start-vibing 4.3.4 → 4.4.0

package/template/.claude/skills/e2e-audit/e2e/specs/dashboard-integrations.spec.ts

@@ -0,0 +1,472 @@
+import { test, expect } from '../fixtures/base'
+import {
+	DashboardIntegrationsPage,
+	CreateIntegrationPage,
+	IntegrationDetailPage,
+} from '../pages/dashboard-integrations.page'
+import { createConsoleCollector } from '../utils/console-collector'
+
+test.describe('Dashboard Integrations - Page Load @smoke', () => {
+	let integrations: DashboardIntegrationsPage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+	})
+
+	test('displays page heading and subheading', async () => {
+		await expect(integrations.heading, 'Page heading should be visible after load').toBeVisible()
+		await expect(integrations.subheading, 'Page subheading should be visible').toBeVisible()
+	})
+
+	test('displays header card with usage meter', async () => {
+		await expect(integrations.headerCardTitle, 'Usage header card should render').toBeVisible()
+		await expect(integrations.usageMeter, 'Usage meter should show integration count').toBeVisible()
+	})
+
+	test('displays add integration button', async () => {
+		await expect(integrations.addIntegrationButton, 'Add integration CTA should be visible').toBeVisible()
+	})
+
+	test('displays search and filter toolbar', async () => {
+		await expect(integrations.searchInput, 'Search input should be visible').toBeVisible()
+		await expect(integrations.refreshButton, 'Refresh button should be visible').toBeVisible()
+		await expect(integrations.statusFilter, 'Status filter should be visible').toBeVisible()
+		await expect(integrations.typeFilter, 'Type filter should be visible').toBeVisible()
+	})
+
+	test('displays integration cards', async () => {
+		const count = await integrations.getCardCount()
+		expect(count, 'At least 1 integration card should render (is integration.list returning data?)').toBeGreaterThan(0)
+	})
+
+	test('displays pagination text', async () => {
+		await expect(integrations.paginationText, 'Pagination text should show total count').toBeVisible()
+	})
+})
+
+test.describe('Dashboard Integrations - Search @functional', () => {
+	let integrations: DashboardIntegrationsPage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+	})
+
+	test('search filters results by name', async ({ authenticatedPage }) => {
+		const initialCount = await integrations.getCardCount()
+
+		await integrations.search('slack')
+		await authenticatedPage.waitForTimeout(1000)
+
+		const filteredCount = await integrations.getCardCount()
+		expect(filteredCount, 'Search for "slack" should return at least 1 result').toBeGreaterThan(0)
+		expect(filteredCount, 'Filtered count should be <= initial count').toBeLessThanOrEqual(initialCount)
+
+		await expect(authenticatedPage, 'URL should contain search param').toHaveURL(/search=slack/)
+	})
+
+	test('search shows empty state for non-matching query', async ({ authenticatedPage }) => {
+		await integrations.search('xyznonexistent123')
+		await authenticatedPage.waitForTimeout(1000)
+
+		await expect(integrations.emptyStateHeading, 'Empty state should show for non-matching search').toBeVisible()
+		await expect(integrations.emptyStateText, 'Empty state description should be visible').toBeVisible()
+	})
+
+	test('clear filters resets search', async ({ authenticatedPage }) => {
+		await integrations.search('slack')
+		await authenticatedPage.waitForTimeout(1000)
+
+		const filteredCount = await integrations.getCardCount()
+
+		await integrations.clearFilters()
+		await authenticatedPage.waitForTimeout(1000)
+
+		const resetCount = await integrations.getCardCount()
+		expect(resetCount, 'Clearing filters should restore all integrations').toBeGreaterThanOrEqual(filteredCount)
+
+		await expect(authenticatedPage, 'URL should not contain search param after clear').not.toHaveURL(/search=/)
+	})
+})
+
+test.describe('Dashboard Integrations - Status Filter @functional', () => {
+	let integrations: DashboardIntegrationsPage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+	})
+
+	test('status filter "Ativo" shows active integrations', async () => {
+		const initialCount = await integrations.getCardCount()
+
+		await integrations.selectStatusFilter('Ativo')
+
+		const activeCount = await integrations.getCardCount()
+		expect(activeCount, 'Active filter should show at least 1 active integration').toBeGreaterThan(0)
+		expect(activeCount, 'Active count should be <= total count').toBeLessThanOrEqual(initialCount)
+	})
+
+	test('status filter "Pausado" shows empty state when none paused', async () => {
+		await integrations.selectStatusFilter('Pausado')
+
+		await expect(integrations.emptyStateHeading, 'No paused integrations should show empty state').toBeVisible()
+	})
+
+	test('status filter "Erro" shows empty state when none errored', async () => {
+		await integrations.selectStatusFilter('Erro')
+
+		await expect(integrations.emptyStateHeading, 'No errored integrations should show empty state').toBeVisible()
+	})
+
+	test('status filter "Reconexão Necessária" shows empty state', async () => {
+		await integrations.selectStatusFilter('Reconexão Necessária')
+
+		await expect(integrations.emptyStateHeading, 'No disconnected integrations should show empty state').toBeVisible()
+	})
+
+	test('clearing filters after status filter restores all', async () => {
+		const initialCount = await integrations.getCardCount()
+
+		await integrations.selectStatusFilter('Pausado')
+		await expect(integrations.emptyStateHeading, 'Paused filter should show empty state').toBeVisible()
+
+		await integrations.clearFilters()
+
+		const resetCount = await integrations.getCardCount()
+		expect(resetCount, 'Clearing filters should restore original integration count').toBe(initialCount)
+	})
+})
+
+test.describe('Dashboard Integrations - Navigation @functional', () => {
+	let integrations: DashboardIntegrationsPage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+	})
+
+	test('add integration button navigates to /integrations/new', async ({ authenticatedPage }) => {
+		await integrations.clickAddIntegration()
+		await expect(authenticatedPage, 'Should navigate to new integration page').toHaveURL(/dashboard\/integrations\/new/)
+	})
+
+	test('clicking integration card navigates to detail page', async ({ authenticatedPage }) => {
+		const firstCard = integrations.page.getByRole('heading', { level: 3 }).first()
+		const cardName = await firstCard.textContent()
+		expect(cardName, 'First integration card should have a name').toBeTruthy()
+
+		await firstCard.click()
+		await expect(authenticatedPage, 'Should navigate to integration detail page').toHaveURL(/dashboard\/integrations\/[a-f0-9-]+/)
+	})
+})
+
+test.describe('Create Integration - Wizard @functional', () => {
+	let wizard: CreateIntegrationPage
+
+	test.beforeEach(async ({ authenticatedPage }) => {
+		wizard = new CreateIntegrationPage(authenticatedPage)
+		await wizard.goto()
+		await wizard.waitForLoad()
+	})
+
+	test('displays page heading and step 1', async () => {
+		await expect(wizard.heading, 'Create integration heading should be visible').toBeVisible()
+		await expect(wizard.typeSelectionHeading, 'Type selection heading should be visible').toBeVisible()
+		await expect(wizard.stepIndicator, 'Step indicator should show step 1').toContainText(/1/)
+	})
+
+	test('displays all integration type options', async () => {
+		await expect(wizard.uploadButton, 'Upload type option should be visible').toBeVisible()
+		await expect(wizard.googleDriveButton, 'Google Drive option should be visible').toBeVisible()
+		await expect(wizard.oneDriveButton, 'OneDrive option should be visible').toBeVisible()
+		await expect(wizard.notionButton, 'Notion option should be visible').toBeVisible()
+		await expect(wizard.slackButton, 'Slack option should be visible').toBeVisible()
+		await expect(wizard.githubButton, 'GitHub option should be visible').toBeVisible()
+	})
+
+	test('Google Meet button is disabled with "Em Breve" badge', async () => {
+		await expect(wizard.googleMeetButton, 'Google Meet button should be visible').toBeVisible()
+		await expect(wizard.googleMeetButton, 'Google Meet should be disabled (coming soon)').toBeDisabled()
+	})
+
+	test('next button is disabled until type selected', async () => {
+		await expect(wizard.nextButton, 'Next button should be disabled before selecting a type').toBeDisabled()
