Recover static-only local login fallback and missing script dependency handling - PR_26158_030-static-server-login-fallback

Author: qbytesdq-jpg

assets/theme-v2/js/login-session.js

@@ -13,6 +13,27 @@ const modeStatus = document.querySelector("[data-login-mode-status]");
 const userControls = document.querySelector("[data-login-user-controls]");
 const userStatus = document.querySelector("[data-login-user-status]");
 const continueLink = document.querySelector("[data-login-continue]");
+const staticModeDetails = {
+  "local-mem": {
+    description: "Uses MockDbAdapter backed by in-memory lists when the API-backed local server is running.",
+    diagnostic: "Static-only server detected. Local Mem selection remains available, but local users and persistence require the API-backed local server.",
+    environment: "Local Mem",
+    id: "local-mem",
+    label: "Local Mem",
+    persistence: "Memory",
+  },
+  "local-db": {
+    description: "Uses LocalDbAdapter backed by server SQLite storage.",
+    diagnostic: "Static-only server detected. Local DB requires the API-backed local server; start the local server API to use SQLite-backed Local DB.",
+    environment: "Local DB",
+    id: "local-db",
+    label: "Local DB",
+    persistence: "Local DB",
+  },
+};
+let staticApiUnavailable = false;
+let staticModeId = "local-mem";
+let staticApiDiagnostic = "";
 
 function currentReturnTo() {
   const params = new URLSearchParams(window.location.search);
@@ -91,8 +112,46 @@ function renderModeButtons(mode) {
   });
 }
 
+function errorMessage(error) {
+  return error instanceof Error ? error.message : String(error || "Session API unavailable.");
+}
+
+function isStaticApiUnavailable(message) {
+  return message.includes("Local server API route unavailable") ||
+    message.includes("/api/session") && message.includes("(404)");
+}
+
+function renderStaticApiUnavailable(modeId, error) {
+  const mode = staticModeDetails[modeId] || staticModeDetails["local-mem"];
+  staticApiUnavailable = true;
+  staticModeId = mode.id;
+  staticApiDiagnostic = errorMessage(error);
+  renderModeButtons(mode);
+  if (userControls) {
+    userControls.replaceChildren();
+    userControls.hidden = true;
+  }
+  if (modeTitle) {
+    modeTitle.textContent = mode.label;
+  }
+  if (modeDescription) {
+    modeDescription.textContent = mode.description;
+  }
+  if (modeStatus) {
+    modeStatus.textContent = `Environment: ${mode.environment}. Persistence: ${mode.persistence}. Diagnostic: ${mode.diagnostic} ${staticApiDiagnostic}`;
+  }
+  if (userStatus) {
+    userStatus.textContent = "No local users are available because the API-backed local server is unavailable.";
+  }
+  updateContinueLink();
+}
+
 function renderError(error) {
-  const message = error instanceof Error ? error.message : String(error || "Session API unavailable.");
+  const message = errorMessage(error);
+  if (isStaticApiUnavailable(message)) {
+    renderStaticApiUnavailable(staticModeId, error);
+    return;
+  }
   modeButtons.forEach((button) => {
     button.disabled = false;
     button.removeAttribute("aria-disabled");
@@ -119,6 +178,7 @@ function renderError(error) {
 function render() {
   try {
     const session = getSessionCurrent();
+    staticApiUnavailable = false;
     const mode = getSessionModes().find((item) => item.id === session.mode) || {
       description: "",
       id: session.mode,
@@ -152,11 +212,17 @@ function render() {
 
 modeButtons.forEach((button) => {
   button.addEventListener("click", () => {
+    const modeId = button.dataset.loginMode || "local-mem";
+    if (staticApiUnavailable) {
+      renderStaticApiUnavailable(modeId, staticApiDiagnostic);
+      return;
+    }
     try {
-      setSessionMode(button.dataset.loginMode || "local-mem");
+      setSessionMode(modeId);
       dispatchModeChanged();
       render();
     } catch (error) {
+      staticModeId = modeId;
       renderError(error);
     }
   });

docs_build/dev/reports/coverage_changed_js_guardrail.txt

@@ -7,7 +7,7 @@ Source: Playwright/Chromium built-in V8 coverage from the active Playwright run.
 
