Skip to content

test: COD-30 stabilize focused and perf browser tests#108

Merged
Ark0N merged 2 commits into
Ark0N:masterfrom
aakhter:cod-30-test-ci-stability
Jun 8, 2026
Merged

test: COD-30 stabilize focused and perf browser tests#108
Ark0N merged 2 commits into
Ark0N:masterfrom
aakhter:cod-30-test-ci-stability

Conversation

@aakhter

@aakhter aakhter commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Summary

  • clear shell-level Codeman auth env from Vitest setup so integration tests do not inherit a running local server's auth configuration
  • update focused test expectations for current route status codes and lifecycle broadcast semantics
  • update mobile keyboard test expectations for the simple-mode accessory actions
  • measure browser DOMContentLoaded using browser navigation timing instead of Playwright wall-clock overhead

Verification

  • npm test -- test/operation-lightspeed.test.ts test/ralph-integration.test.ts test/session-manager.test.ts
  • timeout 90s npm test -- test/mobile/keyboard.test.ts
  • timeout 60s npm test -- test/perf-browser.test.ts -t "DOMContentLoaded fires within threshold"
  • npm run typecheck

Notes

  • Server boot smoke and route harness fixes are already present in upstream as existing commits, so this PR carries only the remaining missing COD-30 test stability deltas.
  • Full perf-browser baseline was not used as the gate because it timed out in this environment; the changed perf behavior is covered by the targeted DOMContentLoaded test.

Jira: COD-30

@Ark0N Ark0N merged commit 1316725 into Ark0N:master Jun 8, 2026
1 check passed
Ark0N added a commit that referenced this pull request Jun 8, 2026
@Ark0N @claude
chore: release 0.9.0 — security hardening + warn-don't-block network …
a8e0e2a 
…policy

Release 0.9.0 covering the merged security/reliability PRs (#106 deps/
supply-chain, #107 auth/network, #108 test stability, #110 tmux cwd) plus:

- Network policy: a non-loopback bind without CODEMAN_PASSWORD now STARTS
  with a loud warning (3 ways to secure) instead of refusing to start.
  Loopback stays the safe default. --allow-unauthenticated-network just
  acknowledges (terser note). (src/web/server.ts start())
- Post-install security note explaining the loopback default + safe exposure.
- New docs/security-architecture.md documenting the full model (binding,
  auth pipeline, tunnel req.ip caveat, file-serving, supply-chain, isolation,
  recommended setups). CLAUDE.md Security section + gotcha updated.
- Updated auth-security test: asserts warn-and-start (not throw).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aakhter @Ark0N