test: full QA framework execution — R0–R6 coverage + E2E fixes + CI/CD

Phase R0 — Security infrastructure (55 tests):
- api-route-access.test.ts: 28 tests (ARA-001–028)
- request-origin.test.ts: 27 tests (RQORG-001–027)

Phase R1 — LLM provider adapters (135 tests):
- ollama, openai, anthropic, llamacpp, lmstudio, moonshot, zai, errors
- Full validateConfig/testConnection/execute/estimateCost coverage

Phase R2 — Database repositories (51 tests):
- user.repository: UREPO-001–016 (password hashing, SafeUser projection)
- audit.repository: AUDIT-001–014 (append-only, PII redaction)
- scoreboard.repository: SCORE-001–010
- test-case.repository: TC-001–011

Phase R5 — Cross-package integration + fixtures (37 tests):
- cross-package-integration: XPKG-001–012 (real scanner integration)
- fixture-categories-extended: FCAT-001–025 (5 new categories)

Phase R4 — CI/CD:
- GitHub Actions workflow with unit + coverage + E2E jobs
- Coverage thresholds: bu-tpi 80%, dojolm-web 70%

Phase R6 — Lint/quality:
- 19 lint warnings resolved → 0 warnings
- aria-selected, useMemo deps, <Image>, timersRef cleanup

E2E fixes (14 specs):
- Scan timeouts: 90s budget for scanner/shingan/test-lab
- Guard: auto-enable before toggle/threshold tests
- Sensei drawer: animation wait + focus before Escape
- Compliance: 30–40s waits for data load
- Mobile nav: full aria-label names
- kumite/llm-dashboard/atemi/kotoba/sengoku: timeout + networkidle

Security:
- npm audit fix: picomatch (HIGH ReDoS), brace-expansion, yaml — 0 vulns
- batch route params: Next.js 15 async params fixed
- file-storage.ts: createBatch always sets status: 'pending'

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: SchenLong

.github/workflows/ci.yml

@@ -26,7 +26,7 @@ jobs:
     strategy:
       matrix:
         node-version: [20.x, 22.x]
-    
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -46,19 +46,32 @@ jobs:
       - name: Run linter
         run: npm run lint
 
-      - name: Run tests
-        run: npm test
+      - name: Run unit tests with coverage (bu-tpi)
+        run: npm test -w packages/bu-tpi -- --coverage
+
+      - name: Run unit tests with coverage (dojolm-web)
+        run: npm test -w packages/dojolm-web -- --coverage
 
       - name: Run regression tests (scanner vs fixtures)
         run: cd packages/bu-tpi && npm run test:regression
 
+      - name: Upload coverage reports
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: coverage-${{ matrix.node-version }}
+          path: |
+            packages/bu-tpi/coverage/
+            packages/dojolm-web/coverage/
+          retention-days: 14
+
   # ============================================
   # Security Scan
   # ============================================
   security:
     name: Security Audit
     runs-on: ubuntu-latest
-    
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -117,7 +130,7 @@ jobs:
     name: Documentation Quality
     runs-on: ubuntu-latest
     needs: [test]
-    
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -145,7 +158,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [test]
     continue-on-error: ${{ github.event_name == 'schedule' }}
-    
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -177,3 +190,43 @@ jobs:
           name: lychee-report
           path: lychee-report.md
           retention-days: 7
+
+  # ============================================
+  # E2E Tests (Phase R4) — main branch only
+  # ============================================
+  e2e:
+    name: E2E Tests (Playwright)
+    runs-on: ubuntu-latest
+    needs: [test]
+    if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/master'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install Playwright browsers
+        run: cd packages/dojolm-web && npx playwright install chromium --with-deps
+
+      - name: Run E2E tests
+        run: cd packages/dojolm-web && npx playwright test --project=chromium --reporter=github
+        env:
+          E2E_TARGET: prod
+          E2E_BASE_URL: ${{ secrets.E2E_BASE_URL }}
+          NODA_API_KEY: ${{ secrets.NODA_API_KEY }}
+
+      - name: Upload Playwright report
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: packages/dojolm-web/playwright-report/
+          retention-days: 14