fix: addresses PR review findings in E2E test infrastructure

- extracts duplicated setupAuth to shared e2e/helpers.ts
- removes ghu_ prefix from fake tokens to avoid secret scanning
- fixes waitFor({state:'detached'}) with scoped expand assertion
- adds data-presence wait before screenshot capture
- adds authenticated 404 redirect E2E test
- updates README E2E count to 13

Author: wgordon17

README.md

@@ -118,7 +118,7 @@ src/
   worker/
     index.ts        # OAuth token exchange endpoint, CORS, security headers
 tests/              # 1522 unit/component tests across 69 test files
-e2e/                # 12 E2E tests across 2 spec files
+e2e/                # 13 E2E tests across 2 spec files
 ```
 
 ## Development

docs/dashboard-screenshot.png

@@ -341,7 +341,7 @@ test("capture dashboard screenshot", async ({ page }) => {
   await page.addInitScript(() => {
     // Clear any stale view state (e.g. notification drawer open from a previous run)
     localStorage.removeItem("github-tracker:view");
-    localStorage.setItem("github-tracker:auth-token", "ghu_fake_screenshot_token");
+    localStorage.setItem("github-tracker:auth-token", "fake-screenshot-token");
     localStorage.setItem(
       "github-tracker:config",
       JSON.stringify({
@@ -463,11 +463,14 @@ test("capture dashboard screenshot", async ({ page }) => {
   await page.getByRole("tab", { name: /pull requests/i }).click();
   await page.getByRole("tab", { name: /pull requests/i, selected: true }).waitFor();
 
-  // Expand the first collapsed repo group by clicking its header button
-  const firstCollapsedGroup = page.getByRole("button", { expanded: false }).first();
-  if (await firstCollapsedGroup.isVisible()) {
-    await firstCollapsedGroup.click();
-    await firstCollapsedGroup.waitFor({ state: "detached" }).catch(() => undefined);
+  // Wait for repo group headers to render (visible even when collapsed)
+  await page.getByText("acme-corp/web-platform").first().waitFor();
+
+  // Expand a repo group by clicking its header button (scoped to avoid notification bell)
+  const repoGroupBtn = page.getByRole("button", { expanded: false }).filter({ hasText: "acme-corp/web-platform" });
+  if (await repoGroupBtn.isVisible()) {
+    await repoGroupBtn.click();
+    await page.getByRole("button", { expanded: true }).filter({ hasText: "acme-corp/web-platform" }).waitFor();
   }
 
   await page.screenshot({ path: "docs/dashboard-screenshot.png" });

e2e/capture-screenshot.spec.ts

@@ -0,0 +1,57 @@
+import type { Page } from "@playwright/test";
+
+/**
+ * Register API route interceptors and inject auth + config into localStorage BEFORE navigation.
+ * OAuth App uses permanent tokens stored in localStorage — no refresh endpoint needed.
+ * The app calls validateToken() on load, which GETs /user to verify the token.
+ */
+export async function setupAuth(page: Page) {
+  // Intercept /user validation (called by validateToken on page load)
+  await page.route("https://api.github.com/user", (route) =>
+    route.fulfill({
+      status: 200,
+      json: {
+        login: "testuser",
+        name: "Test User",
+        avatar_url: "https://github.com/testuser.png",
+      },
+    })
+  );
+  await page.route(
+    "https://api.github.com/repos/*/*/actions/runs*",
+    (route) =>
+      route.fulfill({
+        status: 200,
+        json: { total_count: 0, workflow_runs: [] },
+      })
+  );
+  await page.route("https://api.github.com/notifications*", (route) =>
+    route.fulfill({ status: 200, json: [] })
+  );
+  await page.route("https://api.github.com/graphql", (route) =>
+    route.fulfill({
+      status: 200,
+      json: {
+        data: {
+          issues: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
+          prInvolves: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
+          prReviewReq: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
+          rateLimit: { limit: 5000, remaining: 4999, resetAt: "2099-01-01T00:00:00Z" },
+        },
+      },
+    })
+  );
+
+  // Seed localStorage with auth token and config before the page loads
+  await page.addInitScript(() => {
+    localStorage.setItem("github-tracker:auth-token", "fake-token");
+    localStorage.setItem(
+      "github-tracker:config",
+      JSON.stringify({
+        selectedOrgs: ["testorg"],
+        selectedRepos: [{ owner: "testorg", name: "testrepo", fullName: "testorg/testrepo" }],
+        onboardingComplete: true,
+      })
+    );
+  });
+}

e2e/helpers.ts

@@ -1,58 +1,5 @@
-import { test, expect, type Page } from "@playwright/test";
-
-/**
- * Register API route interceptors and inject auth + config into localStorage BEFORE navigation.
- * OAuth App uses permanent tokens stored in localStorage — no refresh endpoint needed.
- * The app calls validateToken() on load, which GETs /user to verify the token.
