Skip to content

test(e2e): add chat acceptance bundle#412

Merged
DeliciousBuding merged 1 commit into
dev/delicious233from
task/389-chat-acceptance-gate
Jun 29, 2026
Merged

test(e2e): add chat acceptance bundle#412
DeliciousBuding merged 1 commit into
dev/delicious233from
task/389-chat-acceptance-gate

Conversation

@DeliciousBuding

@DeliciousBuding DeliciousBuding commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add a Node-based focused chat acceptance bundle that runs shared chat unit coverage, Desktop/Web Playwright chat-flow gates, and Desktop/Web Visual QA gates.
  • Expose the bundle through app package script and focused Desktop/Web package scripts.
  • Add a Node contract verifier for the bundle manifest shape, row coverage, redaction, and evidence boundaries.
  • Record the durable rule that cross-platform frontend acceptance/Visual QA aggregation should use Node/TypeScript runners; PowerShell remains for Windows/Tauri/release/sidecar gates.

Task Issue

Closes #389

S.U.P.E.R Review

  • Single Purpose: chat acceptance is one Node runner that aggregates existing focused gates instead of adding duplicate behavior tests.
  • Ports over Implementation: the output is a stable JSON manifest with evidence levels and boundary fields.
  • Replaceable Parts: Desktop/Web/shared gates remain separate commands and can be replaced without changing the manifest contract.

Tests

  • node --check scripts/verify/chat-acceptance.mjs
  • node tests/contract/scripts/verify-chat-acceptance.mjs --repo-root .
  • corepack.cmd pnpm --dir app install --frozen-lockfile --prefer-offline
  • node scripts/verify/chat-acceptance.mjs --repo-root . --command-timeout-sec 420 - passed 5/5
  • corepack.cmd pnpm --dir app run test:acceptance:chat-flow -- --command-timeout-sec 420 - passed 5/5
  • pwsh ./scripts/verify/verify-doc-ssot.ps1
  • pwsh ./scripts/verify/verify-project-skills.ps1
  • pwsh ./scripts/verify/verify-real-e2e-contract.ps1
  • git diff --check

Evidence Boundary

  • real_tested=false.
  • Evidence levels: fixture-unit, playwright-ui, visual-qa.
  • No real TokenDance ID login, no real CLI/model/API execution, no production Hub dispatch, no packaged Tauri/Desktop installer, no signing, no release upload.

Manifest Evidence

Latest local manifest status: passed; rows passed: 5/5; generated by app package script at .tmp/chat-acceptance/run-46648/chat-acceptance-manifest.json.

Project Governance

  • AGENTS.md updated to avoid growing large PowerShell scripts for cross-platform frontend acceptance gates.
  • docs/progress/MASTER.md updated for T4.1 implementation state.

Summary by CodeRabbit

  • New Features

    • Added a new one-command chat acceptance check that bundles end-to-end and visual verification into a single workflow.
    • Made the chat-flow acceptance command available across desktop, web, and shared app tooling.
  • Tests

    • Added validation for the new acceptance workflow and its generated results.
    • Improved reporting so the verification output includes clear status and evidence for each step.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a Node.js chat-acceptance.mjs runner that executes shared unit tests, Desktop/Web Playwright, and Desktop/Web Visual QA as gated steps, records results, redacts secrets, and writes a JSON manifest. Wires a test:acceptance:chat-flow script into app, app/desktop, and app/web package.json files. Adds a contract test and an AGENTS.md rule restricting PowerShell to OS-specific gates.

