Skip to content

feat: add @ocom-verification coverage for staff role management (#292)#297

Open
henry-casper wants to merge 4 commits into
mainfrom
feat/issue-292-@ocom-verification-coverage-for-staff-role-management
Open

feat: add @ocom-verification coverage for staff role management (#292)#297
henry-casper wants to merge 4 commits into
mainfrom
feat/issue-292-@ocom-verification-coverage-for-staff-role-management

Conversation

@henry-casper

@henry-casper henry-casper commented Jul 7, 2026

Copy link
Copy Markdown
  • verification-shared: 12 shared Gherkin scenarios for staff role creation, listing, viewing, updates, permission enforcement, and error cases (duplicates, insufficient privileges, validation); staff-role/staff-user seed data, page objects, and test actors
  • acceptance-api: staff-role step definitions and GraphQL glue covering backend behavior, persistence, and error handling (27/27)
  • acceptance-ui: staff portal role management step definitions with component wrappers (23/23)
  • e2e-tests: end-to-end staff role scenarios combining UI actions with API verification (24/24)
  • serenity-framework: isChecked support and first-match locator handling in page adapters
  • e2e-tests: fix worktree env leak in test-environment.ts where local-settings.e2e.json values overrode worktree-scoped ports and OIDC hosts in spawned app servers (test:e2e:worktree now passes)
  • security: bump brace-expansion@5 to 5.0.7 and webpack-dev-server to ^5.2.6 via overrides; add .snyk ignore for SNYK-JS-BRACEEXPANSION-17706650 on minimatch@3 paths (only fixed in 5.0.7, which has an incompatible API; Docusaurus tooling only)

Summary by Sourcery

Add end-to-end verification coverage for staff role management across API, UI, and browser flows, including shared scenarios, test data, and portal wiring.

New Features:

  • Introduce shared staff role management scenarios, page objects, and MongoDB seed data for staff roles and users.
  • Add staff role management step definitions for API acceptance tests, including GraphQL helpers for roles, permissions, and staff user assignment.
  • Add staff portal UI component and routing wrappers plus staff role list/form page objects to exercise staff role management screens in isolation and via Playwright E2E flows.
  • Support staff-specific JWT-style test tokens and per-actor authentication in acceptance tests to model different staff business roles and permissions.

Bug Fixes:

  • Fix e2e worktree environment leakage by patching local settings for ports, storage, and OIDC hosts before propagating to spawned app servers.

Enhancements:

  • Extend serenity page adapters with input value and checkbox state support and first-match locator handling for consistent behavior across DOM and Playwright.
  • Improve DOM rendering and asset loading in the test harness, including routing, staff auth context, Ant Design popup scoping, and Apollo client ESM resolution.
  • Expand staff test actors and shared permission label mappings to cover tech admin and case manager roles and granular staff role permissions.

Build:

  • Adjust acceptance UI TypeScript configuration and dependencies to align with shared UI packages, CSS handling, and React Router usage.

Tests:

  • Add comprehensive staff role management coverage in API, component UI, and Playwright E2E suites, including creation, listing, viewing, updating, validation, authorization, and staff role assignment scenarios.
  • Wire Cucumber configurations and step-definition indexes to include the new staff role context while allowing API-only, UI-only, and E2E-only tagging.

Chores:

  • Update lockfile and workspace configuration (including npm/pnpm settings and security overrides) to align with new dependencies and security requirements.

- verification-shared: 12 shared Gherkin scenarios for staff role
  creation, listing, viewing, updates, permission enforcement, and
  error cases (duplicates, insufficient privileges, validation);
  staff-role/staff-user seed data, page objects, and test actors
- acceptance-api: staff-role step definitions and GraphQL glue
  covering backend behavior, persistence, and error handling (27/27)
- acceptance-ui: staff portal role management step definitions with
  component wrappers (23/23)
- e2e-tests: end-to-end staff role scenarios combining UI actions
  with API verification (24/24)
- serenity-framework: isChecked support and first-match locator
  handling in page adapters
- e2e-tests: fix worktree env leak in test-environment.ts where
  local-settings.e2e.json values overrode worktree-scoped ports and
  OIDC hosts in spawned app servers (test:e2e:worktree now passes)
- security: bump brace-expansion@5 to 5.0.7 and webpack-dev-server
  to ^5.2.6 via overrides; add .snyk ignore for
  SNYK-JS-BRACEEXPANSION-17706650 on minimatch@3 paths (only fixed
  in 5.0.7, which has an incompatible API; Docusaurus tooling only)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@henry-casper henry-casper requested review from a team, Copilot and nnoce14 July 7, 2026 14:24
@henry-casper henry-casper requested a review from a team as a code owner July 7, 2026 14:24
@sourcery-ai

