential test execution
+- **.github/workflows/npm-publish.yml**: Renamed workflow to "Publish Release"
 
 ## Test plan
-- [x] `npm run build` passes
-- [x] `npm run lint` passes
-- [x] `npm run docs` generates successfully
-- [ ] Code review passes
+- [x] All 14 e2e tests pass locally with proxy on port 8787
+- [x] Lint passes
+- [x] TypeScript type check passes
+- [x] Build succeeds
 
 🤖 Generated with [Claude Code](https://claude.com/claude-code)
 
-#### PR #3: Release v0.0.2: E2E tests and security documentation
-## Summary
-
-This PR adds comprehensive E2E testing infrastructure and security documentation to the toolkit.
-
-### Changes
-
-**E2E Testing with Playwright**
-- Added `auth-helper.ts` for OAuth login with token caching
-- Added `auth.spec.ts` to validate auth helper functionality  
-- Added `users.spec.ts` with 5 tests for Users API endpoints
-- Configured Playwright for Chromium-only testing with single worker
-- Added `test:e2e` and `test:e2e:ui` npm scripts
-
-**Documentation**
-- Added security model section to CLAUDE.md (refresh token isolation)
-- Added security/robustness priorities statement
-
-**Bug Fixes**
-- Excluded e2e folder from Vitest to prevent test conflicts
-
-### Test Results
-- Unit tests: 7 passed
-- E2E tests: 6 passed (auth helper + 5 Users API tests)
-- Lint: 1 warning (intentional console in debug.ts)
-- Build: Success
-
-### Version
-`0.0.2`
-
-🤖 Generated with [Claude Code](https://claude.com/claude-code)
-
-#### PR #2: Initial project setup and planning documentation
-## Summary
-
-- Add comprehensive project planning documentation (CLAUDE.md, README.md)
-- Set up development tooling (scripts, skills, .env configuration)
-- Configure local proxy URL for development
-- Add GitHub secrets sync script
-
-## Changes
-
-### Documentation
-- **CLAUDE.md**: Technical guidance for Claude Code including architecture, patterns, API specs, workflows
-- **README.md**: Developer usage documentation with examples, setup instructions, configuration
-
-### Configuration
-- **.env.example**: Environment variable template
-- **scripts/sync-secrets.sh**: Sync .env to GitHub repository secrets
-
-### Skills
-- **.claude/skills/PR-and-check/**: PR workflow skill for feature branches
-
-## Test Plan
-- [ ] Review documentation for accuracy
-- [ ] Verify sync-secrets.sh works with `--dry-run`
 
-🤖 Generated with [Claude Code](https://claude.ai/code)
+### Detailed Changes
 
+#### Features
+- feat: Add authenticated e2e tests for example app
+- feat: Add Playwright e2e tests for vue-basic example
+- feat: Include examples in npm package
+- feat: Add stop script to vue-basic example
 
-### 📝 Detailed Changes
+#### Bug Fixes
+- fix: Handle localStorage access errors in clearAuthState
+- fix: Address code review feedback for PR #13
+- fix: Fix e2e test failures and improve test configuration
+- fix: Address remaining code review concerns from PR #12
+- fix: Address code review concerns from PR #12
+- fix: Separate version bumps for main package and example
+- fix: Include examples and workflows in version bump trigger
+- fix: Address HIGH/MEDIUM review issues from PR #11
+- fix: Address PR #11 review feedback
+- fix: Update vue-basic example dependencies and docs
+- fix: Address PR #10 review feedback
+- fix: Limit release notes to changes since last release
 
-#### 📦 Other Changes
-- Merge pull request #9 from klaushofrichter/develop
+#### Other Changes
+- refactor: Split publish workflow into test and publish stages
 
 ### Links
 - [npm package](https://www.npmjs.com/package/een-api-toolkit)
-- [Full Changelog](https://github.com/klaushofrichter/een-api-toolkit/commits/v0.0.8)
+- [Full Changelog](https://github.com/klaushofrichter/een-api-toolkit/compare/v0.0.8...v0.0.11)
 
 ---
-*Released: 2025-12-27 10:23:46 CST*
+*Released: 2025-12-27 18:40:49 CST*

package/examples/vue-basic/.env.example

@@ -0,0 +1,12 @@
+# EEN OAuth Client ID (required)
+VITE_EEN_CLIENT_ID=your-een-client-id
+
+# OAuth Proxy URL (required)
+VITE_PROXY_URL=http://localhost:8787
+
+# OAuth Redirect URI (MUST be http://127.0.0.1:3333 - EEN IDP requirement)
+# Do not change this value - the EEN Identity Provider only permits this URL
+VITE_REDIRECT_URI=http://127.0.0.1:3333
+
+# Enable debug logging (optional)
+VITE_DEBUG=true

