plum-e2e 1.3.7 → 2.2.0

package/backend/prisma/migrations/20260618000000_add_test_repository/migration.sql

@@ -0,0 +1,133 @@
+-- AlterTable Project: add test repository settings and sequence counters
+ALTER TABLE "Project" ADD COLUMN "testCasePrefix" TEXT NOT NULL DEFAULT 'TC';
+ALTER TABLE "Project" ADD COLUMN "testSuitePrefix" TEXT NOT NULL DEFAULT 'TS';
+ALTER TABLE "Project" ADD COLUMN "caseSeqNext" INTEGER NOT NULL DEFAULT 0;
+ALTER TABLE "Project" ADD COLUMN "suiteSeqNext" INTEGER NOT NULL DEFAULT 0;
+
+-- AlterTable Report: add relation to TestCaseHistory (no schema change needed here, FK is on history side)
+
+-- CreateTable User
+CREATE TABLE "User" (
+    "id" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "email" TEXT NOT NULL,
+    "password" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "User_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestSuite
+CREATE TABLE "TestSuite" (
+    "id" TEXT NOT NULL,
+    "displayId" TEXT NOT NULL,
+    "name" TEXT NOT NULL,
+    "description" TEXT NOT NULL DEFAULT '',
+    "priority" TEXT NOT NULL DEFAULT 'Medium',
+    "createdById" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "TestSuite_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestCase
+CREATE TABLE "TestCase" (
+    "id" TEXT NOT NULL,
+    "displayId" TEXT NOT NULL,
+    "title" TEXT NOT NULL,
+    "description" TEXT NOT NULL DEFAULT '',
+    "priority" TEXT NOT NULL DEFAULT 'Medium',
+    "automatedTag" TEXT,
+    "isAutomated" BOOLEAN NOT NULL DEFAULT false,
+    "suiteId" TEXT NOT NULL,
+    "createdById" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "TestCase_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestStep
+CREATE TABLE "TestStep" (
+    "id" TEXT NOT NULL,
+    "caseId" TEXT NOT NULL,
+    "action" TEXT NOT NULL,
+    "testData" TEXT NOT NULL DEFAULT '',
+    "expectedOutput" TEXT NOT NULL DEFAULT '',
+    "order" INTEGER NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "TestStep_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestRun
+CREATE TABLE "TestRun" (
+    "id" TEXT NOT NULL,
+    "title" TEXT NOT NULL,
+    "status" TEXT NOT NULL DEFAULT 'draft',
+    "createdById" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "updatedAt" TIMESTAMP(3) NOT NULL,
+
+    CONSTRAINT "TestRun_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestRunEntry
+CREATE TABLE "TestRunEntry" (
+    "id" TEXT NOT NULL,
+    "runId" TEXT NOT NULL,
+    "caseId" TEXT NOT NULL,
+    "status" TEXT NOT NULL DEFAULT 'pending',
+    "notes" TEXT NOT NULL DEFAULT '',
+    "order" INTEGER NOT NULL DEFAULT 0,
+    "executedById" TEXT,
+    "executedAt" TIMESTAMP(3),
+
+    CONSTRAINT "TestRunEntry_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateTable TestCaseHistory
+CREATE TABLE "TestCaseHistory" (
+    "id" TEXT NOT NULL,
+    "caseId" TEXT NOT NULL,
+    "runId" TEXT,
+    "reportId" INTEGER,
+    "result" TEXT NOT NULL,
+    "source" TEXT NOT NULL DEFAULT 'manual',
+    "notes" TEXT NOT NULL DEFAULT '',
+    "executedById" TEXT,
+    "executedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "TestCaseHistory_pkey" PRIMARY KEY ("id")
+);
+
+-- CreateIndex
+CREATE UNIQUE INDEX "User_email_key" ON "User"("email");
+CREATE UNIQUE INDEX "TestSuite_displayId_key" ON "TestSuite"("displayId");
+CREATE UNIQUE INDEX "TestCase_displayId_key" ON "TestCase"("displayId");
+
+-- AddForeignKey
+ALTER TABLE "TestSuite" ADD CONSTRAINT "TestSuite_createdById_fkey" FOREIGN KEY ("createdById") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TestCase" ADD CONSTRAINT "TestCase_suiteId_fkey" FOREIGN KEY ("suiteId") REFERENCES "TestSuite"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE "TestCase" ADD CONSTRAINT "TestCase_createdById_fkey" FOREIGN KEY ("createdById") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TestStep" ADD CONSTRAINT "TestStep_caseId_fkey" FOREIGN KEY ("caseId") REFERENCES "TestCase"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TestRun" ADD CONSTRAINT "TestRun_createdById_fkey" FOREIGN KEY ("createdById") REFERENCES "User"("id") ON DELETE RESTRICT ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TestRunEntry" ADD CONSTRAINT "TestRunEntry_runId_fkey" FOREIGN KEY ("runId") REFERENCES "TestRun"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE "TestRunEntry" ADD CONSTRAINT "TestRunEntry_caseId_fkey" FOREIGN KEY ("caseId") REFERENCES "TestCase"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE "TestRunEntry" ADD CONSTRAINT "TestRunEntry_executedById_fkey" FOREIGN KEY ("executedById") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+
+-- AddForeignKey
+ALTER TABLE "TestCaseHistory" ADD CONSTRAINT "TestCaseHistory_caseId_fkey" FOREIGN KEY ("caseId") REFERENCES "TestCase"("id") ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE "TestCaseHistory" ADD CONSTRAINT "TestCaseHistory_runId_fkey" FOREIGN KEY ("runId") REFERENCES "TestRun"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+ALTER TABLE "TestCaseHistory" ADD CONSTRAINT "TestCaseHistory_reportId_fkey" FOREIGN KEY ("reportId") REFERENCES "Report"("id") ON DELETE SET NULL ON UPDATE CASCADE;
+ALTER TABLE "TestCaseHistory" ADD CONSTRAINT "TestCaseHistory_executedById_fkey" FOREIGN KEY ("executedById") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;