+
+		await wizard.selectType('upload')
+
+		await expect(wizard.nextButton, 'Next button should be enabled after selecting upload type').toBeEnabled()
+	})
+
+	test('cancel button navigates back to integrations', async ({ authenticatedPage }) => {
+		await wizard.clickCancel()
+		await expect(authenticatedPage, 'Cancel should return to integrations list').toHaveURL(/dashboard\/integrations$/)
+	})
+
+	test('back link navigates to integrations list', async ({ authenticatedPage }) => {
+		await wizard.backButton.click()
+		await expect(authenticatedPage, 'Back link should return to integrations list').toHaveURL(/dashboard\/integrations$/)
+	})
+
+	test('displays integration limit card', async () => {
+		await expect(wizard.limitHeading, 'Integration limit card heading should be visible').toBeVisible()
+		await expect(wizard.limitProgress, 'Integration limit progress bar should be visible').toBeVisible()
+	})
+
+	test('upload type shows 4-step wizard (no auth step)', async () => {
+		await wizard.selectType('upload')
+		await wizard.clickNext()
+
+		await expect(wizard.stepIndicator, 'Should advance to step 2 after selecting upload').toContainText(/2/)
+
+		const nameInput = wizard.page.getByRole('textbox', { name: /nome|name/i })
+		await expect(nameInput, 'Name input should be visible on step 2').toBeVisible()
+	})
+
+	test('google drive type shows 5-step wizard', async () => {
+		await wizard.selectType('google-drive')
+		await wizard.clickNext()
+
+		await expect(wizard.stepIndicator, 'Should advance to step 2 for Google Drive').toContainText(/2/)
+	})
+
+	test('wizard step navigation with previous button', async () => {
+		await wizard.selectType('upload')
+		await wizard.clickNext()
+		await expect(wizard.stepIndicator, 'Should be on step 2').toContainText(/2/)
+
+		await wizard.clickPrevious()
+		await expect(wizard.stepIndicator, 'Previous should go back to step 1').toContainText(/1/)
+	})
+})
+
+test.describe('Integration Detail - Tabs @functional', () => {
+	test('detail page shows integration name and action buttons', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+
+		await expect(detail.integrationName, 'Integration name should be visible on detail page').toBeVisible()
+		await expect(detail.syncNowButton, 'Sync Now button should be visible').toBeVisible()
+		await expect(detail.statusBadge, 'Status badge should be visible').toBeVisible()
+	})
+
+	test('tabs switch content and update URL', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+
+		await detail.clickTab('history')
+		await expect(authenticatedPage, 'History tab should update URL to ?tab=timeline').toHaveURL(/tab=timeline/)
+
+		await detail.clickTab('settings')
+		await expect(authenticatedPage, 'Settings tab should update URL to ?tab=settings').toHaveURL(/tab=settings/)
+
+		await detail.clickTab('files')
+		await expect(authenticatedPage, 'Files tab should remove tab param from URL').not.toHaveURL(/tab=/)
+	})
+
+	test('back button returns to integrations list', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+
+		await detail.backButton.click()
+		await expect(authenticatedPage, 'Back button should return to integrations list').toHaveURL(/dashboard\/integrations$/)
+	})
+})
+
+test.describe('Create Integration - Name Validation @functional', () => {
+	let wizard: CreateIntegrationPage
+
+	test.beforeEach(async ({ authenticatedPage }) => {
+		wizard = new CreateIntegrationPage(authenticatedPage)
+		await wizard.goto()
+		await wizard.waitForLoad()
+		await wizard.selectType('upload')
+		await wizard.clickNext()
+	})
+
+	test('next button disabled with empty name', async () => {
+		await expect(wizard.nextButton, 'Next should be disabled when name is empty').toBeDisabled()
+	})
+
+	test('shows error for name shorter than 3 characters', async ({ authenticatedPage }) => {
+		const nameInput = authenticatedPage.getByRole('textbox', { name: /nome|name/i })
+		await nameInput.fill('ab')
+		await authenticatedPage.waitForTimeout(500)
+
+		await expect(
+			authenticatedPage.getByText(/pelo menos 3 caracteres|at least 3 characters/i),
+			'Should show min length validation error',
