Second CI run surfaced 8 real failures across 7 detail/list pages and 1
mock-shape error. Root causes:
1. Multi-match disambiguation. screen.getByText(...) matched both the
PageHeader <h2> AND duplicated text in InfoRow / detail-row spans
within the same page (e.g., issuer name appears as page title AND
in the Issuer Details panel; cert.common_name appears as page title
AND in the Common Name InfoRow). The regex variants (getByText(/X/i))
were even worse — matched any element containing the substring.
2. NetworkScanPage mock-shape. xssScanTarget.ports was '443,8443'
(string), but NetworkScanPage.tsx:180 calls t.ports?.join() which
requires a number[] per src/api/types.ts:506. Page errored before
rendering the DataTable, so the XSS test's body.textContent
assertion saw an empty string.
Fixes:
- Every page-title assertion in the 14 Pass 3 test files now uses
screen.getByRole('heading', { level: 2, name: ... }), which matches
ONLY the PageHeader <h2> (PageHeader.tsx:11 renders an actual <h2>).
Detail-row spans / InfoRow text / column-header text in lower-level
headings (h3) is excluded by the level filter.
- NetworkScanPage xssScanTarget.ports changed from '443,8443' (string)
to [443, 8443] (number[]) per the NetworkScanTarget TS type.
Pages with assertion fixes (8 tests across 7 files):
- AgentFleetPage /Agent/i -> 'Agent Fleet Overview' (h2)
- AuditPage /Audit/ -> 'Audit Trail' (h2)
- CertificateDetailPage 'plain.example.com' (text) -> heading h2
- HealthMonitorPage /Health/i -> 'Health Monitor' (h2)
- IssuerDetailPage 'Plain Name' (text) -> heading h2
- JobDetailPage /j-xss-001/ (text) -> heading h2
- JobsPage /Jobs/i -> 'Jobs' (h2)
- ProfilesPage /Profile/i -> 'Certificate Profiles' (h2)
- TargetDetailPage 'Plain Name' (text) -> heading h2
Plus 4 already-correct pages updated for consistency:
- DigestPage text 'Certificate Digest' -> heading h2
- ObservabilityPage text 'Observability' -> heading h2
- NetworkScanPage /Network/i -> 'Network Scanning' (h2)
- ShortLivedPage text 'Short-Lived...' -> heading h2
Mock-shape fix:
- NetworkScanPage.test.tsx ports: '443,8443' -> [443, 8443]
End-to-end audit:
Every Pass 3 test now anchors on the unambiguous PageHeader <h2>;
no remaining getByText() with regex or substring that could spuriously
multi-match. Mock data shapes verified against src/api/types.ts
interfaces (NetworkScanTarget, MetricsResponse, ManagedCertificate).
Closes M-029 Pass 3 fully. Every src/pages/*.tsx now has a *.test.tsx peer.
Audit recon: 'comm -23 <pages> <test-peers>' returns zero (all 14 T-1-deferred
pages now covered).
Test files added (each ships render-coverage + an XSS-hardening contract):
- HealthMonitorPage.test.tsx endpoint URL + last_error payloads
- JobsPage.test.tsx type / certificate_id / agent_id /
error_message payloads
- NetworkScanPage.test.tsx network_range / agent_id / last_scan_message
payloads
- ProfilesPage.test.tsx profile name / description / EKUs payloads
- AgentFleetPage.test.tsx agent name / hostname / OS / arch / IP
payloads (mirrors the M-003 MCP fence shape)
Pass 3 totals across batches A + B + C: 14 new test files, 14/14 T-1-deferred
pages closed. Each test pins three invariants:
1. The page renders against mock data without crashing.
2. No live <script data-xss='...'> attaches to the DOM.
3. The literal payload appears as escaped text content (proving the page
surfaces the data without rendering it as HTML).
M-029 status after Pass 3:
Pass 1 — useMutation -> useTrackedMutation COMPLETE (6 batches, 56 -> 0)
Pass 2 — useState pagination -> useListParams COMPLETE (CertificatesPage)
Pass 3 — XSS-hardening test suites COMPLETE (14/14 pages)
M-029 IS NOW READY TO CLOSE.
Shankar