You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Goal: let CI / an agent test session-gated flows (autocomplete, join, borrow requests, admin) end-to-end, without a production backdoor.
Explicitly NOT a prod skeleton key. A standing master credential that logs in as anyone is a backdoor — one leak = full account takeover, and it muddies the audit trail. Test the same build in a non-prod env instead.
Approach
Test preview deploys backed by the staging DB (depends on Set up a real staging/dev db instance #251 / P0-6), not the live prod deployment — real user data stays untouched.
Add a test-only login path that physically cannot exist in prod:
Option A (lightest): a signed-JWT helper. The app uses JWT sessions (NEXTAUTH_SECRET), so a helper can forge a valid session cookie for a seeded test user — headless, no UI (works for curl + Playwright storageState).
Option B: a NextAuth test credentials provider that mints a session for an allowlisted test user given a secret; Playwright logs in once and reuses the cookie.
Guardrails (non-negotiable)
Hard kill switch: if (process.env.VERCEL_ENV === 'production') → 404.
Requires E2E_LOGIN_SECRET, set only on Preview, never Production.
Only logs in allowlisted test users, never arbitrary emails.
Seed those test users in staging only.
Payoff: full authenticated E2E coverage on preview (extends the existing e2e.yml Playwright setup), and lets the agent verify authed changes directly instead of relying on manual checks.
Depends on:#251 (staging DB). Sequence right after it.
Goal: let CI / an agent test session-gated flows (autocomplete, join, borrow requests, admin) end-to-end, without a production backdoor.
Explicitly NOT a prod skeleton key. A standing master credential that logs in as anyone is a backdoor — one leak = full account takeover, and it muddies the audit trail. Test the same build in a non-prod env instead.
Approach
NEXTAUTH_SECRET), so a helper can forge a valid session cookie for a seeded test user — headless, no UI (works for curl + PlaywrightstorageState).Guardrails (non-negotiable)
if (process.env.VERCEL_ENV === 'production') → 404.E2E_LOGIN_SECRET, set only on Preview, never Production.Payoff: full authenticated E2E coverage on preview (extends the existing
e2e.ymlPlaywright setup), and lets the agent verify authed changes directly instead of relying on manual checks.Depends on: #251 (staging DB). Sequence right after it.