+		).toBeVisible()
+	})
+
+	test('shows available message for valid unique name', async ({ authenticatedPage }) => {
+		const nameInput = authenticatedPage.getByRole('textbox', { name: /nome|name/i })
+		await nameInput.fill('E2E Test Unique Name ' + Date.now())
+		await authenticatedPage.waitForTimeout(1500)
+
+		await expect(
+			authenticatedPage.getByText(/nome disponível|name available/i),
+			'Should confirm name is available (is checkNameAvailability API working?)',
+		).toBeVisible()
+		await expect(wizard.nextButton, 'Next should be enabled with valid name').toBeEnabled()
+	})
+})
+
+test.describe('Create Integration - Upload Step 3 @functional', () => {
+	test('upload wizard step 3 shows file drop zone', async ({ authenticatedPage }) => {
+		const wizard = new CreateIntegrationPage(authenticatedPage)
+		await wizard.goto()
+		await wizard.waitForLoad()
+
+		await wizard.selectType('upload')
+		await wizard.clickNext()
+
+		const nameInput = authenticatedPage.getByRole('textbox', { name: /nome|name/i })
+		await nameInput.fill('E2E Upload Step3 Test ' + Date.now())
+		await authenticatedPage.waitForTimeout(1500)
+		await wizard.clickNext()
+
+		await expect(
+			authenticatedPage.getByRole('heading', { name: /upload de arquivos/i }),
+			'Upload step 3 heading should be visible',
+		).toBeVisible()
+		await expect(
+			authenticatedPage.getByText(/arraste e solte/i),
+			'Drag and drop text should be visible',
+		).toBeVisible()
+		await expect(
+			authenticatedPage.getByRole('button', { name: /procurar arquivos/i }),
+			'Browse files button should be visible',
+		).toBeVisible()
+		await expect(
+			authenticatedPage.getByRole('button', { name: /procurar pasta/i }),
+			'Browse folder button should be visible',
+		).toBeVisible()
+		await expect(wizard.nextButton, 'Next should be disabled until files are uploaded').toBeDisabled()
+	})
+})
+
+test.describe('Integration Detail - Settings Tab @functional', () => {
+	test('settings tab shows access control with department and team comboboxes', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+		await detail.clickTab('settings')
+
+		await expect(
+			authenticatedPage.getByRole('heading', { name: /configurações da integração/i }),
+			'Settings heading should be visible',
+		).toBeVisible()
+		await expect(detail.newDepartmentButton, 'New department button should be visible').toBeVisible()
+		await expect(detail.newTeamButton, 'New team button should be visible').toBeVisible()
+		await expect(detail.saveConfigButton, 'Save config button should be visible').toBeVisible()
+	})
+
+	test('new department button opens creation dialog', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+		await detail.clickTab('settings')
+
+		await detail.newDepartmentButton.click()
+
+		const dialog = authenticatedPage.getByRole('dialog', { name: /criar departamento/i })
+		await expect(dialog, 'Create department dialog should open').toBeVisible()
+		await expect(dialog.getByRole('textbox', { name: /nome/i }), 'Department name input should be visible').toBeVisible()
+		await expect(dialog.getByRole('button', { name: /criar departamento/i }), 'Create department button should be visible').toBeVisible()
+
+		await dialog.getByRole('button', { name: /close/i }).click()
+		await expect(dialog, 'Dialog should close after clicking close').not.toBeVisible()
+	})
+
+	test('new team button opens creation dialog', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		const firstCard = authenticatedPage.getByRole('heading', { level: 3 }).first()
+		await firstCard.click()
+		await authenticatedPage.waitForURL(/dashboard\/integrations\/[a-f0-9-]+/)
+
+		const detail = new IntegrationDetailPage(authenticatedPage)
+		await detail.waitForLoad()
+		await detail.clickTab('settings')
+
+		await detail.newTeamButton.click()
+
+		const dialog = authenticatedPage.getByRole('dialog', { name: /criar equipe/i })
+		await expect(dialog, 'Create team dialog should open').toBeVisible()
+		await expect(dialog.getByRole('textbox', { name: /nome/i }), 'Team name input should be visible').toBeVisible()
+		await expect(dialog.getByRole('button', { name: /criar equipe/i }), 'Create team button should be visible').toBeVisible()
+
+		await dialog.getByRole('button', { name: /close/i }).click()
+		await expect(dialog, 'Dialog should close after clicking close').not.toBeVisible()
+	})
+})
+
+test.describe('Dashboard Integrations - Security @security', () => {
+	test('no sensitive data in console', async ({ authenticatedPage }) => {
+		const collector = createConsoleCollector(authenticatedPage)
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+		collector.assertNoSensitiveLeaks()
+	})
+
+	test('search input handles XSS payload safely', async ({ authenticatedPage }) => {
+		const integrations = new DashboardIntegrationsPage(authenticatedPage)
+		await integrations.goto()
+		await integrations.waitForLoad()
+
+		await integrations.search('<script>alert("xss")</script>')
+		await authenticatedPage.waitForTimeout(500)
+
+		const scriptExecuted = await authenticatedPage.evaluate(() => {
+			return (window as Record<string, unknown>).__xss_triggered === true
+		})
+		expect(scriptExecuted, 'XSS script should NOT execute in search input').toBe(false)
+	})
+})

package/template/.claude/skills/e2e-audit/e2e/specs/dashboard-knowledge.spec.ts

@@ -0,0 +1,57 @@
+import { test, expect } from '../fixtures/base'
+import { DashboardKnowledgePage } from '../pages/dashboard-knowledge.page'
+import { createConsoleCollector } from '../utils/console-collector'
+import { testXssOnInput } from '../utils/security-helpers'
+
+test.describe('Dashboard Knowledge @smoke', () => {
+	let knowledge: DashboardKnowledgePage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		knowledge = new DashboardKnowledgePage(authenticatedPage)
+		await knowledge.goto()
+		await knowledge.waitForLoad()
+	})
+
+	test('page loads successfully', async ({ authenticatedPage }) => {
+		await expect(authenticatedPage, 'Should navigate to knowledge page').toHaveURL(/dashboard\/knowledge/)
+	})
+
+	test('displays page heading', async () => {
+		await expect(knowledge.heading).toBeVisible()
+	})
+
+	test('search input is visible', async () => {
+		// Search may not exist on empty state, conditional check
+		const searchVisible = await knowledge.searchInput.isVisible().catch(() => false)
+		if (searchVisible) {
+			await expect(knowledge.searchInput).toBeEnabled()
+		}
+	})
+
+	test('shows file list or empty state', async () => {
+		const hasFiles = await knowledge.fileList.isVisible().catch(() => false)
+		const hasEmptyState = await knowledge.emptyState.isVisible().catch(() => false)
+		expect(hasFiles || hasEmptyState).toBe(true)
+	})
+})
+
+test.describe('Dashboard Knowledge - Security @security', () => {
+	test('no sensitive data in console', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const collector = createConsoleCollector(authenticatedPage)
+		const knowledge = new DashboardKnowledgePage(authenticatedPage)
+		await knowledge.goto()
+		await knowledge.waitForLoad()
+		collector.assertNoSensitiveLeaks()
+	})
+
+	test('search input resists XSS', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const knowledge = new DashboardKnowledgePage(authenticatedPage)
+		await knowledge.goto()
+		await knowledge.waitForLoad()
+
+		const searchVisible = await knowledge.searchInput.isVisible().catch(() => false)
+		if (searchVisible) {
+			await testXssOnInput(authenticatedPage, knowledge.searchInput)
+		}
+	})
+})

package/template/.claude/skills/e2e-audit/e2e/specs/dashboard-ontology.spec.ts

@@ -0,0 +1,72 @@
+import { test, expect } from '../fixtures/base'
+import { DashboardOntologyPage } from '../pages/dashboard-ontology.page'
+import { createConsoleCollector } from '../utils/console-collector'
+
+test.describe('Dashboard Ontology @smoke', () => {
+	let ontology: DashboardOntologyPage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		ontology = new DashboardOntologyPage(authenticatedPage)
+		await ontology.goto()
+		await ontology.waitForLoad()
+	})
+
+	test('page loads with heading and description', async ({ authenticatedPage }) => {
+		await expect(authenticatedPage, 'Should navigate to ontology page').toHaveURL(/dashboard\/ontology/)
+		await expect(ontology.heading, 'Ontology heading should be visible').toBeVisible()