- */
-async function setupAuth(page: Page) {
-  await page.route("https://api.github.com/user", (route) =>
-    route.fulfill({
-      status: 200,
-      json: {
-        login: "testuser",
-        name: "Test User",
-        avatar_url: "https://github.com/testuser.png",
-      },
-    })
-  );
-  await page.route(
-    "https://api.github.com/repos/*/*/actions/runs*",
-    (route) =>
-      route.fulfill({
-        status: 200,
-        json: { total_count: 0, workflow_runs: [] },
-      })
-  );
-  await page.route("https://api.github.com/notifications*", (route) =>
-    route.fulfill({ status: 200, json: [] })
-  );
-  await page.route("https://api.github.com/graphql", (route) =>
-    route.fulfill({
-      status: 200,
-      json: {
-        data: {
-          issues: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          prInvolves: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          prReviewReq: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          rateLimit: { limit: 5000, remaining: 4999, resetAt: "2099-01-01T00:00:00Z" },
-        },
-      },
-    })
-  );
-
-  await page.addInitScript(() => {
-    localStorage.setItem("github-tracker:auth-token", "ghu_fake");
-    localStorage.setItem(
-      "github-tracker:config",
-      JSON.stringify({
-        selectedOrgs: ["testorg"],
-        selectedRepos: [{ owner: "testorg", name: "testrepo", fullName: "testorg/testrepo" }],
-        onboardingComplete: true,
-      })
-    );
-  });
-}
+import { test, expect } from "@playwright/test";
+import { setupAuth } from "./helpers";
 
 // ── Settings page renders ────────────────────────────────────────────────────
 

e2e/settings.spec.ts

@@ -1,60 +1,5 @@
-import { test, expect, type Page } from "@playwright/test";
-
-/**
- * Register API route interceptors and inject auth + config into localStorage BEFORE navigation.
- * OAuth App uses permanent tokens stored in localStorage — no refresh endpoint needed.
- * The app calls validateToken() on load, which GETs /user to verify the token.
- */
-async function setupAuth(page: Page) {
-  // Intercept /user validation (called by validateToken on page load)
-  await page.route("https://api.github.com/user", (route) =>
-    route.fulfill({
-      status: 200,
-      json: {
-        login: "testuser",
-        name: "Test User",
-        avatar_url: "https://github.com/testuser.png",
-      },
-    })
-  );
-  await page.route(
-    "https://api.github.com/repos/*/*/actions/runs*",
-    (route) =>
-      route.fulfill({
-        status: 200,
-        json: { total_count: 0, workflow_runs: [] },
-      })
-  );
-  await page.route("https://api.github.com/notifications*", (route) =>
-    route.fulfill({ status: 200, json: [] })
-  );
-  await page.route("https://api.github.com/graphql", (route) =>
-    route.fulfill({
-      status: 200,
-      json: {
-        data: {
-          issues: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          prInvolves: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          prReviewReq: { issueCount: 0, pageInfo: { hasNextPage: false }, nodes: [] },
-          rateLimit: { limit: 5000, remaining: 4999, resetAt: "2099-01-01T00:00:00Z" },
-        },
-      },
-    })
-  );
-
-  // Seed localStorage with auth token and config before the page loads
-  await page.addInitScript(() => {
-    localStorage.setItem("github-tracker:auth-token", "ghu_fake");
-    localStorage.setItem(
-      "github-tracker:config",
-      JSON.stringify({
-        selectedOrgs: ["testorg"],
-        selectedRepos: [{ owner: "testorg", name: "testrepo", fullName: "testorg/testrepo" }],
-        onboardingComplete: true,
-      })
-    );
-  });
-}
+import { test, expect } from "@playwright/test";
+import { setupAuth } from "./helpers";
 
 // ── Login page ───────────────────────────────────────────────────────────────
 
@@ -79,7 +24,7 @@ test("OAuth callback flow completes and redirects", async ({ page }) => {
     route.fulfill({
       status: 200,
       json: {
-        access_token: "ghu_fake",
+        access_token: "fake-token",
         token_type: "bearer",
         scope: "repo read:org notifications",
       },
@@ -217,3 +162,10 @@ test("unknown path redirects to login when unauthenticated", async ({ page }) =>
   // catch-all → Navigate "/" → RootRedirect → validateToken() fails → Navigate "/login"
   await expect(page).toHaveURL(/\/login/, { timeout: 10000 });
 });
+
+test("unknown path redirects to dashboard when authenticated", async ({ page }) => {
+  await setupAuth(page);
+  await page.goto("/this-path-does-not-exist");
+  // catch-all → Navigate "/" → RootRedirect → validateToken() succeeds → Navigate "/dashboard"
+  await expect(page).toHaveURL(/\/dashboard/, { timeout: 10000 });
+});