test: add verification, fuzzing, and cross-browser E2E coverage

[jahrulezfrancis]

Summary

Implements testing, verification, and fuzzing coverage for four issues:

• [Testing, Verification & Fuzzing] Precise Boundary Tests for Rate-Limit Windows #728 — Precise boundary tests for rate-limit windows (GCRA leaky bucket, fixed INCR+EXPIRE, sandbox guard, Rust sliding window)
• [Testing, Verification & Fuzzing] Congestion Simulator for Dynamic Fee Assertions #731 — Congestion simulator that drives FeeManager with mock Horizon fee_stats and asserts Node/Rust fee-bump parity
• [Testing, Verification & Fuzzing] Cross-Browser E2E Tests for Admin Dashboard #722 — Playwright cross-browser E2E for admin dashboard (auth, settings, tables) across Chromium, Firefox, WebKit, and mobile viewports
• [Testing, Verification & Fuzzing] Fuzz Test the Transaction XDR Parser #718 — cargo-fuzz targets for the transaction XDR parser (parse_xdr_from_bytes, parse_xdr, validate_xdr_input)

Also fixes a pre-existing auth.ts syntax error and adds a TelemetryConsentSettings stub required for the admin dashboard to build during E2E.

Changes by area

server/

File	Purpose
src/utils/gcraLeakyBucket.ts	Shared GCRA + fixed-window pure functions
src/utils/gcraBoundary.test.ts	Window boundary unit tests (59s/60s rollover)
src/utils/redisRateLimitStore.test.ts	Fixed-window store boundary tests
src/middleware/sandboxGuard.boundary.test.ts	Sandbox rate limit boundary tests
src/utils/feeParity.ts	Rust fee formula mirror + congestion scenarios
src/utils/feeParity.test.ts	Parity unit tests
src/verification/congestionFeeSimulator.ts	Runnable congestion simulator
src/middleware/rateLimit.ts	Refactored to use shared GCRA helper

admin-dashboard/

File	Purpose
playwright.config.ts	Cross-browser project matrix + webServer + globalSetup
e2e/auth.spec.ts	Login, redirect, invalid credentials, authenticated session
e2e/settings.spec.ts	Settings form fields and save/reset
e2e/tables.spec.ts	Table preview and admin preview routes
e2e/global-setup.ts	Auth storageState persistence
auth.ts	Fix duplicate NextAuth export / syntax error
components/dashboard/TelemetryConsentSettings.tsx	Stub to fix missing module build error

fluid-server/

File	Purpose
src/lib.rs	Export xdr module for fuzz harnesses
src/main.rs	Re-export fluid_server::xdr
src/rate_limiter.rs	Sliding-window boundary tests
fuzz/	Three cargo-fuzz targets for XDR parsing

docs/

• rate-limit-boundary-tests.md
• congestion-fee-simulator.md
• cross-browser-e2e-admin-dashboard.md
• xdr-fuzz-testing.md
• verification-testing-fuzzing-report.md

Test plan

• Rate-limit boundary tests: cd server && pnpm exec vitest run gcraBoundary redisRateLimitStore sandboxGuard.boundary
• Fee parity tests: cd server && pnpm exec vitest run feeParity
• Congestion simulator: cd server && npm run congestion:simulate (4/4 scenarios pass)
• Playwright E2E (Chromium): cd admin-dashboard && npx playwright test --project=chromium e2e/auth.spec.ts e2e/tables.spec.ts (8 passed)
• Playwright full matrix: cd admin-dashboard && npx playwright install --with-deps chromium firefox webkit && npm run test:e2e
• Rust rate limiter: cd fluid-server && cargo test rate_limiter (requires C linker)
• XDR fuzz: cd fluid-server && cargo +nightly fuzz run fuzz_parse_xdr_from_bytes -- -max_total_time=30 (requires nightly + cargo-fuzz)

Verification output

Closes #728
Closes #731
Closes #722
Closes #718

[drips-wave]

@jahrulezfrancis Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits