fix: enforce no test skipping, fix EnsureDevice test mocking

nirukk52 · nirukk52 · commit e6f6762c080f · 2025-11-15T03:18:55.000-06:00
- REVERT conditional E2E test skipping - tests must ALWAYS run
- Fix EnsureDevice node test to mock BrowserStack hub health check
- Tests now properly mock checkAppiumHealth() to prevent timeout
- Add founder rule: NO TEST SKIPPING ALLOWED - all tests must pass
- CI now requires ALL secrets (Encore + BrowserStack) to pass
- Update QA Taskfile to remove fallback qa:all:no-e2e task
- Update founder rules to enforce test discipline
- All backend tests now pass (47 passed, 16 skipped)
diff --git a/.cursor/commands/qa/Taskfile.yml b/.cursor/commands/qa/Taskfile.yml
@@ -111,11 +111,12 @@ tasks:
     silent: false
 
   # Validation-only QA suite (for git hooks and CI)
-  # Does NOT modify code - only validates
+  # CRITICAL: Does NOT modify code - only validates, NO SKIPPING ALLOWED
+  # All tests must pass before code can be merged
   all:
-    desc: "Validation QA suite (rules + smoke + lint + typecheck + unit + e2e)"
+    desc: "Validation QA suite (rules + smoke + lint + typecheck + unit + e2e) - ALL REQUIRED"
     cmds:
-      - echo "🎯 Running validation QA suite (no auto-fix)..."
+      - echo "🎯 Running validation QA suite (no auto-fix, no skipping)..."
       - echo ""
       - task: rules:check
       - echo ""
@@ -132,27 +133,6 @@ tasks:
       - echo "🎉 All validation checks passed!"
     silent: false
   
-  # QA suite without E2E (for CI when BrowserStack credentials unavailable)
-  all:no-e2e:
-    desc: "Validation QA suite without E2E tests (rules + smoke + lint + typecheck + unit)"
-    cmds:
-      - echo "🎯 Running validation QA suite (no E2E, no auto-fix)..."
-      - echo ""
-      - task: rules:check
-      - echo ""
-      - task: smoke
-      - echo ""
-      - task: lint
-      - echo ""
-      - task: typecheck
-      - echo ""
-      - task: unit
-      - echo ""
-      - echo "⏭️  Skipping E2E tests (BrowserStack credentials not available)"
-      - echo ""
-      - echo "🎉 All validation checks passed!"
-    silent: false
-  
   # Complete QA workflow (fix THEN validate)
   # Use this manually before committing
   all:fix:
diff --git a/.cursor/rules/founder_rules.mdc b/.cursor/rules/founder_rules.mdc
@@ -182,6 +182,13 @@ logger.error("device connection failed", { err: error.message, deviceId });
 
 ### 🧪 Testing Philosophy
 
+**ABSOLUTE: NO TEST SKIPPING ALLOWED**
+- ❌ Never skip, conditional, or reduce test scope in CI/CD or pre-commit hooks
+- ❌ Never create workarounds to bypass test failures
+- ✅ ALL tests must pass before code can merge
+- ✅ If a test fails → fix code or fix test (never disable test)
+- ✅ Test failures block PRs intentionally - this is correct behavior
+
 **Test for flow reliability and correctness:**
 - High-level flow tests (not edge cases or petty tests)
 - Focus on creative consistency
@@ -190,6 +197,7 @@ logger.error("device connection failed", { err: error.message, deviceId });
 **Commands:**
 - Backend: `encore test`
 - Frontend: `bun run test`
+- Full QA: `cd .cursor && task qa:all` (runs all 6 checks, no skipping)
 
 ---
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -94,37 +94,14 @@ jobs:
           echo "Waiting for frontend to be ready..."
           timeout 60 bash -c 'until curl -sf http://localhost:5173 > /dev/null; do sleep 2; done'
       
-      - name: Validate BrowserStack Credentials
-        run: |
-          if [ -z "${{ secrets.BROWSERSTACK_USERNAME }}" ] || [ -z "${{ secrets.BROWSERSTACK_ACCESS_KEY }}" ]; then
-            echo "⚠️  WARNING: BrowserStack credentials not configured"
-            echo "   E2E tests will be skipped"
-            echo "   To enable E2E tests in CI:"
-            echo "   1. Go to BrowserStack account settings to get credentials"
-            echo "   2. Go to: GitHub repo → Settings → Secrets and variables → Actions"
-            echo "   3. Create new secrets: BROWSERSTACK_USERNAME, BROWSERSTACK_ACCESS_KEY"
-            export SKIP_E2E=1
-          else
-            echo "✅ BrowserStack credentials available - E2E tests enabled"
-            export SKIP_E2E=0
-          fi
-          echo "SKIP_E2E=$SKIP_E2E" >> $GITHUB_ENV
-      
-      - name: Run Complete QA Suite (with E2E)
-        if: env.SKIP_E2E == '0'
+      - name: Run Complete QA Suite
         run: cd .cursor && task qa:all
-      
-      - name: Run QA Suite without E2E
-        if: env.SKIP_E2E == '1'
-        run: cd .cursor && task qa:all:no-e2e
 
 # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 # Implementation Notes:
 # ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 #
-# SIMPLICITY: Single job runs conditional QA suite based on credentials
-# - With BrowserStack: `task qa:all` (includes E2E tests)
-# - Without BrowserStack: `task qa:all:no-e2e` (skips E2E tests)
+# SIMPLICITY: Single job runs `task qa:all` - same as pre-push hook
 # MIRRORS LOCAL: Exact same command developers run locally
 # DRY: No duplication - all logic in .cursor/commands/qa/Taskfile.yml
 #
@@ -136,9 +113,10 @@ jobs:
 # 5. qa:unit      - Unit tests (backend only - encore test)
 # 6. qa:e2e       - E2E tests (frontend Playwright) - REQUIRES BrowserStack
 #
-# What `task qa:all:no-e2e` runs (same as above, but WITHOUT E2E):
-# - Skips E2E tests when BrowserStack credentials unavailable
-# - Useful for early CI setup or pull requests from forks
+# CRITICAL: ALL tests run in CI - NO SKIPPING
+# - Tests must pass before merge
+# - BrowserStack credentials REQUIRED for E2E tests
+# - If missing, CI will FAIL (intentional - no incomplete testing)
 #
 # Note: Auto-fix (qa:fix) is intentionally excluded from qa:all
 # - Git hooks should validate, not modify uncommitted code
@@ -157,30 +135,32 @@ jobs:
 # - ENCORE_AUTH_KEY: GitHub Secret (app-specific auth key) for Encore Cloud authentication
 # - BROWSERSTACK_USERNAME & BROWSERSTACK_ACCESS_KEY: Optional GitHub Secrets for E2E tests
 #
-# GitHub Secrets Setup:
+# GitHub Secrets Setup (REQUIRED for CI to pass):
 #
-# REQUIRED:
-# 1. Go to: https://app.encore.cloud/screengraph-ovzi → App Settings → Auth Keys
-# 2. Create new auth key (NOT `encore auth token` - that's different!)
-# 3. Go to: GitHub repo → Settings → Secrets and variables → Actions
-# 4. Create new secret: ENCORE_AUTH_KEY
-# 5. Paste the auth key from step 2
+# 1. ENCORE_AUTH_KEY (for Encore Cloud auth)
+#    - Go to: https://app.encore.cloud/screengraph-ovzi → App Settings → Auth Keys
+#    - Create new auth key (NOT `encore auth token` - that's different!)
+#    - Add as GitHub Secret: ENCORE_AUTH_KEY
 #
-# OPTIONAL (for E2E tests):
-# 1. Get BrowserStack credentials (account settings or ask team)
-# 2. Go to: GitHub repo → Settings → Secrets and variables → Actions
-# 3. Create new secrets: BROWSERSTACK_USERNAME, BROWSERSTACK_ACCESS_KEY
-# 4. Without these, E2E tests will be skipped (not failed)
+# 2. BROWSERSTACK_USERNAME & BROWSERSTACK_ACCESS_KEY (for E2E tests)
+#    - Get credentials from BrowserStack account settings (ask team if needed)
+#    - Add as GitHub Secrets: BROWSERSTACK_USERNAME, BROWSERSTACK_ACCESS_KEY
+#    - WITHOUT these, E2E tests WILL FAIL and block CI/CD
 #
-# Testing before activation:
-# 1. Create feature branch
-# 2. Push to trigger workflow
-# 3. Verify appropriate QA suite passes (all or all:no-e2e)
-# 4. Merge to main after review
+# Setup steps:
+# 1. Go to: GitHub repo → Settings → Secrets and variables → Actions
+# 2. Create 3 new secrets with values from above
+# 3. Push to trigger CI - all tests must pass for merge
 #
-# Validation checklist when modifying:
+# Testing workflow:
 # 1. Create feature branch
 # 2. Push to trigger workflow
-# 3. Confirm appropriate QA suite passes in GitHub Actions
-# 4. Merge to main after review
+# 3. All tests MUST pass (no skipping allowed)
+# 4. Fix failures and re-push
+# 5. Once green, merge to main after review
+#
+# Validation checklist (MANDATORY):
+# 1. All 6 QA suite components pass (rules, smoke, lint, typecheck, unit, e2e)
+# 2. No test skipping allowed - CI enforces full validation
+# 3. E2E tests require BrowserStack credentials (blocking if missing - intentional)
 
diff --git a/backend/agent/nodes/setup/EnsureDevice/node.test.ts b/backend/agent/nodes/setup/EnsureDevice/node.test.ts
@@ -2,11 +2,18 @@ import { nanoid } from "nanoid";
 import { describe, expect, test, vi } from "vitest";
 import type { DeviceRuntimeContext, SessionPort } from "../../../ports/appium/session.port";
 import { type EnsureDeviceInput, ensureDevice } from "./node";
+import * as appiumLifecycle from "./appium-lifecycle";
 
 describe("ensureDevice with lifecycle", () => {
   const mockGenerateId = () => nanoid();
 
   test("should check device prerequisites before session creation", async () => {
+    // Mock BrowserStack hub health check to always return healthy
+    vi.spyOn(appiumLifecycle, "checkAppiumHealth").mockResolvedValue({
+      isHealthy: true,
+      status: 0,
+    });
+
     // Mock only the SessionPort - let real lifecycle checks run
     const mockSessionPort: SessionPort = {
       ensureDevice: vi.fn().mockResolvedValue({
@@ -54,6 +61,12 @@ describe("ensureDevice with lifecycle", () => {
   });
 
   test("should emit lifecycle events", async () => {
+    // Mock BrowserStack hub health check to always return healthy
+    vi.spyOn(appiumLifecycle, "checkAppiumHealth").mockResolvedValue({
+      isHealthy: true,
+      status: 0,
+    });
+
     const mockSessionPort: SessionPort = {
       ensureDevice: vi.fn().mockResolvedValue({
         deviceRuntimeContextId: "ctx-456",
