diff --git a/machine-docs/DECISIONS.md b/machine-docs/DECISIONS.md index 5a41452..4e0b7f9 100644 --- a/machine-docs/DECISIONS.md +++ b/machine-docs/DECISIONS.md @@ -440,3 +440,43 @@ adds **content**, not infra, with a few small harness primitives ported from - **Heavy-recipe parking.** Drone's `MAX_TESTS=1` + per-build timeout already serialize runs; for Phase 2 we DO NOT lift it. Within a single run, the orchestrator deploys deps before the recipe-under-test sequentially (never concurrently) per plan §4.2. + +## Phase 2 Q3.4 — cryptpad create-pad deeper test deferral (2026-05-28) + +**Status:** Deferred to Q3.4 follow-up (or Q5 catch-up), with Adversary sign-off pending per +plan §7.1. + +**What's deferred:** The "create-an-object + read-it-back" deep test for cryptpad — +authenticate-and-create a real pad in the browser, type a uniquely-marked content string, reload +the page (retaining the client-side encryption key in the URL fragment), assert the marker +survives. This is the canonical create-and-read-back per plan §4.3 ("client-side-encryption: +page is JS-rendered, so use Playwright, not bare curl"). + +**Why deferred (the technical reason):** +- CryptPad's pad-creation client-side flow is **version-specific**. In the recipe under test + (10.6.0+5.7.0), visiting `/pad/` does NOT auto-inject a fragment-keyed pad URL; CryptPad + requires the user to explicitly click a "new rich text" / "new pad" link from the landing + page, AND those UI selectors (`.cp-apps-grid a`, `[data-app='pad']`, `a[href*='/pad/']`) are + not stable across CryptPad versions. +- Three attempted drafts during Q3.4 each failed cold on this: + 1. Type + reload + content-survives: contenteditable inside nested iframe with origin + mismatch (SANDBOX_DOMAIN). + 2. Direct-`/pad/`-then-fragment: no fragment ever appeared on this version. + 3. Click-fallback for known app-launch selectors: none of the candidate selectors matched. + +**The maximal testable subset that IS shipped (P3 floor met):** +- `tests/cryptpad/functional/test_health_check.py` — parity HTTP 200. +- `tests/cryptpad/functional/test_spa_assets.py` — CryptPad branding + canonical asset paths + in served HTML. Catches the wedged-server-fallback-page failure mode. +- `tests/cryptpad/playwright/test_pad_create.py` — Chromium renders the SPA, asserts brand + + canonical asset references + zero non-filtered JavaScript console errors. + +The Playwright test exercises the JS pipeline in a real browser (per §4.3 directive); the +piece NOT exercised is the user-action-driven pad lifecycle. **What's required to lift the +deferral:** pin a specific CryptPad app-launch contract (CryptPad's source has app-launch +URL patterns like `/pad/?new=1` on some versions) OR write a Playwright helper that walks the +SPA's main menu via a stable accessibility tree (role-based selectors instead of CSS). + +Adversary may file F2-N requesting full create-pad coverage; the answer above is the +honest technical reason + the maximal subset. Logged here per plan §7.1. +