NEAR-DevHub · petersalomonsen · Feb 3, 2026 · Jan 25, 2026 · Jan 25, 2026 · Jan 25, 2026
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -12,6 +12,16 @@
     "ghcr.io/devcontainers/features/node:1": {
       "version": "lts",
       "installYarnUsingApt": false
+    },
+    "ghcr.io/devcontainers/features/desktop-lite:1": {}
+  },
+  "forwardPorts": [6080, 5901],
+  "portsAttributes": {
+    "6080": {
+      "label": "desktop"
+    },
+    "5901": {
+      "label": "vnc"
     }
   },
   "customizations": {

diff --git a/.github/workflows/frontend-e2e.yml b/.github/workflows/frontend-e2e.yml
@@ -0,0 +1,116 @@
+name: Frontend E2E Tests
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - 'nt-fe/**'
+      - '.github/workflows/frontend-e2e.yml'
+  pull_request:
+    branches: [main]
+    paths:
+      - 'nt-fe/**'
+      - '.github/workflows/frontend-e2e.yml'
+  workflow_dispatch:
+
+env:
+  REGISTRY: ghcr.io
+
+jobs:
+  e2e-tests:
+    name: Playwright E2E Tests
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Determine sandbox image tag
+        id: sandbox-tag
+        run: |
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            PR_TAG="pr-${{ github.event.pull_request.number }}"
+            # Check if PR-specific image exists
+            if docker manifest inspect ghcr.io/near-devhub/treasury26/near-treasury-sandbox:${PR_TAG} > /dev/null 2>&1; then
+              echo "tag=${PR_TAG}" >> $GITHUB_OUTPUT
+              echo "Using PR-specific sandbox image: ${PR_TAG}"
+            else
+              echo "tag=main" >> $GITHUB_OUTPUT
+              echo "PR-specific image not found, using main"
+            fi
+          else
+            echo "tag=main" >> $GITHUB_OUTPUT
+            echo "Using main sandbox image"
+          fi
+
+      - name: Start sandbox container
+        run: |
+          docker run -d --name sandbox \
+            -p 3030:3030 -p 8080:8080 -p 5001:5001 \
+            --health-cmd "curl -f http://localhost:8080/api/health || exit 1" \
+            --health-interval 10s \
+            --health-timeout 5s \
+            --health-retries 30 \
+            --health-start-period 120s \
+            ghcr.io/near-devhub/treasury26/near-treasury-sandbox:${{ steps.sandbox-tag.outputs.tag }}
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        working-directory: nt-fe
+        run: bun install
+
+      - name: Install Playwright Browsers
+        working-directory: nt-fe
+        run: npx playwright install --with-deps chromium
+
+      - name: Wait for sandbox to be ready
+        run: |
+          echo "Waiting for sandbox to be ready..."
+          for i in {1..60}; do
+            if curl -s http://localhost:8080/api/health > /dev/null; then
+              echo "Sandbox is ready!"
+              break
+            fi
+            echo "Attempt $i: Sandbox not ready yet..."
+            sleep 5
+          done
+
+      - name: Run Playwright tests
+        working-directory: nt-fe
+        run: bun run test:e2e
+        env:
+          BACKEND_URL: http://localhost:8080
+          NEXT_PUBLIC_BACKEND_API_BASE: http://localhost:8080
+
+      - name: Stop sandbox container
+        if: always()
+        run: docker stop sandbox || true
+
+      - name: Upload Playwright Report
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: playwright-report
+          path: nt-fe/playwright-report/
+          retention-days: 30
+
+      - name: Upload Test Videos
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: test-videos
+          path: nt-fe/test-results/
+          retention-days: 30
+          if-no-files-found: ignore
diff --git a/docs/ledger-testing-guide.md b/docs/ledger-testing-guide.md
@@ -0,0 +1,181 @@
+# Ledger Wallet Testing Guide
+
+## Prerequisites
+
+1. **Hardware**:
+   - Ledger Nano S, Nano S Plus, or Nano X device
+   - USB cable to connect to computer
+
+2. **Software**:
+   - Ledger Live app installed
+   - NEAR app installed on Ledger device (via Ledger Live)
+   - Supported browser: Chrome, Edge, or Opera (desktop)
+
+3. **Account Setup**:
+   - NEAR account with Ledger public key registered as FullAccess key
+   - Account funded with NEAR tokens for gas fees
+
+## Step-by-Step Testing
+
+### 1. Verify Browser Compatibility
+
+**Test**: Open Treasury26 in different browsers
+
+**Expected**:
+- Chrome/Edge/Opera (desktop): Ledger option appears in wallet selector
