social.io system testing
This standalone repository qualifies the complete social.io deployment boundary.
It follows the sibling serve.zone/testing model: Vagrant creates an isolated
Ubuntu guest, the whole social.io workspace is copied into it with one-way
rsync, and independently runnable scenarios exercise real services.
Phase 1 is one production-mode vertical slice. It proves TLS/authenticated
MongoDB transactions, HTTPS object storage, clamd, provider IMAP/JMAP,
transactional/provider SMTP capture, the first-party JMAP/IMAP surfaces, real
browser login, and deterministic desktop/iPad/iPhone screenshots. The broader recovery,
backup/restore, failure-injection, performance, accessibility, and full journey
matrix is tracked in ../readme.plan.md and belongs to test:full as it lands.
Isolation model
- The app and deterministic mail fixture are supervised guest processes.
- MongoDB, MinIO, clamd, and Caddy run in a private Docker network.
- Only HTTPS on guest port 8443 and first-party IMAPS on guest port 1993 are forwarded to host loopback.
- Generated secrets and PKI stay under ignored
infra/runtime/inside the VM. - Guest-to-host artifacts are copied explicitly; rsync never returns secrets.
Commands
pnpm install --frozen-lockfile
pnpm check
pnpm test:unit
pnpm vagrant:up
pnpm vagrant:test
pnpm vagrant:screenshots
pnpm vagrant:pull
pnpm vagrant:destroy
The default Vagrant provider is libvirt. Override box/provider resources with
SOCIALIO_VAGRANT_BOX, SOCIALIO_VAGRANT_BOX_VERSION,
SOCIALIO_VAGRANT_CPUS, and SOCIALIO_VAGRANT_MEMORY.
Phase 1 is pinned to amd64 because the qualified ClamAV image is amd64-only;
an arm64 matrix remains a roadmap item rather than silently skipping scanning.
Screenshot boundary
Raw candidates live in .playwright-mcp/landing/device-matrix/. Capture and tests
never modify ../landingpage. Promotion is a separate dry-run-first command:
pnpm screenshots:verify
pnpm screenshots:promote --landing ../landingpage
# Applying changed existing files additionally requires --apply and one
# --overwrite <allowlisted-file.png> argument for every changed file.
# If a prior qualified promotion left only unstaged tracked screenshot
# modifications, add --allow-dirty-screenshots. Any staged, untracked, or
# non-screenshot change still blocks promotion.
Promotion validates real paths, the 34-name candidate allowlist, per-profile dimensions (1920x1080 desktop, 1180x820 iPad, 402x874 iPhone), manifest hashes, and a clean or explicitly screenshot-only landing worktree. Every overwrite must be explicitly named. It never commits or pushes.
Static validation proves only the scaffold. The 2026-07-16 clean-volume VM run,
browser journey, repeated protocol checks, and 34-image desktop/iPad/iPhone
device matrix passed, including per-profile responsive-shell assertions and
host-side hash verification. The manifest remains a phase1-candidate until
the verified SmartIMAP Deno TLS listener fix is published, adopted, and the run
passes without a guest dependency hotpatch.