5 Commits

Author	SHA1	Message	Date
will.anderson	c6fd06b3de	Fix Stripe CDN mock override and free-plan sync guards in E2E tests ... - Block real Stripe CDN (js.stripe.com) in injectMockStripe() so the addInitScript mock is never overwritten by the async-loaded SDK - Replace waitForFunction(signUpWithEmail) with waitForLoadState in all 8 free-plan auth tests; defer scripts run before DOMContentLoaded so the function is guaranteed present without polling for it	2026-05-11 09:54:55 -05:00
will.anderson	61f006f62d	Fix CI JS corruption from obfuscator stdout; clean up flaky test guards ... - Strip [javascript-obfuscator-cli] progress line from elc --obfuscate output before writing to dist/js/ (was prepended to every compiled JS file, causing browser parse errors on stage) - Remove spurious waitForFunction(signUpWithEmail) guards from buyer-name and buyer-email structural tests (pure DOM tests, no auth) - Switch chat.spec.ts beforeEach to domcontentloaded (SSR elements present at DOM ready; networkidle caused cold-start timeouts)	2026-05-11 08:19:30 -05:00
will.anderson	c966f2b455	implement free plan age verification via Stripe SetupIntent; personalize soul demo greeting with user name and timezone	2026-05-11 02:03:39 -05:00
will.anderson	dbb8035698	Add comprehensive checkout + Stripe payment flow tests ... - checkout-flows.spec.ts: 60 tests covering all 3 plan variants (free/ professional/founding), auth section visibility, form validation, sign-in/sign-up toggle, mocked Supabase auth flows (sign-up, email- confirm-required, existing session, sign-in error), DOM transitions (auth-section → payment-section, free-success panel), auth badge content + email pre-fill, /api/checkout and /api/supabase-config endpoint contracts, CORS enforcement - checkout-stripe.spec.ts: 45 tests covering Stripe.js presence, NEURON_CFG shape, submit-btn disabled state, founding attestation checkbox + attest-warn guard, professional charge timing radios, setup_mode label, mocked full Stripe payment flow via addInitScript + /api/payment-intent intercept, submit validation (name/email), decline handling, sold-out guard, /api/payment-intent /api/link- customer /api/attest /api/founding-count endpoint contracts, and live test-card flows (skipped unless STRIPE_LIVE=1) Mocking strategy: page.route() for /api/supabase-config + Supabase auth endpoints; addInitScript() for window.Stripe mock; localStorage pre-seeding for existing-session tests.	2026-05-11 01:18:37 -05:00
will.anderson	cac7bd5727	test: full Playwright + API test suite for stage ... 159 tests across three Playwright projects (api, chromium, mobile): - tests/api/security.test.ts: security headers, CORS on /api/supabase-config (origin allowlist enforced), auth gate on /api/demo, Stripe webhook signature enforcement, source file leakage, path traversal, input validation (8000-char message cap) - tests/api/endpoints.test.ts: /api/health, /api/founding-count shape invariants, /api/supabase-config JWT shape, sitemap.xml, robots.txt, /llms.txt, /api/soul-health internal gate, 404 for unknown routes - tests/e2e/landing.spec.ts: title, h1 count, meta description, OG tags, canonical (no stage leak), JSON-LD schema, demo widget DOM presence, JS error filtering (known GTM/CSP noise excluded) - tests/e2e/seo.spec.ts: per-page title patterns, noindex on checkout, canonical URLs, sitemap production-URL enforcement - tests/e2e/checkout.spec.ts: all three plan variants, auth section, payment element, canonical - tests/e2e/chat.spec.ts: widget DOM structure, auth gate (send button disabled without session), API-level auth rejection - tests/e2e/navigation.spec.ts: all public routes return 200, 404s for removed/old paths (/terms, /enterprise-terms, /gallery), static files All 159 pass against stage. CI step added to stage.yaml after smoke test.	2026-05-11 00:28:33 -05:00