package/backend/prisma/migrations/20260618000001_add_user_roles/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable User: add role column, promote first user to admin
+ALTER TABLE "User" ADD COLUMN "role" TEXT NOT NULL DEFAULT 'user';
+UPDATE "User" SET "role" = 'admin' WHERE "id" = (SELECT "id" FROM "User" ORDER BY "createdAt" ASC LIMIT 1);

package/backend/prisma/migrations/20260618000002_drop_automated_tag/migration.sql

@@ -0,0 +1,2 @@
+-- TestCase.automatedTag removed: displayId is now used directly as the Cucumber tag identifier
+ALTER TABLE "TestCase" DROP COLUMN IF EXISTS "automatedTag";

package/backend/prisma/migrations/20260618000003_entry_assignee/migration.sql

@@ -0,0 +1,2 @@
+ALTER TABLE "TestRunEntry" ADD COLUMN "assignedToId" TEXT;
+ALTER TABLE "TestRunEntry" ADD CONSTRAINT "TestRunEntry_assignedToId_fkey" FOREIGN KEY ("assignedToId") REFERENCES "User"("id") ON DELETE SET NULL ON UPDATE CASCADE;

package/backend/prisma/migrations/20260621000000_add_notifications/migration.sql

@@ -0,0 +1,8 @@
+-- AlterTable Project: add webhook and public URL fields
+ALTER TABLE "Project" ADD COLUMN "discordWebhookUrl" TEXT NOT NULL DEFAULT '';
+ALTER TABLE "Project" ADD COLUMN "slackWebhookUrl" TEXT NOT NULL DEFAULT '';
+ALTER TABLE "Project" ADD COLUMN "notifyPublicUrl" TEXT NOT NULL DEFAULT '';
+
+-- AlterTable CronJob: add notification toggles
+ALTER TABLE "CronJob" ADD COLUMN "notifyDiscord" BOOLEAN NOT NULL DEFAULT false;
+ALTER TABLE "CronJob" ADD COLUMN "notifySlack" BOOLEAN NOT NULL DEFAULT false;

package/backend/prisma/schema.prisma

@@ -44,6 +44,8 @@ model CronJob {
   enabled        Boolean  @default(true)
   runnerId       String?
   runnerIds      String   @default("built-in")
+  notifyDiscord  Boolean  @default(false)
+  notifySlack    Boolean  @default(false)
   runner         Runner?  @relation(fields: [runnerId], references: [id], onDelete: SetNull)
   createdAt      DateTime @default(now())
   updatedAt      DateTime @updatedAt
@@ -51,23 +53,134 @@ model CronJob {
 }
 
