# Frontend Browser Smoke

This directory contains focused browser smoke checks for frontend/runtime UI
proofs.

The canonical Runtime Action Panel browser proof is Runtime-owned. The repo
pins Playwright as a dev dependency and the Runtime Core testing method owns the
proof policy, Runtime state mutation, socket/refetch classification, and report
generation:

```sh
node ai/runtime/dist/cli.js testing runtime-action-panel-browser-smoke --json
```

`yarn smoke:browser:runtime-action-panel` is a human convenience facade for the
same Runtime method. It must not duplicate browser proof logic.

The proof uses `PLAYWRIGHT_BROWSERS_PATH=/ms-playwright`. Do not install an
unpinned Playwright package or run `playwright install` from ad hoc prompts;
that can request a browser revision different from the one provisioned in the
container.

## Current Supported Checks

Use the existing frontend validation first:

```sh
yarn workspace frontend test
yarn smoke:runtime
```

`yarn workspace frontend test` covers Angular/Vitest component behavior.
`yarn smoke:runtime` starts the local backend and frontend dev servers and
checks the real HTTP/GraphQL runtime path without driving a browser UI.

## Runtime Action Panel Browser Proof

`runtime-action-panel-smoke.cjs` verifies:

- the local dev app loads without production credentials.
- a safe local/dev admin session can reach `/admin/health`.
- Socket.IO admin room membership is visible through backend-owned diagnostics.
- a Runtime-owned work-session/work-step change reaches the browser through the
  socket invalidation plus GraphQL refetch path.
- the visible role/work-session state matches Runtime-owned evidence.

The semantic check is intentionally not a blind text comparison. It first reads
Runtime/GraphQL evidence, then checks whether the UI reflects that evidence. If
the evidence says a role is scheduled, waiting, idle, or stale, the browser proof
must not expect that role to blink. If the proof itself starts an active fresh
work step for a role, the matching active role and visible work step must appear
unless the report records a precise Runtime projection gap.

Installed-PWA automation is not currently part of this command. Use mobile
viewport browser proof for automated coverage and record installed-PWA-specific
gaps separately.

## Safety Boundaries

- Do not require production credentials.
- Do not print tokens or secrets.
- Use local/dev-safe configuration only.
- Clean up any smoke users or test records created by browser flows.
- Keep browser smoke focused; detailed behavior belongs in component, API, or
  e2e tests.