Skip to content

fix(e2e): green prod LIVE suite — fingerprint bypass + real CLI-poll contract#175

Merged
mastermanas805 merged 1 commit into
mainfrom
fix/e2e-prod-green
Jun 5, 2026
Merged

fix(e2e): green prod LIVE suite — fingerprint bypass + real CLI-poll contract#175
mastermanas805 merged 1 commit into
mainfrom
fix/e2e-prod-green

Conversation

@mastermanas805

Copy link
Copy Markdown
Member

What

Makes the prod LIVE E2E workflow (e2e-prod.yml) go GREEN against api.instanode.dev. The endpoint mint/reap + auth specs already pass; this closes the two remaining failure classes plus the workflow env wiring.

Fixes

ISSUE 1 — anon provisions 402 free_tier_recycle_requires_claim. Prod does NOT trust X-Forwarded-For, so the runner's many anon provisions share ONE real fingerprint (rule 6) and trip the free-tier recycle gate. The api's real bypass is the X-E2E-Test-Token header (api internal/middleware/fingerprint.go). Added a shared anonProvisionHeaders() helper in cohort.ts that:

  • sends X-E2E-Test-Token: $E2E_TEST_TOKEN when the secret is set (the only thing that gets past prod's gate),
  • keeps a unique X-Forwarded-For (harmless; varies the fingerprint on staging/local where the proxy is trusted).

Wired into every anonymous provision: live-anon-provision, live-provision-smoke, live-claim-deploy (provisionAnonCache), live-auth (provisionAndClaim). Every anon provision now also sends a cohort-branded name (required by /db/new & /vector/new per CLAUDE.md; harmless + cohort-tagging on the rest). Per-service expected-scheme assertions are unchanged and still hold.

ISSUE 2 — CLI device-flow poll assertion. The real prod contract for the pre-approval poll (verified against api.instanode.dev) is HTTP 202 {ok:true, pending:true} — there is NO status field. Assertion now checks ok===true + pending===true (and still asserts no api_token pre-approval).

ISSUE 3 — workflow env. The run step now exports E2E_TEST_TOKEN: ${{ secrets.E2E_TEST_TOKEN }} so the specs can read the bypass token.

Verification

  • Real prod probe confirmed pre-approval poll returns {"ok":true,"pending":true} (HTTP 202).
  • npm run gate GREEN (tsc --noEmit + build + vitest: 80 files / 1115 tests pass, 3 skipped). Mocked suite untouched.

🤖 Generated with Claude Code

…contract

Prod doesn't trust X-Forwarded-For, so the runner's anon provisions shared
one fingerprint and tripped the free-tier recycle gate (402
free_tier_recycle_requires_claim). Add the api's X-E2E-Test-Token bypass
(api internal/middleware/fingerprint.go) on every anonymous provision via a
shared anonProvisionHeaders() helper, gated on E2E_TEST_TOKEN, and always
send a cohort name (required by /db & /vector, harmless elsewhere).

Also fix the CLI device-flow poll assertion to the REAL prod contract:
pre-approval returns HTTP 202 {ok:true, pending:true} (no `status` field).

Workflow exports E2E_TEST_TOKEN to the run step.

Files: cohort.ts (helper), live-anon-provision / live-provision-smoke /
live-claim-deploy / live-auth specs, e2e-prod.yml.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mastermanas805
mastermanas805 enabled auto-merge (squash) June 5, 2026 05:27
@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

size-limit report 📦

Path Size
dist/assets/index-902QtfQT.js 161.98 KB (0%)
dist/assets/index-BsJUZYRr.css 6.13 KB (0%)

@mastermanas805
mastermanas805 merged commit e7757c9 into main Jun 5, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant