![](\"https://upload.wikimedia.org/wikipedia/commons/1/1b/Apple_logo_grey.svg\"){kind=logo}
**Mac OS X:** [Xcode](https://itunes.apple.com/us/app/xcode/id497799835?mt=12) (or **OS X 10.9+**: `xcode-select --install`)\n- ![](\"https://upload.wikimedia.org/wikipedia/commons/8/87/Windows_logo_-_2021.svg\"){kind=logo}
**Windows:** [Visual Studio Code](https://code.visualstudio.com) + [Windows Subsystem for Linux - Ubuntu](https://learn.microsoft.com/en-us/windows/wsl/install) OR [Visual Studio](https://www.visualstudio.com/products/visual-studio-community-vs)\n- ![](\"https://upload.wikimedia.org/wikipedia/commons/thumb/9/9e/UbuntuCoF.svg/512px-UbuntuCoF.svg.png?20120210072525\")
**Ubuntu** / ![](\"https://upload.wikimedia.org/wikipedia/commons/3/3f/Linux_Mint_logo_without_wordmark.svg\"){kind=logo}
**Linux Mint:** `sudo apt-get install build-essential`\n- ![](\"https://upload.wikimedia.org/wikipedia/commons/3/3f/Fedora_logo.svg\"){kind=logo}
**Fedora**: `sudo dnf groupinstall \"Development Tools\"`\n- ![](\"https://en.opensuse.org/images/b/be/Logo-geeko_head.png\"){kind=logo}
**OpenSUSE:** `sudo zypper install --type pattern devel_basis`\n\n**Note:** If you are new to Node or Express, you may find [Node.js & Express From Scratch series](https://www.youtube.com/watch?v=Ad2ngx6CT0M&list=PLillGF-RfqbYRpji8t4SxUkMxfowG4Kqp&index=3) helpful for learning the basics of Node and Express. Alternatively, here is another great tutorial for complete beginners - [Getting Started With Node.js, Express, MongoDB](https://www.freecodecamp.org/news/build-a-restful-api-using-node-express-and-mongodb/).\n\n## Getting Started\n\n**Step 1:** The easiest way to get started is to clone the repository:\n\n```bash\n# Get the latest snapshot\ngit clone https://github.com/sahat/hackathon-starter.git myproject\n\n# Change directory\ncd myproject\n\n# Install NPM dependencies\nnpm install\n\n# Then simply start your app\nnpm start\n```\n\n**Note:** I highly recommend installing [Nodemon](https://github.com/remy/nodemon). It watches for any changes in your node.js app and automatically restarts the server. Once installed, instead of `node app.js` use `nodemon app.js`. It will\nsave you a lot of time in the long run, because you won't need to manually restart the server each time you make a small change in code. To install, run `sudo npm install -g nodemon`.\n\n**Step 2:** Obtain API Keys and change configs if needed\nAfter completing step 1 and locally installing MongoDB, you should be able to access the application through a web browser and use local user accounts. However, certain functions like API integrations may not function correctly until you obtain specific keys from service providers. The keys provided in the project serve as placeholders, and you can retain them for features you are not currently utilizing. To incorporate the acquired keys into the application, you have two options:\n\n1. Set environment variables in your console session: Alternatively, you can set the keys as environment variables directly through the command prompt. For instance, in bash, you can use the `export` command like this: `export FACEBOOK_SECRET=xxxxxx`. This method is considered a better practice as it reduces the risk of accidentally including your secrets in a code repository.\n2. Replace the keys in the `.env.example` file: Open the `.env.example` file and update the placeholder keys with the newly acquired ones. This method has the risk of accidental checking-in of your secrets to code repos.\n\n_What to get and configure:_\n\n- SMTP\n - For user workflows for reset password and verify email\n - For contact form processing\n- reCAPTCHA\n - For contact form submission, but you can skip it during your development\n- OAuth for social logins (Sign in with / Login with)\n - Depending on your application need, obtain keys from Google, Facebook, X (Twitter), LinkedIn, Twitch, GitHub. You don't have to obtain valid keys for any provider that you don't need. Just remove the buttons and links in the login and account pug views before your demo.\n- API keys for service providers that you need in the API Examples if you are planning to use them.\n\n- MongoDB Atlas\n - If you are using MongoDB Atlas instead of a local db, set the MONGODB_URI to your db URI (including your db user/password).\n\n- Email address\n - Set SITE_CONTACT_EMAIL as your incoming email address for messages sent to you through the contact form.\n - Set TRANSACTION_EMAIL as the \"From\" address for emails sent to users through the lost password or email verification emails to users. You may set this to the same address as SITE_CONTACT_EMAIL.\n\n**Step 3:** Setup an HTTPS proxy to access the app with an https address:\nSee\n\n- [HTTPS Proxy](#https-proxy)\n\n**Step 4:** Develop your application and customize the experience\n\n- Check out [How It Works](#how-it-works-mini-guides)\n\n**Step 5:** Optional - deploy to production\nSee:\n\n- [Deployment](#deployment)\n- [prod-checklist.md](https://github.com/sahat/hackathon-starter/blob/master/prod-checklist.md)\n\n## HTTPS Proxy:\n\nIf you want to use an API that requires HTTPS (for example, GitHub or Facebook), you need to run the app with an HTTPS URL. You can do this by setting up an HTTPS proxy using either ngrok or Cloudflare.\nNote: When using an HTTPS proxy, you may get a CSRF mismatch error if you try to directly access the app at `http://localhost:8080` instead of the HTTPS proxy address.\n\n### ngrok\n\n- Download [ngrok](https://ngrok.com/download).\n- Start ngrok.\n- Set your BASE_URL to the forwarding address from ngrok (i.e., `https://3ccb-1234-abcd.ngrok-free.app`). This will be the HTTPS address for accessing the app.\n\n### Cloudflare\n\n- Download and install [cloudflared](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/downloads).\n- For a quick, free tunnel with a random subdomain under `trycloudflare.com`, execute:\n\n```\ncloudflared tunnel --url http://localhost:8080\n```\n\n- Set BASE_URL to the HTTPS address for the tunnel.\n\n#### Cloudflare with your own domain name\n\nIf you own a domain managed by Cloudflare, you can use Cloudflare's Zero Trust portal to set up a tunnel to your app that is activated by a system service. Alternatively, you can create a tunnel and route a subdomain you like to your app using their CLI:\n\n```\ncloudflared tunnel login\ncloudflared tunnel create myapptunnel\ncloudflared tunnel route dns myapptunnel myappsubdomain.mydomain.com\ncloudflared tunnel --url http://localhost:8080 run myapptunnel\n```\n\nThen set BASE_URL to the HTTPS address for the tunnel.\nNote that the tunnel and DNS route are a one-time setup. To reactivate the HTTPS tunnel to your app later, such as after a system restart, just rerun:\n\n```\ncloudflared tunnel --url http://localhost:8080 run myapptunnel\n```\n\nTo clean up your own domain's related configurations when you're done:\n\n- Delete the tunnel by executing `cloudflared tunnel delete myapptunnel`\n- Remove the `myappsubdomain` DNS entry from your domain through the Cloudflare web UI.\n- Remove `%USERPROFILE%\\.cloudflared` (Windows) or `~/.cloudflared` (Linux/macOS) if you want to clear local credentials.\n\n# Obtaining API Keys\n\nYou will need to obtain appropriate credentials (Client ID, Client Secret, API Key, or Username & Password) for API and service providers which you need. See Step 2 in the Getting started section for more info.\n\n## SMTP\n\nObtain SMTP credentials from a provider for transactional emails. Set the SMTP_USER, SMTP_PASSWORD, and SMTP_HOST environment variables accordingly. When picking the SMTP host, keep in mind that the app is configured to use secure SMTP transmissions over port 465 out of the box. You have the flexibility to select any provider that suits your needs or take advantage of one of the following providers, each offering a free tier for your convenience.\n\n| Provider | Free Tier | Website |\n| -------- | -------------------------- | ----------------------- |\n| SMTP2Go | 1000 emails/month for free | https://www.smtp2go.com |\n| Brevo | 300 emails/day for free | https://www.brevo.com |\n\n![](\"https://i.imgur.com/jULUCKF.png\")
\n\n- Visit ![](\"https://imgur.com/2P4UMvC.png\")
\n\n- Go to ![](\"https://i.imgur.com/oUob1wG.png\")
\n\n- Go to ![](\"https://i.imgur.com/ddl2VjR.png\")
\n\n- Go to ![](\"https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Google_2015_logo.svg/1000px-Google_2015_logo.svg.png\"){kind=logo}
\n\n- Visit ![](\"https://cdn.worldvectorlogo.com/logos/discord-6.svg\")
\n\n- Go to ![](\"https://upload.wikimedia.org/wikipedia/commons/c/c7/HERE_logo.svg\"){kind=logo}
\n\n- Go to ![](\"https://i.imgur.com/OEVF7HK.png\")
\n\n- Go to ![](\"https://i.imgur.com/Lw5Jb7A.png\")
\n\n- Go to ![](\"https://content.linkedin.com/content/dam/me/business/en-us/amp/brand-site/v2/bg/LI-Logo.svg.original.svg\"){kind=logo}
\n\n- Sign in at ![](\"https://upload.wikimedia.org/wikipedia/commons/4/44/Microsoft_logo.svg\"){kind=logo}
\n\n- Go to ![](\"https://s3-us-west-2.amazonaws.com/public.lob.com/dashboard/navbar/lob-logo.svg\"){kind=logo}
\n\n- Visit ![](\"https://i.imgur.com/iCsCgp6.png\")
\n\nThe OpenAI moderation API for checking harmful inputs is free to use as long as you have paid credits in your OpenAI developer account. The cost of using their other models depends on the model, as well as the input and output size of the API call.\n\n- Visit ![](\"https://imgur.com/VpWnjp1.png\")
\n\n- Visit ![](\"https://upload.wikimedia.org/wikipedia/commons/a/ae/Steam_logo.svg\"){kind=logo}
\n\n- Go to ![](\"https://stripe.com/img/about/logos/logos/black@2x.png\")
\n\n- ![](\"https://i.imgur.com/dSwblOk.png\")
\n\n- Visit ![](\"https://i.imgur.com/Adtl9qg.png\")
\n\n- Sign up or sign in to your trakt.tv account and go to ![](\"https://i.imgur.com/gUngyyW.png\")
\n\n- Go to ![](\"https://www.freepnglogos.com/uploads/twitch-logo-image-hd-31.png\"){kind=logo}
\n\n- Visit the ![](\"https://s3.amazonaws.com/ahoy-assets.twilio.com/global/images/wordmark.svg\")
\n\n- Go to ![](\"https://i.imgur.com/QMjwCk6.png\")
\n\n- Sign in at \n Hello ${addressTo.name},
We would like to welcome you to the community! Thanks for being a part of the team!
Cheer,
${addressFrom.name}\n
\n\n### How do I create a new page?\n\nA more correct way to say this would be \"How do I create a new route?\" The main file `app.js` contains all the routes.\nEach route has a callback function associated with it. Sometimes you will see three or more arguments for a route. In a case like that, the first argument is still a URL string, while middle arguments are what's called middleware. Think of middleware as a door. If this door prevents you from continuing forward, you won't get to your callback function. One such example is a route that requires authentication.\n\n```js\napp.get('/account', passportConfig.isAuthenticated, userController.getAccount);\n```\n\nIt always goes from left to right. A user visits `/account` page. Then `isAuthenticated` middleware checks if you are authenticated:\n\n```js\nexports.isAuthenticated = (req, res, next) => {\n if (req.isAuthenticated()) {\n return next();\n }\n res.redirect('/login');\n};\n```\n\nIf you are authenticated, you let this visitor pass through your \"door\" by calling `return next();`. It then proceeds to the\nnext middleware until it reaches the last argument, which is a callback function that typically renders a template on `GET` requests or redirects on `POST` requests. In this case, if you are authenticated, you will be redirected to the _Account Management_ page; otherwise, you will be redirected to the _Login_ page.\n\n```js\nexports.getAccount = (req, res) => {\n res.render('account/profile', {\n title: 'Account Management',\n });\n};\n```\n\nExpress.js has `app.get`, `app.post`, `app.put`, `app.delete`, but for the most part, you will only use the first two HTTP verbs, unless you are building a RESTful API.\nIf you just want to display a page, then use `GET`, if you are submitting a form, sending a file then use `POST`.\n\nHere is a typical workflow for adding new routes to your application. Let's say we are building a page that lists all books from the database.\n\n**Step 1.** Start by defining a route.\n\n```js\napp.get('/books', bookController.getBooks);\n```\n\n---\n\n**Note:** As of Express 4.x you can define your routes like so:\n\n```js\napp.route('/books').get(bookController.getBooks).post(bookController.createBooks).put(bookController.updateBooks).delete(bookController.deleteBooks);\n```\n\nAnd here is how a route would look if it required an _authentication_ and an _authorization_ middleware:\n\n```js\napp.route('/api/twitch').all(passportConfig.isAuthenticated).all(passportConfig.isAuthorized).get(apiController.getTwitch).post(apiController.postTwitch);\n```\n\nUse whichever style makes sense to you. Either one is acceptable. I think that chaining HTTP verbs on `app.route` is a very clean and elegant approach, but on the other hand, I can no longer see all my routes at a glance when you have one route per line.\n\n**Step 2.** Create a new schema and a model `Book.js` inside the _models_ directory.\n\n```js\nconst mongoose = require('mongoose');\n\nconst bookSchema = new mongoose.Schema({\n name: String,\n});\n\nconst Book = mongoose.model('Book', bookSchema);\nmodule.exports = Book;\n```\n\n**Step 3.** Create a new controller file called `book.js` inside the _controllers_ directory.\n\n```js\n/**\n * GET /books\n * List all books.\n */\nconst Book = require('../models/Book.js');\n\nexports.getBooks = (req, res) => {\n Book.find((err, docs) => {\n res.render('books', { books: docs });\n });\n};\n```\n\n**Step 4.** Import that controller in `app.js`.\n\n```js\nconst bookController = require('./controllers/book');\n```\n\n**Step 5.** Create `books.pug` template.\n\n```pug\nextends layout\n\nblock content\n .page-header\n h3 All Books\n\n ul\n each book in books\n li= book.name\n```\n\nThat's it! I will say that you could have combined Step 1, 2, 3 as following:\n\n```js\napp.get('/books', (req, res) => {\n Book.find((err, docs) => {\n res.render('books', { books: docs });\n });\n});\n```\n\nSure, it's simpler, but as soon as you pass 1000 lines of code in `app.js` it becomes a little challenging to navigate the file.\nI mean, the whole point of this boilerplate project was to separate concerns, so you could work with your teammates without running into _MERGE CONFLICTS_. Imagine you have four developers working on a single `app.js`, I promise you it won't be fun resolving merge conflicts all the time.\nIf you are the only developer, then it's okay. But as I said, once it gets up to a certain LoC size, it becomes difficult to maintain everything in a single file.\n\nThat's all there is to it. Express.js is super simple to use.\nMost of the time you will be dealing with other APIs to do the real work:\n[Mongoose](http://mongoosejs.com/docs/guide.html) for querying database, socket.io for sending and receiving messages over WebSockets, sending emails via [Nodemailer](http://nodemailer.com/), form validation using [validator.js](https://github.com/validatorjs/validator.js) library, parsing websites using [Cheerio](https://github.com/cheeriojs/cheerio), etc.\n\n
\n\n### AI Agent Controller\n\nLangChain v1 ReAct agent intended as a starting point for building new AI agents. The end-to-end implementation supports:\n\n- **Tool execution** with automatic retry middleware for transient failures\n- **MongoDB session persistence** - Chat history persists across page reloads (authenticated users: permanent until account deletion; unauthenticated: tied to Express session lifecycle)\n- **Input guardrails** - Prompt injection/jailbreak detection using a guard model (e.g., Llama Guard 4)\n- **Conversation summarization** - Long conversations are condensed to stay within context limits\n- **Real-time streaming** - Server-Sent Events (SSE) for live responses\n\nTo build your Agent using this controller as a starting point, you need to do two things:\n\n#### 1. Define the agent's role\n\nEdit the `systemPrompt` in `createAIAgent()` to describe what the agent does and which tools it can use.\n\n```\nsystemPrompt: `You are a helpful [... e.g. travel, personal assistant, exam grading] agent.\n\nYour responsibilities:\n\n1. [YOUR_RESPONSIBILITY_1]\n2. [YOUR_RESPONSIBILITY_2]\n3. [YOUR_RESPONSIBILITY_3]\n\nAvailable tools:\n[LIST_YOUR_TOOLS_HERE]`\n```\n\n---\n\n#### 2. Replace the tools\n\nAdd tools specific to your project by replacing the existing tools in the `tools` array inside `createAIAgent()`. \nThe existing tool functions can be removed.\n\nTools follow this structure and use a Zod schema for input validation:\n\n```js\nconst myTool = tool(\n async ({ input }, config) => {\n config.writer?.({ message: 'Calling my service...' });\n\n // Call your API or database\n const result = await callYourAPI(input);\n\n return JSON.stringify(result);\n },\n {\n name: 'my_tool',\n description: 'Does something specific',\n schema: z.object({\n input: z.string().describe('The input'),\n }),\n },\n);\n```\n\n---\n\n#### Other Functions in ai-agent.js\n\nThese functions handle streaming, parsing, and session management and typically do not need modification:\n\n- `promptGuardMiddleware()` : LangChain middleware that classifies user input before the agent processes it. Blocks unsafe prompts and redirects the conversation.\n- `getCheckpointer()` : Initializes the MongoDB checkpointer for session persistence.\n- `cleanupOrphanedTempSessions()` : Cleans up checkpoint data for unauthenticated users whose Express sessions have expired. Called on app startup.\n- `getAIAgent(req, res)` : Express route (GET /ai/ai-agent) - Renders the AI agent demo page and loads prior messages.\n- `postAIAgentChat(req, res)` : Express route (POST /ai/ai-agent/chat) - Main SSE endpoint. Streams AI responses, tool progress, and debug data.\n- `postAIAgentReset(req, res)` : Express route (POST /ai/ai-agent/reset) - Clears the user's chat session from MongoDB.\n- `deleteUserAIAgentData(userId)` : Called when a user deletes their account to clean up their chat data.\n- `sendSSE(res, eventType, data)` : Sends typed SSE events to the frontend.\n- `extractAIMessages(data)` : Extracts user-visible AI messages from agent stream updates.\n- `extractStatus(data)` : Derives tool call and completion status messages.\n\n#### Environment Variables\n\nThe AI Agent requires these environment variables:\n\n- `GROQ_API_KEY` : Your Groq API key\n- `GROQ_MODEL` : The main LLM model (e.g., `llama-3.3-70b-versatile`)\n- `GROQ_MODEL_PROMPT_GUARD` : The guard model for input safety (e.g., `meta-llama/llama-guard-4-12b`)\n\n### How do I use Socket.io with Hackathon Starter?\n\n[Dan Stroot](https://github.com/dstroot) submitted an excellent [pull request](https://github.com/dstroot/hackathon-starter/commit/0a632def1ce8da446709d92812423d337c977d75) that adds a real-time dashboard with socket.io.\nAnd as much as I'd like to add it to the project, I think it violates one of the main principles of the Hackathon Starter:\n\n> When I started this project, my primary focus was on simplicity and ease of use.\n> I also tried to make it as generic and reusable as possible to cover most use cases of\n> hackathon web apps, **without being too specific**.\n\nWhen I need to use socket.io, I **really** need it, but most of the time - I don't. But more importantly, WebSockets support is still experimental on most hosting providers.\nDue to past provider issues with WebSockets, I have not include socket.io as part of the Hackathon Starter. _For now..._\nIf you need to use socket.io in your app, please continue reading.\n\nFirst, you need to install socket.io:\n\n```js\nnpm install socket.io\n```\n\nReplace `const app = express();` with the following code:\n\n```js\nconst app = express();\nconst server = require('http').Server(app);\nconst io = require('socket.io')(server);\n```\n\nI like to have the following code organization in `app.js` (from top to bottom): module dependencies,\nimport controllers, import configs, connect to database, express configuration, routes,\nstart the server, socket.io stuff. That way I always know where to look for things.\n\nAdd the following code at the end of `app.js`:\n\n```js\nio.on('connection', (socket) => {\n socket.emit('greet', { hello: 'Hey there browser!' });\n socket.on('respond', (data) => {\n console.log(data);\n });\n socket.on('disconnect', () => {\n console.log('Socket disconnected');\n });\n});\n```\n\nOne last thing left to change:\n\n```js\napp.listen(app.get('port'), () => {\n```\n\nto\n\n```js\nserver.listen(app.get('port'), () => {\n```\n\nAt this point, we are done with the back-end.\n\nYou now have a choice - to include your JavaScript code in Pug templates or have all your client-side JavaScript in a separate file - in `app.js`. I admit, when I first started with Node.js and JavaScript in general, I placed all JavaScript code inside templates because I have access to template variables passed in from Express right then and there. It's the easiest thing you can do, but also the least efficient and harder to maintain. Since then I almost never include inline JavaScript inside templates anymore.\n\nBut it's also understandable if you want to take the easier road. Most of the time you don't even care about performance during hackathons, you just want to _\"get shit done\"_ before the time runs out. Well, either way, use whichever approach makes more sense to you. At the end of the day, it's **what** you build that matters, not **how** you build it.\n\nIf you want to stick all your JavaScript inside templates, then in `layout.pug` - your main template file, add this to the `head` block.\n\n```pug\nscript(src='/socket.io/socket.io.js')\nscript.\n let socket = io.connect(window.location.href);\n socket.on('greet', function (data) {\n console.log(data);\n socket.emit('respond', { message: 'Hey there, server!' });\n });\n```\n\n**Note:** Notice the path of the `socket.io.js`, you don't actually have to have `socket.io.js` file anywhere in your project; it will be generated automatically at runtime.\n\nIf you want to have JavaScript code separate from templates, move that inline script code into `app.js`, inside the `$(document).ready()` function:\n\n```js\n$(document).ready(function () {\n // Place JavaScript code here...\n let socket = io.connect(window.location.href);\n socket.on('greet', function (data) {\n console.log(data);\n socket.emit('respond', { message: 'Hey there, server!' });\n });\n});\n```\n\nAnd we are done!\n\n## Cheatsheets\n\n###