 Changed runtime JS files considered:
 (0%) src/dev-runtime/server/mock-api-router.mjs - WARNING: changed runtime JS file was not collected by Playwright V8 coverage; advisory only
-(63%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 12/19
+(53%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 10/19
 
 Guardrail warnings:
 (0%) src/dev-runtime/server/mock-api-router.mjs - WARNING: changed runtime JS file missing from coverage; advisory only

docs_build/dev/reports/playwright_v8_coverage_report.txt

@@ -12,40 +12,38 @@ Note: entry percentages use function coverage when available, otherwise line cov
 Note: coverage entries are aggregated across every page/tool where coverageReporter.start(page) and coverageReporter.stop(page) ran.
 
 Exercised tool entry points detected:
-(77%) Toolbox Index - exercised 7 runtime JS files
+(61%) Toolbox Index - exercised 3 runtime JS files
 (0%) Tool Template V2 - not exercised by this Playwright run
-(73%) Theme V2 Shared JS - exercised 2 runtime JS files
+(79%) Theme V2 Shared JS - exercised 3 runtime JS files
 
 Changed runtime JS files covered:
 (0%) src/dev-runtime/server/mock-api-router.mjs - WARNING: changed runtime JS file was not collected by Playwright V8 coverage; advisory only
-(63%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 12/19
+(53%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 10/19
 
 Files with executed line/function counts where available:
-(63%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 12/19
+(53%) src/engine/api/server-api-client.js - executed lines 159/159; executed functions 10/19
+(55%) toolbox/project-journey/project-journey.js - executed lines 1003/1003; executed functions 54/99
+(60%) src/engine/api/mock-db-api-client.js - executed lines 19/19; executed functions 3/5
 (64%) assets/theme-v2/js/tool-display-mode.js - executed lines 201/201; executed functions 9/14
 (67%) admin/db-viewer.js - executed lines 53/53; executed functions 4/6
-(69%) toolbox/colors/colors.js - executed lines 877/877; executed functions 62/90
-(75%) toolbox/project-journey/project-journey.js - executed lines 1003/1003; executed functions 74/99
-(76%) assets/theme-v2/js/gamefoundry-partials.js - executed lines 421/421; executed functions 29/38
+(79%) assets/theme-v2/js/login-session.js - executed lines 227/227; executed functions 15/19
 (81%) toolbox/tool-registry-api-client.js - executed lines 148/148; executed functions 22/27
-(88%) toolbox/assets/assets.js - executed lines 519/519; executed functions 53/60
-(96%) src/engine/api/mock-db-viewer-ui.js - executed lines 510/510; executed functions 92/96
-(100%) src/engine/api/mock-db-api-client.js - executed lines 19/19; executed functions 5/5
-(100%) toolbox/assets/assets-api-client.js - executed lines 17/17; executed functions 3/3
-(100%) toolbox/colors/palette-api-client.js - executed lines 19/19; executed functions 4/4
+(84%) assets/theme-v2/js/gamefoundry-partials.js - executed lines 421/421; executed functions 32/38
+(85%) src/engine/api/mock-db-viewer-ui.js - executed lines 510/510; executed functions 82/96
+(88%) src/engine/api/session-api-client.js - executed lines 34/34; executed functions 7/8
 (100%) toolbox/project-journey/project-journey-api-client.js - executed lines 12/12; executed functions 2/2
 
 Uncovered or low-coverage changed JS files:
 (0%) src/dev-runtime/server/mock-api-router.mjs - WARNING: uncovered changed runtime JS file; advisory only
 
