Patch 023 attempted to read process.env.VITE_BRIDGE_TOKEN, but the
vite.config.ts define block uses { 'process.env': {...} } which only
substitutes the literal expression 'process.env' standalone, not when
followed by a member access like 'process.env.X'. So the runtime call
evaluated to undefined and the bridge interceptor never sent a Bearer
header — every /database call got 401.
Switch to Vite's standard pattern: VITE_BRIDGE_TOKEN lives in
apps/client/.env.local (gitignored, must be created locally) and is
auto-exposed via import.meta.env. Verified: the dev server substitutes
it inline at transform time as 'brg_smoketest_admin'.
Patch 025.
The previous fix (Patch 021) read import.meta.env.VITE_BRIDGE_TOKEN, but
Vite only auto-exposes VITE_* in import.meta.env when the .env lives in
apps/client/. Our .env is at the monorepo root and is loaded via
loadEnv() in vite.config.ts, then injected through the define block
under the 'process.env' key. So the runtime variable lives at
process.env.VITE_BRIDGE_TOKEN, not import.meta.env.VITE_BRIDGE_TOKEN.
Without this, the bridge proxy received no Bearer header and returned
401 Unauthorized for every /database slash command request — exactly
what Corentin reported.
Patch 023.
Cross-origin (5173 vs 4000) blocked the auth cookie from reaching the
bridge — every /database slash command request 401'd silently. Two
changes:
1. vite.config.ts: add /bridge -> http://localhost:4000 proxy with
path rewrite + /bridge-events -> /api/events for SSE. Same-origin =
browser sends the auth cookie automatically.
2. bridge-client.ts: resolveBridgeUrl() defaults to /bridge instead
of absolute http://localhost:4000. Also adds a VITE_BRIDGE_TOKEN env
fallback for dev (the bridge requires Bearer auth and the Docmost
session cookie is HttpOnly so JS cannot read it).
Patch 021.
- Convert 17 server spec files from vitest to Jest (vi -> jest globals)
- Add jest.mock stubs for ESM-only prosemirror/html and collaboration modules
- Fix Zod v4 strict UUID validation failures in test fixtures (version byte [1-8] required)
- Add JwtAuthGuard.overrideGuard in all controller specs that lacked it
- Fix jest.Mock type inference (ReturnType<typeof jest.fn> -> jest.Mock) to prevent 'never' arg errors
- Delete vitest.config.ts (CJS), keep vitest.config.mts (ESM-compatible) on client
- Add global mocks for @excalidraw/excalidraw and @/main.tsx in client test-setup
- Result: client 38/38 suites 313/313 tests, server acadenice 21/21 suites 210/210 tests, 0 TS errors
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Minimal testid additions to 4 renderer files so Playwright can target
stable selectors: table-renderer, cell-{rowId}-{fieldName}, kanban-board,
kanban-column-{label}, kanban-card-{rowId}, calendar-renderer,
inline-editor-input, inline-editor-readonly.
Also adds Dockerfile.e2e for the client build used in docker-compose.e2e.yml.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