![](\"https://frontendmasters.com/assets/es6-logo.png\"){kind=logo}
ES6 Cheatsheet\n\n#### Declarations\n\nDeclares a read-only named constant.\n\n```js\nconst name = 'yourName';\n```\n\nDeclares a block scope local variable.\n\n```js\nlet index = 0;\n```\n\n#### Template Strings\n\nUsing the **\\`${}\\`** syntax, strings can embed expressions.\n\n```js\nconst name = 'Oggy';\nconst age = 3;\n\nconsole.log(`My cat is named ${name} and is ${age} years old.`);\n```\n\n#### Modules\n\nTo import functions, objects, or primitives exported from an external module. These are the most common types of importing.\n\n```js\nconst name = require('module-name');\n```\n\n```js\nconst { foo, bar } = require('module-name');\n```\n\nTo export functions, objects, or primitives from a given file or module.\n\n```js\nmodule.exports = { myFunction };\n```\n\n```js\nmodule.exports.name = 'yourName';\n```\n\n```js\nmodule.exports = myFunctionOrClass;\n```\n\n#### Spread Operator\n\nThe spread operator allows an expression to be expanded in places where multiple arguments (for function calls) or multiple elements (for array literals) are expected.\n\n```js\nmyFunction(...iterableObject);\n```\n\n```jsx\n![](\"http://i.stack.imgur.com/Mmww2.png\")
JavaScript Date Cheatsheet\n\n#### Unix Timestamp (seconds)\n\n```js\nMath.floor(Date.now() / 1000);\n```\n\n#### Add 30 minutes to a Date object\n\n```js\nvar now = new Date();\nnow.setMinutes(now.getMinutes() + 30);\n```\n\n#### Date Formatting\n\n```js\n// DD-MM-YYYY\nvar now = new Date();\n\nvar DD = now.getDate();\nvar MM = now.getMonth() + 1;\nvar YYYY = now.getFullYear();\n\nif (DD < 10) {\n DD = '0' + DD;\n}\n\nif (MM < 10) {\n MM = '0' + MM;\n}\n\nconsole.log(MM + '-' + DD + '-' + YYYY); // 03-30-2016\n```\n\n```js\n// hh:mm (12 hour time with am/pm)\nvar now = new Date();\nvar hours = now.getHours();\nvar minutes = now.getMinutes();\nvar amPm = hours >= 12 ? 'pm' : 'am';\n\nhours = hours % 12;\nhours = hours ? hours : 12;\nminutes = minutes < 10 ? '0' + minutes : minutes;\n\nconsole.log(hours + ':' + minutes + ' ' + amPm); // 1:43 am\n```\n\n#### Next week Date object\n\n```js\nvar today = new Date();\nvar nextWeek = new Date(today.getTime() + 7 * 24 * 60 * 60 * 1000);\n```\n\n#### Yesterday Date object\n\n```js\nvar today = new Date();\nvar yesterday = date.setDate(date.getDate() - 1);\n```\n\n:top: [**back to top**](#table-of-contents)\n\n### Mongoose Cheatsheet\n\n#### Find all users:\n\n```js\nUser.find((err, users) => {\n console.log(users);\n});\n```\n\n#### Find a user by email:\n\n```js\nlet userEmail = 'example@gmail.com';\nUser.findOne({ email: { $eq: email.toLowerCase() } }).then((user) => {\n console.log(user);\n});\n```\n\n#### Find 5 most recent user accounts:\n\n```js\nUser.find()\n .sort({ _id: -1 })\n .limit(5)\n .exec((err, users) => {\n console.log(users);\n });\n```\n\n#### Get the total count of a field from all documents:\n\nLet's suppose that each user has a `votes` field and you would like to count the total number of votes in your database across all users. One very inefficient way would be to loop through each document and manually accumulate the count. Or you could use [MongoDB Aggregation Framework](https://docs.mongodb.org/manual/core/aggregation-introduction/) instead:\n\n```js\nUser.aggregate({ $group: { _id: null, total: { $sum: '$votes' } } }, (err, votesCount) => {\n console.log(votesCount.total);\n});\n```\n\n:top: [**back to top**](#table-of-contents)\n\n## Deployment\n\nUsing a local instance on your laptop with ngrok is a good solution for your demo during the hackathon, and you wouldn't necessarily need to deploy to a cloud platform. If you wish to have your app run 24x7 for a general audience, once you are ready to deploy your app, you will need to create an account with a cloud platform to host it. There are a number of cloud service providers out there that you can research. Service providers like AWS and Azure provide a free tier of service which can help you get started with just some minor costs (such as traffic overage if any, etc).\n\n---\n\n### Hosted MongoDB Atlas\n\n![](\"https://www.mongodb.com/assets/images/global/MongoDB_Logo_Dark.svg\"){kind=logo}
\n\n- Go to [mongodb.com](https://www.mongodb.com/)\n- Click the green **Try free** button\n- Fill in your information then hit **Create your Atlas account**\n- You will be redirected to Create New Cluster page.\n- Select a **Cloud Provider and Region**\n- Set the cluster Tier to Free Forever **Shared** Cluster\n- Give Cluster a name (default: Cluster0)\n- Click on the green **:zap:Create Cluster button**\n- Now, to access your database you need to create a DB user. To create a new MongoDB user, from the **Clusters view**, select the **Security tab**\n- Under the **MongoDB Users** tab, click on **+Add New User**\n- Fill in a username and password and give it either **Atlas Admin** User Privilege\n- Next, you will need to create an IP address whitelist and obtain the connection URI. In the Clusters view, under the cluster details (i.e. SANDBOX - Cluster0), click on the **CONNECT** button.\n- Under section **(1) Check the IP Whitelist**, click on **ALLOW ACCESS FROM ANYWHERE**. The form will add a field with `0.0.0.0/0`. Click **SAVE** to save the `0.0.0.0/0` whitelist.\n- Under section **(2) Choose a connection method**, click on **Connect Your Application**\n- In the new screen, select **Node.js** as Driver and version **3.6 or later**.\n- Finally, copy the URI connection string and replace the URI in MONGODB_URI of `.env.example` with this URI string. Make sure to replace the \n
\n \n\n"
},
{
"path": "public/terms-of-use.html",
"content": "\n\n \n \n \n \n \n Privacy Policy for Hackathon Starter
\n\nAt Hackathon Starter, accessible from our website, one of our main priorities is the privacy of our users. This Privacy Policy document explains the types of information we collect, how we use that data, and how users can manage their information.
\n\n\n If you have additional questions or require more information about our Privacy Policy, do not hesitate to contact us. Our Privacy Policy was generated with the help of\n GDPR Privacy Policy Generator from GDPRPrivacyPolicy.net.\n
\n\nData Collection & Usage
\n\n We collect information from third-party services such as Google and Meta, including user email, profile data, and other relevant information for authentication purposes. This data is used solely to provide and enhance the functionality of our application. We also use reCAPTCHA for security\n and abuse prevention. reCAPTCHA collects technical and behavioral signals to assess risk. Google processes this data solely on our behalf and does not use it for advertising.\n
\n\nAutomatically Collected Information
\nWe also collect certain information automatically, including browser type, IP address, server logs, and usage patterns to optimize and improve user experience.
\n\nData Sharing
\nWe do not sell user data to third parties. We may share certain information with trusted partners who assist in providing and improving our services, but only as necessary for core functionality.
\n\nSecurity & Data Protection
\nWe implement industry-standard security measures, including encryption and access controls, to protect user data from unauthorized access, breaches, and misuse.
\n\nData Retention & Deletion
\n\n We retain personal data only as long as necessary to fulfill the purposes outlined in this policy. Users may request data deletion at any time via the **“Delete My Account”** button on the **“My Account”** page or by contacting us through our\n Contact Page.\n
\n\nRestricted Data Usage
\nUser data collected through our app is used exclusively for authentication and enhancing app functionality. It is not used for targeted advertising, sold to data brokers, or processed for purposes beyond improving user experience.
\n\nCompliance with Meta Policies
\nOur privacy policy is available via a publicly accessible URL and is not geo-blocked. The privacy policy link provided in our Meta App Dashboard ensures compliance with Meta’s requirements.
\n\nGeneral Data Protection Regulation (GDPR)
\nWe are a Data Controller of your information. Our legal basis for collecting and using personal information depends on the specific context in which we collect the data:
\n- \n
- To perform a contract with you \n
- When you have given us consent \n
- When processing is in our legitimate interests \n
- To comply with legal requirements \n
Children’s Privacy
\nHackathon Starter does not knowingly collect personal information from children under the age of 13. If you believe a child has provided us with their information, please contact us, and we will promptly remove the data.
\n\nConsent
\nBy using our website, you hereby consent to our Privacy Policy and agree to its terms.
\n\n
\n \n\n"
},
{
"path": "test/TESTING.md",
"content": "# Testing Guide\n\nThis document describes the test organization, fixture system, and how to create and run new tests in the hackathon-starter project.\n\n## Table of Contents\n\n- [Overview](#overview)\n- [Test Organization](#test-organization)\n- [Fixture System](#fixture-system)\n- [Running Tests](#running-tests)\n- [Creating New Tests](#creating-new-tests)\n- [Troubleshooting](#troubleshooting)\n\n## Overview\n\nHackathon Starter comes with core unit tests that focus on essential functionality, as well as end-to-end (E2E) tests using [Playwright](https://playwright.dev/) for various integrations.\n\nThe purpose of the core unit tests is to verify core features like user management and security features. You usually don't need to worry about these during hackathons, but it's a good idea to keep them to ensure your customizations don't break core functions.\n\nThe end-to-end tests are built around various integrations. Depending on your application, you may want to replace them with tests that apply to your implementation. You don't need to run or update the E2E tests during the hackathon. However, if you decide to further develop your idea with your team after the event, the E2E tests can help you avoid breaking existing functionality every time you modify your application or build a new feature. With Playwright, test automation uses its own web browser to browse various views in your application, interact with them, and check for expected results. You can use the existing tests as templates for developing your own Playwright tests. Hackathon Starter's current test helper tools enable you to run E2E tests against live APIs, or record and replay API responses for more predictable results or in environments that you can't access live APIs.\n\n## Test Organization\n\n```\ntest/\n├── fixtures/ # Fixtures are recorded API responses\n│ └── fixture_manifest.json # Registry of recorded tests\n├── tools/ # Test utilities and fixtures\n│ ├── fixture-helpers.js # Shared fixture utilities\n│ ├── server-fetch-fixtures.js # Intercepts server-side fetch() calls\n│ ├── server-axios-fixtures.js # Intercepts server-side axios calls\n│ ├── playwright-start-and-log.js\n│ ├── simple-link-image-check.js\n│ └── start-with-memory-db.js # Test server with in-memory MongoDB\n├── e2e/ # Tests requiring API keys\n│ ├── chart.e2e.test.js\n│ ├── foursquare.e2e.test.js\n│ ├── google-maps.e2e.test.js\n│ ├── here-maps.e2e.test.js\n│ ├── lob.e2e.test.js\n│ ├── nyt.e2e.test.js\n│ ├── openai-moderation.e2e.test.js\n│ ├── llm-classifier.e2e.test.js\n│ ├── trakt.e2e.test.js\n│ └── twilio.e2e.test.js\n├── e2e-nokey/ # Tests that work without API keys\n│ ├── github-api.e2e.test.js\n│ ├── lastfm.e2e.test.js\n│ ├── pubchem.e2e.test.js\n│ ├── rag.e2e.test.js\n│ ├── scraping.e2e.test.js\n│ ├── upload.e2e.test.js\n│ └── wikipedia.e2e.test.js\n├── app.test.js # Basic app structure tests - core unit test\n├── app-links.test.js # Link validation tests - utility to identify broken links\n├── contact.test.js # Contact form tests - core unit test\n├── flash.test.js # Flash message tests - core unit test\n├── models.test.js # Database model tests - core unit test\n├── morgan.test.js # Morgan logger tests - core unit test\n├── nodemailer.test.js # Email tests - core unit test\n├── passport.test.js # Auth tests - core unit test\n└── playwright.config.js # Playwright configuration\n```\n\n### Test Categories\n\n1. **`test/e2e/`** - Integration tests that require API keys\n - These tests call third-party APIs (Foursquare, Twilio, OpenAI, etc.)