 model Report {
-  id          Int      @id @default(autoincrement())
+  id          Int               @id @default(autoincrement())
   status      String
   tags        String
-  triggerType String   @default("manual-trigger")
-  runners     Int      @default(1)
-  browser     String   @default("chromium")
+  triggerType String            @default("manual-trigger")
+  runners     Int               @default(1)
+  browser     String            @default("chromium")
   runnerName  String?
   runnerId    String?
-  runner      Runner?  @relation(fields: [runnerId], references: [id], onDelete: SetNull)
+  runner      Runner?           @relation(fields: [runnerId], references: [id], onDelete: SetNull)
   cronJobId   Int?
-  cronJob     CronJob? @relation(fields: [cronJobId], references: [id], onDelete: SetNull)
+  cronJob     CronJob?          @relation(fields: [cronJobId], references: [id], onDelete: SetNull)
   content     Json
-  createdAt   DateTime @default(now())
+  createdAt   DateTime          @default(now())
+  testHistory TestCaseHistory[]
 }
 
 model Project {
-  id      Int    @id @default(autoincrement())
-  name    String @default("")
-  logoUrl String @default("")
+  id                Int    @id @default(autoincrement())
+  name              String @default("")
+  logoUrl           String @default("")
+  testCasePrefix    String @default("TC")
+  testSuitePrefix   String @default("TS")
+  caseSeqNext       Int    @default(0)
+  suiteSeqNext      Int    @default(0)
+  discordWebhookUrl String @default("")
+  slackWebhookUrl   String @default("")
+  notifyPublicUrl   String @default("")
+}
+
+model User {
+  id        String   @id @default(cuid())
+  name      String
+  email     String   @unique
+  password  String
+  role      String   @default("user")
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  suites          TestSuite[]
+  cases           TestCase[]
+  runs            TestRun[]
+  executedEntries TestRunEntry[]   @relation("entryExecutor")
+  assignedEntries TestRunEntry[]   @relation("entryAssignee")
+  caseHistories   TestCaseHistory[]
+}
+
+model TestSuite {
+  id          String     @id @default(cuid())
+  displayId   String     @unique
+  name        String
+  description String     @default("")
+  priority    String     @default("Medium")
+  createdById String
+  createdBy   User       @relation(fields: [createdById], references: [id])
+  createdAt   DateTime   @default(now())
+  updatedAt   DateTime   @updatedAt
+  cases       TestCase[]
+}
+
+model TestCase {
+  id           String            @id @default(cuid())
+  displayId    String            @unique
+  title        String
+  description  String            @default("")
+  priority     String            @default("Medium")
+  isAutomated  Boolean           @default(false)
+  suiteId      String
+  suite        TestSuite         @relation(fields: [suiteId], references: [id], onDelete: Cascade)
+  createdById  String
+  createdBy    User              @relation(fields: [createdById], references: [id])
+  createdAt    DateTime          @default(now())
+  updatedAt    DateTime          @updatedAt
+  steps        TestStep[]
+  runEntries   TestRunEntry[]
+  history      TestCaseHistory[]
+}
+
+model TestStep {
+  id             String   @id @default(cuid())
+  caseId         String
+  case           TestCase @relation(fields: [caseId], references: [id], onDelete: Cascade)
+  action         String
+  testData       String   @default("")
+  expectedOutput String   @default("")
+  order          Int
+  createdAt      DateTime @default(now())
+}
+
+model TestRun {
+  id          String         @id @default(cuid())
+  title       String
+  status      String         @default("backlog")
+  createdById String
+  createdBy   User           @relation(fields: [createdById], references: [id])
+  createdAt   DateTime       @default(now())
+  updatedAt   DateTime       @updatedAt
+  entries     TestRunEntry[]
+  history     TestCaseHistory[]
+}
+
+model TestRunEntry {
+  id           String    @id @default(cuid())
+  runId        String
+  run          TestRun   @relation(fields: [runId], references: [id], onDelete: Cascade)
+  caseId       String
+  case         TestCase  @relation(fields: [caseId], references: [id], onDelete: Cascade)
+  status       String    @default("pending")
+  notes        String    @default("")
+  order        Int       @default(0)
+  executedById String?
+  executedBy   User?     @relation("entryExecutor", fields: [executedById], references: [id])
+  executedAt   DateTime?
+  assignedToId String?
+  assignedTo   User?     @relation("entryAssignee", fields: [assignedToId], references: [id])
+}
+
+model TestCaseHistory {
+  id           String    @id @default(cuid())
+  caseId       String
+  case         TestCase  @relation(fields: [caseId], references: [id], onDelete: Cascade)
+  runId        String?
+  run          TestRun?  @relation(fields: [runId], references: [id], onDelete: SetNull)
+  reportId     Int?
+  report       Report?   @relation(fields: [reportId], references: [id], onDelete: SetNull)
+  result       String
+  source       String    @default("manual")
+  notes        String    @default("")
+  executedById String?
+  executedBy   User?     @relation(fields: [executedById], references: [id])
+  executedAt   DateTime  @default(now())
 }

