@dain-os/e2e-auth
v0.1.1
Published
Mints a real Supabase session and writes a Playwright storage-state for seeded E2E/MCP logins (host-scoped to localhost, port-agnostic).
Readme
@dain-os/e2e-auth
Mints a real Supabase session for a user and writes a Playwright
storage-state file, so --isolated Playwright MCP sessions start already
logged in — no interactive SSO/MFA. The cookie is reproduced via the same
@supabase/ssr version the apps use, host-scoped to localhost so it works
across every evergreen dev port.
Shared dev-tooling package — install it in any repo whose apps you want to drive with seeded Playwright/MCP logins.
Usage
npm i -D @dain-os/e2e-auth
npx e2e-auth-seed <herbert|mabel|edna> <email> [envFile]
# e.g. from a consuming repo root:
npx e2e-auth-seed herbert [email protected]envFile resolution (first hit wins):
- the
[envFile]CLI arg $E2E_AUTH_ENV_FILE<cwd>/apps/web/.env.local— works when run from a consuming repo's root~/dev/eoc-herbert/apps/web/.env.local— dev-machine fallback
The chosen file must carry all three projects' Supabase keys. Output:
~/.cache/e2e-auth/<project>.json (mode 600).
Playwright MCP integration
launch.sh <project> <email> <outdir> [envFile] re-mints the session when the
saved state is stale (>45 min) and then execs @playwright/mcp with
--storage-state. It degrades gracefully: if seeding fails it reuses any
existing state, and if there's none it launches unseeded so the MCP never
hard-fails to start. Wire it into ~/.claude.json as a stdio MCP server.
Tenant scoping
herbert is tenant-scoped — its RLS reads tenant_id from the JWT
(app_metadata.tenant_id), so seed.mjs requires that claim
(requiresTenant: true) and fails loudly if it's missing. mabel/edna gate
on home membership keyed on auth.uid() instead, so they don't require a
tenant_id claim and the seeder just notes its absence.
Notes
- For MCP use, pass an explicit
envFileas the 4th arg tolaunch.shso the seeder never depends on the caller's cwd (the MCP host's cwd is unspecified). - Consuming a published build requires
@dain-os/e2e-authto be published to the registry (like other@dain-os/*packages); until then it resolves via the workspace.
