fix(tests): E2E auth-flow test helper uses stale auth contract (auth_token vs accessToken/refreshToken)

[github-actions]

Summary

The in-test auth store helper in auth-flow.test.tsx writes auth_token and accepts an injected user object. The actual shipped auth flow uses accessToken/refreshToken, derives the user from the JWT, and sets the cm_access_token cookie. This mismatch means the tests pass even when the real auth contract is broken.

Affected file

src/UILayer/web/src/__tests__/e2e/auth-flow.test.tsx — line 39

Required fix

Update the test helper to use the same field names and structure as the real useAuthStore (accessToken, refreshToken, cookie logic) so the tests fail when the production auth contract changes.

References

• PR Phase 16: Remaining widgets, role-based UI, frontend tests #361 review: Phase 16: Remaining widgets, role-based UI, frontend tests #361 (comment)
• Severity: 🟠 Major

[blocksorg]

Mention Blocks like a regular teammate with your question or request:

@blocks can you add technical details to this issue?
@blocks make the following changes ...
@blocks create an issue from what was mentioned in the following comment ...
@blocks explain the following code ...
@blocks are there any security or performance concerns?

Run @blocks /help for more information.

Workspace settings | Disable this message