package/backend/routes/auth.routes.js

@@ -0,0 +1,96 @@
+/*
+ * This file is part of Plum.
+ *
+ * Plum is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Plum is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Plum. If not, see https://www.gnu.org/licenses/.
+ */
+
+const express = require('express');
+const router = express.Router();
+const userService = require('../services/userService');
+const { jwtAuth } = require('../middleware/jwtAuth');
+
+router.get('/needs-setup', async (req, res, next) => {
+	try {
+		const setup = await userService.needsSetup();
+		res.json({ needsSetup: setup });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/setup', async (req, res, next) => {
+	try {
+		const setup = await userService.needsSetup();
+		if (!setup) return res.status(403).json({ error: 'Setup already complete' });
+		const { name, email, password } = req.body;
+		if (!name || !email || !password)
+			return res.status(400).json({ error: 'name, email and password are required' });
+		const user = await userService.createUser({ name, email, password, role: 'admin' });
+		res.status(201).json({ user });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/login', async (req, res, next) => {
+	try {
+		const { email, password } = req.body;
+		if (!email || !password)
+			return res.status(400).json({ error: 'email and password are required' });
+		const result = await userService.login({ email, password });
+		if (!result) return res.status(401).json({ error: 'Invalid credentials' });
+		res.json(result);
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.get('/me', jwtAuth, async (req, res, next) => {
+	try {
+		const user = await userService.getById(req.user.userId);
+		if (!user) return res.status(404).json({ error: 'User not found' });
+		res.json({ user });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/change-password', jwtAuth, async (req, res, next) => {
+	try {
+		const { currentPassword, newPassword } = req.body;
+		if (!currentPassword || !newPassword)
+			return res.status(400).json({ error: 'currentPassword and newPassword are required' });
+		const result = await userService.updatePassword(req.user.userId, {
+			currentPassword,
+			newPassword
+		});
+		if (!result.ok) return res.status(400).json({ error: result.error });
+		res.json({ ok: true });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.put('/update-profile', jwtAuth, async (req, res, next) => {
+	try {
+		const { name, email } = req.body;
+		const result = await userService.updateProfile(req.user.userId, { name, email });
+		if (!result.ok) return res.status(400).json({ error: result.error });
+		res.json({ user: result.user });
+	} catch (e) {
+		next(e);
+	}
+});
+
+module.exports = router;

package/backend/routes/node.routes.js

@@ -34,6 +34,15 @@ router.get('/ping', authGuard, (req, res) => {
 	res.json({ ok: true, mode: process.env.PLUM_MODE || 'server' });
 });
 
+// Graceful shutdown for node-mode processes (no-op on the primary server)
+router.post('/shutdown', authGuard, (req, res) => {
+	if (process.env.PLUM_MODE !== 'node') {
+		return res.status(403).json({ error: 'Not a node runner' });
+	}
+	res.json({ ok: true });
+	setTimeout(() => process.exit(0), 200);
+});
+
 // Start a remote test job
 router.post('/execute', authGuard, (req, res) => {
 	const { tags, browser = 'chromium', workers = 1, tests = null } = req.body;

package/backend/routes/runners.routes.js

@@ -64,6 +64,16 @@ router.put('/:id', async (req, res) => {
 
 router.delete('/:id', async (req, res) => {
 	try {
+		const runner = await runnerService.getById(req.params.id);
+		if (runner) {
+			try {
+				await fetch(`${runner.url}/api/shutdown`, {
+					method: 'POST',
+					headers: { Authorization: `Bearer ${runner.token}` },
+					signal: AbortSignal.timeout(3000)
+				});
+			} catch {}
+		}
 		await runnerService.remove(req.params.id);
 		res.json({ message: 'Runner deleted' });
 	} catch (e) {

package/backend/routes/settings.routes.js

@@ -18,25 +18,88 @@
 const express = require('express');
 const router = express.Router();
 const settingsService = require('../services/settingsService');
+const testSuiteService = require('../services/testSuiteService');
+const testCaseService = require('../services/testCaseService');
+const { jwtAuth } = require('../middleware/jwtAuth');
 
-router.get('/project', async (req, res) => {
+router.get('/project', async (req, res, next) => {
 	try {
 		const project = await settingsService.getProject();
 		res.json(project);
-	} catch (error) {
-		console.error('Error fetching project settings:', error);
-		res.status(500).json({ error: 'Failed to fetch project settings' });
+	} catch (e) {
+		next(e);
 	}
 });
 
-router.post('/project', async (req, res) => {
+router.post('/project', async (req, res, next) => {
 	try {
 		const { name, logoUrl } = req.body;
 		const project = await settingsService.updateProject({ name, logoUrl });
 		res.json(project);
-	} catch (error) {
-		console.error('Error updating project settings:', error);
-		res.status(500).json({ error: 'Failed to update project settings' });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.get('/test-prefixes', jwtAuth, async (req, res, next) => {
+	try {
+		const prefixes = await settingsService.getTestPrefixes();
+		res.json(prefixes);
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/test-prefixes', jwtAuth, async (req, res, next) => {
+	try {
+		const { testCasePrefix, testSuitePrefix } = req.body;
+		const project = await settingsService.updateTestPrefixes({ testCasePrefix, testSuitePrefix });
+		res.json(project);
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/test-prefixes/migrate', jwtAuth, async (req, res, next) => {
+	try {
+		const { testCasePrefix, testSuitePrefix } = req.body;
+		const results = {};
+		if (testCasePrefix) {
+			results.cases = await testCaseService.migratePrefix(testCasePrefix);
+		}
+		if (testSuitePrefix) {
+			results.suites = await testSuiteService.migratePrefix(testSuitePrefix);
+		}
+		res.json({ ok: true, ...results });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.get('/integrations', async (req, res, next) => {
+	try {
+		const webhooks = await settingsService.getWebhooks();
+		res.json(webhooks);
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/integrations', async (req, res, next) => {
+	try {
+		const { discordWebhookUrl, slackWebhookUrl, notifyPublicUrl } = req.body;
+		const project = await settingsService.updateWebhooks({
+			discordWebhookUrl,
+			slackWebhookUrl,
+			notifyPublicUrl
+		});
+		res.json({
+			discordWebhookUrl: project.discordWebhookUrl,
+			slackWebhookUrl: project.slackWebhookUrl,
+			notifyPublicUrl: project.notifyPublicUrl
+		});
+	} catch (e) {
+		next(e);
 	}
 });
 

package/backend/routes/test-cases.routes.js

@@ -0,0 +1,80 @@
+/*
+ * This file is part of Plum.
+ *
+ * Plum is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Plum is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Plum. If not, see https://www.gnu.org/licenses/.
+ */
+
+const express = require('express');
+const router = express.Router();
+const { jwtAuth } = require('../middleware/jwtAuth');
+const testCaseService = require('../services/testCaseService');
+
+router.get('/:id', jwtAuth, async (req, res, next) => {
+	try {
+		const tc = await testCaseService.getById(req.params.id);
+		if (!tc) return res.status(404).json({ error: 'Test case not found' });
+		res.json({ testCase: tc });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.post('/', jwtAuth, async (req, res, next) => {
+	try {
+		const { suiteId, title, description, priority } = req.body;
+		if (!suiteId || !title)
+			return res.status(400).json({ error: 'suiteId and title are required' });
+		const testCase = await testCaseService.create({
+			suiteId,
+			title,
+			description,
+			priority,
+			createdById: req.user.userId
+		});
+		res.status(201).json({ testCase });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.put('/:id', jwtAuth, async (req, res, next) => {
+	try {
+		const { title, description, priority } = req.body;
+		const testCase = await testCaseService.update(req.params.id, { title, description, priority });
+		res.json({ testCase });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.put('/:id/steps', jwtAuth, async (req, res, next) => {
+	try {
+		const { steps } = req.body;
+		const saved = await testCaseService.upsertSteps(req.params.id, steps);
+		res.json({ steps: saved });
+	} catch (e) {
+		next(e);
+	}
+});
+
+router.delete('/:id', jwtAuth, async (req, res, next) => {
+	try {
+		await testCaseService.remove(req.params.id);
+		res.json({ ok: true });
+	} catch (e) {
+		next(e);
+	}
+});
+
+module.exports = router;