azaion/ui - ui - Gitea: Git with a cup of tea

azaion/ui

Fork 0

mirror of https://github.com/azaion/ui.git synced 2026-06-21 10:51:11 +00:00

Commit Graph

Author	SHA1	Message	Date
Oleksandr Bezdieniezhnykh	1dd25edee3	[AZ-460] [AZ-462] [AZ-466] [AZ-475] Batch 4 - destructive UX/forms/overlay/save AZ-466 — Destructive UX policy + ConfirmDialog a11y + no-alert (4pts): src/components/ConfirmDialog.test.tsx (8 fast), tests/destructive_ux.test.tsx (4 fast, AdminPage class-delete drift), e2e/tests/destructive_ux.e2e.ts. New static checks STC-SEC7 (alert allowlist) + STC-SEC8 (destructive-surfaces gated/drift) wired through scripts/check-banned-deps.mjs reading tests/security/banned-deps.json. AZ-475 — Numeric form input rejection (2pts): tests/form_hygiene.test.tsx (3 fast). Documents two SettingsPage drifts: silent zero coercion via parseInt(v)\|\|0 and labels missing htmlFor. AZ-462 — Overlay membership at in-window edges (2pts): tests/overlay_membership.test.tsx (6 fast). Documents getTimeWindowDetections strict < drift; AC-1 boundary tests are it.fails(); AC-2 / control PASS. Mocks HTMLCanvasElement.getContext to capture strokeRect. AZ-460 — Annotation save URL + payload contract (2pts): tests/annotations_endpoint.test.tsx (6 fast), e2e/tests/annotations_endpoint.e2e.ts. AC-1 URL canary PASSes; AC-2 payload missing 4 fields documented as it.fails(); AC-3 manual-draw PASS, AI-suggestion-accept + bulk-edit-save QUARANTINE skip. Test infrastructure: - tests/setup.ts: NoopResizeObserver + NoopEventSource JSDOM polyfills. - tests/msw/handlers/annotations.ts: doubly-prefixed paths matching production calls (e.g. /api/annotations/annotations). - tests/msw/handlers/flights.ts: plural /aircrafts paths. Verification: bun run test:fast → 80 passed, 13 skipped (14 files). scripts/run-tests.sh --static-only → 24/24 PASS (was 22; +STC-SEC7/SEC8). Per-batch self-review verdict: PASS_WITH_WARNINGS. Cumulative review of batches 04-06 due after batch 6 per implement/SKILL.md Step 14.5. Report: _docs/03_implementation/batch_04_report.md. Also includes the previously-untracked _docs/03_implementation/cumulative_review_batches_01-03_report.md generated at the start of this session before batch 4 began. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-11 04:15:01 +03:00
Oleksandr Bezdieniezhnykh	2051088706	[AZ-458] [AZ-467] [AZ-468] [AZ-482] Batch 3 - SSE/RBAC/Header/security tests Implements 4 blackbox-test tasks for AZ-455 Phase A baseline: - AZ-458 SSE lifecycle + bearer rotation: 9 fast tests (8 pass, 1 QUARANTINE for annotation-status); 4 e2e scenarios (gated by suite stack). Uses tests/helpers/sse-mock.ts with globalThis.EventSource monkey-patch per AC-3 (no stub of src/api/sse.ts). AC-2 bearer rotation captured as documented drift via it.fails() — FlightsPage useEffect deps do not include the token today. - AZ-467 ProtectedRoute spinner + timeout + RBAC: 9 new fast tests extending the AZ-457 file (6 pass, 3 QUARANTINE), plus 3 e2e scenarios. FT-P-32 spinner a11y is it.fails() drift; FT-P-33 timeout and FT-N-03/05 RBAC redirects are it.skip QUARANTINE (no production behavior today). Positive control: admin_carol reaches /admin. - AZ-468 Header flight-dropdown a11y: 6 fast tests (5 pass, 1 QUARANTINE). FT-P-30/31 are it.fails() drift (aria-expanded / role=listbox / aria-activedescendant currently missing); FT-N-09 is it.skip QUARANTINE (no document keydown handler exists). - AZ-482 Secrets + banned-libs + AC-N1 anti-criterion: 3 new static checks (STC-SEC13 legacy integrations, STC-SEC14 concurrent-edit, STC-SEC1B dist/ OWM key) plus refactor of 4 existing checks (STC-N2/N4/S13/S6) to read from tests/security/banned-deps.json via scripts/check-banned-deps.mjs per AZ-482 constraint ("deny-list lives in tests/security/banned-deps.json so additions are visible in code review"). All 22 static checks PASS. Totals: 57 fast tests pass + 9 skipped; 22/22 static checks pass. Self-review verdict PASS_WITH_WARNINGS — all five findings are documented drifts captured by it.fails() / it.skip QUARANTINE + control tests. See _docs/03_implementation/batch_03_report.md for the per-task / per-AC matrix and recommended Phase B follow-up production tasks (Header a11y; ProtectedRoute spinner/timeout/RBAC; SSE bearer-rotation reconnect; AnnotationsPage SSE). Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-11 03:46:18 +03:00

Author

SHA1

Message

Date

Oleksandr Bezdieniezhnykh

1dd25edee3

[AZ-460] [AZ-462] [AZ-466] [AZ-475] Batch 4 - destructive UX/forms/overlay/save

AZ-466 — Destructive UX policy + ConfirmDialog a11y + no-alert (4pts):
  src/components/ConfirmDialog.test.tsx (8 fast),
  tests/destructive_ux.test.tsx (4 fast, AdminPage class-delete drift),
  e2e/tests/destructive_ux.e2e.ts. New static checks STC-SEC7 (alert
  allowlist) + STC-SEC8 (destructive-surfaces gated/drift) wired through
  scripts/check-banned-deps.mjs reading tests/security/banned-deps.json.

