Skip to content

feat(api-suite): phase 4 — Playwright API test suite [v0.4.0]#3

Merged
qa-ashutosh merged 1 commit into
mainfrom
feat/phase-4-api-suite
May 2, 2026
Merged

feat(api-suite): phase 4 — Playwright API test suite [v0.4.0]#3
qa-ashutosh merged 1 commit into
mainfrom
feat/phase-4-api-suite

Conversation

@qa-ashutosh
Copy link
Copy Markdown
Owner

@qa-ashutosh qa-ashutosh commented May 2, 2026

Summary

Implements @qrypto/api-suite — a Playwright API test suite covering the full exchange surface with zero browser overhead. Full suite runs in under 35 seconds with workers: 1 (required for a stateful mock server).

94 tests passing across 6 domains.

Type of change

  • feat — new capability

Scope

api-suite, mock-server

What ships

Test suite:

  • BaseApiClient with retry, auth injection, correlation IDs, 429 handling
  • AuthClient, KycClient, WalletClient, TradingClient, AdminClient
  • Auth: login, 2FA, brute-force lockout, token lifecycle, session management, IDOR
  • KYC: withdrawal gate for all 5 KYC states, AML flag blocking, state machine
  • Wallet: satoshi precision, fee accuracy, balance invariant, deposit confirmation
  • Trading: order placement, IDOR protection, cancellation, order book, ticker
  • Calculations: 0.1+0.2 float trap documented and tested, fee precision
  • Race conditions: concurrent withdrawals, simultaneous orders, parallel KYC

Mock server fixes (found during testing):

  • Login rate limit raised to 10 to allow brute-force lockout tests to reach threshold
  • Session deletion now revokes the associated token (revokedSessions set added to state)
  • UNVERIFIED user added to funded wallet seed list

Architecture decision:

  • workers: 1 — parallel workers against a shared stateful server cause non-deterministic state corruption. Serial execution is correct for this suite. The performance suite is the right place for concurrency testing.

How to run

Terminal 1: npm run mock:start
Terminal 2: npm run test:api

Smoke only: npm run test:api -- --grep @smoke
Report: npm run report --workspace=packages/api-suite

Checklist

  • All 94 tests passing
  • npm run typecheck passes
  • npm run lint passes
  • npm run format:check passes
  • CHANGELOG.md updated to v0.4.0
  • root package.json bumped to v0.4.0

@qa-ashutosh
feat(api-suite): phase 4 — playwright api test suite
af1ae6d 
- BaseApiClient: retry, auth injection, correlation ids, 429 handling
- domain clients: AuthClient, KycClient, WalletClient, TradingClient, AdminClient
- auth tests: login, 2fa, brute-force lockout, token lifecycle, sessions, idor
- kyc tests: withdrawal gate for all states, aml blocking, state machine
- wallet tests: satoshi precision, fee accuracy, balance invariant, deposit confirm
- trading tests: order placement, idor protection, cancellation, market data
- calculation tests: float precision traps, fee accuracy, multi-op balance precision
- race condition tests: concurrent withdrawals, simultaneous orders, parallel kyc
- global setup: server health check + state reset before all tests
- workers set to 1 — stateful mock server requires serial execution
- mock server fixes: rate limit threshold, session revocation, unverified user wallet
- packages/api-suite/README.md with coverage map and p0/p1/p2 priority table
- root package.json bumped to v0.4.0
- changelog updated to v0.4.0
@qa-ashutosh qa-ashutosh merged commit e5df1ba into main May 2, 2026
2 checks passed
@qa-ashutosh qa-ashutosh deleted the feat/phase-4-api-suite branch May 2, 2026 19:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@qa-ashutosh