\n - Can run in record mode (with keys) or replay mode (with fixtures)\n2. **`test/e2e-nokey/`** - Integration or partial Integration tests that don't need API keys\n - Public APIs (GitHub, Wikipedia, PubChem) or local features (upload, RAG)\n - Can run without any configuration in replay mode\n\n3. **Core Unit Tests** - Individual component tests (models, config, middleware)\n\n## Running E2E Tests\n\nUse one script with project selection:\n\n```bash\nnpm run test:e2e:live # All E2E tests with live API calls\nnpm run test:e2e:replay # All E2E tests with previously recorded API responses\nnpm run test:e2e:custom -- --project=chromium-record # E2E with recording API calls (record fixtures)\nnpm run test:e2e:custom -- --project=chromium-nokey-live # Only E2E tests that don't require API keys (live)\nnpm run test:e2e:custom -- --project=chromium-nokey-replay # Only E2E tests that don't require API keys (replay fixtures)\nnpm run test:e2e:custom -- --project=chromium-nokey-record # Only E2E tests that don't require API keys (record fixtures)\n```\n\n### Run a Single E2E Test File\n\n```bash\n# Run tests in a single test file against live APIs\nnpx playwright test test/e2e.../testfile.e2e.test.js --config=test/playwright.config.js --project=chromium\n\n# Run tests in a single test file while replaying recorded API responses from the fixtures\nnpx playwright test test/e2e.../testfile.e2e.test.js --config=test/playwright.config.js --project=chromium-replay\n\n# Run tests in a single test file against live APIs and capture the API responses as fixtures for replay later\nnpx playwright test test/e2e.../testfile.e2e.test.js --config=test/playwright.config.js --project=chromium-record\n```\n\n## Fixture System\n\nThe fixture system allows tests to record API responses once and replay them deterministically. This eliminates the need for API keys in CI/CD and makes tests faster and more reliable.\n\n### How It Works\n\n#### Server-Side Interception\n\nThe E2E test framework in hackathon-starter is currently only for server-side API calls, not browser-side. The fixture system intercepts server-side HTTP libraries:\n\n1. **`server-fetch-fixtures.js`** - Monkey-patches `globalThis.fetch()`\n2. **`server-axios-fixtures.js`** - Uses axios interceptors\n\nBoth are installed in `start-with-memory-db.js` for Playwright tests before the Express app loads for testing.\n\n#### Limitations and unsupported transports\n\nRecord/replay supports only server-side `fetch()` and `axios` calls. Node's built-in (legacy) `http`/`https` modules, or browser-side API calls are currently not supported.\n\n#### Recording Mode (API_MODE=record)\n\nWhen recording, the system:\n\n1. Lets API calls execute normally\n2. Captures responses\n3. Saves them to `test/fixtures/` with sanitized filenames (removes tokens and API keys by keyword matching)\n4. Registers the test in `fixture_manifest.json` so the replay mode can check for missing fixtures\n\n**Fixture filenames** are generated by `keyFor()` in `fixture-helpers.js`:\n\n- URL is sanitized (sensitive query params like `apikey`, `token` are stripped by keyword matching)\n- For POST requests, a body hash is appended for uniqueness\n- Example filename: `GET_api.openweathermap.org_data_2.5_weather_q=Seattle.json`\n\n#### Replay Mode (API_MODE=replay)\n\nWhen replaying, the system:\n\n1. Intercepts API calls before they hit the network\n2. Returns saved fixture data instead\n3. Falls back to real network if fixture is missing (unless `API_STRICT_REPLAY=1`)\n\n#### Strict Replay Mode (API_STRICT_REPLAY=1)\n\nWith strict mode enabled:\n\n- Any request without a fixture is blocked with an error\n- Ensures tests never accidentally hit live APIs\n- Useful in CI/CD or to verify all fixtures exist\n\n### Fixture Helpers\n\n**`test/tools/fixture-helpers.js`** provides shared utilities:\n\n- **`registerTestInManifest(testFile)`** - Self-registers test during record mode\n- **`isInManifest(testFile)`** - Checks if test is in manifest (for replay skip logic)\n- **`hashBody(body)`** - Creates SHA1 hash of request body for fixture keys\n- **`keyFor(method, url, body)`** - Generates sanitized fixture filename\n\n## Creating New Tests\n\n1. **Create the test file** in `test/e2e/` or `test/e2e-nokey/`\n2. **Add fixture boilerplate** (if applicable - see existing tests for examples)\n3. **Write your test assertions**\n4. **Test and finalize your test against live APIs**\n\n```bash\nnpx playwright test test/e2e/my-api.e2e.test.js --config=test/playwright.config.js --project=chromium\n```\n\n5. **Record fixtures** (first time only):\n\n```bash\nnpx playwright test test/e2e/my-api.e2e.test.js --config=test/playwright.config.js --project=chromium-record\n```\n\n6. **Verify replay works**:\n\n```bash\nnpx playwright test test/e2e/my-api.e2e.test.js --config=test/playwright.config.js --project=chromium-replay\n```\n\n### 3. Important Patterns\n\n#### API_TEST_FILE Environment Variable\n\nAlways set this at the top of your test file if you are setting up Playwright tests that are going to have record and replay:\n\n```javascript\nprocess.env.API_TEST_FILE = 'e2e/my-api.e2e.test.js';\n```\n\nThis tells the fixture system which test is currently running for fixture tracking.\n\n#### Self-Registration Pattern\n\nTests self-register in the manifest during record mode:\n\n```javascript\nregisterTestInManifest('e2e/my-api.e2e.test.js');\n```\n\nThis enables you to let tests skip automatically when their fixtures haven't been recorded yet.\n\n#### Skip Logic for Replay Mode\n\nSkip tests that don't have fixtures recorded:\n\n```javascript\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/my-api.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/my-api.e2e.test.js - not in manifest - [number of tests in the file] tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n```\n\n#### Shared Page Pattern\n\nUse `beforeAll` with a shared page for better performance:\n\n```javascript\nlet sharedPage;\n\ntest.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/my-api');\n await sharedPage.waitForLoadState('networkidle');\n});\n\ntest.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n});\n```\n\n### 4. Tests Without Fixtures\n\nFor tests that don't need fixtures (unit tests, local features):\n\n```javascript\nconst { test, expect } = require('@playwright/test');\n\ntest.describe('My Feature', () => {\n test('should work correctly', async ({ page }) => {\n await page.goto('/my-feature');\n // Add assertions\n });\n});\n```\n\nNo fixture boilerplate needed.\n\n### 5. Skipping Tests in Record/Replay Mode\n\nSome tests (like Google Maps, HERE Maps) don't work well with fixtures and should skip entirely during record or replay modes:\n\n```javascript\nif (process.env.API_MODE === 'replay' || process.env.API_MODE === 'record') {\n console.log('[fixtures] skipping my-test.e2e.test.js in record/replay mode');\n test.skip(true, 'Skipping in record/replay mode');\n}\n```\n\n## Best Practices\n\n1. **Always use fixtures for API tests** - Faster, more reliable, works in CI/CD\n2. **Record with --workers=1** - Prevents race conditions and incomplete fixtures\n3. **Self-register tests** - Use `registerTestInManifest()` pattern for automatic skipping\n4. **Share pages when possible** - Use `beforeAll` with a shared page for performance and to reduce the chances of getting rate-limited by APIs\n5. **Use descriptive test names** - Makes debugging easier\n6. **Test one thing at a time** - Easier to understand failures\n7. **Clean up after tests** - Close pages, delete temp files\n8. **Use strict replay in CI** - Catch missing fixtures early\n9. **Keep fixtures committed** - Other developers can run tests immediately\n10. **Document API-specific quirks** - Add comments for unusual API behavior\n"
},
{
"path": "test/app-links.test.js",
"content": "const { expect } = require('chai');\nconst { getViewsChecks, checkList } = require('./tools/simple-link-image-check');\n\ndescribe('app view links', function () {\n this.timeout(300000);\n\n it('has no broken links in pug views', async () => {\n const checks = getViewsChecks();\n const deduped = checks; // already deduped by helper\n const { results, processed } = await checkList(deduped);\n if (results.length) {\n const lines = results.map((r) => `- ${r.url} (found in: ${r.sources.join(', ')}) => ${r.error || r.status}`).join('\\n');\n throw new Error(`Broken view links (${results.length} of ${processed}):\\n${lines}`);\n }\n expect(results.length).to.equal(0);\n });\n});\n"
},
{
"path": "test/app.test.js",
"content": "const request = require('supertest');\nconst { MongoMemoryServer } = require('mongodb-memory-server');\n\nlet mongoServer;\nlet app;\n\nbefore(async () => {\n mongoServer = await MongoMemoryServer.create();\n const mockMongoDBUri = await mongoServer.getUri();\n process.env.MONGODB_URI = mockMongoDBUri;\n // If we require the app at the beginning of this file\n // it will try to connect to the database before the\n // MongoMemoryServer is started which can cause the testes to fail\n // Hence we are making an exception for linting this require statement\n /* eslint-disable global-require */\n app = require('../app');\n});\n\nafter(async () => {\n if (mongoServer) {\n await mongoServer.stop();\n }\n});\n\ndescribe('GET /', () => {\n it('should return 200 OK', (done) => {\n request(app).get('/').expect(200, done);\n });\n});\n\ndescribe('GET /login', () => {\n it('should return 200 OK', (done) => {\n request(app).get('/login').expect(200, done);\n });\n});\n\ndescribe('GET /signup', () => {\n it('should return 200 OK', (done) => {\n request(app).get('/signup').expect(200, done);\n });\n});\n\ndescribe('GET /forgot', () => {\n it('should return 200 OK', (done) => {\n request(app).get('/forgot').expect(200, done);\n });\n});\n\ndescribe('GET /contact', () => {\n it('should return 200 OK', (done) => {\n request(app).get('/contact').expect(200, done);\n });\n});\n\ndescribe('GET /random-url', () => {\n it('should return 404', (done) => {\n request(app).get('/reset').expect(404, done);\n });\n});\n\ndescribe('Other core GET routes do not cause errors', () => {\n const routes = ['/logout', '/login/2fa', '/login/2fa/totp', '/login/webauthn-start', '/login/verify/testtoken', '/reset/testtoken', '/account', '/account/verify', '/account/verify/testtoken', '/account/2fa/totp/setup', '/account/webauthn/register', '/auth/failure'];\n\n routes.forEach((route) => {\n it(`GET ${route}`, async () => {\n await request(app)\n .get(route)\n .expect((res) => {\n if (res.status >= 500) {\n throw new Error(`Expected non-5xx status for ${route} but got ${res.status}`);\n }\n });\n });\n });\n});\n"
},
{
"path": "test/auth.opt.test.js",
"content": "const path = require('node:path');\nconst { expect } = require('chai');\nconst sinon = require('sinon');\nconst mongoose = require('mongoose');\nprocess.loadEnvFile(path.join(__dirname, '.env.test'));\nconst { _saveOAuth2UserTokens } = require('../config/passport');\nconst User = require('../models/User');\n\ndescribe('Microsoft OAuth Integration Tests:', () => {\n let req;\n let userStub;\n\n beforeEach((done) => {\n const user = new User({\n _id: new mongoose.Types.ObjectId(),\n email: 'test@example.com',\n microsoft: 'microsoft-id-123',\n tokens: [],\n });\n\n user.save = sinon.stub().resolves();\n user.markModified = sinon.spy();\n\n userStub = sinon.stub(User, 'findById').resolves(user);\n\n req = {\n user,\n };\n done();\n });\n\n afterEach((done) => {\n userStub.restore();\n done();\n });\n\n it('should save Microsoft OAuth tokens correctly', (done) => {\n const accessToken = 'microsoft-access-token';\n const refreshToken = 'microsoft-refresh-token';\n const accessTokenExpiration = 3600;\n const refreshTokenExpiration = 86400;\n const providerName = 'microsoft';\n const tokenConfig = { microsoft: 'microsoft-id-123' };\n\n _saveOAuth2UserTokens(req, accessToken, refreshToken, accessTokenExpiration, refreshTokenExpiration, providerName, tokenConfig)\n .then(() => {\n expect(req.user.tokens).to.have.lengthOf(1);\n expect(req.user.tokens[0]).to.include({\n kind: 'microsoft',\n accessToken: 'microsoft-access-token',\n refreshToken: 'microsoft-refresh-token',\n });\n expect(req.user.microsoft).to.equal('microsoft-id-123');\n expect(req.user.markModified.calledWith('tokens')).to.be.true;\n expect(req.user.save.calledOnce).to.be.true;\n done();\n })\n .catch(done);\n });\n\n it('should handle Microsoft OAuth token refresh scenario', (done) => {\n // Setup existing expired Microsoft token\n req.user.tokens.push({\n kind: 'microsoft',\n accessToken: 'expired-microsoft-token',\n refreshToken: 'valid-microsoft-refresh-token',\n accessTokenExpires: new Date(Date.now() - 1 * 60 * 60 * 1000).toISOString(),\n });\n\n const accessToken = 'new-microsoft-access-token';\n const refreshToken = 'new-microsoft-refresh-token';\n const accessTokenExpiration = 3600;\n const refreshTokenExpiration = 86400;\n const providerName = 'microsoft';\n\n _saveOAuth2UserTokens(req, accessToken, refreshToken, accessTokenExpiration, refreshTokenExpiration, providerName)\n .then(() => {\n expect(req.user.tokens).to.have.lengthOf(1);\n expect(req.user.tokens[0].accessToken).to.equal('new-microsoft-access-token');\n expect(req.user.tokens[0].refreshToken).to.equal('new-microsoft-refresh-token');\n done();\n })\n .catch(done);\n });\n\n it('should preserve other provider tokens when updating Microsoft tokens', (done) => {\n // Setup existing tokens for different providers\n req.user.tokens = [\n {\n kind: 'google',\n accessToken: 'google-token',\n accessTokenExpires: new Date(Date.now() + 1 * 60 * 60 * 1000).toISOString(),\n },\n {\n kind: 'github',\n accessToken: 'github-token',\n accessTokenExpires: new Date(Date.now() + 1 * 60 * 60 * 1000).toISOString(),\n },\n ];\n\n const accessToken = 'new-microsoft-token';\n const refreshToken = 'microsoft-refresh-token';\n const accessTokenExpiration = 3600;\n const refreshTokenExpiration = 86400;\n const providerName = 'microsoft';\n\n _saveOAuth2UserTokens(req, accessToken, refreshToken, accessTokenExpiration, refreshTokenExpiration, providerName)\n .then(() => {\n expect(req.user.tokens).to.have.lengthOf(3);\n expect(req.user.tokens.find((t) => t.kind === 'google').accessToken).to.equal('google-token');\n expect(req.user.tokens.find((t) => t.kind === 'github').accessToken).to.equal('github-token');\n expect(req.user.tokens.find((t) => t.kind === 'microsoft').accessToken).to.equal('new-microsoft-token');\n done();\n })\n .catch(done);\n });\n});\n"
},
{
"path": "test/contact.test.js",
"content": "const { expect } = require('chai');\nconst sinon = require('sinon');\nconst request = require('supertest');\nconst express = require('express');\nconst session = require('express-session');\nconst contactController = require('../controllers/contact');\n\nlet app;\nlet sendMailStub;\nlet fetchStub;\nconst OLD_ENV = { ...process.env };\n\nfunction setupApp(controller) {\n const app = express();\n app.use(express.urlencoded({ extended: false }));\n app.use(session({ secret: 'test', resave: false, saveUninitialized: false }));\n\n // Set a dummy CSRF token for all requests\n app.use((req, res, next) => {\n req.flash = (type, msg) => {\n req.session[type] = msg;\n };\n req.csrfToken = () => 'testcsrf';\n res.render = () => res.status(200).send('Contact Form');\n next();\n });\n\n app.get('/contact', controller.getContact);\n app.post('/contact', controller.postContact);\n return app;\n}\n\ndescribe('Contact Controller', () => {\n before(() => {\n process.env.SITE_CONTACT_EMAIL = 'test@example.com';\n process.env.GOOGLE_RECAPTCHA_SITE_KEY = 'dummy';\n process.env.GOOGLE_API_KEY = 'dummy';\n process.env.GOOGLE_PROJECT_ID = 'dummy-project';\n });\n\n beforeEach(() => {\n // Stub nodemailerConfig.sendMail\n sendMailStub = sinon.stub().resolves();\n // Patch require cache for nodemailerConfig\n const nodemailerConfig = require.cache[require.resolve('../config/nodemailer')];\n if (nodemailerConfig) {\n nodemailerConfig.exports.sendMail = sendMailStub;\n }\n\n // Stub global fetch for reCAPTCHA\n fetchStub = sinon.stub().resolves({\n json: () => Promise.resolve({ tokenProperties: { valid: true } }),\n });\n global.fetch = fetchStub;\n\n app = setupApp(contactController);\n });\n\n afterEach(() => {\n sinon.restore();\n if (sendMailStub) sendMailStub.resetHistory();\n delete global.fetch;\n });\n\n after(() => {\n process.env = OLD_ENV;\n });\n\n describe('GET /contact', () => {\n it('renders the contact form', (done) => {\n request(app)\n .get('/contact')\n .expect(200)\n .end((err) => {\n if (err) return done(err);\n expect(true).to.be.true; // keep assertion for lint, actual check is above\n done();\n });\n });\n });\n\n describe('POST /contact', () => {\n it('rejects missing name/email for unknown user', (done) => {\n request(app)\n .post('/contact')\n .type('form')\n .send({ _csrf: 'testcsrf', name: '', email: '', message: 'Hello', 'g-recaptcha-response': 'token' })\n .expect(302)\n .expect('Location', '/contact')\n .end((err) => {\n if (err) return done(err);\n expect(sendMailStub.called).to.be.false;\n done();\n });\n });\n\n it('rejects missing message', (done) => {\n request(app)\n .post('/contact')\n .type('form')\n .send({ _csrf: 'testcsrf', name: 'Test', email: 'test@example.com', message: '', 'g-recaptcha-response': 'token' })\n .expect(302)\n .expect('Location', '/contact')\n .end((err) => {\n if (err) return done(err);\n expect(sendMailStub.called).to.be.false;\n done();\n });\n });\n\n it('rejects missing reCAPTCHA', (done) => {\n request(app)\n .post('/contact')\n .type('form')\n .send({ _csrf: 'testcsrf', name: 'Test', email: 'test@example.com', message: 'Hello', 'g-recaptcha-response': '' })\n .expect(302)\n .expect('Location', '/contact')\n .end((err) => {\n if (err) return done(err);\n expect(sendMailStub.called).to.be.false;\n done();\n });\n });\n\n it('sends email if all fields are valid', (done) => {\n request(app)\n .post('/contact')\n .type('form')\n .send({ _csrf: 'testcsrf', name: 'Test', email: 'test@example.com', message: 'Hello', 'g-recaptcha-response': 'token' })\n .expect(302)\n .expect('Location', '/contact')\n .end((err) => {\n if (err) return done(err);\n expect(sendMailStub.calledOnce).to.be.true;\n done();\n });\n });\n\n it('handles reCAPTCHA failure', (done) => {\n fetchStub.resolves({ json: () => Promise.resolve({ tokenProperties: { valid: false } }) });\n request(app)\n .post('/contact')\n .type('form')\n .send({ _csrf: 'testcsrf', name: 'Test', email: 'test@example.com', message: 'Hello', 'g-recaptcha-response': 'token' })\n .expect(302)\n .expect('Location', '/contact')\n .end((err) => {\n if (err) return done(err);\n expect(sendMailStub.called).to.be.false;\n done();\n });\n });\n });\n});\n"
},
{
"path": "test/docs-links.test.js",
"content": "const { expect } = require('chai');\nconst { getMarkdownChecks, checkList } = require('./tools/simple-link-image-check');\n\ndescribe('docs links', function () {\n this.timeout(300000);\n\n it('has no broken links in markdown docs', async () => {\n const checks = getMarkdownChecks();\n const deduped = checks; // already deduped by helper\n const { results, processed } = await checkList(deduped);\n if (results.length) {\n const lines = results.map((r) => `- ${r.url} (found in: ${r.sources.join(', ')}) => ${r.error || r.status}`).join('\\n');\n throw new Error(`Broken markdown links (${results.length} of ${processed}):\\n${lines}`);\n }\n expect(results.length).to.equal(0);\n });\n});\n"
},
{
"path": "test/e2e/chart.e2e.test.js",
"content": "const testFileName = 'e2e/chart.e2e.test.js';\nprocess.env.API_TEST_FILE = testFileName;\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest(testFileName);\n\nif (process.env.API_MODE && process.env.API_MODE === 'replay' && !isInManifest(testFileName)) {\n console.log(`[fixtures] skipping ${testFileName} as it is not in manifest for replay mode`);\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('Chart.js and Alpha Vantage API Integration', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/chart');\n await sharedPage.waitForLoadState('networkidle');\n await sharedPage.waitForTimeout(2000); // Wait for chart to render\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should render Chart.js with Microsoft stock data', async () => {\n // Check for canvas element\n const canvas = sharedPage.locator('canvas#chart');\n await expect(canvas).toBeVisible();\n\n // Verify canvas has been initialized with Chart.js and has data\n const chartValidation = await sharedPage.evaluate(() => {\n const canvas = document.getElementById('chart');\n const chart = window.Chart.getChart(canvas);\n\n if (!chart) return { isInitialized: false, hasData: false };\n\n const { labels } = chart.data;\n const [dataset] = chart.data.datasets;\n\n return {\n isInitialized: true,\n hasData: labels?.length > 0 && dataset?.data?.length > 0,\n datasetLabel: dataset?.label,\n labelsCount: labels?.length,\n type: chart.config.type,\n };\n });\n\n // Verify chart is initialized\n expect(chartValidation.isInitialized).toBe(true);\n\n // Verify chart data is populated\n expect(chartValidation.hasData).toBe(true);\n\n // Verify chart has correct dataset label\n expect(chartValidation.datasetLabel).toContain(\"Microsoft's Closing Stock Values\");\n\n // Verify chart type\n expect(chartValidation.type).toBe('line');\n\n // Verify data count (Alpha Vantage returns 100 data points)\n expect(chartValidation.labelsCount).toBe(100);\n });\n\n test('should display valid stock data with correct structure', async () => {\n // Get chart data details\n const chartDataInfo = await sharedPage.evaluate(() => {\n const canvas = document.getElementById('chart');\n const chart = Chart.getChart(canvas);\n\n return {\n labelsCount: chart.data.labels.length,\n dataCount: chart.data.datasets[0].data.length,\n firstLabel: chart.data.labels[0],\n lastLabel: chart.data.labels[chart.data.labels.length - 1],\n firstValue: chart.data.datasets[0].data[0],\n };\n });\n\n // Verify data integrity\n expect(chartDataInfo.labelsCount).toBe(100);\n expect(chartDataInfo.dataCount).toBe(100);\n\n // Verify date format (YYYY-MM-DD)\n expect(chartDataInfo.firstLabel).toMatch(/^\\d{4}-\\d{2}-\\d{2}$/);\n expect(chartDataInfo.lastLabel).toMatch(/^\\d{4}-\\d{2}-\\d{2}$/);\n\n // Verify stock values are valid numbers\n expect(parseFloat(chartDataInfo.firstValue)).not.toBeNaN();\n expect(parseFloat(chartDataInfo.firstValue)).toBeGreaterThan(0);\n });\n\n test('should use live data from Alpha Vantage API', async () => {\n // Verify we're using live data, not fallback\n const dataTypeText = await sharedPage.locator('h6').textContent();\n expect(dataTypeText).toBe('Using data from Alpha Vantage');\n\n // Get the date range from chart data\n const dateInfo = await sharedPage.evaluate(() => {\n const canvas = document.getElementById('chart');\n const chart = Chart.getChart(canvas);\n const { labels } = chart.data;\n return {\n firstDate: labels[0],\n lastDate: labels[labels.length - 1],\n };\n });\n\n // Verify dates are NOT the hardcoded fallback data\n // Fallback data range: 2023-03-02 to 2023-07-25\n expect(dateInfo.lastDate).not.toBe('2023-07-25');\n });\n});\n"