 Changed JS files considered:
-(0%) assets/theme-v2/js/login-session.js - changed JS file not collected as browser runtime coverage
 (0%) src/dev-runtime/server/mock-api-router.mjs - changed JS file not collected as browser runtime coverage
 (0%) tests/helpers/browserExtensionNoise.mjs - changed JS file not collected as browser runtime coverage
-(0%) tests/helpers/playwrightRepoServer.mjs - changed JS file not collected as browser runtime coverage
 (0%) tests/playwright/tools/AdminDbViewer.spec.mjs - changed JS file not collected as browser runtime coverage
 (0%) tests/playwright/tools/ApiStaticRouteRecovery.spec.mjs - changed JS file not collected as browser runtime coverage
 (0%) tests/playwright/tools/LoginSessionMode.spec.mjs - changed JS file not collected as browser runtime coverage
+(0%) tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs - changed JS file not collected as browser runtime coverage
 (0%) tests/playwright/tools/ToolboxRoutePages.spec.mjs - changed JS file not collected as browser runtime coverage
-(63%) src/engine/api/server-api-client.js - changed JS file with browser V8 coverage
-(76%) assets/theme-v2/js/gamefoundry-partials.js - changed JS file with browser V8 coverage
+(53%) src/engine/api/server-api-client.js - changed JS file with browser V8 coverage
+(79%) assets/theme-v2/js/login-session.js - changed JS file with browser V8 coverage
+(84%) assets/theme-v2/js/gamefoundry-partials.js - changed JS file with browser V8 coverage

docs_build/dev/reports/static-server-login-fallback-report.md

@@ -0,0 +1,58 @@
+# PR_26158_030 Static Server Login Fallback Report
+
+## Summary
+
+Added a UI-only static-server login fallback so `127.0.0.1:5500`-style static serving keeps Local Mem selectable while showing Local DB as API-required.
+
+## Artifact
+
+- Delta ZIP: `tmp/PR_26158_030-static-server-login-fallback_delta.zip`
+
+## Requirement Checklist
+
+| Requirement | Status | Evidence |
+| --- | --- | --- |
+| Read `docs_build/dev/PROJECT_INSTRUCTIONS.md` first. | PASS | Read before edits. |
+| Fix static-only local serving from `127.0.0.1:5500` so `/api/session/current` 404 does not leave login modes disabled. | PASS | `assets/theme-v2/js/login-session.js` renders a static API-unavailable mode state, and `StaticOnlyLoginFallback.spec.mjs` verifies both mode buttons are enabled on a static-only `127.0.0.1` server with missing `/api`. |
+| Local Mem remains enabled and clickable when the API server is unavailable. | PASS | Static-only Playwright clicks Local Mem and verifies it remains selected with an actionable API-backed server diagnostic. |
+| Local DB shows a visible actionable diagnostic when API server is unavailable. | PASS | Static-only Playwright clicks Local DB and verifies the status says Local DB requires the API-backed local server for SQLite-backed Local DB. |
+| Fix or remove repo-owned dependency causing `ShowOneChild.js` to throw `ActionableCoachmark is not defined`. | PASS | No active repo runtime dependency was found. No global was added. |
+| If `ShowOneChild.js` is not repo-owned, prove that in report and do not mask repo-owned errors. | PASS | Focused search over active runtime roots found no `ShowOneChild` or `ActionableCoachmark`. `tests/helpers/browserExtensionNoise.mjs` now requires extension URL schemes before ignoring named script noise. |
+| Preserve SQLite-backed Local DB behind API boundary when API server is running. | PASS | `LoginSessionMode.spec.mjs` passed 5/5 in API-backed mode; Local DB still resolves through API routes. |
+| Do not add UAT/Prod API adapter behavior. | PASS | No adapter behavior was added. |
+| Do not expose UAT or Prod as local login choices. | PASS | LoginSessionMode and static-only login coverage assert UAT/Prod controls are absent. |
+| Do not modify `start_of_day` folders. | PASS | Changed-file list contains no `start_of_day` paths. |
+| Run changed-file syntax checks. | PASS | `node --check` passed for changed JS/spec files. |
+| Run LoginSessionMode Playwright in API-backed mode. | PASS | `npx playwright test tests/playwright/tools/LoginSessionMode.spec.mjs` passed 5/5. |
+| Add/run static-only login Playwright coverage for `127.0.0.1:5500`-style behavior with missing API. | PASS | `npx playwright test tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs` passed 1/1. |
+| Run ToolboxRoutePages Playwright. | PASS | `npx playwright test tests/playwright/tools/ToolboxRoutePages.spec.mjs` passed 1/1. |
+| Do not run full samples smoke unless directly impacted. | PASS | Full samples smoke skipped because no samples or shared sample loader/framework changed. |
+
+## Files Changed
+
+- `assets/theme-v2/js/login-session.js`
+- `tests/helpers/browserExtensionNoise.mjs`
+- `tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs`
+- `docs_build/dev/reports/testing_lane_execution_report.md`
+- `docs_build/dev/reports/static-server-login-fallback-report.md`
+- `docs_build/dev/reports/playwright_v8_coverage_report.txt`
+- `docs_build/dev/reports/coverage_changed_js_guardrail.txt`
+- `docs_build/dev/reports/codex_review.diff`
+- `docs_build/dev/reports/codex_changed_files.txt`
+
+## Validation Commands
+
+| Command | Result |
+| --- | --- |
+| `node --check assets/theme-v2/js/login-session.js` | PASS |
+| `node --check tests/helpers/browserExtensionNoise.mjs` | PASS |
+| `node --check tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs` | PASS |
+| `npx playwright test tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs` | PASS, 1/1 |
+| `npx playwright test tests/playwright/tools/LoginSessionMode.spec.mjs` | PASS, 5/5 |
+| `npx playwright test tests/playwright/tools/ToolboxRoutePages.spec.mjs` | PASS, 1/1 |
+| `git diff --check` | PASS, with Git line-ending warnings only |
+
+## Notes
+
+- The static fallback is intentionally UI-only. It does not create local users, authenticate Guest, or persist data without the API-backed local server.
+- Node emitted the standard experimental warning for `node:sqlite` during API-backed Playwright lanes; validation passed.