package/examples/vue-basic/README.md

@@ -0,0 +1,146 @@
+# EEN API Toolkit - Vue 3 Example
+
+A complete example showing how to use the een-api-toolkit in a Vue 3 application.
+
+## Features Demonstrated
+
+- OAuth authentication flow (login, callback, logout)
+- Protected routes with navigation guards
+- useCurrentUser composable for current user profile
+- useUsers composable with pagination
+- Error handling
+- Reactive authentication state
+
+## Setup
+
+### Prerequisites
+
+1. **Start the OAuth proxy** (required for authentication):
+
+   The OAuth proxy is a separate project that handles token management securely.
+   Clone and run it from: https://github.com/klaushofrichter/een-oauth-proxy
+
+   ```bash
+   # In a separate terminal, from the een-oauth-proxy directory
+   npm install
+   npm run dev
+   ```
+
+   The proxy should be running at `http://localhost:8787`.
+
+### Example Setup
+
+All commands below should be run from this example directory (`examples/vue-basic/`):
+
+2. Copy the environment file:
+   ```bash
+   # From examples/vue-basic/
+   cp .env.example .env
+   ```
+
+3. Edit `.env` with your EEN credentials:
+   ```env
+   VITE_EEN_CLIENT_ID=your-client-id
+   VITE_PROXY_URL=http://localhost:8787
+   # DO NOT change the redirect URI - EEN IDP only permits this URL
+   VITE_REDIRECT_URI=http://127.0.0.1:3333
+   ```
+
+4. Install dependencies and start:
+   ```bash
+   # From examples/vue-basic/
+   npm install
+   npm run dev
+   ```
+
+5. Open http://127.0.0.1:3333 in your browser.
+
+**Important:** The EEN Identity Provider only permits `http://127.0.0.1:3333` as the OAuth redirect URI. Do not use `localhost` or other ports.
+
+## Project Structure
+
+```
+src/
+├── main.ts          # App entry, toolkit initialization
+├── App.vue          # Root component with navigation
+├── router/
+│   └── index.ts     # Vue Router with auth guards
+└── views/
+    ├── Home.vue     # Home page with user profile
+    ├── Login.vue    # OAuth login redirect
+    ├── Callback.vue # OAuth callback handler
+    ├── Users.vue    # User list with pagination
+    └── Logout.vue   # Logout handler
+```
+
+## Key Code Examples
+
+### Initializing the Toolkit (main.ts)
+
+```typescript
+import { initEenToolkit } from 'een-api-toolkit'
+
+initEenToolkit({
+  proxyUrl: import.meta.env.VITE_PROXY_URL,
+  clientId: import.meta.env.VITE_EEN_CLIENT_ID,
+  debug: true
+})
+```
+
+### OAuth Login (Login.vue)
+
+```typescript
+import { getAuthUrl } from 'een-api-toolkit'
+
+function login() {
+  window.location.href = getAuthUrl()
+}
+```
+
+### OAuth Callback (Callback.vue)
+
+```typescript
+import { handleAuthCallback } from 'een-api-toolkit'
+
+const url = new URL(window.location.href)
+const code = url.searchParams.get('code')
+const state = url.searchParams.get('state')
+
+const { error } = await handleAuthCallback(code, state)
+if (error) {
+  // Handle error
+} else {
+  router.push('/dashboard')
+}
+```
+
+### Using Composables (Users.vue)
+
+```vue
+<script setup>
+import { useUsers } from 'een-api-toolkit'
+
+const { users, loading, error, hasNextPage, fetchNextPage } = useUsers({ pageSize: 10 })
+</script>
+
+<template>
+  <ul v-for="user in users" :key="user.id">
+    <li>{{ user.email }}</li>
+  </ul>
+  <button v-if="hasNextPage" @click="fetchNextPage">Load More</button>
+</template>
+```
+
+### Auth Guard (router/index.ts)
+
+```typescript
+router.beforeEach((to, from, next) => {
+  const authStore = useAuthStore()
+
+  if (to.meta.requiresAuth && !authStore.isAuthenticated) {
+    next('/login')
+  } else {
+    next()
+  }
+})
+```

package/examples/vue-basic/e2e/app.spec.ts

@@ -0,0 +1,61 @@
+import { test, expect } from '@playwright/test'
+
+test.describe('Vue Basic Example - App', () => {
+  test.beforeEach(async ({ page }) => {
+    await page.goto('/')
+  })
+
+  test('app loads with correct title', async ({ page }) => {
+    await expect(page).toHaveTitle(/EEN API Toolkit/)
+  })
+
+  test('header displays app name', async ({ page }) => {
+    await expect(page.locator('[data-testid="app-title"]')).toHaveText('EEN API Toolkit Example')
+  })
+
+  test('navigation shows Home and Login links when not authenticated', async ({ page }) => {
+    // Home link should be visible
+    await expect(page.locator('[data-testid="nav-home"]')).toBeVisible()
+
+    // Login link should be visible (not authenticated)
+    await expect(page.locator('[data-testid="nav-login"]')).toBeVisible()
+
+    // Users and Logout should NOT be visible (requires auth)
+    await expect(page.locator('[data-testid="nav-users"]')).not.toBeVisible()
+    await expect(page.locator('[data-testid="nav-logout"]')).not.toBeVisible()
+  })
+
+  test('home page shows not logged in message', async ({ page }) => {
+    await expect(page.locator('[data-testid="not-authenticated"]')).toBeVisible()
+    await expect(page.locator('[data-testid="not-authenticated-message"]')).toBeVisible()
+    await expect(page.locator('[data-testid="login-button"]')).toBeVisible()
+  })
+
+  test('login page displays login button', async ({ page }) => {
+    await page.goto('/login')
+
+    await expect(page.locator('[data-testid="login-title"]')).toHaveText('Login')
+    await expect(page.locator('[data-testid="login-button"]')).toBeVisible()
+  })
+
+  test('protected route redirects to login', async ({ page }) => {
+    await page.goto('/users')
+
+    // Should be redirected to login page
+    await page.waitForURL('/login')
+    await expect(page).toHaveURL('/login')
+    await expect(page.locator('[data-testid="login-title"]')).toHaveText('Login')
+  })
+
+  test('navigation between pages works', async ({ page }) => {
+    // Click Login link
+    await page.click('[data-testid="nav-login"]')
+    await page.waitForURL('/login')
+    await expect(page).toHaveURL('/login')
+
+    // Click Home link
+    await page.click('[data-testid="nav-home"]')
+    await page.waitForURL('/')
+    await expect(page).toHaveURL('/')
+  })
+})