Chat Acceptance Gate

Layer / File(s) Summary
chat-acceptance.mjs runner
scripts/verify/chat-acceptance.mjs
New 316-line Node.js script: parses CLI args, runs each acceptance gate via runGate/runCommand with spawn+timeout+SIGKILL escalation, redacts secrets from captured output, and writes chat-acceptance-manifest.json with per-gate rows, evidence levels, boundary flags, and overall status.
Package script entries and AGENTS.md rule
app/package.json, app/desktop/package.json, app/web/package.json, AGENTS.md
Adds test:acceptance:chat-flow to all three package.json files; adds an AGENTS.md rule mandating Node/TypeScript runners for frontend acceptance aggregation and restricting PowerShell to OS-specific/release gates.
Contract test
tests/contract/scripts/verify-chat-acceptance.mjs
105-line contract test: invokes the runner with all gates skipped, asserts manifest schema/status/real_tested=false/boundary flags, validates secret redaction, checks package.json script entries, and cleans up temp artifacts.
Progress log
docs/progress/MASTER.md
Adds a T4.1 session log row documenting the Node-based chat acceptance bundle and real_tested=false status.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

  • TokenDanceLab/AgentHub#395: Introduced buildChatFlowEvidenceManifest / validateChatFlowEvidenceManifest schema that this PR's chat-acceptance-manifest.json output and contract test assertions are validated against.

Poem

🐇 A rabbit hops through gates one by one,
Playwright and Visual QA, all under the sun.
Secrets are redacted, manifests are sealed,
PowerShell stays gated, Node.js revealed.
The chat flow is tested, the bundle is done! 🎉

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title is concise and accurately describes the new chat acceptance bundle.
Linked Issues check ✅ Passed The PR matches #389 by adding the focused bundle, coverage, evidence/exclusion reporting, and the verifier/tests.
Out of Scope Changes check ✅ Passed The docs and governance updates align with the stated PR objectives and do not appear unrelated.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch task/389-chat-acceptance-gate

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/verify/chat-acceptance.mjs`:
- Around line 198-200: The Windows cmd.exe invocation built in the
chat-acceptance runner is not safely escaped, so special characters can be
re-parsed by cmd.exe. Update the command construction in the logic around
spawnCommand/spawnArgs and the helper that feeds quoteArg to either use proper
cmd-safe escaping for all shell metacharacters or avoid assembling a single /c
string altogether. Make sure the fix covers every place that builds the Windows
command line so paths containing &, ^, %, (, or ) are handled correctly.

In `@tests/contract/scripts/verify-chat-acceptance.mjs`:
- Around line 44-74: The current test only covers the all-gates-skipped path, so
it never exercises the redaction logic in verify-chat-acceptance.mjs. Update the
test around spawnSync and the manifest assertions to run at least one real gate
with a controlled fake corepack on PATH that emits secret-like text, then verify
the output produced by shortenText() / redactSecretLike() contains redacted
markers and does not include raw Authorization or client_secret values.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: f3cba9b6-0cc1-4b25-9c68-bd8e4ee84fb1

📥 Commits

Reviewing files that changed from the base of the PR and between 6177ccd and 0f5b4f2.

📒 Files selected for processing (7)
  • AGENTS.md
  • app/desktop/package.json
  • app/package.json
  • app/web/package.json
  • docs/progress/MASTER.md
  • scripts/verify/chat-acceptance.mjs
  • tests/contract/scripts/verify-chat-acceptance.mjs

Comment on lines +198 to +200
const spawnCommand = process.platform === 'win32' ? process.env.ComSpec ?? 'cmd.exe' : command;
const spawnArgs = process.platform === 'win32'
? ['/d', '/s', '/c', [command, ...commandArgs].map(quoteArg).join(' ')]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

Escape the Windows cmd.exe /c string (scripts/verify/chat-acceptance.mjs:198-200, 262-264). quoteArg() only covers spaces and " here, so a path containing &, ^, %, (, or ) can be re-parsed by cmd.exe and break the runner on Windows. Use cmd-safe escaping or avoid building a single /c string.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/verify/chat-acceptance.mjs` around lines 198 - 200, The Windows
cmd.exe invocation built in the chat-acceptance runner is not safely escaped, so
special characters can be re-parsed by cmd.exe. Update the command construction
in the logic around spawnCommand/spawnArgs and the helper that feeds quoteArg to
either use proper cmd-safe escaping for all shell metacharacters or avoid
assembling a single /c string altogether. Make sure the fix covers every place
that builds the Windows command line so paths containing &, ^, %, (, or ) are
handled correctly.

