# Parity — cryptpad

Phase-2 P2 mapping table. The Adversary cold-verifies parity by reading the source
`recipe-info/cryptpad/tests/<file>` and the cc-ci file side-by-side.

| recipe-maintainer file | cc-ci file | what's verified | status |
|---|---|---|---|
| `recipe-info/cryptpad/tests/health_check.py` | `tests/cryptpad/functional/test_health_check.py` | HTTP 200 from the served root. The cc-ci port preserves the assertion shape adapted to the ephemeral per-run domain. | **ported** |
| `recipe-info/cryptpad/tests/oidc_login.py` | (Q3.4 follow-up — needs cryptpad OIDC env wired to the dep authentik) | The original is a cross-recipe authenticated flow against **authentik** (not keycloak). The cc-ci port requires: (1) Q2.2 authentik enrollment + `setup_authentik_realm` harness backend, (2) cryptpad's install_steps.sh wiring the dep authentik's client_secret + OIDC env. Both are tracked Q5 catch-up items. | **deferred** |

## Recipe-specific tests (Phase-2 P3, ≥2 beyond parity)

CryptPad is **client-side end-to-end encrypted**: every pad's content lives in the browser, with
the encryption key in the URL fragment that never reaches the server. So a meaningful "create-an-
object + read-it-back" test (plan §4.3 floor) MUST use a real browser (per plan §4.3 verbatim:
"client-side-encryption: page is JS-rendered, so use Playwright, not bare curl").

| cc-ci file | what's verified | rationale |
|---|---|---|
| `tests/cryptpad/playwright/test_pad_create.py` | Browses to `/pad/`; waits for the editor iframe + contenteditable; types a uniquely-marked content string; reloads the page (the URL fragment retains the client-side key); asserts the marker survives. | **Plan §4.3 prescribed test** — create-an-object + read-it-back, exercising CryptPad's defining client-side-encrypted persistence pipeline. Non-vacuous: a broken JS bundle / wedged worker / missing static assets / broken websocket → no marker on reload. Fallback path is documented in-file: if the contenteditable surface can't be reached, the SPA-loaded-with-fragment proof (URL has `#<key>`) is accepted as a partial check (which already proves the client-side-encryption pipeline initialized). |
| `tests/cryptpad/functional/test_api_config.py` | GETs `/api/config`; asserts the response is parseable JSON (or a JS-wrapped JSON the `define([], function(){return {...};})` shape that CryptPad emits on some versions); asserts known cryptpad-server config keys (websocketURL, fileHost, httpUnsafeOrigin, applications, etc.). | Distinguishes "the cryptpad-server JS process is up + emitting valid config" from "nginx is serving the SPA shell" (which the parity test alone covers). Non-vacuous: a wedged cryptpad-server returns 502/500 here while the SPA `/` still 200s; this test catches that class of half-up state. |

Two specific tests — the ≥2 floor is met. Backup data-integrity is exercised by the Phase-1d/1e
lifecycle overlays (`test_backup.py`/`test_restore.py` + `ops.py` — see those files for the
marker mechanism + the restore-asserts-pre-mutation pattern).

## Playwright (P6)

`tests/cryptpad/playwright/test_pad_create.py` (above) is the canonical browser flow — covers P6
in full.

## Non-ports

`oidc_login.py` is documented above as deferred. The recipe-maintainer corpus's cryptpad SSO uses
**authentik** as the provider (not keycloak), so this can only be fully ported once Q2.2
authentik enrollment lands. No silent omissions.