Skip to content

docs: plan for authenticated E2E testing with local Supabase#84

Open
neonwatty wants to merge 2 commits intomainfrom
claude/improve-workflow-testing-yYwis
Open

docs: plan for authenticated E2E testing with local Supabase#84
neonwatty wants to merge 2 commits intomainfrom
claude/improve-workflow-testing-yYwis

Conversation

@neonwatty
Copy link
Copy Markdown
Collaborator

@neonwatty neonwatty commented Feb 28, 2026

Summary

  • Adds a detailed implementation plan for authenticated E2E testing against local Supabase in CI
  • Replaces the current fake-auth-cookie approach with real Playwright globalSetup + storageState fixtures
  • Plan was refined through a 4-agent review (CI/Infrastructure, Security, Test Architecture, DX/Codebase Auditor)

Key decisions in the plan

  • globalSetup config key (not a setup project) for auth user creation + browser login
  • @auth Playwright tags for test organization (not *.auth.spec.ts suffix)
  • Local-only safety guard — refuses to run against production Supabase
  • Cross-user rejection tests for ownership enforcement (API routes use service role, so RLS isn't exercised directly)
  • globalTeardown to clean up test parties on local dev
  • multi-user-realtime.spec.ts migration is required (not optional)
  • 15s REALTIME_TIMEOUT with "2 watching" sync gate pattern

No code changes

This PR is a planning document only (docs/plan-authenticated-e2e-testing.md). Implementation will follow in separate PRs.

Test plan

  • Review plan for completeness and feasibility
  • Confirm alignment with CI infrastructure (local Supabase, sharding, env vars)
  • Validate that the globalSetup approach works with Playwright's sharding model

claude and others added 2 commits February 28, 2026 17:30
@claude
docs: add implementation plan for authenticated E2E testing
85c9bd7 
Detailed plan for enabling E2E tests to authenticate as real users
against local Supabase in CI, replacing the current mock-auth-token
bypass with proper storageState-based auth fixtures.

https://claude.ai/code/session_019zvMDb67aYA7ndSFuLubhg
@neonwatty
docs: refine authenticated E2E testing plan based on 4-agent review
136763a 
Incorporate feedback from CI/Infrastructure, Security, Test Architecture,
and DX/Codebase Auditor reviews:

- Fix production safety guard (localhost:54321 check, not placeholder)
- Add RLS Coverage Reality Check section (API routes bypass RLS)
- Resolve globalSetup vs setup project (use globalSetup config key)
- Add globalTeardown for local dev party cleanup
- Replace silent fixture fallback with explicit errors
- Switch from *.auth.spec.ts suffix to @auth Playwright tags
- Add cross-user rejection test example
- Fix display name sync to validate real AuthContext flow
- Standardize realtime timeouts (15s) and sync gate pattern
- Correct time estimate (~25-35s/shard, not ~7s)
- Demote YouTube workflow (edge-runtime excluded in CI)
- Elevate multi-user-realtime.spec.ts migration to required
- Add local dev setup instructions and recovery procedures
- Resolve all open questions into definitive decisions
@vercel
Copy link
Copy Markdown

vercel bot commented Feb 28, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
linkparty Ready Ready Preview, Comment Feb 28, 2026 8:52pm

Request Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@neonwatty @claude