+		await expect(ontology.description).toBeVisible()
+	})
+
+	test('shows stats cards', async () => {
+		await expect(ontology.entitiesStat).toBeVisible()
+		await expect(ontology.factsStat).toBeVisible()
+		await expect(ontology.episodesStat).toBeVisible()
+		await expect(ontology.entityTypesStat).toBeVisible()
+	})
+
+	test('shows five tabs with graph selected by default', async () => {
+		await expect(ontology.graphTab).toBeVisible()
+		await expect(ontology.entitiesTab).toBeVisible()
+		await expect(ontology.factsTab).toBeVisible()
+		await expect(ontology.timelineTab).toBeVisible()
+		await expect(ontology.searchTab).toBeVisible()
+		await expect(ontology.graphTab).toHaveAttribute('aria-selected', 'true')
+	})
+
+	test('graph tab shows empty state', async () => {
+		await expect(ontology.graphEmptyState).toBeVisible()
+	})
+
+	test('tabs switch via URL', async ({ authenticatedPage }) => {
+		await ontology.switchTab('entities')
+		await expect(authenticatedPage).toHaveURL(/tab=entities/)
+
+		await ontology.switchTab('facts')
+		await expect(authenticatedPage).toHaveURL(/tab=facts/)
+
+		await ontology.switchTab('timeline')
+		await expect(authenticatedPage).toHaveURL(/tab=timeline/)
+
+		await ontology.switchTab('search')
+		await expect(authenticatedPage).toHaveURL(/tab=search/)
+	})
+})
+
+test.describe('Dashboard Ontology - Search Tab', () => {
+	test('shows search input', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const ontology = new DashboardOntologyPage(authenticatedPage)
+		await ontology.goto('search')
+		await ontology.waitForLoad()
+		await expect(ontology.searchInput).toBeVisible()
+	})
+})
+
+test.describe('Dashboard Ontology - Security @security', () => {
+	test('no sensitive data in console', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const collector = createConsoleCollector(authenticatedPage)
+		const ontology = new DashboardOntologyPage(authenticatedPage)
+		await ontology.goto()
+		await ontology.waitForLoad()
+		collector.assertNoSensitiveLeaks()
+	})
+})

package/template/.claude/skills/e2e-audit/e2e/specs/dashboard-profile.spec.ts

@@ -0,0 +1,48 @@
+import { test, expect } from '../fixtures/base'
+import { DashboardProfilePage } from '../pages/dashboard-profile.page'
+import { createConsoleCollector } from '../utils/console-collector'
+
+test.describe('Dashboard Profile @smoke', () => {
+	let profile: DashboardProfilePage
+
+	test.beforeEach(async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		profile = new DashboardProfilePage(authenticatedPage)
+		await profile.goto()
+		await profile.waitForLoad()
+	})
+
+	test('page loads with heading and user info', async ({ authenticatedPage }) => {
+		await expect(authenticatedPage, 'Should navigate to profile page').toHaveURL(/dashboard\/profile/)
+		await expect(profile.heading, 'Profile heading should be visible').toBeVisible()
+		await expect(profile.avatar).toBeVisible()
+		await expect(profile.displayName).toBeVisible()
+		await expect(profile.displayEmail).toBeVisible()
+	})
+
+	test('account card shows correct user data', async () => {
+		await expect(profile.accountCardTitle).toBeVisible()
+		await expect(profile.nameInput).toHaveValue('João Lima')
+		await expect(profile.emailInput).toHaveValue('joao.lima@hakutaku.ai')
+	})
+
+	test('user ID field contains a UUID', async () => {
+		const userId = await profile.userIdInput.inputValue()
+		expect(userId).toMatch(/^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i)
+	})
+
+	test('all fields are read-only', async () => {
+		await expect(profile.nameInput).toHaveAttribute('readonly', '')
+		await expect(profile.emailInput).toHaveAttribute('readonly', '')
+		await expect(profile.userIdInput).toHaveAttribute('readonly', '')
+	})
+})
+
+test.describe('Dashboard Profile - Security @security', () => {
+	test('no sensitive data in console', async ({ authenticatedPage, apiErrors: _apiErrors }) => {
+		const collector = createConsoleCollector(authenticatedPage)
+		const profile = new DashboardProfilePage(authenticatedPage)
+		await profile.goto()
+		await profile.waitForLoad()
+		collector.assertNoSensitiveLeaks()
+	})
+})