Conversation
- Add E2E test infrastructure with setup/teardown scripts - Add test fixtures: start-server, stop-server, start-browser, stop-browser, pw wrapper - Add pairing_and_conversation test that: - Starts the moltworker server with wrangler dev - Opens browser with playwright-cli - Tests device pairing flow via admin UI - Tests conversation with Claude (math question) - Add video recording support using playwright-cli video-start/video-stop - Add E2E_TEST_MODE to skip CF Access auth during tests - Add isE2ETestMode helper and tests
- Add e2e job to test.yml (runs in parallel with unit tests) - Convert webm to mp4 using ffmpeg - Generate thumbnail with play button overlay using ImageMagick - Upload video and thumbnail to e2e-artifacts branch - Post PR comment with clickable thumbnail linking to video
…ions - Pass TELEGRAM_BOT_TOKEN, TELEGRAM_DM_POLICY, TELEGRAM_DM_ALLOW_FROM to e2e test server - Pass DISCORD_BOT_TOKEN, DISCORD_DM_POLICY to e2e test server - Pass SLACK_BOT_TOKEN, SLACK_APP_TOKEN to e2e test server - Add GitHub Actions test matrix with three configurations: 1. base: AI Gateway only 2. telegram: AI Gateway + Telegram bot token 3. discord: AI Gateway + Discord bot token - Each config posts its own PR comment with video recording - Use matrix config name in video artifact paths to avoid conflicts - Detect fatal gateway errors (e.g., Config invalid) after 3 consecutive 503 responses and fail fast instead of looping - Use wall-clock timeout (180s) instead of iteration count, since each curl request can take 3-9 seconds
Telegram:
- Remove invalid 'dm: {}' key (causes validation error)
- Keep 'dmPolicy' at channel level (correct per schema)
- Add 'allowFrom: ["*"]' when dmPolicy is 'open'
Discord:
- Keep 'dm.policy' nested structure (NOT flat 'dmPolicy')
- Discord uses dm.policy inside a dm object, unlike Telegram
- Add 'allowFrom: ["*"]' when dm.policy is 'open'
Schema references (moltbot v2026.1.24-1):
- Telegram dmPolicy: https://github.com/moltbot/moltbot/blob/v2026.1.24-1/src/config/zod-schema.providers-core.ts#L85
- Discord dm.policy: https://github.com/moltbot/moltbot/blob/v2026.1.24-1/src/config/zod-schema.providers-core.ts#L147-L155
Co-authored-by: Matt Krueger <mpkrueger@users.noreply.github.com>
Each matrix job (base, telegram, discord) now pushes to its own branch (e2e-artifacts-base, e2e-artifacts-telegram, e2e-artifacts-discord) to avoid race conditions when pushing in parallel. Also delete old video comments from previous CI runs before adding new ones, using a unique HTML comment marker per matrix config.
Supports three DM access control modes: - pairing (default): unknown senders get pairing code, owner approves - allowlist: only allow senders specified in TELEGRAM_DM_ALLOW_FROM - open: allow all DMs (auto-sets allowFrom: ['*']) Example usage: TELEGRAM_DM_POLICY=allowlist TELEGRAM_DM_ALLOW_FROM=123456789,987654321 Closes cloudflare#120
Fixes cloudflare#85 - CDP_SECRET and other sensitive params like tokens were being logged in plain text. Now any query param containing secret, token, key, password, auth, or credential (case-insensitive) is redacted.
Fixes cloudflare#117 - WebSocket message payloads (which can contain sensitive user content, authentication data, or tokens) were being logged in production. Now verbose payload logging is only enabled when DEBUG_ROUTES=true.
Regression tests for cloudflare#85 - ensures sensitive query params like secret, token, key, password, auth, credential are properly redacted from logs.
Move the function to a separate module to make it testable without pulling in heavy sandbox dependencies.
…udflare#117) These tests verify: - Secret query params are redacted from request logs - Token query params are redacted from request logs - The [REDACTED] placeholder appears in logs instead of actual values
The CDP endpoint returns 503 when CDP_SECRET isn't configured. Instead, use simple curl requests and just verify logs are correct.
The redacted value appears as %5BREDACTED%5D in logs due to URL encoding.
Select the correct Node.js binary tarball based on dpkg architecture. - amd64 -> linux-x64 - arm64 -> linux-arm64 This fixes exec format errors when building the sandbox container on arm64 hosts.
Deploy real workers to Cloudflare infrastructure for e2e testing, replacing local wrangler dev. This catches issues that local testing can't: R2 bucket mounting, container cold starts, Access auth flows. ## Infrastructure (test/e2e/fixture/server/) - Terraform: Creates R2 bucket + service token (unique per test run) - create-access-app: Creates Access app via API after worker deploy - deploy: Generates dynamic wrangler config for unique container names - start/stop: Orchestrate full lifecycle with proper cleanup ## Access protection - Access app protects worker URL externally - Service Auth policy for automated tests (service token headers) - Allow policy for @cloudflare.com emails (manual debugging) - Playwright sets headers via page.context().setExtraHTTPHeaders() ## Test flow 1. Terraform creates R2 bucket + service token 2. Deploy worker with unique name (timestamp + random) 3. Create Access app via API (must be after worker exists) 4. Start browser, navigate to worker, wait for 'Pairing required' 5. Video captures loading screen through full test 6. Teardown: Access app → worker → R2 bucket → service token ## Code changes - src/config.ts: getR2BucketName() for configurable bucket - src/gateway/r2.ts: Uses configurable bucket name - src/types.ts: Added R2_BUCKET_NAME to MoltbotEnv ## GitHub Actions - Updated workflow with Terraform setup - Infrastructure secrets use E2E_ prefix - E2E_TEST_RUN_ID uses run_id + matrix name for isolation ## Documentation - test/e2e/README.md: Comprehensive architecture docs - test/e2e/.dev.vars.example: Credential setup instructions Required repo secrets: - E2E_CLOUDFLARE_API_TOKEN, E2E_CF_ACCOUNT_ID, E2E_WORKERS_SUBDOMAIN - E2E_CF_ACCESS_TEAM_DOMAIN, E2E_R2_ACCESS_KEY_ID, E2E_R2_SECRET_ACCESS_KEY - AI_GATEWAY_API_KEY, AI_GATEWAY_BASE_URL (existing, for chat tests)
CDP_SECRET header => CDP_SECRET parameter
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
there is mistake in README where it indicate CDP_SECRET as a header.
but it should be a parameter value with parameter key as "secret"