+- Firefox/Safari/Mobile browsers: Ledger option does NOT appear
+
+**How to verify**:
+1. Open browser console (F12)
+2. Look for: "Ledger wallet registered successfully"
+3. Or warning: "Failed to register Ledger wallet" (on unsupported browsers)
+
+### 2. Test Sign-In Flow
+
+**Test**: Connect Ledger wallet
+
+**Steps**:
+1. Click "Connect Wallet" button
+2. Select "Ledger" from wallet options
+3. Connect and unlock Ledger device
+4. Open NEAR app on Ledger device
+5. Browser shows permission dialog - click "Connect"
+6. Enter your NEAR account ID when prompted
+7. Confirm on Ledger device when prompted for public key
+
+**Expected**:
+- Account ID input dialog appears
+- Access key verification succeeds
+- Wallet connects successfully
+- Account ID displayed in UI
+
+**Common issues**:
+- "Device not found" → Ensure Ledger is connected and unlocked
+- "NEAR app not open" → Open NEAR app on device
+- "Access key not found" → Verify Ledger public key is registered on account
+
+### 3. Test Transaction Signing
+
+**Test**: Create a proposal or vote
+
+**Steps**:
+1. Navigate to a treasury
+2. Create a proposal or vote on existing proposal
+3. Review transaction details
+4. Confirm action in UI
+5. Ledger device shows transaction details
+6. Approve transaction on Ledger device
+
+**Expected**:
+- Transaction details displayed on Ledger screen
+- Transaction broadcasts after device approval
+- Success message shown in UI
+- Proposal/vote appears in dashboard
+
+**Common issues**:
+- "User rejected" → Transaction was rejected on device
+- "Transaction failed" → Check account has sufficient balance
+- Timeout → Ledger interaction took too long (>60s)
+
+### 4. Test Message Signing (NEP-413)
+
+**Test**: Sign a message
+
+**Steps**:
+1. Trigger any action requiring message signing
+2. Review message details
+3. Approve on Ledger device
+
+**Expected**:
+- Message displayed on Ledger screen
+- Signature returned after device approval
+
+### 5. Test Sign-Out
+
+**Test**: Disconnect wallet
+
+**Steps**:
+1. Click disconnect/sign-out
+2. Verify wallet disconnects
+
+**Expected**:
+- Account ID removed from UI
+- Stored data cleared
+- Ledger disconnects
+
+## Security Tests
+
+### Test 1: Malicious Account Entry
+**Test**: Enter wrong account ID during sign-in
+**Expected**: Access key verification fails with clear error message
+
+### Test 2: Device Disconnection
+**Test**: Disconnect Ledger during transaction signing
+**Expected**: Transaction fails gracefully with error message
+
+### Test 3: User Rejection
+**Test**: Reject transaction on Ledger device
+**Expected**: Transaction cancelled, clear error message shown
+
+## Performance Tests
+
+### Test 1: Large Transactions
+**Test**: Sign transaction with many actions
+**Expected**: Chunking works correctly, all actions signed
+
+### Test 2: Multiple Consecutive Transactions
+**Test**: Sign multiple transactions in sequence
+**Expected**: Each transaction signed successfully without device reset needed
+
+## Browser Console Testing
+
+Open browser console (F12) and check for:
+
+### Expected Messages
+```
+✅ "Ledger wallet registered successfully"
+✅ "Ledger connected"
+✅ "Transaction signed successfully"
+```
+
+### Warning Messages (expected on unsupported browsers)
+```
+⚠️ "Failed to register Ledger wallet: WebHID not supported"
+```
+
+### Error Messages (investigate if seen)
+```
+❌ "Device not connected"
+❌ "Access key verification failed"
+❌ "Transaction signing failed"
+```
+
+## Automated Testing Checklist
+
+- [ ] Browser compatibility check
+- [ ] Wallet registration on supported browsers
+- [ ] Sign-in flow with valid account
+- [ ] Sign-in flow with invalid account
+- [ ] Single transaction signing
+- [ ] Multiple transactions signing
+- [ ] Message signing (NEP-413)
+- [ ] Sign-out flow
+- [ ] Device disconnection handling
+- [ ] User rejection handling
+- [ ] Large transaction chunking
+
+## Reporting Issues
+
+When reporting issues, include:
+1. Browser and version
+2. Ledger device model and firmware version
+3. NEAR app version on Ledger
+4. Steps to reproduce
+5. Browser console logs
+6. Expected vs actual behavior
+
+## Additional Resources
+
+- [Ledger NEAR App Setup](https://support.ledger.com/hc/en-us/articles/360019868977)
+- [WebHID Browser Support](https://caniuse.com/webhid)
+- [Treasury26 Ledger Documentation](../docs/ledger-wallet-support.md)