sourcery-ai Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Reviewer's Guide

Adds comprehensive staff role management verification across shared Gherkin, API, UI, and E2E suites, including seeded staff roles/users, shared staff role page objects, staff-auth aware token routing, and Serenity adapter enhancements, plus fixes for worktree env leakage and Apollo ESM resolution and small security/build config updates.

Sequence diagram for staff-actor GraphQL call with role-based token

sequenceDiagram
    actor StaffActor
    participant SerenityCast as SerenityCast
    participant GraphQLClient as GraphQLClientAbility
    participant HttpApi as GraphQL_HTTP_API
    participant TokenValidation as MockTokenValidation

    StaffActor->>SerenityCast: execute GraphQL step
    SerenityCast->>GraphQLClient: createGraphQLClientAbility(apiUrl, actor.name)
    StaffActor->>GraphQLClient: execute(query, variables)
    GraphQLClient->>GraphQLClient: getActorToken(actor.name)
    GraphQLClient-->>HttpApi: HTTP request
        Note over GraphQLClient,HttpApi: headers(): { Authorization: token || {} }
    HttpApi->>TokenValidation: verifyJwt(token)
    alt token startsWith STAFF_TOKEN_PREFIX
        TokenValidation-->>HttpApi: StaffPortal principal with roles from getActor
    else default token or null
        TokenValidation-->>HttpApi: CommunityOwner or unauthorized
    end
    HttpApi-->>StaffActor: GraphQL response (authorized/denied)
Loading

