8b1de6e258
- 5 new pytest covering paths the code-reviewer flagged as un-asserted:
* `test_seed_refuses_file_url` — `file://` scheme rejected before I/O
(was the SSRF-to-local-FS vector).
* `test_seed_refuses_disallowed_https_host` — non-allowlisted HTTPS
host rejected with `MitreSourceForbidden`.
* `test_seed_refuses_custom_url_without_sha` — end-to-end guard that
`seed_mitre(source=<custom URL>, expected_sha256=None,
allow_unverified=False)` raises `MitreSeedError`.
* `test_dotted_id_fallback_resolves_orphan_subtechnique` — STIX bundle
without `relationship[subtechnique-of]` still attaches T1059.001 to
T1059 via the dotted-id convention.
* `test_seed_clears_version_when_source_is_not_default` — seed from a
local path leaves `settings.mitre_version` NULL (no stale pin).
- Existing `test_checksum_mismatch_aborts` reworked to monkey-patch
`_ensure_host_allowed` so `file://` can drive the test past the allowlist
gate (was relying on file:// being accepted before CR1).
- Removed unused `uuid` import.
- e2e: assertions on `tactics_upserted`/`techniques_upserted`/
`subtechniques_upserted` switched from `>= 14/180/400` thresholds to
`=== 15/222/475` exact counts pinned to MITRE Enterprise v19.0 + 0
orphans. Catches parser regressions that would silently include revoked
rows. Bump alongside MITRE_VERSION when re-pinning.
- e2e: `Math.random()` → `crypto.randomUUID().slice(0, 8)` for unique
test-run emails (collision-safe across parallel CI workers).
DoD: 58 pytest pass (was 53), 34 Playwright pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Metamorph e2e
End-to-end tests powered by Playwright. Each milestone in tasks/todo.md should add at least one spec file (tests/m<N>-*.spec.ts).
One-time setup
cd e2e
npm install
npm run install-browsers # downloads chromium (uses sudo for system deps)
Running against a live stack
# 1. Bring the stack up from the repo root:
cd .. && make up
# 2. Run the tests:
cd e2e && npm test
# 3. Open the HTML report:
npm run report # opens playwright-report/index.html in your browser
Or from the repo root:
make e2e # runs against the already-up stack
make e2e-report # opens the HTML report
make e2e-up # one-shot: make up + wait healthy + run tests
Auto-spawn mode
Set PW_AUTOSTART=1 to let Playwright spawn make up itself before the run:
PW_AUTOSTART=1 npm test
Configuration
| Env var | Default | Purpose |
|---|---|---|
BASE_URL |
http://localhost:8080 |
The front nginx URL (which proxies /api/*) |
PW_AUTOSTART |
0 |
If 1, spawn make up before the tests |
CI |
unset | When set, retries=2 and parallel workers=2 |
Reports
- HTML :
e2e/playwright-report/index.html - JUnit :
e2e/playwright-report/junit.xml(CI ingestion) - Trace : kept on first retry, opened with
npx playwright show-trace …
Layout
e2e/
├── tests/
│ └── m0-smoke.spec.ts # bootstrap milestone (current)
│ └── m<N>-*.spec.ts # one spec per milestone, added as features land
├── playwright.config.ts
├── tsconfig.json
└── package.json