category: design

tags: [testing, playwright, e2e, infrastructure]

last_updated: 2026-03-19

End-to-end testing for robot.wtf using Playwright and a mock ATProto PDS.

**Branch**: `feat/e2e-tests` on `robot.wtf` repo (4 commits)

**4 passing tests** in `tests/e2e/test_login_flow.py`:

1. Login page loads

2. Client metadata endpoint serves valid ATProto OAuth metadata

3. Full OAuth login flow (mock PDS → PAR → consent → callback → cookie)

4. Logout clears cookie

**Infrastructure built**:

- `tests/e2e/mock_pds.py` — In-process mock ATProto PDS (OAuth endpoints, account creation, DID docs)

- `tests/e2e/conftest.py` — Fixtures for PDS (mock or Docker), test account, key generation, auth server in background thread, Playwright browser context

- `tests/e2e/docker-compose.yml` — Real PDS for CI environments with Docker

- `.github/workflows/e2e.yml` — CI workflow

- Production code changes gated by `ALLOW_HTTP_PDS` env var (requires `FLASK_ENV=testing`, raises RuntimeError otherwise)

**Partially written test files** (on branch, need fixtures):

- `tests/e2e/test_wiki_lifecycle.py` — 4 tests written by Agent B

- `tests/e2e/test_account.py` — 4 tests written by Agent C (MCP consent test marked skip)

Server consolidation (see [[Design/Server_Consolidation]]). The auth_server and api_server are separate Flask apps on different ports. This causes:

- Cookie cross-port sharing failures

- SQLite threading issues with two in-process Flask servers

- An implementation agent burned its entire context trying to work around this

Once auth + api are merged into a single Flask app, the E2E fixtures simplify dramatically.

The `auth_server` fixture currently starts only the auth Flask app. Post-consolidation, it starts the single platform app, which serves both `/auth/*` and `/app/*` routes. Rename to `platform_server` or just `server`.

No `management_server` fixture needed — it's the same app.

No cross-port cookie injection needed — same origin.

**`authenticated_page`** (function-scoped):

- Logs in via mock PDS OAuth flow

- Returns a Playwright page with valid `platform_token` cookie

- Cookie works for all routes (same origin)

**`wiki_fixture`** (function-scoped):

- Creates a wiki directly in DB + filesystem (bypasses route to avoid tier limits)

- Calls `WikiModel.create()` + `_init_wiki_repo()` + `_init_wiki_db()`

- Cleans up wiki dir + DB row after test

**`destructive_page`** (function-scoped):

- Separate browser context for tests that destroy state (account deletion, wiki deletion)

- Prevents cookie/state pollution to other tests

- **Auto-redirect when authenticated**: Visit `/auth/login` with valid cookie → redirects to `/app/`

- **Return-to URL preservation**: `return_to` parameter survives the full OAuth redirect chain

- **Login with DID**: Login using DID instead of handle (may be redundant with existing test_oauth_login — check)

- **Wiki creation form**: Fill slug/name → submit → redirect to settings → MCP token visible

- **Wiki settings update**: Change display_name → flash message → persists on reload

- **Wiki deletion with confirmation**: Expand danger zone → confirm slug → delete → flash

- **MCP token regeneration**: Click regen → JS confirm dialog → new token in flash

- **Account page renders**: Displays DID, handle, created_at from JWT claims

- **Account deletion**: Confirm handle → cookie cleared → cascading wiki delete

- **Account deletion wrong confirmation**: Wrong handle → stays on page → error flash

- **MCP consent page renders**: Consent page shows client info, wiki name, approve/deny buttons

Agent B's `test_wiki_lifecycle.py` and Agent C's `test_account.py` were written against fixture signatures that may differ from the simplified post-consolidation conftest. Review and update selectors/fixture names before running.

All 15 tests (4 existing + 11 new) should pass. Run unit tests too to verify no regressions.

The mock PDS (`tests/e2e/mock_pds.py`) implements:

- `POST /xrpc/com.atproto.server.createAccount` — creates test accounts with `did:plc:` DIDs

- `POST /xrpc/com.atproto.server.createSession` — handles re-use of existing accounts

- `GET /.well-known/oauth-authorization-server` — AS metadata

- `GET /.well-known/oauth-protected-resource` — protected resource metadata

- `POST /oauth/par` — Pushed Authorization Request

- `GET/POST /oauth/authorize` — Login + consent form (simple HTML, not React SPA)

- `POST /oauth/token` — Token exchange (skips PKCE verification)

- `GET /did:plc:*` — DID document serving (acts as PLC directory)

All on `127.0.0.1` to avoid IPv6 resolution issues.

- `ALLOW_HTTP_PDS=true` — relaxes SSRF protections for loopback HTTP (guarded by `FLASK_ENV=testing`)

- `PLC_DIRECTORY_URL` — points at mock PDS for DID resolution

- `PLATFORM_DOMAIN=127.0.0.1:{port}` — makes CLIENT_ID/REDIRECT_URI use HTTP

- `WIKI_TEMPLATE_DIR` — pointed at nonexistent path for predictable fallback behavior

Conftest has a 3-tier fallback: external PDS already running → Docker Compose → in-process mock. CI with Docker gets the real PDS; devcontainers without Docker get the mock. The mock is sufficient for all current tests.