},
{
"path": "test/e2e/foursquare.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/foursquare.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/foursquare.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/foursquare.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/foursquare.e2e.test.js as it is not in manifest for replay mode - 2 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('Foursquare Places API Integration', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/foursquare');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should render Trending Venues table with data', async () => {\n // Table basics\n const table = sharedPage.locator('table.table.table-striped.table-bordered');\n await expect(table).toBeVisible();\n\n const headers = table.locator('thead th');\n await expect(headers).toHaveCount(5);\n await expect(headers.nth(1)).toContainText('Name');\n await expect(headers.nth(2)).toContainText('Category');\n await expect(headers.nth(3)).toContainText('Address');\n await expect(headers.nth(4)).toContainText('Distance');\n\n // Should have 10 result rows (API limit for busy Downtown Seattle location)\n const rows = table.locator('tbody tr');\n const rowCount = await rows.count();\n expect(rowCount).toBe(10);\n\n // Validate first row structure and formats\n const firstRowCells = rows.first().locator('td');\n await expect(firstRowCells).toHaveCount(5);\n\n // Icon cell: must have an icon image\n const iconImgCount = await firstRowCells.nth(0).locator('img').count();\n expect(iconImgCount).toBeGreaterThan(0);\n const icon = firstRowCells.nth(0).locator('img');\n await expect(icon).toHaveAttribute('src', /https?:\\/\\//);\n await expect(icon).toHaveAttribute('alt', /\\w+/);\n const w = parseInt(await icon.getAttribute('width'), 10);\n const h = parseInt(await icon.getAttribute('height'), 10);\n expect(w).toBeGreaterThanOrEqual(32);\n expect(w).toBeLessThanOrEqual(64);\n expect(h).toBe(w);\n\n // Name cell: non-empty\n const venueName = (await firstRowCells.nth(1).textContent()).trim();\n expect(venueName.length).toBeGreaterThan(0);\n\n // Category cell: non-empty\n const categoryText = (await firstRowCells.nth(2).textContent()).trim();\n expect(categoryText.length).toBeGreaterThan(0);\n\n // Address cell: non-empty\n const addrText = (await firstRowCells.nth(3).textContent()).trim();\n expect(addrText.length).toBeGreaterThan(0);\n\n // Distance cell: numeric\n const distanceText = (await firstRowCells.nth(4).textContent()).trim();\n expect(distanceText).toMatch(/^\\d+$/);\n });\n\n test('should render Venue Details with name, category, and coordinates', async () => {\n // Section header\n await expect(sharedPage.locator('h3.text-primary', { hasText: 'Venue Details' })).toBeVisible();\n\n // The details paragraph contains name, optional category, and location + lat/long\n const detailsPara = sharedPage.locator('h3.text-primary:has-text(\"Venue Details\") + p');\n await expect(detailsPara).toBeVisible();\n\n // Name element\n const nameElement = detailsPara.locator('i u');\n await expect(nameElement).toBeVisible();\n const detailName = (await nameElement.textContent()).trim();\n expect(detailName.length).toBeGreaterThan(0);\n\n // Check expected hardcoded values from Downtown Seattle location (ll=47.609657,-122.342148)\n const detailsText = await detailsPara.textContent();\n\n // Extract and validate longitude (allow wiggle room for minor GIS changes)\n const longitudeMatch = detailsText.match(/longitude:\\s*([-\\d.]+)/i);\n expect(longitudeMatch).toBeTruthy();\n const longitude = parseFloat(longitudeMatch[1]);\n expect(longitude).toBeGreaterThan(-122.35);\n expect(longitude).toBeLessThan(-122.33);\n\n // Extract and validate latitude (allow wiggle room for minor GIS changes)\n const latitudeMatch = detailsText.match(/latitude:\\s*([-\\d.]+)/i);\n expect(latitudeMatch).toBeTruthy();\n const latitude = parseFloat(latitudeMatch[1]);\n expect(latitude).toBeGreaterThan(47.6);\n expect(latitude).toBeLessThan(47.62);\n\n // Related venues: check for Pike Place Market with 10+ related venues\n const relatedVenuesPara = sharedPage.locator('p', { hasText: 'Related venues or businesses to' });\n await expect(relatedVenuesPara).toBeVisible();\n const relatedVenuesText = await relatedVenuesPara.textContent();\n expect(relatedVenuesText).toContain('Pike Place Market');\n\n // Extract the comma-separated list from the next paragraph\n const relatedListPara = relatedVenuesPara.locator('+ p');\n await expect(relatedListPara).toBeVisible();\n const relatedListText = (await relatedListPara.textContent()).trim();\n const relatedVenuesList = relatedListText\n .split(',')\n .map((v) => v.trim())\n .filter((v) => v.length > 0);\n expect(relatedVenuesList.length).toBeGreaterThanOrEqual(10);\n });\n});\n"
},
{
"path": "test/e2e/giphy.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/giphy.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/giphy.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/giphy.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/giphy.e2e.test.js as it is not in manifest for replay mode - 2 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('GIPHY API', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/giphy');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should show results on a fresh page load', async () => {\n const resultsCard = sharedPage.locator('.card.text-white.bg-success');\n await expect(resultsCard).toBeVisible();\n const images = resultsCard.locator('img.card-img-top');\n const imageCount = await images.count();\n expect(imageCount).toBeGreaterThan(10);\n const src = await images.first().getAttribute('src');\n expect(src).toBeTruthy();\n });\n\n test('should return search results for submissions', async () => {\n await sharedPage.fill('input[name=\"search\"]', 'funny cat');\n await sharedPage.click('button[type=\"submit\"]');\n await sharedPage.waitForLoadState('networkidle');\n\n const resultsCard = sharedPage.locator('.card.text-white.bg-success');\n await expect(resultsCard).toBeVisible();\n const images = resultsCard.locator('img.card-img-top');\n const imageCount = await images.count();\n expect(imageCount).toBeGreaterThan(10);\n const src = await images.first().getAttribute('src');\n expect(src).toBeTruthy();\n });\n});\n"
},
{
"path": "test/e2e/google-maps.e2e.test.js",
"content": "const { test, expect } = require('@playwright/test');\n\n// Skip this suite entirely when running in replay/record-fixture mode.\n// We intentionally do not use browser-side record/replay for Google Maps.\nif (process.env.API_MODE === 'replay' || process.env.API_MODE === 'record') {\n console.log('[fixtures] skipping google-maps.e2e.test.js in record/replay mode (browser-side fixtures disabled) - 6 tests');\n test.skip(true, 'Skipping Google Maps tests in record/replay mode (browser-side fixtures disabled)');\n}\n\ntest.describe('Google Maps API Integration', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/google-maps');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should load Google Maps page and display map elements', async () => {\n // Basic page checks\n await expect(sharedPage).toHaveTitle(/Google Maps/);\n await expect(sharedPage.locator('h2')).toContainText('Google Maps JavaScript API');\n\n // Check for navigation buttons\n const gettingStartedBtn = sharedPage.locator('a[href*=\"developers.google.com/maps\"]');\n const apiConsoleBtn = sharedPage.locator('a[href*=\"console.developers.google.com\"]');\n await expect(gettingStartedBtn).toBeVisible();\n await expect(gettingStartedBtn).toContainText('Getting Started');\n await expect(apiConsoleBtn).toBeVisible();\n await expect(apiConsoleBtn).toContainText('API Console');\n\n // Check for map container\n const mapContainer = sharedPage.locator('#map');\n await expect(mapContainer).toBeVisible();\n await expect(mapContainer).toHaveCSS('height', '500px');\n\n // Check for description text (complete sentence) - use more specific selector\n await expect(sharedPage.locator('p').first()).toContainText('This example uses custom markers with Font Awesome icons, a custom map control (Center Map), and restricted navigation boundaries.');\n });\n\n test('should load Google Maps JavaScript API script', async () => {\n // Check for the main Google Maps API script (with key parameter)\n const mainMapsScript = sharedPage.locator('script[src*=\"maps.googleapis.com/maps/api/js\"][src*=\"key=\"]');\n await expect(mainMapsScript).toHaveCount(1);\n\n // Verify the main script has required parameters\n const scriptSrc = await mainMapsScript.getAttribute('src');\n expect(scriptSrc).toContain('key=');\n expect(scriptSrc).toContain('libraries=marker');\n expect(scriptSrc).toContain('loading=async');\n });\n\n test('should initialize map and custom elements', async () => {\n await sharedPage.waitForTimeout(5000); // Allow more time for map initialization\n\n // Check if Google Maps API loaded by looking for map tiles\n const mapTileImages = await sharedPage.locator('#map img[src*=\"googleapis.com/maps/vt\"]').count();\n expect(mapTileImages).toBeGreaterThan(0);\n\n // Verify map container is properly sized and positioned\n const mapContainer = sharedPage.locator('#map');\n await expect(mapContainer).toBeVisible();\n await expect(mapContainer).toHaveCSS('height', '500px');\n });\n\n test('should display map controls and interactive elements', async () => {\n const mapLoaded = await sharedPage.waitForFunction(() => window.google && window.google.maps && window.map && window.map !== null, { timeout: 8000 });\n expect(mapLoaded).toBeTruthy();\n\n await sharedPage.waitForTimeout(5000);\n\n const centerMapControl = await sharedPage.evaluate(() => {\n const elements = Array.from(document.querySelectorAll('div'));\n return elements.some((el) => el.textContent.trim() === 'Center Map');\n });\n expect(centerMapControl).toBe(true);\n\n const markers = sharedPage.locator('.custom-marker');\n const markerCount = await markers.count();\n expect(markerCount).toBeGreaterThan(0);\n\n await markers.first().click();\n await sharedPage.waitForTimeout(1000);\n\n const infoWindow = await sharedPage.evaluate(() => document.querySelector('.info-window') !== null || document.querySelector('.gm-ui-hover-effect') !== null || document.querySelector('[class*=\"info\"]') !== null);\n expect(infoWindow).toBe(true);\n\n await expect(sharedPage.locator('#map')).toBeVisible();\n });\n\n test('should verify all Font Awesome icons and marker locations', async () => {\n await sharedPage.waitForFunction(() => window.google && window.google.maps && window.map && document.querySelectorAll('.custom-marker').length > 0, { timeout: 8000 });\n\n const cityIcon = await sharedPage.locator('i.fas.fa-city').count();\n const landmarkIcon = await sharedPage.locator('i.fas.fa-landmark').count();\n const fishIcon = await sharedPage.locator('i.fas.fa-fish').count();\n\n expect(cityIcon).toBeGreaterThanOrEqual(1);\n expect(landmarkIcon).toBeGreaterThanOrEqual(1);\n expect(fishIcon).toBeGreaterThanOrEqual(1);\n\n const markerLabels = ['San Francisco', 'Financial District', \"Fisherman's Wharf\"];\n for (const label of markerLabels) {\n const labelElement = await sharedPage.locator(`text=${label}`).count();\n expect(labelElement).toBeGreaterThanOrEqual(1);\n }\n });\n\n test('should test info window content on marker click', async () => {\n await sharedPage.waitForTimeout(5000);\n\n const mapLoaded = await sharedPage.evaluate(() => window.mapLoaded === true);\n if (mapLoaded) {\n const markerData = [\n { title: 'San Francisco', content: 'cultural, commercial, and financial center', icon: 'fa-city' },\n { title: 'Financial District', content: 'business and financial hub', icon: 'fa-landmark' },\n { title: \"Fisherman's Wharf\", content: 'seafood restaurants', icon: 'fa-fish' },\n ];\n\n for (let i = 0; i < markerData.length; i++) {\n await sharedPage.evaluate((index) => {\n const markers = document.querySelectorAll('.custom-marker');\n if (markers[index]) {\n markers[index].click();\n }\n }, i);\n\n await sharedPage.waitForTimeout(500);\n\n const infoWindowVisible = await sharedPage.evaluate((expectedData) => {\n const infoWindow = document.querySelector('.gm-style-iw');\n if (infoWindow) {\n const content = infoWindow.textContent;\n return content.includes(expectedData.title) || content.includes(expectedData.content);\n }\n return false;\n }, markerData[i]);\n\n expect(infoWindowVisible).toBe(true);\n }\n }\n });\n});\n"
