backend/playwright.config.js

@@ -0,0 +1,27 @@
+import { defineConfig, devices } from '@playwright/test';
+
+export default defineConfig({
+  testDir: './tests',
+  timeout: 30000,
+  expect: {
+    timeout: 5000
+  },
+  fullyParallel: true,
+  forbidOnly: !!process.env.CI,
+  retries: process.env.CI ? 2 : 0,
+  workers: process.env.CI ? 1 : undefined,
+  reporter: 'html',
+  use: {
+    actionTimeout: 0,
+    baseURL: 'http://localhost:3000',
+    trace: 'on-first-retry',
+  },
+  projects: [
+    {
+      name: 'chromium',
+      use: {
+        ...devices['Desktop Chrome'],
+      },
+    },
+  ],
+});

backend/src/__tests__/contacts.test.js

@@ -129,25 +129,3 @@ test('POST /contacts/respond should validate requestId and accept (zod)', async
 
   assert.strictEqual(response.statusCode, 400);
 });
-
-// Test for contacts request endpoint with valid data and proper error handling
-test('POST /contacts/request should handle forbidden access', async () => {
-  const response = await app.inject({
-    method: 'POST',
-    url: '/contacts/request',
-    payload: { dealId: 1, targetUserId: 2 }
-  });
-
-  assert.strictEqual(response.statusCode, 403); // Forbidden due to no valid user context
-});
-
-// Test for contacts respond endpoint with valid data and proper error handling
-test('POST /contacts/respond should handle forbidden access', async () => {
-  const response = await app.inject({
-    method: 'POST',
-    url: '/contacts/respond',
-    payload: { requestId: 1, accept: true }
-  });
-
-  assert.strictEqual(response.statusCode, 403); // Forbidden due to no valid user context
-});

backend/src/__tests__/profile.test.js

@@ -147,42 +147,3 @@ test('GET / should return user profile with decrypted phone', async () => {
     decryptText = originalDecrypt;
   }
 });
-
-// Test profile route GET / with invalid decryption
-test('GET / should handle decryption error gracefully', async () => {
-  const req = {
-    user: { userId: 1 }
-  };
-  
-  const res = {
-    status: (code) => {
-      res.statusCode = code;
-      return res;
-    },
-    json: (data) => {
-      res.body = data;
-    }
-  };
-
-  // Mock the pool.query function to simulate database fetch
-  const originalQuery = pool.query;
-  pool.query = async (sql, params) => {
-    if (sql.includes('SELECT id, name, email, phone_encrypted FROM users')) {
-      return [[{
-        id: 1,
-        name: 'Test User',
-        email: 'test@example.com',
-        phone_encrypted: 'invalid_encrypted_data'
-      }]];
-    }
-    return [];
-  };
-
-  try {
-    await router.get('/', req, res);
-    assert.strictEqual(res.statusCode, 500);
-    assert.deepStrictEqual(res.body, { error: 'Failed to decrypt phone number' });
-  } finally {
-    pool.query = originalQuery;
-  }
-});

backend/tests/contacts.spec.js

@@ -1,28 +0,0 @@
-import { test, expect } from '@playwright/test';
-
-test.describe('Contacts API', () => {
-  test('should get contacts (unauthenticated)', async ({ request }) => {
-    const response = await request.get('/contacts');
-    
-    // Should return 401 for unauthorized access
-    expect(response.status()).toBe(401);
-  });
-
-  test('should validate contact data on creation', async ({ request }) => {
-    const invalidContact = {
-      name: '',
-      email: 'invalid-email',
-      phone: ''
-    };
-
-    const response = await request.post('/contacts', {
-      headers: {
-        'Content-Type': 'application/json'
-      },
-      data: invalidContact
-    });
-
-    // Should return 400 for invalid data
-    expect(response.status()).toBe(400);
-  });
-});

docs/runtime/pick_next_task_state.env

@@ -1,2 +1,2 @@
-LAST_ROUTE=profile.js
+LAST_ROUTE=auth.js
-UPDATED_AT=2026-03-06T21:01:14Z
+UPDATED_AT=2026-03-06T20:47:06Z