# Authenticated Browser Socket E2E Harness Report

Date: 2026-05-17

## Result

The repository now contains a backend e2e Socket.IO harness that uses safe test
users and real Socket.IO clients against a running Nest application.

The harness is designed to prove:

- admin users connect to `/runtime-health`.
- admin users are joined only to the backend-owned `admin.runtime_health` room.
- standard users connect without admin room membership.
- anonymous clients are rejected.
- `runtime_health.changed` invalidation is delivered to the admin client and
  not to the non-admin client.

## Current Proof State

The existing backend unit tests passed:

- `runtime-health-socket.gateway.spec.ts`
- `runtime-health-socket.registry.service.spec.ts`

The new backend e2e harness could not complete because the configured
`TEST_DATABASE_URL` endpoint is unreachable from the current runtime context:

```text
Can't reach database server at 172.18.0.2:35432
```

The configured URL is test-scoped (`app_test`), so the safety guard is working.
The blocker is reachability/provisioning, not unsafe database targeting.

## Exact Blocker

`TEST_DATABASE_URL` is present and test-scoped, but the database endpoint is not
reachable from the process running backend e2e. The current parsed values are:

- host: `db`
- port: `35432`
- database: `app_test`

The next environment chunk should reconcile whether tests run from the host
should use `localhost:35432` while container-internal processes use `db:5432`.

## Safety

No real operator browser session, production credentials, Telegram secrets,
approval secrets, or socket payload truth were used.