AZ-475 — Numeric form input rejection (2pts):
  tests/form_hygiene.test.tsx (3 fast). Documents two SettingsPage drifts:
  silent zero coercion via parseInt(v)||0 and labels missing htmlFor.

AZ-462 — Overlay membership at in-window edges (2pts):
  tests/overlay_membership.test.tsx (6 fast). Documents getTimeWindowDetections
  strict < drift; AC-1 boundary tests are it.fails(); AC-2 / control PASS.
  Mocks HTMLCanvasElement.getContext to capture strokeRect.

AZ-460 — Annotation save URL + payload contract (2pts):
  tests/annotations_endpoint.test.tsx (6 fast),
  e2e/tests/annotations_endpoint.e2e.ts. AC-1 URL canary PASSes; AC-2
  payload missing 4 fields documented as it.fails(); AC-3 manual-draw
  PASS, AI-suggestion-accept + bulk-edit-save QUARANTINE skip.

Test infrastructure:
  - tests/setup.ts: NoopResizeObserver + NoopEventSource JSDOM polyfills.
  - tests/msw/handlers/annotations.ts: doubly-prefixed paths matching
    production calls (e.g. /api/annotations/annotations).
  - tests/msw/handlers/flights.ts: plural /aircrafts paths.

Verification: bun run test:fast → 80 passed, 13 skipped (14 files).
scripts/run-tests.sh --static-only → 24/24 PASS (was 22; +STC-SEC7/SEC8).
Per-batch self-review verdict: PASS_WITH_WARNINGS. Cumulative review
of batches 04-06 due after batch 6 per implement/SKILL.md Step 14.5.
Report: _docs/03_implementation/batch_04_report.md.

Also includes the previously-untracked
_docs/03_implementation/cumulative_review_batches_01-03_report.md
generated at the start of this session before batch 4 began.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-11 04:15:01 +03:00

Oleksandr Bezdieniezhnykh

2051088706

[AZ-458] [AZ-467] [AZ-468] [AZ-482] Batch 3 - SSE/RBAC/Header/security tests

Implements 4 blackbox-test tasks for AZ-455 Phase A baseline:

- AZ-458 SSE lifecycle + bearer rotation: 9 fast tests (8 pass, 1
  QUARANTINE for annotation-status); 4 e2e scenarios (gated by suite
  stack). Uses tests/helpers/sse-mock.ts with globalThis.EventSource
  monkey-patch per AC-3 (no stub of src/api/sse.ts). AC-2 bearer
  rotation captured as documented drift via it.fails() — FlightsPage
  useEffect deps do not include the token today.

- AZ-467 ProtectedRoute spinner + timeout + RBAC: 9 new fast tests
  extending the AZ-457 file (6 pass, 3 QUARANTINE), plus 3 e2e
  scenarios. FT-P-32 spinner a11y is it.fails() drift; FT-P-33 timeout
  and FT-N-03/05 RBAC redirects are it.skip QUARANTINE (no production
  behavior today). Positive control: admin_carol reaches /admin.

- AZ-468 Header flight-dropdown a11y: 6 fast tests (5 pass, 1
  QUARANTINE). FT-P-30/31 are it.fails() drift (aria-expanded /
  role=listbox / aria-activedescendant currently missing); FT-N-09
  is it.skip QUARANTINE (no document keydown handler exists).

- AZ-482 Secrets + banned-libs + AC-N1 anti-criterion: 3 new static
  checks (STC-SEC13 legacy integrations, STC-SEC14 concurrent-edit,
  STC-SEC1B dist/ OWM key) plus refactor of 4 existing checks
  (STC-N2/N4/S13/S6) to read from tests/security/banned-deps.json
  via scripts/check-banned-deps.mjs per AZ-482 constraint
  ("deny-list lives in tests/security/banned-deps.json so additions
  are visible in code review"). All 22 static checks PASS.

Totals: 57 fast tests pass + 9 skipped; 22/22 static checks pass.
Self-review verdict PASS_WITH_WARNINGS — all five findings are
documented drifts captured by it.fails() / it.skip QUARANTINE +
control tests. See _docs/03_implementation/batch_03_report.md
for the per-task / per-AC matrix and recommended Phase B follow-up
production tasks (Header a11y; ProtectedRoute spinner/timeout/RBAC;
SSE bearer-rotation reconnect; AnnotationsPage SSE).

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-11 03:46:18 +03:00

2 Commits