docs_build/dev/reports/testing_lane_execution_report.md

@@ -1,31 +1,31 @@
-# PR_26158_029 Testing Lane Execution Report
+# PR_26158_030 Testing Lane Execution Report
 
 ## Lanes Run
 
 | Lane | Command | Result |
 | --- | --- | --- |
-| Changed-file syntax | `node --check assets/theme-v2/js/gamefoundry-partials.js`; `node --check src/engine/api/server-api-client.js`; `node --check src/dev-runtime/server/mock-api-router.mjs`; `node --check tests/helpers/browserExtensionNoise.mjs`; `node --check tests/playwright/tools/ApiStaticRouteRecovery.spec.mjs`; `node --check tests/playwright/tools/LoginSessionMode.spec.mjs`; `node --check tests/playwright/tools/ToolboxRoutePages.spec.mjs`; `node --check tests/playwright/tools/AdminDbViewer.spec.mjs` | PASS |
-| Local API route validation | `npx playwright test tests/playwright/tools/ApiStaticRouteRecovery.spec.mjs` | PASS, 1/1 |
+| Changed-file syntax | `node --check assets/theme-v2/js/login-session.js`; `node --check tests/helpers/browserExtensionNoise.mjs`; `node --check tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs` | PASS |
+| Static-only login Playwright | `npx playwright test tests/playwright/tools/StaticOnlyLoginFallback.spec.mjs` | PASS, 1/1 |
 | LoginSessionMode Playwright | `npx playwright test tests/playwright/tools/LoginSessionMode.spec.mjs` | PASS, 5/5 |
 | ToolboxRoutePages Playwright | `npx playwright test tests/playwright/tools/ToolboxRoutePages.spec.mjs` | PASS, 1/1 |
-| AdminDbViewer Playwright | `npx playwright test tests/playwright/tools/AdminDbViewer.spec.mjs` | PASS, 7/7 |
 | Changed-file/static validation | `git diff --check` | PASS, with Git line-ending warnings only |
-| Runtime JS V8 coverage | Playwright coverage generated by targeted runs | PASS/WARN; `docs_build/dev/reports/playwright_v8_coverage_report.txt` lists changed runtime JS coverage. `src/dev-runtime/server/mock-api-router.mjs` is server-side and reported as advisory WARN. |
+| Runtime JS V8 coverage | Playwright coverage generated by targeted runs | PASS/WARN; `docs_build/dev/reports/playwright_v8_coverage_report.txt` lists `assets/theme-v2/js/login-session.js` runtime coverage. |
 
