plainpages

Author	SHA1	Message	Date
lilleman	b5af4ba6cd	E2E for token timeout + refresh (todo §4); full-stack auth-refresh.spec.ts (real Ory stack): a lapsed session JWT is silently re-minted from the live Kratos session (roles re-read from Keto), and cleared once the session is revoked; ory/kratos/e2e.yml shortens the tokenizer ttl to 8s + adds JWT_CLOCK_SKEW_SEC config so re-mint fires at expiry; scope visual suite to visual.spec.ts	2026-06-18 11:32:23 +02:00
lilleman	4b2173cb84	Secure cookie flags + CSRF for our own POST forms (todo §4); SECURE_COOKIES toggle on session/CSRF cookies; csrf.ts signed double-submit token + body.ts form reader; logout is now a CSRF-guarded POST form	2026-06-18 11:12:32 +02:00
lilleman	f91e08c2a6	Add Full, parallel E2E principle (todo §1.1); AGENTS §6 + README, 404 E2E coverage, --build the runner so spec edits apply	2026-06-15 16:58:26 +02:00
lilleman	6f590148af	Add dockerized Playwright E2E (todo §1); screenshot live pages + foundation mockups, assert shared design-system styles match	2026-06-15 16:37:21 +02:00