ui/_docs/03_implementation/batch_03_report.md

Batch Report

Batch: 03 Tasks: AZ-458 (SSE lifecycle), AZ-467 (ProtectedRoute spinner/timeout/RBAC), AZ-468 (Header dropdown a11y), AZ-482 (secrets/banned-libs/AC-N1) Date: 2026-05-11 Cycle: Phase A baseline, Step 6 — Implement Tests Total complexity: 14 pts (5 + 4 + 2 + 3)

Task Results

Task	Status	Files Modified	Tests	AC Coverage	Issues
AZ-458_test_sse_lifecycle	Done	2 created (1 fast + 1 e2e)	9 fast (8 pass, 1 skipped); 4 e2e (1 expected-fail, 1 skipped)	3 / 3 ACs covered	2 documented drifts (AC-2 bearer rotation it.fails(); annotation-status QUARANTINE it.skip)
AZ-467_test_protected_route_rbac	Done	1 modified (extends batch-2 file) + 1 e2e created	9 new fast (6 pass, 3 skipped); 3 e2e (2 expected-fail, 1 pass)	4 / 4 ACs covered	4 documented drifts (FT-P-32 it.fails(); FT-P-33/N-03/N-05 it.skip QUARANTINE)
AZ-468_test_header_dropdown	Done	1 created (fast)	6 fast (5 pass, 1 skipped)	3 / 3 ACs covered	3 documented drifts (FT-P-30/31 it.fails(); FT-N-09 it.skip QUARANTINE)
AZ-482_test_secrets_and_banned_libs	Done	2 created (deny-list JSON + checker) + 1 modified (run-tests.sh)	3 new static checks (STC-SEC13/14/1B); 4 existing checks refactored	6 / 6 ACs covered	None — all checks PASS today (the production code is clean wrt the deny-lists; the value is in the future-proofing)

AC Test Coverage: All covered (16 / 16 ACs across the four tasks)

AZ-458 — SSE lifecycle + bearer rotation (9 scenarios, 3 ACs)

Scenario	Where	Profile	Status
FT-P-09 (annotation-status SSE opens on mount)	tests/sse_lifecycle.test.tsx + e2e/tests/sse_lifecycle.e2e.ts	fast + e2e	it.skip QUARANTINE (AnnotationsPage opens no SSE today)
FT-P-10 (annotation-status SSE closes on unmount)	same	fast + e2e	covered by FT-P-09 quarantine entry
FT-P-18 (live-GPS opens within 5s of select)	tests/sse_lifecycle.test.tsx	fast + e2e	PASS (fast); e2e gated by suite stack
FT-P-19 (live-GPS closes within 1s of deselect)	same	fast + e2e	PASS (fast); e2e gated
NFT-PERF-03 (bearer-rotation reconnect ≤5s)	e2e/tests/sse_lifecycle.e2e.ts	e2e	test.fail(true) — AC-2 drift; gated
NFT-PERF-04/05 (mirror FT-P-18/19)	tests/sse_lifecycle.test.tsx	fast	PASS
NFT-PERF-06 (annotation-status unsubscribes ≤1s)	tests/sse_lifecycle.test.tsx	fast	it.skip QUARANTINE
NFT-RES-02 (bearer rotation, both streams ≤5s)	e2e/tests/sse_lifecycle.e2e.ts	e2e	test.fail for live-GPS half; annotation-status half implicitly QUARANTINE

AC summary:

• AC-1 Open/close timing → 4 fast tests cover live-GPS half (PASS); 2 QUARANTINE for annotation-status
• AC-2 Bearer rotation → it.fails() drift fast + test.fail e2e (both gated)
• AC-3 No internal stubs → satisfied by patching globalThis.EventSource (not src/api/sse.ts)

AZ-467 — ProtectedRoute spinner + timeout + RBAC (7 scenarios, 4 ACs)

Scenario	Where	Profile	Status
FT-P-32 (spinner a11y)	src/auth/ProtectedRoute.test.tsx	fast	it.fails() — aria attrs missing today
FT-P-33 (10s timeout fallback)	same	fast	it.skip QUARANTINE (no timeout path)
FT-N-03 (Operator → /admin redirects to /flights)	same + e2e/tests/protected_route.e2e.ts	fast + e2e	it.skip + test.fail (no RBAC gate today)
FT-N-05 (integrator-dave → /settings redirects)	same	fast + e2e	it.skip + test.fail
NFT-SEC-05 (/admin blocks non-admins)	same	fast	covered by FT-N-03
NFT-SEC-06 (/settings route gate)	same	fast	covered by FT-N-05
NFT-RES-04 (10s loading timeout fallback)	same	fast	covered by FT-P-33

AC summary:

