Skip to content

feat(verify): one-command api + adapter conformance (npm-link friendly)#12

Merged
Bccorb merged 4 commits into
mainfrom
wire-adapter-verify
Jun 28, 2026
Merged

feat(verify): one-command api + adapter conformance (npm-link friendly)#12
Bccorb merged 4 commits into
mainfrom
wire-adapter-verify

Conversation

@Bccorb

@Bccorb Bccorb commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

What

seamless verify now stands up the full stack and runs both the API and the cookie (adapter) conformance paths in a single command, designed to work straight after npm link.

npm link              # in seamless-cli
seamless verify       # builds stack → runs api + adapter → tears down
seamless verify --api-only
seamless verify --filter=magic
seamless verify --keep-up

Heads up — this also re-delivers adapter work that #11 missed

PR #11 was created from a stale remote branch, so it merged only the compose dev-mode/issuer change — the harness adapter app and the two cookie conformance cases were never pushed and are not on main. This PR includes them (verify/adapter-app/, the adapter Playwright project) along with the command wiring.

Command changes

  • Default SEAMLESS_API_DIR to the sibling seamless-auth-api checkout (override via env); dropped the obsolete SEAMLESS_ADAPTER_DIR requirement (the adapter is built from verify/adapter-app).
  • down -v before up for a deterministic system_config seed — so LOGIN_METHODS (made authoritative by seamless-auth-api#48) enables email_otp automatically; the adapter login path needs no manual setup.
  • Bring up the full stack and run both Playwright projects; --api-only skips the adapter.
  • Ship verify/ in the published files so a published CLI carries the harness.

Verified

Ran via the npm link'd binary end-to-end: 8/8 passing (6 api + 2 adapter), then clean teardown.

✔ auth-api healthy   ✔ adapter healthy
8 passed (3.2s)
✔ Conformance passed.

Follow-up (not in this PR)

Magic-link via the adapter has a known device-binding 403 on poll (narrowed to a likely user-agent-forwarding difference) — under investigation, not yet covered.

Bccorb added 4 commits June 28, 2026 15:11
…ter, wip)

- adapter-app: a minimal adopter backend that mounts the real @seamless-auth/express
  with capture handlers, so the harness can read OTP/magic-link codes the adapter
  strips before responding to the browser
- compose: build the adapter from adapter-app (drops the starter-express dependency
  and its app DB)

WIP: the cookie bridge (register -> seamless-ephemeral) and code capture are verified
end-to-end. Session-completion flows still need work: the adapter establishes sessions
on verify-login-otp / magic-link-poll (not registration verify), login OTP is gated by
stale seeded login_methods, and magic-link poll hits device-binding 403 through the
adapter. Tracking next.
…gin green

Proves the cookie bridge end-to-end through the real @seamless-auth/express:
register -> verify email -> login OTP -> seamless-access/refresh cookies ->
authenticated /users/me (200). Codes come from the harness adapter app's
/__captured (the adapter strips them from browser responses).

- lib/adapterFlows.ts, newAdapterActor + adapterActor fixture, adapter/emailOtpLogin.spec
- Requires email_otp enabled in login_methods. The verify command must set this:
  LOGIN_METHODS env is ignored because a migration hard-seeds login_methods and
  bootstrapSystemConfig skips existing rows (filed separately). Magic-link via the
  adapter is still blocked by a poll device-binding 403 (under investigation).
Cookie path: after login, DELETE /auth/logout returns 204 and clears the session;
a subsequent /users/me is no longer authenticated.
…friendly

- default SEAMLESS_API_DIR to the sibling seamless-auth-api checkout (override
  via env); drop the obsolete SEAMLESS_ADAPTER_DIR requirement
- down -v before up for a deterministic config seed (LOGIN_METHODS now honored)
- bring up the full stack and run both the api and adapter Playwright projects;
  --api-only skips the adapter
- ship verify/ in the published package
@Bccorb Bccorb merged commit c137e06 into main Jun 28, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant