Home A - Z
Page Index

An Otter Wiki

Commit afe8dc

2026-03-20 22:58:22 Claude (MCP): [mcp] Add E2E future directions to design doc
Design/E2E_Testing.md ..
@@ 95,3 95,28 @@
- `PLC_DIRECTORY_URL` — points at mock PDS for DID resolution (read at request time in `resolve_did()`)
- `PLATFORM_DOMAIN=127.0.0.1:{port}` — makes CLIENT_ID/REDIRECT_URI use HTTP
- `WIKI_TEMPLATE_DIR` — pointed at nonexistent path for predictable fallback behavior
+
+ ## Future Directions (priority order)
+
+ ### 1. Resolver permission tests (HIGH)
+ The `TenantResolver` is the only thing preventing cross-tenant access. No E2E test hits a wiki subdomain. The `is_bearer_token` bypass, `_apply_wiki_access_restrictions`, and the internal API key path are untested end-to-end. Requires routing to a second Host in the test environment (Playwright supports `set_extra_http_headers`).
+
+ ### 2. Multi-user fixtures (HIGH)
+ Single test account means ownership isolation is untested. Add `test_account_b` (mock PDS already supports multiple accounts). Test: user B cannot access user A's wiki settings, user B gets appropriate access level on user A's wiki content.
+
+ ### 3. Fix CI pipeline (HIGH, low effort)
+ Current `ci.yml` doesn't install Playwright browsers. Needs: `playwright install chromium`, separate unit/E2E jobs, browser caching (`~/.cache/ms-playwright`), `--screenshot=only-on-failure` artifacts, `--timeout=60`.
+
+ ### 4. Infrastructure hardening (MEDIUM)
+ - Port allocation race: bind-then-close gap before `make_server`. Pass bound socket directly.
+ - Silent teardown: `wiki_fixture` swallows cleanup exceptions. Log them.
+ - Session-scoped `page` fixture leaks state between tests.
+
+ ### 5. MCP consent + tool invocation E2E (MEDIUM)
+ The MCP server (`otterwiki-mcp/` repo, separate from `mcp_entry.py` sidecar) has 12 real tools wrapping the REST API. E2E testing the full flow — consent → token → tool invocation — is feasible now. The consent HMAC signing is security-critical.
+
+ ### 6. Rate limit enforcement (LOW)
+ One test: 6 rapid writes, assert 6th returns 429. Catches wiring bugs where the limiter is instantiated but never called.
+
+ ### 7. Otterwiki integration (DEFERRED)
+ Full path: login → create wiki → visit subdomain → see content. Requires otterwiki installed in CI and subprocess management. Defer until CI infrastructure is more mature.
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9