File-Level Changes

Change Details Files
Introduce shared staff role management domain support (seed data, actors, page objects, scenarios).
  • Add seeded staff roles and staff users with permissions, role IDs, and linkage into Mongo seeding pipeline
  • Extend test actors with staff-specific principals and enterprise app roles
  • Expose staff role/user seed data and new staff role/staff roles list page objects via verification-shared exports
  • Add shared Gherkin feature covering staff role listing, viewing, creation, updating, assignment, validation, and authorization cases
packages/ocom-verification/verification-shared/src/test-data/test-actors.ts
packages/ocom-verification/verification-shared/src/test-data/index.ts
packages/ocom-verification/verification-shared/src/test-data/seed/index.ts
packages/ocom-verification/verification-shared/src/test-data/seed/seed.ts
packages/ocom-verification/verification-shared/src/test-data/seed/staff-roles.ts
packages/ocom-verification/verification-shared/src/test-data/seed/staff-users.ts
packages/ocom-verification/verification-shared/src/pages/staff-role-form.page.ts
packages/ocom-verification/verification-shared/src/pages/staff-roles-list.page.ts
packages/ocom-verification/verification-shared/src/pages/index.ts
packages/ocom-verification/verification-shared/src/scenarios/staff/staff-role-management.feature
Add staff-role coverage to API acceptance tests with GraphQL helpers and per-actor auth tokens.
  • Introduce actor-auth registry for per-actor tokens including staff token prefix handling
  • Update mock token validation to resolve staff tokens into StaffPortal principals using test actors and to pass raw auth headers through application services
  • Change GraphQL client ability to resolve Authorization header lazily per actor
  • Add shared GraphQL staff-role operations and a staff-role support layer for querying/mutating roles and staff users, including permission grouping helpers
  • Implement staff-role Cucumber step definitions covering listing, viewing, create/update, permission grants, assignment, validation errors, and unauthorized access; wire them into the API step-definitions index and lifecycle hooks
  • Constrain API Cucumber runs via tags to skip UI/E2E-only scenarios
packages/ocom-verification/acceptance-api/src/shared/abilities/actor-auth.ts
packages/ocom-verification/acceptance-api/src/shared/abilities/graphql-client.ts
packages/ocom-verification/acceptance-api/src/mock-application-services.ts
packages/ocom-verification/acceptance-api/src/contexts/staff/step-definitions/staff-landing.steps.ts
packages/ocom-verification/acceptance-api/src/contexts/staff-role/support/staff-role-graphql.ts
packages/ocom-verification/acceptance-api/src/shared/graphql/staff-role-operations.ts
packages/ocom-verification/acceptance-api/src/contexts/staff-role/step-definitions/staff-role-management.steps.ts
packages/ocom-verification/acceptance-api/src/contexts/staff-role/step-definitions/index.ts
packages/ocom-verification/acceptance-api/src/cucumber-lifecycle-hooks.ts
packages/ocom-verification/acceptance-api/src/world.ts
packages/ocom-verification/acceptance-api/cucumber.js
Add staff-role UI acceptance coverage with Apollo mocks, router/auth wiring, and shared page objects.
  • Extend Ocom component wrapper to support MemoryRouter initialEntries, StaffAuth context, and constrained antd popup containers
  • Implement UI staff-role step definitions that render StaffRolesPage with dynamic Apollo mocks simulating backend state, including role list/create/update behaviors and error/validation flows
  • Provide helpers for exercising create/edit flows, permission toggles, and list assertions via shared page objects
  • Ensure staff UI contexts reset staff-role UI state when staff-auth Givens run, and include staff-role step-definitions in the UI index
  • Broaden acceptance-ui tsconfig includes (and excludes) and dependencies to cover staff user-management and shared UI packages, and add CSS module typing support
  • Configure UI cucumber tags to skip API/E2E-only and @skip-ui scenarios
packages/ocom-verification/acceptance-ui/src/shared/ocom-component-wrapper.ts
packages/ocom-verification/acceptance-ui/src/contexts/staff-role/step-definitions/staff-role-management.steps.tsx
packages/ocom-verification/acceptance-ui/src/contexts/staff-role/step-definitions/index.ts
packages/ocom-verification/acceptance-ui/src/contexts/staff/step-definitions/create-staff-landing.steps.ts
packages/ocom-verification/acceptance-ui/tsconfig.json
packages/ocom-verification/acceptance-ui/package.json
packages/ocom-verification/acceptance-ui/cucumber.js
packages/cellix/serenity-framework/src/dom/css-types.d.ts
Add staff-role E2E coverage with Playwright-backed page objects and staff portal sessions.
  • Introduce staff-portal session management that reuses Playwright contexts per mock OIDC user and logs in via OAuth2 once per user
  • Implement E2E staff-role step definitions that navigate to roles list, exercise create/update/permission flows, and assert list content and validation/error messages using shared page objects
  • Wire staff-role E2E steps into the global step-definitions index and add scenario-state reset hooks from existing staff landing steps
  • Configure E2E cucumber tags to skip API/UI-only scenarios and @skip-e2e cases
packages/ocom-verification/e2e-tests/src/contexts/staff-role/support/staff-portal-session.ts
packages/ocom-verification/e2e-tests/src/contexts/staff-role/step-definitions/staff-role-management.steps.ts
packages/ocom-verification/e2e-tests/src/contexts/staff-role/step-definitions/index.ts
packages/ocom-verification/e2e-tests/src/contexts/staff/step-definitions/staff-landing.steps.ts
packages/ocom-verification/e2e-tests/cucumber.js
Enhance Serenity page adapters for better form interaction and cross-adapter parity.
  • Extend ElementHandle interface with inputValue and isChecked helpers and implement them for both DOM and Playwright adapters
  • Adjust Playwright adapter locator() to use first() match to mirror DOM behavior
  • Update DOM adapter click() implementation to fire full mousedown/mouseup/click sequence to support components like antd Select
packages/cellix/serenity-framework/src/pages/page-adapter.ts
packages/cellix/serenity-framework/src/pages/adapters/playwright-adapter.ts
packages/cellix/serenity-framework/src/pages/adapters/dom-adapter.ts
Fix e2e worktree test environment port/host leakage and align local Azurite/Mongo settings with worktree configuration.
  • Patch API local settings values before putting them in process.env when WORKTREE_NAME is set to avoid overriding spawned app server worktree overrides
  • Re-route CosmosDB connection string, Azure storage connection strings, and staff/end-user OIDC endpoints to worktree-specific ports and hostnames using shared helpers
  • Disable Node.js inspector arguments for worker when running in worktree mode to avoid port conflicts
packages/ocom-verification/e2e-tests/src/shared/environment/test-environment.ts
Improve DOM asset-loader behavior for Apollo client ESM resolution and add minor formatting/cleanup changes.
  • Add special-case resolution for @apollo/client imports to force ESM entrypoints, avoiding CJS named export issues under Node’s loader
  • Apply small test formatting cleanups in server-oauth2-mock-seedwork tests and related env fixtures
packages/cellix/serenity-framework/src/dom/asset-loader-hooks.ts
packages/cellix/server-oauth2-mock-seedwork/tests/file-user-store.test.ts
packages/cellix/server-oauth2-mock-seedwork/tests/portal-discovery.test.ts

