Unit tests (Vitest): 129 tests covering:
- Simulation subsystems (PlatformPulse, CoverageGate, RegMatrix, CrossCheck, BaselineProfile, PlayIntegrity, RolloutPhase, RegionCoupling) as pure functions
- Scoring system (asymmetric bonuses, failure penalties)
- Ticket cross-check gate (multi-signal corroboration, OBS discount, preset debounce)
- Incident dispatcher determinism (seeded fingerprint after 600 ticks)
- Achievement progression and unlock rules
- Integrity module (HMAC sign/verify, tamper detection, score sanity)
- Entropy pool (seed generation quality)
- Scenario replay determinism (identical event streams across runs)
- On-call burnout accrual + ticket mechanics
- Postmortem grading (S→D bands, root-cause matching, callout rendering)
- v0.3.0 release gate (bounded invariants across Junior/Senior/Staff/Principal)
Run just the release gate with npm run test:unit -- release-gate — a ~1s
cross-preset smoke check that is the recommended "is this branch shippable?"
single command.
E2E tests (Playwright): 7 tests covering core game flows:
- App loads and time advances
- Preset switching updates coverage threshold
- Profile modal opens and closes
- Budget decreases while running
- Tab navigation toggles selection state
- Daily seed button populates input
- Score increases after multiple ticks
DOM validation: Custom script validates all 135 required element IDs exist exactly once in index.html, preventing wiring regressions between HTML and TypeScript.
npm run test:unit # Vitest unit tests
npm run test:dom # DOM hook validation
npm run test:e2e # Playwright E2E (requires built app)
npm run test:e2e:ci # DOM validation + E2E (used in CI)
npm test # Unit tests + build (type-check + bundle)When Playwright runs the app, it sets VITE_E2E=1. The app then:
- Sets
window.__E2E__ = true - Disables CSS animations (adds
e2eclass) - Uses a fixed seed of
12345for reproducible simulation - Uses
setTimeout(fn, 0)instead ofrequestAnimationFramefor reliable DOM updates - Skips the welcome modal to avoid blocking test interactions
- Checks (on PR + push to main): Unit tests, Playwright E2E, DOM validation
- Deploy (on push to main): Build + deploy to GitHub Pages
- CodeQL (on PR + push + weekly): Security scanning for JavaScript/TypeScript and Actions
- Security nightly (daily): OSV scanner + npm audit, creates PR on findings
- Dependency review (on PR): Fails on high-severity dependency vulnerabilities
If npm install or npm ci fails due to registry or proxy configuration in CI, force the public npm registry in the workflow and ensure the lockfile is not pinned to a private registry.