},
{
"path": "test/e2e/here-maps.e2e.test.js",
"content": "const { test, expect } = require('@playwright/test');\n\n// Skip this suite entirely when running in record/replay fixture mode.\n// We intentionally do not use browser-side record/replay for HERE Maps.\nif (process.env.API_MODE === 'replay' || process.env.API_MODE === 'record') {\n console.log('[fixtures] skipping here-maps.e2e.test.js in record/replay mode (browser-side fixtures disabled) - 3 tests');\n test.skip(true, 'Skipping HERE Maps tests in record/replay mode (browser-side fixtures disabled)');\n}\n\ntest.describe('HERE Maps API Integration', () => {\n let sharedPage;\n const tileRequests = [];\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n\n // Set up tile request monitoring BEFORE page loads\n sharedPage.on('response', async (response) => {\n const url = response.url();\n if (url.includes('vector.hereapi.com') || url.includes('base.maps.api.here.com')) {\n tileRequests.push({\n status: response.status(),\n ok: response.ok(),\n });\n }\n });\n\n await sharedPage.goto('/api/here-maps');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should initialize and render HERE Maps successfully', async () => {\n await sharedPage.waitForTimeout(5000);\n\n // Check if HERE Maps API loaded by verifying window.H object\n const hereMapsLoaded = await sharedPage.evaluate(() => typeof window.H !== 'undefined' && window.H !== null);\n expect(hereMapsLoaded).toBe(true);\n\n // Verify map canvas is rendered (HERE Maps uses Canvas for rendering)\n const hasCanvas = await sharedPage.locator('#map canvas').count();\n expect(hasCanvas).toBeGreaterThan(0);\n\n // Verify HERE Maps copyright/attribution is visible\n const hasCopyright = await sharedPage.locator('#map').locator('text=/HERE|©/i').count();\n expect(hasCopyright).toBeGreaterThan(0);\n });\n\n test('should calculate and display straight line distance using client-side calculation', async () => {\n // Check for distance display element\n const distanceElement = sharedPage.locator('#directLineDistance');\n await expect(distanceElement).toBeVisible();\n\n // Verify distance value is calculated and displayed (client-side Haversine formula)\n const distanceText = await distanceElement.textContent();\n const distance = parseFloat(distanceText);\n expect(distance).toBe(2.85);\n });\n\n test('should successfully load HERE Maps tiles', async () => {\n // Tiles should have been loaded during beforeAll\n expect(tileRequests.length).toBeGreaterThan(0);\n const successfulTiles = tileRequests.filter((req) => req.ok);\n expect(successfulTiles.length).toBeGreaterThan(0);\n\n const hasCanvas = await sharedPage.locator('#map canvas').count();\n expect(hasCanvas).toBeGreaterThan(0);\n });\n});\n"
},
{
"path": "test/e2e/llm-classifier.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/llm-classifier.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst fs = require('fs');\nconst path = require('path');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/llm-classifier.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/llm-classifier.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/llm-classifier.e2e.test.js as it is not in manifest for replay mode - 3 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\n// Helper: extract Query per Minute (QPM) from the webserver log file if we get one.\nfunction extractQpmFromLog() {\n try {\n const webserverLog = path.resolve(__dirname, '..', '..', 'tmp', 'playwright-webserver.log');\n if (!fs.existsSync(webserverLog)) return null;\n const content = fs.readFileSync(webserverLog, 'utf8');\n const marker = 'Groq API Error Response:';\n const idx = content.lastIndexOf(marker);\n if (idx === -1) return null;\n const tail = content.slice(idx, idx + 400);\n const m = /offers\\s+(\\d+)\\s+queries/i.exec(tail);\n if (!m) return null;\n return parseInt(m[1], 10);\n } catch {\n return null;\n }\n}\n\ntest.describe('LLM Classifier Integration', () => {\n test.describe.configure({ mode: 'serial' });\n\n test('should launch app, navigate to LLM Classifier page, and handle API response', async ({ page }) => {\n // Navigate to LLM Classifier page\n await page.goto('/ai/llm-classifier');\n await page.waitForLoadState('networkidle');\n\n // Basic page checks\n await expect(page).toHaveTitle(/LLM/);\n await expect(page.locator('h2')).toContainText('LLM');\n\n // Verify form elements\n const textarea = page.locator('textarea#inputText');\n await expect(textarea).toBeVisible();\n\n const submitButton = page.locator('button[type=\"submit\"]');\n await expect(submitButton).toBeVisible();\n await expect(submitButton).toContainText('Classify Department');\n\n // Common elements on the page\n await expect(page.locator('.btn-group a[href*=\"groq.com\"]')).toHaveCount(3);\n await expect(page.locator('text=/Groq Console/i')).toBeVisible();\n await expect(page.locator('text=/API Reference/i')).toBeVisible();\n });\n\n test('should classify a user request and display all classification data', async ({ page }) => {\n // Increase timeout to accommodate rate limiting wait in free tier\n test.setTimeout(150000); // 2.5 minutes\n\n await page.goto('/ai/llm-classifier');\n await page.waitForLoadState('networkidle');\n\n // Enter and submit \"I want a refund\"\n const testMessage = 'I want a refund';\n await page.fill('textarea#inputText', testMessage);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n\n // Verify all classification result elements that map to API data\n await expect(page.locator('textarea#inputText')).toHaveValue(testMessage);\n await expect(page.locator('h5')).toContainText('Classification (Routing) Result');\n await expect(page.locator('span.fw-bold.text-primary')).toContainText('Department:');\n\n const departmentValue = page.locator('span.ms-2.fs-4');\n // Retry on rate-limit.\n // Retry loop: up to 2 retries. If we cannot parse QPM from the log, fail immediately.\n let attempt = 0;\n const maxAttempts = 3; // initial try + 2 retries\n while (attempt < maxAttempts) {\n // small wait to let UI update\n await page.waitForTimeout(500);\n if ((await departmentValue.count()) > 0 && (await departmentValue.textContent()).trim().length > 0) {\n break; // success\n }\n attempt += 1;\n console.log(`LLM API rate limit: Retrying attempt ${attempt} of ${maxAttempts - 1}...`);\n if (attempt >= maxAttempts) break;\n const qpm = extractQpmFromLog();\n if (!qpm) {\n throw new Error('LLM API rate-limit log not found or QPM not parseable — failing test (no fallback)');\n }\n const waitSeconds = Math.ceil(60 / qpm) + 2;\n await page.waitForTimeout(waitSeconds * 1000);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n }\n await expect(departmentValue).toBeVisible();\n expect((await departmentValue.textContent()).trim().length).toBeGreaterThan(0);\n\n // Verify \"Show raw model output\" - maps to result.raw from API\n const rawOutputDetails = page.locator('details').filter({ hasText: 'Show raw model output' });\n await expect(rawOutputDetails).toBeVisible();\n await rawOutputDetails.locator('summary').click();\n const rawOutputPre = rawOutputDetails.locator('pre');\n await expect(rawOutputPre).toBeVisible();\n expect((await rawOutputPre.textContent()).trim().length).toBeGreaterThan(0);\n\n // Verify \"Show system prompt\" - maps to result.systemPrompt from API\n const systemPromptDetails = page.locator('details').filter({ hasText: 'Show system prompt' });\n await expect(systemPromptDetails).toBeVisible();\n await systemPromptDetails.locator('summary').click();\n const systemPromptPre = systemPromptDetails.locator('pre');\n await expect(systemPromptPre).toBeVisible();\n expect((await systemPromptPre.textContent()).trim().length).toBeGreaterThan(0);\n });\n\n test('should classify \"I want a refund\" as \"Returns and Refunds\"', async ({ page }) => {\n await page.goto('/ai/llm-classifier');\n await page.waitForLoadState('networkidle');\n\n const testMessage = 'I want a refund';\n await page.fill('textarea#inputText', testMessage);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n // Retry on rate-limit.\n // Retry loop: up to 2 retries. If we cannot parse QPM from the log, fail immediately.\n let attempt = 0;\n const maxAttempts = 3; // initial try + 2 retries\n while (attempt < maxAttempts) {\n const departmentValue = page.locator('span.ms-2.fs-4');\n // small wait to let UI update\n await page.waitForTimeout(500);\n if ((await departmentValue.count()) > 0 && (await departmentValue.textContent()).trim().length > 0) {\n break; // success\n }\n attempt += 1;\n if (attempt >= maxAttempts) break;\n console.log(`LLM API rate limit: Retrying attempt ${attempt} of ${maxAttempts - 1}...`);\n const qpm = extractQpmFromLog();\n if (!qpm) {\n throw new Error('LLM rate-limit log not found or QPM not parseable — failing test (no fallback)');\n }\n const waitSeconds = Math.ceil(60 / qpm) + 2;\n await page.waitForTimeout(waitSeconds * 1000);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n }\n\n // Verify input is preserved\n await expect(page.locator('textarea#inputText')).toHaveValue(testMessage);\n\n // Verify the specific department classification\n const departmentValue = page.locator('span.ms-2.fs-4');\n await expect(departmentValue).toContainText('Returns and Refunds');\n });\n});\n"
},
{
"path": "test/e2e/lob.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/lob.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/lob.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/lob.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/lob.e2e.test.js as it is not in manifest for replay mode - 3 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('Lob API Integration', () => {\n test.describe.configure({ mode: 'serial' });\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/lob');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should validate ZIP code API response format', async () => {\n // Check for valid ZIP code pattern (5 digits)\n await expect(sharedPage.locator('h3').filter({ hasText: 'Details of zip code:' })).toContainText(/Details of zip code: \\d{5}/);\n\n // Verify ZIP ID format (should be alphanumeric)\n const idText = await sharedPage.locator('p').filter({ hasText: 'ID:' }).textContent();\n expect(idText).toMatch(/ID: [a-zA-Z0-9_-]+/);\n\n // Verify ZIP Code Type format\n const zipTypeText = await sharedPage.locator('p').filter({ hasText: 'Zip Code Type:' }).textContent();\n expect(zipTypeText).toMatch(/Zip Code Type: \\w+/);\n\n // Verify cities table has proper data structure\n const table = sharedPage.locator('table.table.table-striped.table-bordered');\n await expect(table).toBeVisible();\n\n // Verify table has data rows with proper structure\n const dataRows = table.locator('tbody tr');\n const rowCount = await dataRows.count();\n expect(rowCount).toBeGreaterThan(0);\n\n // Verify each row has 5 cells (City, State, County, County Fips, Preferred)\n const firstRow = dataRows.first();\n await expect(firstRow.locator('td')).toHaveCount(5);\n\n // Validate data formats in first row\n const firstRowCells = firstRow.locator('td');\n const cityText = await firstRowCells.nth(0).textContent();\n const stateText = await firstRowCells.nth(1).textContent();\n const countyFipsText = await firstRowCells.nth(3).textContent();\n const preferredText = await firstRowCells.nth(4).textContent();\n\n // City should be non-empty string\n expect(cityText.trim()).toBeTruthy();\n // State should be 2-letter code\n expect(stateText).toMatch(/^[A-Z]{2}$/);\n // County FIPS should be numeric\n expect(countyFipsText).toMatch(/^\\d+$/);\n // Preferred should be true/false\n expect(preferredText).toMatch(/^(true|false)$/);\n });\n\n test('should validate USPS Letter API response format', async () => {\n // Verify letter ID format (should be alphanumeric with specific pattern)\n const letterIdText = await sharedPage.locator('text=Letter ID:').textContent();\n expect(letterIdText).toMatch(/Letter ID: [a-zA-Z0-9_-]+/);\n\n // Verify mail type format\n const mailTypeText = await sharedPage.locator('text=Will be mailed using:').textContent();\n expect(mailTypeText).toMatch(/Will be mailed using: [a-zA-Z\\s-]+/);\n\n // Verify delivery date format (should be a valid date)\n const deliveryDateText = await sharedPage.locator('text=With expected delivery date of:').textContent();\n expect(deliveryDateText).toMatch(/With expected delivery date of: \\d{4}-\\d{2}-\\d{2}/);\n });\n\n test('should validate PDF generation and file properties', async () => {\n // Verify PDF URL format and validate PDF file\n const pdfObject = sharedPage.locator('#pdfviewer object');\n // Wait for PDF viewer to become visible (Lob has a 3-second delay for PDF generation)\n await expect(pdfObject).toBeVisible({ timeout: 10000 });\n const pdfUrl = await pdfObject.getAttribute('data');\n expect(pdfUrl).toBeTruthy();\n expect(pdfUrl).toMatch(/^https?:\\/\\/.