• AC-1 Spinner a11y → it.fails() + control test asserting the gap
• AC-2 Timeout fallback → it.skip QUARANTINE + control test asserting the gap
• AC-3 RBAC redirects → it.skip QUARANTINE + control tests asserting the gap + positive control (Admin reaches /admin)
• AC-4 Both fast + e2e → fast tests (12 total; 9 new) + e2e file (3 tests; 2 gated as test.fail)

AZ-468 — Header flight dropdown a11y (3 scenarios, 3 ACs)

Scenario	Where	Profile	Status
FT-P-30 (closed-state a11y: aria-expanded=false)	src/components/Header.test.tsx	fast	it.fails() + control test
FT-P-31 (open-state a11y: aria-expanded=true + role=listbox + aria-activedescendant)	same	fast	it.fails() + control test
FT-N-09 (Escape close + handler detach)	same	fast	it.skip QUARANTINE + control test

AC summary:

• AC-1 Closed state → it.fails() drift + control
• AC-2 Open state → it.fails() drift + control
• AC-3 Escape detach → it.skip QUARANTINE (no production keydown handler today) + control proving Escape is a no-op

AZ-482 — Secrets/banned-libs/anti-criterion (6 scenarios, 6 ACs)

Scenario	Where	Profile	Status
NFT-SEC-09 (OWM key absent from source)	scripts/run-tests.sh::STC-SEC1 (existing)	static	PASS
NFT-SEC-09 (OWM key absent from dist/)	scripts/run-tests.sh::STC-SEC1B (new) → scripts/check-banned-deps.mjs --kind=owm_key_in_dist	static (post-build)	PASS
NFT-SEC-10 (no ML libs)	STC-N2 refactored → check-banned-deps.mjs --kind=ml_libs reading tests/security/banned-deps.json	static	PASS
NFT-SEC-11 (no JOSE/signature libs)	STC-N4 refactored → --kind=signature_libs	static	PASS
NFT-SEC-12 (no service worker — source)	STC-N3 (existing)	static	PASS
NFT-SEC-12 (no service worker — runtime)	e2e companion deferred to suite stack — navigator.serviceWorker.getRegistrations() === [] would assert at runtime	e2e	not implemented in fast (gated by suite browser); STC-N3 source check is the gating signal in CI today
NFT-SEC-13 (no dropped legacy integrations)	STC-SEC13 (new) → --kind=legacy_integrations (WhatsApp/Telegram/D-Bus/libsignal)	static	PASS
NFT-SEC-14 (AC-N1 anti-criterion: no concurrent-edit reconcile)	STC-SEC14 (new) → --kind=concurrent_edit_patterns	static	PASS

AC summary:

• AC-1 OWM key absence (src + dist) → STC-SEC1 + STC-SEC1B
• AC-2 No ML libs → STC-N2 (now reads JSON)
• AC-3 No JOSE/signature libs → STC-N4 (now reads JSON)
• AC-4 No service worker → STC-N3 (source check); runtime e2e portion documented as gated
• AC-5 Dropped features absent → STC-SEC13
• AC-6 AC-N1 anti-criterion → STC-SEC14

Constraint compliance: deny-list lives in tests/security/banned-deps.json per AZ-482 constraint; additions to the JSON are visible in code review.

Code Review Verdict: PASS_WITH_WARNINGS

Self-review walked inline per .cursor/skills/code-review/SKILL.md phases 1–7.