 ## Validation Notes
 
 | Check | Evidence | Result |
 | --- | --- | --- |
-| Login/session local API routes avoid 404/405 on supported local server calls. | `ApiStaticRouteRecovery.spec.mjs` validates `HEAD /api/session/current`, `OPTIONS /api/session/mode`, GET current/modes/users, and POST mode/user/logout. | PASS |
-| Local Mem and Local DB remain enabled/clickable. | LoginSessionMode and ApiStaticRouteRecovery assert Local Mem/Local DB controls are enabled. | PASS |
-| SQLite-backed Local DB remains behind the API boundary. | LoginSessionMode Local DB flow and AdminDbViewer Local DB readonly/diagnostic tests passed. | PASS |
-| `/tools/.../index.html` route pages still render content. | ToolboxRoutePages opens Project Journey, Colors, and Assets aliases with no failed requests. | PASS |
-| Extension script noise is ignored without masking repo global pollution. | Active runtime search found no `ShowOneChild` or `ActionableCoachmark`; Playwright filters only known extension script names and does not ignore bare `ActionableCoachmark` repo errors. | PASS |
-| UAT/Prod remain absent from local login choices. | LoginSessionMode and ApiStaticRouteRecovery assert UAT/Prod buttons are absent. | PASS |
+| Static-only login keeps Local Mem enabled and clickable when `/api/session/current` 404s. | `StaticOnlyLoginFallback.spec.mjs` serves `login.html` from a static-only `127.0.0.1` server and verifies Local Mem remains enabled, selected, and clickable after API 404s. | PASS |
+| Static-only Local DB shows visible actionable diagnostic. | `StaticOnlyLoginFallback.spec.mjs` clicks Local DB and verifies the status text says Local DB requires the API-backed local server for SQLite-backed Local DB. | PASS |
+| API-backed Local Mem and Local DB behavior still works. | `LoginSessionMode.spec.mjs` passed 5/5. | PASS |
+| Toolbox route pages still render. | `ToolboxRoutePages.spec.mjs` passed 1/1 for Project Journey, Colors, and Assets `/tools/...` aliases. | PASS |
+| `ShowOneChild.js` is not active repo-owned runtime. | Focused `rg` over active `assets`, `src`, `toolbox`, and `admin` runtime files found no `ShowOneChild` or `ActionableCoachmark` dependency. | PASS |
+| Extension-noise filter does not mask repo-owned errors. | `tests/helpers/browserExtensionNoise.mjs` now ignores named scripts only when the error text includes an extension URL scheme. Bare repo-owned `ShowOneChild.js` errors still fail tests. | PASS |
 
 ## Skipped Lanes
 
 | Lane | Decision | Reason |
 | --- | --- | --- |
+| AdminDbViewer Playwright | SKIP | DB route behavior was not changed in this PR; API-backed LoginSessionMode covers Local DB login behavior. |
 | Full samples smoke | SKIP | No samples, shared sample loader, or sample framework files changed. |
-| Full Playwright suite | SKIP | Targeted API route, login/session, toolbox route, AdminDbViewer, syntax, and static checks cover the changed surfaces. |
+| Full Playwright suite | SKIP | Static-only login, API-backed login, toolbox route, syntax, static, and V8 coverage checks cover the changed surfaces. |

tests/helpers/browserExtensionNoise.mjs

@@ -12,6 +12,5 @@ export function isBrowserExtensionNoise(value) {
   }
   return text.includes("chrome-extension://") ||
     text.includes("moz-extension://") ||
-    text.includes("extension://") ||
-    hasKnownScriptName;
+    text.includes("extension://");
 }