Assessment against linked issues

Issue Objective Addressed Explanation
#292 Add shared staff role management verification assets in verification-shared, including 8–12 Gherkin scenarios for role creation, listing, viewing, updates, permission/authorization, and error cases, plus any required shared page objects and seed data.
#292 Implement acceptance-api coverage for staff role management, including GraphQL operations and step definitions that cover backend behavior, permissions, persistence, and error handling.
#292 Implement acceptance-ui and e2e-tests coverage for staff role management in the staff portal, including UI-specific and end-to-end step definitions, page adapters/support, authentication context, and configuration/tagging so these scenarios run cleanly.

Possibly linked issues


Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The staff-role UI acceptance steps keep mutable scenario state (e.g. uiRoles, baselineRoleCount, lastMutation) in module-level variables; if Cucumber ever runs scenarios in parallel within the same process this will race—consider scoping this state to the world/actor instead of module globals.
  • In StaffRoleFormPage the permission key → label mapping is hard-coded and separate from the GraphQL permission grouping logic in staff-role-graphql.ts; consider centralising these permission definitions so changes to permissions or labels can’t drift between layers.
  • The PlaywrightPageAdapter.locator() now unconditionally calls .first(), which silently changes behaviour for existing selectors; you might want to either keep locator() returning the full locator and introduce a separate helper for first(), or audit current call sites and document that locator() is now intentionally first-match-only.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The staff-role UI acceptance steps keep mutable scenario state (e.g. `uiRoles`, `baselineRoleCount`, `lastMutation`) in module-level variables; if Cucumber ever runs scenarios in parallel within the same process this will race—consider scoping this state to the world/actor instead of module globals.
- In `StaffRoleFormPage` the permission key → label mapping is hard-coded and separate from the GraphQL permission grouping logic in `staff-role-graphql.ts`; consider centralising these permission definitions so changes to permissions or labels can’t drift between layers.
- The `PlaywrightPageAdapter.locator()` now unconditionally calls `.first()`, which silently changes behaviour for existing selectors; you might want to either keep `locator()` returning the full locator and introduce a separate helper for `first()`, or audit current call sites and document that `locator()` is now intentionally first-match-only.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR expands the @ocom-verification suites to cover staff role management end-to-end (shared Gherkin scenarios + API/UI/E2E step definitions), adds supporting seeded staff-role/staff-user test data, and makes small framework/environment updates needed to execute those scenarios reliably.

Changes:

  • Add shared staff-role management feature scenarios, page objects, and seeded staff roles/users for verification runs.
  • Implement staff-role step definitions across acceptance-api, acceptance-ui, and e2e-tests; update API mock token validation to support per-actor staff principals.
  • Update serenity framework adapters (checkbox/value helpers + Playwright first-match locator) and patch E2E worktree env leakage; bump/override vulnerable transitive deps and add a scoped Snyk ignore.

Review Notes (actionable)

  • pnpm override risk (semver break): pnpm-workspace.yaml changes brace-expansion@12.0.3. This is a major-version jump for any dependency that explicitly asked for @1, which can violate semver expectations and break tooling at runtime. Consider narrowing the override to the specific transitive paths that need it (e.g., minimatch@3 chains) rather than blanket-upgrading all @1 requests.
  • Behavior change in Playwright adapter: PlaywrightPageAdapter.locator() now forces .first(). This silently “picks one” when a selector matches multiple elements, potentially masking ambiguous selectors that would otherwise fail loudly (useful signal in tests). If the intent is to support “first match” semantics, consider a separate API (or making this opt-in) instead of changing locator() globally.
  • Doc/route mismatch: StaffRolesListPage’s docstring references /staff/user-management/roles, while the E2E step defs navigate to /staff/user-management/staff-roles. Aligning the page-object documentation with the exercised route will prevent confusion and future misnavigation in tests.

Reviewed changes

Copilot reviewed 46 out of 48 changed files in this pull request and generated no comments.

Show a summary per file
File Description
pnpm-workspace.yaml Updates overrides for brace-expansion and webpack-dev-server.
pnpm-lock.yaml Lockfile updates reflecting overrides and added deps.
packages/ocom-verification/verification-shared/src/test-data/test-actors.ts Adds staff actor roles and additional staff actors.
packages/ocom-verification/verification-shared/src/test-data/seed/staff-users.ts New seeded staff-user documents for verification suites.
packages/ocom-verification/verification-shared/src/test-data/seed/staff-roles.ts New seeded staff-role documents + permission shape.
packages/ocom-verification/verification-shared/src/test-data/seed/seed.ts Extends MongoDB seeding to include staff users/roles.
packages/ocom-verification/verification-shared/src/test-data/seed/index.ts Re-exports staff seed data/types/IDs.
packages/ocom-verification/verification-shared/src/test-data/index.ts Re-exports staff seed artifacts from test-data barrel.
packages/ocom-verification/verification-shared/src/scenarios/staff/staff-role-management.feature Adds shared Gherkin scenarios for staff role management.
packages/ocom-verification/verification-shared/src/pages/staff-roles-list.page.ts New page object for staff roles list UI.
packages/ocom-verification/verification-shared/src/pages/staff-role-form.page.ts New page object + permission label mapping for role form.
packages/ocom-verification/verification-shared/src/pages/index.ts Exposes new staff-role page objects from pages barrel.
packages/ocom-verification/e2e-tests/src/step-definitions/index.ts Registers staff-role E2E step definitions.
packages/ocom-verification/e2e-tests/src/shared/environment/test-environment.ts Fixes worktree env leakage by patching local-settings values.
packages/ocom-verification/e2e-tests/src/contexts/staff/step-definitions/staff-landing.steps.ts Syncs staff-role E2E state resets with staff auth givens.
packages/ocom-verification/e2e-tests/src/contexts/staff-role/support/staff-portal-session.ts Adds staff-portal session reuse + role-based login mapping.
packages/ocom-verification/e2e-tests/src/contexts/staff-role/step-definitions/staff-role-management.steps.ts Implements staff-role E2E steps using shared page objects.
packages/ocom-verification/e2e-tests/src/contexts/staff-role/step-definitions/index.ts Index to load staff-role E2E steps.
packages/ocom-verification/e2e-tests/cucumber.js Filters tags to exclude api-only/ui-only/skip-e2e scenarios.
packages/ocom-verification/acceptance-ui/tsconfig.json Expands include paths for staff user-management UI sources.
packages/ocom-verification/acceptance-ui/src/step-definitions/index.ts Registers staff-role UI step definitions.
packages/ocom-verification/acceptance-ui/src/shared/ocom-component-wrapper.ts Adds MemoryRouter + StaffAuthContext support; popup container fix.
packages/ocom-verification/acceptance-ui/src/contexts/staff/step-definitions/create-staff-landing.steps.ts Syncs staff-role UI state resets with staff auth givens.
packages/ocom-verification/acceptance-ui/src/contexts/staff-role/step-definitions/staff-role-management.steps.tsx Implements staff-role component-acceptance steps with Apollo mocks.
packages/ocom-verification/acceptance-ui/src/contexts/staff-role/step-definitions/index.ts Index to load staff-role UI steps.
packages/ocom-verification/acceptance-ui/package.json Adds react-router-dom dependency for UI acceptance tests.
packages/ocom-verification/acceptance-ui/cucumber.js Filters tags to exclude api-only/e2e-only/skip-ui scenarios.
packages/ocom-verification/acceptance-api/src/world.ts Makes GraphQL client ability actor-aware for auth routing.
packages/ocom-verification/acceptance-api/src/step-definitions/index.ts Registers staff-role API step definitions.
packages/ocom-verification/acceptance-api/src/shared/graphql/staff-role-operations.ts Adds GraphQL operations for staff roles/users mutations/queries.
packages/ocom-verification/acceptance-api/src/shared/abilities/graphql-client.ts Lazy per-actor Authorization header resolution.
packages/ocom-verification/acceptance-api/src/shared/abilities/actor-auth.ts Introduces per-actor token registry + staff token prefix helper.
packages/ocom-verification/acceptance-api/src/mock-application-services.ts Passes raw auth header through; adds staff-token verification path.
packages/ocom-verification/acceptance-api/src/cucumber-lifecycle-hooks.ts Clears per-actor tokens between scenarios.
packages/ocom-verification/acceptance-api/src/contexts/staff/step-definitions/staff-landing.steps.ts Registers staff tokens + resets staff-role scenario state.
packages/ocom-verification/acceptance-api/src/contexts/staff-role/support/staff-role-graphql.ts Adds staff-role API helper functions (query/mutate + permissions mapping).
packages/ocom-verification/acceptance-api/src/contexts/staff-role/step-definitions/staff-role-management.steps.ts Implements staff-role API step definitions and scenario state.
packages/ocom-verification/acceptance-api/src/contexts/staff-role/step-definitions/index.ts Index to load staff-role API steps.
packages/ocom-verification/acceptance-api/cucumber.js Filters tags to exclude ui-only/e2e-only/skip-api scenarios.
packages/cellix/server-oauth2-mock-seedwork/tests/portal-discovery.test.ts Formatting-only test adjustment.
packages/cellix/server-oauth2-mock-seedwork/tests/file-user-store.test.ts Formatting-only test adjustments.
packages/cellix/serenity-framework/src/pages/page-adapter.ts Extends ElementHandle API (inputValue/isChecked).
packages/cellix/serenity-framework/src/pages/adapters/playwright-adapter.ts Implements new ElementHandle APIs; changes locator() to first match.
packages/cellix/serenity-framework/src/pages/adapters/dom-adapter.ts Implements new ElementHandle APIs; improves click sequence for widgets.
packages/cellix/serenity-framework/src/dom/asset-loader-hooks.ts Adds ESM redirect for @apollo/client subpath imports.
apps/ui-staff/mock-oidc.users.json Adds tech-admin mock OIDC user; fixes indentation.
apps/ui-community/mock-oidc.users.json Fixes indentation in mock OIDC users.
.snyk Adds ignore entry for brace-expansion ReDoS advisory on minimatch@3 path.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

Copilot Bot and others added 2 commits July 7, 2026 10:43
…install conflicts in CI

pnpm 11 defaults to verify-deps-before-run=install, causing each concurrent
turbo task to trigger pnpm install when workspace state is stale. Parallel
workers SIGINT each other, killing tasks like @ocom/service-queue-storage#gen.

CI already runs 'pnpm install --frozen-lockfile' before turbo tasks.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…verification-coverage-for-staff-role-management

# Conflicts:
#	pnpm-lock.yaml
#	pnpm-workspace.yaml
@henry-casper henry-casper requested a review from Copilot July 7, 2026 15:58
@henry-casper

Copy link
Copy Markdown
Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've found 1 issue, and left some high level feedback:

  • The STAFF_ROLE_PERMISSION_LABELS map tightly couples tests to the exact checkbox label text; consider using stable data attributes or test-ids for permissions to avoid brittleness when copy changes occur in the UI.
  • The shared UI staff-role mocks (uiRoles, currentAuthRole, etc.) are maintained in module-level state; if Cucumber is ever run with parallel workers this will cause cross-scenario interference, so it may be worth guarding against parallel execution or scoping the state per-world.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The `STAFF_ROLE_PERMISSION_LABELS` map tightly couples tests to the exact checkbox label text; consider using stable data attributes or test-ids for permissions to avoid brittleness when copy changes occur in the UI.
- The shared UI staff-role mocks (`uiRoles`, `currentAuthRole`, etc.) are maintained in module-level state; if Cucumber is ever run with parallel workers this will cause cross-scenario interference, so it may be worth guarding against parallel execution or scoping the state per-world.

