Adds the M5.3 deliverable scoped to local-dev (stage doesn't exist yet,
so the CI e2e job is gated behind the repo variable RUN_E2E='true' —
defaults off).
Layout:
playwright.config.ts chromium project; baseURL defaults to
http://acme.localhost:3000 (subdomain routing
fires). PLAYWRIGHT_BASE_URL / APEX_URL / etc.
env vars override for stage.
tests/e2e/apex.spec.ts landing page renders
tests/e2e/tenant.spec.ts signed-out dashboard shows Sign in
button; unknown slug returns 404
tests/e2e/health.spec.ts every dev-stack endpoint reachable
(portal /api/auth/providers, tenant-
registry /healthz, KC realm metadata)
Run locally with the full dev stack up:
cd platform/orca-platform && make dev-up
cd platform/tenant-registry && make dev
cd platform/portal && make dev
cd platform/portal && make e2e
OIDC click-through not asserted yet — Keycloak in headless mode is
flaky and depends on a stable test-user password. The current gate
(Sign-in button visible) catches the more common 'auth completely
broken' regression; the deeper smoke lands when stage has its own
test fixture.
tsconfig now excludes tests/e2e so vitest + tsc don't fight over
Playwright type imports.
Refs: M5.3
Next.js 16 + Auth.js v5 skeleton: host→slug middleware, tenant-context layout, OIDC sign-in flow against breakpilot-dev realm. 100% coverage on src/lib. Bumps next to 16.2.6 to clear trivy CVEs in 15.0.3.
sharang