• Phase 1 (Context): 4 task specs re-read; _docs/02_document/module-layout.md Blackbox Tests envelope respected; reuses helpers from AZ-456 (tests/helpers/{render,auth,sse-mock}.ts) and fixtures (seed_users, seed_flights). No new shared helpers introduced — the Header test inlines its FlightProvider wrapper (small one-off).
• Phase 2 (Spec compliance): every AC across the four task specs has at least one test (running, it.fails(), or it.skip with QUARANTINE reason). Drift handling uniform with batch 2: it.fails() for documented production drift (attribute missing where the element exists), it.skip with QUARANTINE for behavior wholly absent (no Escape handler, no timeout logic, no RBAC check, no annotation-status SSE).
• Phase 3 (Code quality): check-banned-deps.mjs has one function per concern (checkPackageJson, checkSourceTree, checkDistTree); test helpers (withUser, wireAuthAndFlights, HeaderHarness, SseConsumer, SseConsumerNoTokenDep) each carry one responsibility and are named for what they do; no bare catches; arrange/act/assert structure preserved across new tests.
• Phase 4 (Security): no new secrets in test fixtures (reuses AZ-457's test-bearer-default); the AZ-482 changes strengthen security posture (more deny-lists enforced; checker is a single source of truth); no eval / shell=True; the check-banned-deps.mjs walks files and runs regex/literal checks only — no execution of test inputs.
• Phase 5 (Performance): fast suite ~4.4 s wall-clock for 57 + 9-skipped tests (was 3 s for 38 + 4 skipped in batch 2 — +1.4 s for 19 new tests; well under 5 min budget). Static profile ~12 s for 22 checks (was 19 in batch 2; +3 from batch 3; STC-T1 + STC-B1 dominate at ~8 s combined and are unchanged). FT-P-32 takes ~1 s due to React Testing Library's default 1 s findByRole timeout while the it.fails() assertion waits — acceptable given the test count.
• Phase 6 (Cross-task consistency): the four tasks touch disjoint subsystems (SSE vs ProtectedRoute vs Header vs deny-list checker). Shared surface = tests/helpers/, tests/fixtures/, tests/msw/ — all consumed read-only. No contract collisions; no duplicate symbols. The withUser() helper in ProtectedRoute.test.tsx is local to that file by design (the role/permission seed-binding logic isn't reused yet — promotable to tests/helpers/auth.ts in a future batch if a third task needs it).
• Phase 7 (Architecture compliance):
  • Test files import only public seams:
    • tests/sse_lifecycle.test.tsx: createSSE (public export of src/api/sse.ts); setToken (testability accessor on src/api/client.ts, landed by AZ-454).
    • src/auth/ProtectedRoute.test.tsx: ProtectedRoute default export; React-router primitives.
    • src/components/Header.test.tsx: Header default export; FlightProvider (public symbol on FlightContext.tsx).
  • No imports of *.internal.* files, no reaching into other components' private files.
  • E2E tests don't import any production modules — Playwright primitives only (consistent with AZ-457's e2e pattern).
  • No new cyclic module dependencies introduced (test files remain leaves in the import graph).

Findings

1. Low / Maintainability / Drift — AZ-468 FT-P-30/31 use it.fails() to track the three missing aria attributes on Header's flight-dropdown trigger (aria-expanded, role=listbox, aria-activedescendant); FT-N-09 is it.skip because the Header has no keydown handler at all. Recommendation: file a follow-up production task (feat(header): flight-dropdown a11y + keyboard-Escape) to flip these three drifts to passing.

2. Low / Maintainability / Drift — AZ-467 FT-P-32 uses it.fails() for missing spinner role + aria attrs; FT-P-33 / FT-N-03 / FT-N-05 are it.skip QUARANTINE because src/auth/ProtectedRoute.tsx has no timeout path and no RBAC gate today. Recommendation: three follow-up production tasks — (a) spinner a11y attributes (role="status", aria-live="polite", localized label); (b) 10 s timeout fallback with retry affordance; (c) requirePermission prop + opt-ins on /admin and /settings routes. The last task is the biggest — the suite already enforces RBAC server-side, so this is defence-in-depth.

3. Low / Maintainability / Drift — AZ-458 AC-2 bearer rotation uses it.fails() because src/features/flights/FlightsPage.tsx:65-68 useEffect deps are [selectedFlight, mode] only (no token). The same drift applies to any future SSE consumer that omits the token dep. Recommendation: lift the bearer reactivity into a useBearer() hook (or take it from useAuth()) and include it in every SSE consumer's useEffect deps. Single follow-up production task.

4. Low / Architecture / Quarantine — AZ-458 FT-P-09/10/NFT-PERF-06 (annotation-status SSE) are it.skip QUARANTINE because src/features/annotations/AnnotationsPage.tsx does not call createSSE today. Recommendation: a Phase B feature task ("annotation-status live updates") to add the subscription. The test shape is already documented in the QUARANTINE comments.

5. Low / Architecture / Interpretation (carried over from batches 1 & 2) — Test helpers (tests/helpers/{render,auth,sse-mock}.ts) and test-only consumer harnesses (SseConsumer, SseConsumerNoTokenDep in tests/sse_lifecycle.test.tsx) import production accessors. Reaffirmed per the batch-1 / batch-2 rule: "Black-box discipline applies to test bodies, not to test setup helpers / composition-root wrappers / consumer-pattern mirrors".

Auto-Fix Attempts: 0

Stuck Agents: None

Files Changed (8)

Created — tests/ (2)

tests/security/banned-deps.json       # AZ-482 deny-list source of truth (7 sections)
tests/sse_lifecycle.test.tsx          # AZ-458 fast — 9 tests (1 skipped)

Created — src/ (1)

src/components/Header.test.tsx        # AZ-468 fast — 6 tests (1 skipped)

Created — e2e/tests/ (2)

e2e/tests/sse_lifecycle.e2e.ts        # AZ-458 e2e — 4 scenarios (1 skipped, 1 expected-fail)
e2e/tests/protected_route.e2e.ts      # AZ-467 e2e — 3 scenarios (2 expected-fail, 1 pass)

Created — scripts/ (1)

scripts/check-banned-deps.mjs         # AZ-482 unified checker (kinds: ml_libs, signature_libs, persistence_libs, ws_graphql_ssr_libs, legacy_integrations, concurrent_edit_patterns, owm_key_in_dist)

Modified (3)

scripts/run-tests.sh                  # Refactor STC-N2/N4/S13/S6 to delegate to check-banned-deps.mjs; add STC-SEC13, STC-SEC14, STC-SEC1B
src/auth/ProtectedRoute.test.tsx      # Extend batch-2 file with AZ-467 describe block (9 new tests; 6 new sentinels/helpers)
_docs/_autodev_state.md               # Batch 3 sub_step pointer + notes

Verification Run (host)

$ bun run test:fast
 ✓ mission-planner/src/test/jsonImport.test.ts (6 tests) 6ms
 ✓ tests/wire_contract.test.ts (11 tests | 2 skipped) 19ms
 ✓ tests/infrastructure.test.ts (5 tests) 37ms
 ✓ tests/sse_lifecycle.test.tsx (9 tests | 1 skipped) 46ms
 ✓ src/api/client.test.ts (9 tests) 74ms
 ✓ tests/i18n.test.tsx (4 tests | 2 skipped) 4ms
 ✓ src/auth/AuthContext.test.tsx (4 tests) 234ms
 ✓ src/components/Header.test.tsx (6 tests | 1 skipped) 236ms
 ✓ src/auth/ProtectedRoute.test.tsx (12 tests | 3 skipped) 1176ms
 Test Files  9 passed (9)
      Tests  57 passed | 9 skipped (66)

$ ./scripts/run-tests.sh --static-only
[run-tests] static profile PASSED — 22/22 checks (was 19 in batch 2; +3 from batch 3)

$ ./scripts/run-tests.sh
[run-tests] static profile : ran (PASS)
[run-tests] fast profile   : ran (PASS)
[run-tests] e2e profile    : skipped (host)
[run-tests] exit code      : 0

E2E profile not exercised in this batch — same Risk 4 as batches 1 and 2 (requires docker compose -f e2e/docker-compose.suite-e2e.yml up -d plus parent-suite :test images). The e2e companion files (e2e/tests/sse_lifecycle.e2e.ts, e2e/tests/protected_route.e2e.ts) will run on the suite stack and exercise the real-wire portions of FT-P-18/19 + NFT-PERF-03 + NFT-RES-02 (AZ-458) and FT-N-03/05 (AZ-467).

Next Batch

Remaining: 18 test-implementation tasks in _docs/02_tasks/todo/:

• AZ-460 (annotation save URL + payload, 2pts)
• AZ-461 (detection endpoints sync/async/long-video, 2pts)
• AZ-462 (overlay window membership, 2pts)
• AZ-463 (flight selection persistence + memory soaks, 3pts)
• AZ-464 (bulk-validate URL + body + UI sync, 2pts)
• AZ-466 (destructive UX + ConfirmDialog + no-alert, 4pts)
• AZ-469 (browser support + responsive variants, 2pts)
• AZ-470 (panel-width debounced PUT + rehydration, 2pts)
• AZ-471 (CanvasEditor draw/resize/multi-select/zoom/pan, 5pts)
• AZ-472 (DetectionClasses load + hotkeys + click + fallback, 3pts)
• AZ-473 (PhotoMode switch + auto-select + yoloId wire, 2pts) — soft dep on AZ-472
• AZ-474 (Tile-split + YOLO parser + auto-zoom + indicator, 3pts)
• AZ-475 (Numeric form hygiene, 2pts)
• AZ-476 (Upload 501 MB → 413 → user-visible error, 2pts)
• AZ-477 (Settings save 500/network resilience, 3pts)
• AZ-478 (Network offline + SSE disconnect + tainted-canvas, 3pts)
• AZ-479 (Bundle ≤2 MB + mission-planner excluded + FCP + soak, 3pts)
• AZ-480 (Prod image nginx:alpine + 500M + 9 routes + edge RAM, 3pts)

All carry Component: Blackbox Tests and Dependencies: AZ-456 (✓ done). Soft cross-dep: AZ-473 needs AZ-472's DetectionClasses fixtures.

Suggested next batch (4 tasks, ~10 pts, dependency-disjoint at the file level): AZ-466 (destructive UX, 4pts — lands the data-destructive marker + <DestructiveButton> wrapper used by other tasks); AZ-475 (numeric form hygiene, 2pts); AZ-462 (overlay window membership, 2pts); AZ-460 (annotation save URL + payload, 2pts).

Recommendation: continue in a new conversation. Batch 3 added 5 new files + 3 new static checks + 19 new fast tests; the next batch will load distinct task specs and ConfirmDialog / overlay / annotations / numeric-form subsystems.