Comment on lines +44 to +74
const outputPath = path.join(tmpRoot, 'chat-acceptance-manifest.json');
const run = spawnSync(process.execPath, [
scriptPath,
'--repo-root', repoRoot,
'--artifact-root', tmpRoot,
'--output-path', outputPath,
'--skip-shared-unit',
'--skip-desktop-playwright',
'--skip-web-playwright',
'--skip-desktop-visual-qa',
'--skip-web-visual-qa',
], { cwd: repoRoot, encoding: 'utf8' });
assert(run.status === 0, 'runner can write manifest with all rows skipped', `${run.stdout}\n${run.stderr}`);
assert(fs.existsSync(outputPath), 'runner writes output manifest');

if (fs.existsSync(outputPath)) {
const jsonText = fs.readFileSync(outputPath, 'utf8');
const json = JSON.parse(jsonText);
assert(json.schema === 'agenthub.chat_acceptance_bundle.v1', 'manifest schema is explicit');
assert(json.status === 'skipped', 'manifest records skipped status when no gates ran');
assert(json.real_tested === false, 'manifest records real_tested=false');
assert(json.boundaries.real_tokendance_id_login === false, 'manifest records no real login');
assert(json.boundaries.real_cli_or_model_api === false, 'manifest records no real CLI/model/API');
assert(json.boundaries.packaged_desktop === false, 'manifest records no packaged Desktop');
assert(json.rows.filter((row) => row.name === 'shared-chat-unit' && row.evidence_level === 'fixture-unit').length === 1, 'manifest has shared unit row');
assert(json.rows.filter((row) => row.name === 'desktop-chat-playwright' && row.evidence_level === 'playwright-ui').length === 1, 'manifest has Desktop Playwright row');
assert(json.rows.filter((row) => row.name === 'web-chat-playwright' && row.evidence_level === 'playwright-ui').length === 1, 'manifest has Web Playwright row');
assert(json.rows.filter((row) => row.name === 'desktop-chat-visual-qa' && row.evidence_level === 'visual-qa').length === 1, 'manifest has Desktop Visual QA row');
assert(json.rows.filter((row) => row.name === 'web-chat-visual-qa' && row.evidence_level === 'visual-qa').length === 1, 'manifest has Web Visual QA row');
assert(!/sk-[A-Za-z0-9]|client_secret|Authorization:\s*Bearer/.test(jsonText), 'manifest is redacted');
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

This never verifies the redaction path.

Lines 50-54 skip every gate, so the emitted manifest only contains skip reasons; the shortenText() / redactSecretLike() branch in scripts/verify/chat-acceptance.mjs never runs. A redaction regression would still pass this test. Please run at least one gate through a controlled fake corepack on PATH that prints Authorization: Bearer ... or client_secret=..., then assert the manifest contains the redacted markers instead of the raw secret.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/contract/scripts/verify-chat-acceptance.mjs` around lines 44 - 74, The
current test only covers the all-gates-skipped path, so it never exercises the
redaction logic in verify-chat-acceptance.mjs. Update the test around spawnSync
and the manifest assertions to run at least one real gate with a controlled fake
corepack on PATH that emits secret-like text, then verify the output produced by
shortenText() / redactSecretLike() contains redacted markers and does not
include raw Authorization or client_secret values.

@DeliciousBuding DeliciousBuding merged commit 50df294 into dev/delicious233 Jun 29, 2026
21 checks passed
@DeliciousBuding DeliciousBuding deleted the task/389-chat-acceptance-gate branch June 29, 2026 02:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant