import type { ProbeTarget } from "./verify-deploy"; import type { ProbeOutcome } from "./verify-deploy.drivers"; import type { FetchLike } from "./verify-deploy.drivers.baseline"; import { probeBaseline } from "./verify-deploy.drivers.baseline"; const DRIVER_LABEL = "dashboard"; const DEFAULT_TIMEOUT_MS = 30_000; /** * Production sentinels the dashboard's runtime-config reader emits when a * required env var is unset on the Railway service. When either of these * lands in the injected `window.__SHOWCASE_CONFIG__`, the dashboard renders * with dead Demo/Code/hover-preview links (shellUrl) or dead Status-tab * live-readers (pocketbaseUrl) — a 200 that is NOT healthy. * * These MUST stay in sync with the SSOT in * `showcase/shell-dashboard/src/lib/runtime-config.ts:39-40` * (`PROD_INVALID_POCKETBASE_URL` / `PROD_INVALID_SHELL_URL`). That module * imports `next/cache`, so it cannot be cleanly imported into the scripts * tsconfig (the scripts typecheck has no Next types and `include` is scoped * to this directory); we mirror the literals here with this pointer instead * of pulling Next into the verify-deploy toolchain. */ const PROD_INVALID_SHELL_URL = "about:blank#shell-url-missing"; const PROD_INVALID_POCKETBASE_URL = "http://pocketbase.invalid"; function isAbortError(e: unknown): boolean { if (!e || typeof e !== "object") return false; return (e as { name?: unknown }).name === "AbortError"; } /** * Extract the inlined runtime config from the dashboard's HTML. The root * layout (`shell-dashboard/src/app/layout.tsx`) injects an inline * `` close) and then strip the `window.__SHOWCASE_CONFIG__=` prefix * and trailing `;`, rather than char-class-matching the JSON body. A body * char-class like `\{[^<]*?\}` truncates at the first `};` that appears inside * a value and fails entirely on trailing-whitespace / newline / missing-semi * drift in the injection — and a silent no-match there would let a * format-drifted-but-present config slip through as "block absent → pass". * Anchoring on the tag boundary means any present-but-unparseable block * fails LOUD (throws) instead. * * Returns the parsed config object, or `undefined` ONLY when the script tag * is genuinely not present on the page (some renders may omit it) — in that * case the probe must NOT false-fail. A present-but-malformed block (bad * JSON, or a parseable non-object) THROWS so the verifier can never silently * PASS on a wiring bug. */ function extractInjectedConfig( html: string, ): Record | undefined { // Match the inline config script by its id, capturing the tag body up to // the closing . `[\s\S]` so the body may span newlines. const tagMatch = html.match( /]*\bid=["']__showcase_config__["'][^>]*>([\s\S]*?)<\/script>/i, ); // Tag genuinely absent — do not false-fail. if (!tagMatch) return undefined; const body = tagMatch[1].trim(); // Strip the `window.__SHOWCASE_CONFIG__=` assignment prefix and the trailing // `;`. Tolerate surrounding whitespace from formatter/minifier drift. const assignMatch = body.match( /^window\.__SHOWCASE_CONFIG__\s*=\s*([\s\S]*?);?\s*$/, ); if (!assignMatch) { // The tag is present but its body is not the expected assignment — a // wiring/format-drift bug. Fail loud rather than silent-pass. throw new Error( "__SHOWCASE_CONFIG__ script present but body is not the expected " + "`window.__SHOWCASE_CONFIG__=;` assignment", ); } let parsed: unknown; try { parsed = JSON.parse(assignMatch[1]); } catch { // A malformed config block is itself a wiring bug; fail loud so we don't // silently pass. throw new Error("__SHOWCASE_CONFIG__ present but not valid JSON"); } if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) { // Parseable but NOT a config object (null / array / scalar) — a // format-drift bug. Throw like the JSON-parse branch so a parseable // non-object can never silently PASS. throw new Error( "__SHOWCASE_CONFIG__ present but did not parse to a config object", ); } return parsed as Record; } /** * After a green baseline, fetch `/` and assert the injected runtime config * is not carrying a production "env unset" sentinel. Returns an error * string on a sentinel hit (or on a malformed config block); `undefined` * when the config is healthy OR the block is simply absent. */ async function checkRuntimeConfigSentinels( host: string, fetchImpl: FetchLike, timeoutMs: number, ): Promise { const url = `https://${host}/`; const controller = new AbortController(); const timer = setTimeout(() => controller.abort(), timeoutMs); let res: Awaited>; try { res = await fetchImpl(url, { method: "GET", headers: { "User-Agent": "verify-deploy" }, signal: controller.signal, }); } catch (e: unknown) { const msg = isAbortError(e) ? `timed out after ${timeoutMs}ms` : e instanceof Error ? e.message : String(e); return `${DRIVER_LABEL}: runtime-config GET ${url} failed: ${msg}`; } finally { clearTimeout(timer); } let html: string; try { html = await res.text(); } catch (e: unknown) { const msg = e instanceof Error ? e.message : String(e); return `${DRIVER_LABEL}: runtime-config GET ${url} body read failed: ${msg}`; } let cfg: Record | undefined; try { cfg = extractInjectedConfig(html); } catch (e: unknown) { const msg = e instanceof Error ? e.message : String(e); return `${DRIVER_LABEL}: ${msg} at ${url}`; } // Block absent — do not false-fail (some renders omit it). if (!cfg) return undefined; if (cfg.shellUrl === PROD_INVALID_SHELL_URL) { return ( `${DRIVER_LABEL}: injected __SHOWCASE_CONFIG__.shellUrl is the ` + `"env unset" sentinel "${PROD_INVALID_SHELL_URL}" at ${url} — ` + `Demo/Code/preview links are dead. Set SHELL_URL on the Railway service.` ); } if (cfg.pocketbaseUrl === PROD_INVALID_POCKETBASE_URL) { return ( `${DRIVER_LABEL}: injected __SHOWCASE_CONFIG__.pocketbaseUrl is the ` + `"env unset" sentinel "${PROD_INVALID_POCKETBASE_URL}" at ${url} — ` + `Status-tab live-readers are dead. Set POCKETBASE_URL on the Railway service.` ); } return undefined; } /** * Feature-level verifier for the `shell-dashboard` Next.js service. * * Baseline: Railway deployment-SUCCESS + HTTP 200 on `/`. * * Driver-specific layer: after a green baseline, fetch `/`, parse the * injected `window.__SHOWCASE_CONFIG__`, and FAIL if it carries a * production "env unset" sentinel (`shellUrl === about:blank#shell-url-missing` * or `pocketbaseUrl === http://pocketbase.invalid`). This catches the * "200 but every Demo/Code/preview link is dead" case that a naked HTTP * probe misses — the exact failure that shipped to staging when SHELL_URL * was unset on the Railway service. */ export async function probeDashboard( target: ProbeTarget, ): Promise { const baseline = await probeBaseline(target, { driverLabel: DRIVER_LABEL, healthcheckPath: "/", }); if (!baseline.ok) return baseline; // Reuse the same fetch impl/timeout policy as the baseline. Production // callers use the real `globalThis.fetch`; tests inject a seam by passing // a custom `globalThis.fetch` stub (the baseline's `fetchImpl` opt is not // threaded here since `probeDashboard`'s public signature takes only a // target — mirror that for the config check). const sentinelErr = await checkRuntimeConfigSentinels( target.host, globalThis.fetch as unknown as FetchLike, DEFAULT_TIMEOUT_MS, ); if (sentinelErr) return { ok: false, error: sentinelErr }; return { ok: true }; }