test(web): credential wizard source assertion rejects repository privateKey field #331

Open
opened 2026-05-31 17:57:49 +00:00 by simon · 0 comments
Owner

While validating the repository SSH key error handling fix, I ran the full web unit suite with dependencies installed:\n\npnpm --filter web test:unit\n\nThe suite currently fails in apps/web/lib/automation/ct-automation-credential-step-core.test.mjs at the "credential wizard UI and actions stay browser safe" source assertion. The test asserts the CT-Automation jobs client does not contain privateKey, but the same client now legitimately includes repository-management fields such as privateKeyVisible, name="privateKey", and calls to repository create/test actions that pass repository SCM private key form data.\n\nEvidence from the focused run:\n\n- File: apps/web/lib/automation/ct-automation-credential-step-core.test.mjs:294\n- Failing assertion: assert.doesNotMatch(client, /privateKey/)\n- Source containing the match: apps/web/app/(dashboard)/automation/jobs/ct-automation-jobs-client.tsx repository private-key UI and form submission fields\n\nExisting related full-suite failures are already tracked separately as #21, #283, and #284. This one should be narrowed so credential tests only forbid credential secret leakage instead of forbidding repository private-key form field names in the shared jobs client.

While validating the repository SSH key error handling fix, I ran the full web unit suite with dependencies installed:\n\n`pnpm --filter web test:unit`\n\nThe suite currently fails in `apps/web/lib/automation/ct-automation-credential-step-core.test.mjs` at the "credential wizard UI and actions stay browser safe" source assertion. The test asserts the CT-Automation jobs client does not contain `privateKey`, but the same client now legitimately includes repository-management fields such as `privateKeyVisible`, `name="privateKey"`, and calls to repository create/test actions that pass repository SCM private key form data.\n\nEvidence from the focused run:\n\n- File: `apps/web/lib/automation/ct-automation-credential-step-core.test.mjs:294`\n- Failing assertion: `assert.doesNotMatch(client, /privateKey/)`\n- Source containing the match: `apps/web/app/(dashboard)/automation/jobs/ct-automation-jobs-client.tsx` repository private-key UI and form submission fields\n\nExisting related full-suite failures are already tracked separately as #21, #283, and #284. This one should be narrowed so credential tests only forbid credential secret leakage instead of forbidding repository private-key form field names in the shared jobs client.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
carrtech/ct-ops#331
No description provided.