Testing Hub

The Testing Hub at /admin/test is the entry point for all Arcturus-Prime testing and validation tools. It provides four cards linking to specialized test pages, each targeting a different layer of system verification.

Access

• Sidebar: Infrastructure → Testing
• Direct URL: /admin/test
• Module: health-monitor (all test pages belong to this module)

Test Tools

Health Dashboard (/admin/health)

Real-time service status. Probes 12+ backend services in parallel using a service registry architecture. Shows response times, status dots (green/yellow/red with pulse animation), and diagnostic panels. Auto-refresh toggle (15s interval). Supports single-service retry via per-card buttons.

Best for: Quick “is everything up?” checks

Site Test (/admin/site-test)

Client-side HTTP smoke test. Fires requests at ~100 URLs across 14 suites and checks HTTP status codes. Catches 404s, broken pages, missing assets, and auth failures. Runs entirely in the browser — no server-side API needed.

Best for: Catching broken URLs and routing issues after deploys

System Test (/admin/system-test)

Deep server-side validation. The API probes all backend services AND parses response bodies to verify real data (model lists, subscription details, account status). Also checks all module manifests (enabled state, env vars, API route health), audits all environment variables, and runs a dependency audit from the build-time security snapshot. Click any row to expand JSON evidence.

4 test suites:

1. Service Deep Checks — 16 service probes with body validation
2. Module Integrity — All module manifests, env vars, sample API checks
3. Environment Audit — Every required env var across all modules
4. Dependency Audit — npm vulnerability snapshot from last build (critical/high/moderate/low)

Best for: Deep validation after config changes, env var updates, or dependency upgrades

F12 Console Audit (/admin/f12-audit)

Loads every page (~85 URLs across 10 suites) in a hidden same-origin iframe and captures console.error, console.warn, uncaught exceptions, and failed resource loads. Works via a capture script injected in both layouts (CosmicLayout + BaseLayout) that only activates when window !== window.top.

Best for: Finding JavaScript errors, missing resources, and runtime exceptions across the entire site

Architecture

All test pages are owned by the health-monitor module:

src/config/modules/health-monitor.ts
  pages: ['/admin/test', '/admin/health', '/admin/site-test', '/admin/system-test', '/admin/f12-audit']
  apiRoutes: ['/api/admin/health-check', '/api/admin/system-test']

Dependency Audit Pipeline

The dependency audit in System Test reads a pre-generated snapshot rather than running npm audit live (which isn’t possible on Cloudflare Pages):

1. scripts/security-scan.mjs runs during prebuild
2. Executes npm audit --json and parses vulnerabilities
3. Saves results to src/data/security-snapshot.json
4. System Test API imports the snapshot and surfaces it as a test suite
5. Security Scanner at /admin/security also reads this snapshot

This means dependency vulnerabilities are caught in two places: the Testing Hub (via System Test) and the Security Scanner.

F12 Capture Script

Both layouts include a tiny inline script that only activates inside iframes:

(function(){
  if (window === window.top) return;  // skip on normal page loads
  window.__f12 = { errors: [], warnings: [], exceptions: [], resources: [] };
  // Override console.error, console.warn
  // Listen for window.error, unhandledrejection, resource load failures
})();

The /admin/f12-audit page reads iframe.contentWindow.__f12 after each page loads to collect findings.

Requirement: X-Frame-Options: SAMEORIGIN in public/_headers (not DENY).

Related

• Health Monitor — Service registry architecture and diagnostic system
• Site Health Test — HTTP smoke test details
• System Test — Deep validation architecture
• Security Scanner — Full security audit with 7 scan categories