## Individual Comments

### Comment 1
<location path="packages/cellix/serenity-framework/src/pages/adapters/playwright-adapter.ts" line_range="33-34" />
<code_context>
 		return Promise.resolve(this.element?.getAttribute(name) ?? null);
 	}

+	inputValue(): Promise<string | null> {
+		if (this.element instanceof HTMLInputElement || this.element instanceof HTMLTextAreaElement || this.element instanceof HTMLSelectElement) {
+			return Promise.resolve(this.element.value);
</code_context>
<issue_to_address>
**issue (bug_risk):** Align Playwright inputValue/isChecked semantics with DomElementHandle to avoid runtime errors.

DomElementHandle.inputValue/isChecked return null/false for non‑inputs, but the Playwright adapter currently delegates straight to locator.inputValue()/isChecked, which will throw for unsupported elements. Because shared page objects (e.g. StaffRoleFormPage.permissionCheckbox) call these via the ElementHandle interface and may use either adapter, this creates adapter‑dependent runtime failures. Please align the Playwright behavior with the DOM adapter (e.g. guard via locator.evaluate() before calling, or catch and map errors to null/false) so callers can remain adapter‑agnostic.
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread packages/cellix/serenity-framework/src/pages/adapters/playwright-adapter.ts Outdated

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 45 out of 47 changed files in this pull request and generated no new comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

- serenity-framework: align PlaywrightElementHandle inputValue()/isChecked()
  with the DomElementHandle contract — resolve null/false for unsupported
  elements instead of throwing, so shared page objects behave identically
  across adapters; document the contract on the ElementHandle interface
- acceptance-ui: make the TS project typecheckable (tsc --noEmit passes)
  while keeping the include globs tsx needs for the react-jsx runtime
  transform: exclude UI stories/tests, disable exactOptionalPropertyTypes
  to match how the included UI packages typecheck themselves, and add a
  plain-css ambient module declaration for side-effect stylesheet imports

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@henry-casper henry-casper linked an issue Jul 7, 2026 that may be closed by this pull request
@henry-casper

Copy link
Copy Markdown
Author

@sourcery-ai review

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've left some high level feedback:

  • The staff role defaults (DEFAULT_STAFF_ROLE_NAMES) are duplicated across the API, UI, E2E step definitions and the feature file; consider moving this list into a shared verification-shared module to avoid drift when the defaults change.
  • Both STAFF_ROLE_PERMISSION_LABELS and STAFF_ROLE_PERMISSION_GROUP_BY_KEY depend on hard-coded string keys and throw when a key is missing; it may be safer to centralize permission keys in a shared typed enum/source of truth so adding a new permission can't silently break tests at runtime.
  • The staff-role step implementations maintain mutable module-level state (state, uiRoles, idCounter, etc.); if Cucumber is ever configured to run scenarios in parallel or a scenario omits the resetting Givens, this can leak state between tests, so consider tightening initialization/reset (e.g. using Before hooks or per-scenario world state) to make isolation explicit.
Prompt for AI Agents
Please address the comments from this code review:

## Overall Comments
- The staff role defaults (`DEFAULT_STAFF_ROLE_NAMES`) are duplicated across the API, UI, E2E step definitions and the feature file; consider moving this list into a shared verification-shared module to avoid drift when the defaults change.
- Both `STAFF_ROLE_PERMISSION_LABELS` and `STAFF_ROLE_PERMISSION_GROUP_BY_KEY` depend on hard-coded string keys and throw when a key is missing; it may be safer to centralize permission keys in a shared typed enum/source of truth so adding a new permission can't silently break tests at runtime.
- The staff-role step implementations maintain mutable module-level state (`state`, `uiRoles`, `idCounter`, etc.); if Cucumber is ever configured to run scenarios in parallel or a scenario omits the resetting Givens, this can leak state between tests, so consider tightening initialization/reset (e.g. using `Before` hooks or per-scenario world state) to make isolation explicit.

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 45 out of 48 changed files in this pull request and generated no new comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add @ocom-verification coverage for Staff Role Management

2 participants