+\\.pdf/);\n\n // Fetch and validate the PDF file\n const response = await sharedPage.request.get(pdfUrl);\n expect(response.status()).toBe(200);\n\n const contentType = response.headers()['content-type'];\n expect(contentType).toBe('application/pdf');\n\n const pdfBuffer = await response.body();\n const fileSize = pdfBuffer.length;\n\n // PDF smoke tests\n expect(fileSize).toBeGreaterThan(0);\n expect(fileSize).toBeLessThan(10000000); // Less than ~10MB\n\n // Check PDF header and footer\n const pdfString = pdfBuffer.toString('binary');\n expect(pdfString.indexOf('%PDF')).toBe(0); // PDF should start with %PDF\n expect(pdfString.lastIndexOf('%%EOF')).toBeGreaterThan(pdfString.length - 10); // EOF should be near the end\n });\n});\n"
},
{
"path": "test/e2e/nyt.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/nyt.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/nyt.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/nyt.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/nyt.e2e.test.js as it is not in manifest for replay mode - 2 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('New York Times API Integration', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/nyt');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should render basic page content', async () => {\n // Basic page checks\n await expect(sharedPage).toHaveTitle(/New York Times API/);\n await expect(sharedPage.locator('h2')).toContainText('New York Times API');\n // Locate the main table and verify header columns\n const bestSellersTable = sharedPage.locator('table.table');\n await expect(bestSellersTable).toBeVisible();\n\n //Check the content of the file\n const tableHeaders = bestSellersTable.locator('thead th');\n await expect(tableHeaders).toHaveCount(5);\n await expect(tableHeaders.nth(0)).toContainText('Rank');\n await expect(tableHeaders.nth(1)).toContainText('Title');\n await expect(tableHeaders.nth(2)).toContainText('Description');\n await expect(tableHeaders.nth(3)).toContainText('Author');\n await expect(tableHeaders.nth(4)).toContainText('ISBN-13');\n\n // Verify there is at least one row of data\n const tableRows = bestSellersTable.locator('tbody tr');\n expect(await tableRows.count()).toBeGreaterThan(0);\n });\n\n test('should display the details for the Rank 1 best seller', async () => {\n const bestSellersTable = sharedPage.locator('table.table');\n await expect(bestSellersTable).toBeVisible();\n\n // Locate the first row's data cells (td)\n const firstRowCells = bestSellersTable.locator('tbody tr').nth(0).locator('td');\n\n // Verify Rank\n await expect(firstRowCells.nth(0)).toContainText('1');\n const currentRank1Title = (await firstRowCells.nth(1).textContent()).trim();\n await expect(firstRowCells.nth(1)).toContainText(currentRank1Title);\n expect(currentRank1Title.length).toBeGreaterThan(5);\n await expect(firstRowCells.nth(3)).toContainText(/\\w+/);\n await expect(firstRowCells.nth(4)).toContainText(/\\d{13}/);\n });\n});\n"
},
{
"path": "test/e2e/openai-moderation.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/openai-moderation.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/openai-moderation.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/openai-moderation.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/openai-moderation.e2e.test.js as it is not in manifest for replay mode - 2 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('OpenAI Moderation API Integration', () => {\n test('should flag harmful content and display all moderation data', async ({ page }) => {\n await page.goto('/ai/openai-moderation');\n await page.waitForLoadState('networkidle');\n\n // Enter text that should be flagged as harmful (violent content)\n const harmfulText = 'I want to kill and hurt people violently.';\n await page.fill('textarea#inputText', harmfulText);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n\n // Verify all moderation data elements\n await expect(page.locator('textarea#inputText')).toHaveValue(harmfulText);\n await expect(page.locator('h4')).toContainText('Moderation Result');\n await expect(page.locator('.alert.alert-warning')).toContainText('flagged as harmful');\n await expect(page.locator('h5')).toContainText('Category Scores');\n await expect(page.locator('.badge.rounded-pill').first()).toBeVisible();\n await expect(page.locator('h6')).toContainText('Flagged Categories');\n await expect(page.locator('li.text-danger').first()).toBeVisible();\n });\n\n test('should not flag safe content and show all category data', async ({ page }) => {\n await page.goto('/ai/openai-moderation');\n await page.waitForLoadState('networkidle');\n\n // Enter safe, harmless text\n const safeText = 'I love reading books and learning new things. The weather is beautiful today.';\n await page.fill('textarea#inputText', safeText);\n await page.click('button[type=\"submit\"]');\n await page.waitForLoadState('networkidle');\n\n // Verify all moderation data elements\n await expect(page.locator('textarea#inputText')).toHaveValue(safeText);\n await expect(page.locator('h4')).toContainText('Moderation Result');\n await expect(page.locator('.alert.alert-success')).toContainText('not flagged');\n await expect(page.locator('h5')).toContainText('Category Scores');\n await expect(page.locator('.badge.rounded-pill').first()).toBeVisible();\n await expect(page.locator('h6')).toContainText('Flagged Categories');\n await expect(page.locator('p.text-success')).toContainText('No categories were flagged');\n });\n});\n"
},
{
"path": "test/e2e/rag.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/rag.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst fs = require('fs');\nconst path = require('path');\nconst { MongoClient } = require('mongodb');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/rag.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/rag.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/rag.e2e.test.js as it is not in manifest for replay mode - 2 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\n/**\n * Create a minimal PDF file with ExampleCorp test data\n *\n * Note: This minimal PDF structure will trigger a \"Warning: Indexing all PDF objects\"\n * message from pdf.js during processing. This is expected and harmless - it simply means\n * the PDF lacks a standard XRef table, so pdf.js uses a fallback indexing method.\n * The PDF still processes correctly and the test works as intended.\n */\nfunction writeMinimalPdf(filePath) {\n const text = `\nExampleCorp was founded in 2019.\nIts headquarters are located in Seattle, Washington.\n\nThe company reported revenue of $12 million in 2023.\nNet income for 2023 was $1.2 million.\n\nExampleCorp operates in the cloud services market.\nIts primary competitors include AlphaCloud and NimbusCo.\n\nIn 2022, revenue was reported as $9 million.\nThe company does not operate in Europe.\n\nThis document contains no information about executive compensation.\nAny claim about CEO salary is unsupported.\n`.trim();\n\n const escaped = text.replace(/\\\\/g, '\\\\\\\\').replace(/\\(/g, '\\\\(').replace(/\\)/g, '\\\\)');\n\n const pdf = `%PDF-1.4\n1 0 obj\n<< /Type /Catalog /Pages 2 0 R >>\nendobj\n2 0 obj\n<< /Type /Pages /Kids [3 0 R] /Count 1 >>\nendobj\n3 0 obj\n<< /Type /Page /Parent 2 0 R /MediaBox [0 0 612 792]\n /Contents 4 0 R\n /Resources << /Font << /F1 5 0 R >> >>\n>>\nendobj\n4 0 obj\n<< /Length ${escaped.length + 73} >>\nstream\nBT\n/F1 12 Tf\n72 720 Td\n(${escaped.replace(/\\n/g, ') Tj\\n0 -14 Td\\n(')}) Tj\nET\nendstream\nendobj\n5 0 obj\n<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>\nendobj\nxref\n0 6\n0000000000 65535 f\n0000000010 00000 n\n0000000060 00000 n\n0000000117 00000 n\n0000000275 00000 n\n0000000450 00000 n\ntrailer\n<< /Size 6 /Root 1 0 R >>\nstartxref\n520\n%%EOF`;\n\n fs.writeFileSync(filePath, pdf);\n}\n\ntest.describe('RAG File Upload Integration', () => {\n test.describe.configure({ mode: 'serial' });\n // Helper to remove 'test-*' files from RAG input and 'ingested' dirs\n const cleanupTestFiles = () => {\n const ragInputDir = path.join(__dirname, '../../rag_input');\n const ingestedDir = path.join(ragInputDir, 'ingested');\n\n // Remove any test artifacts in both directories\n [ragInputDir, ingestedDir].forEach((dir) => {\n if (fs.existsSync(dir)) {\n const files = fs.readdirSync(dir).filter((f) => f.startsWith('test-'));\n files.forEach((file) => {\n const filePath = path.join(dir, file);\n if (fs.existsSync(filePath)) {\n fs.unlinkSync(filePath);\n }\n });\n }\n });\n };\n\n test.beforeEach(async () => {\n // Ensure a clean slate before each test run\n cleanupTestFiles();\n });\n\n test.afterEach(async () => {\n // Remove test artifacts after each test to keep state isolated\n cleanupTestFiles();\n });\n\n test.afterAll(async () => {\n // Clean up MongoDB rag_chunks collection after all tests\n // Remove all documents that have fileName: 'test_examplecorp_fixture.pdf'\n const client = new MongoClient(process.env.MONGODB_URI);\n try {\n await client.connect();\n const db = client.db();\n const collection = db.collection('rag_chunks');\n const result = await collection.deleteMany({ fileName: 'test_examplecorp_fixture.pdf' });\n console.log(`Cleaned up ${result.deletedCount} documents from rag_chunks collection`);\n } catch (err) {\n console.error('Error cleaning up rag_chunks:', err);\n } finally {\n await client.close();\n }\n });\n\n test('should validate question submission functionality', async ({ page }) => {\n // Navigate to RAG page\n await page.goto('/ai/rag');\n await page.waitForLoadState('networkidle');\n\n // Set empty value and remove 'required' to exercise server-side validation\n await page.fill('#question', '');\n\n // Remove the required attribute to bypass client-side validation\n await page.evaluate(() => {\n const questionField = document.getElementById('question');\n if (questionField) {\n questionField.removeAttribute('required');\n }\n });\n\n // Try to submit empty question by clicking the ask button\n await page.click('#ask-btn');\n\n // Wait for redirect to complete and for flash messages to render\n await page.waitForLoadState('networkidle');\n\n const errorAlert = page.locator('.alert-danger');\n\n await expect(errorAlert).toBeVisible({ timeout: 3000 });\n\n // Locate server-side validation error alert\n const hasError = (await errorAlert.count()) > 0;\n\n // Ensure error alert appears with expected validation message\n expect(hasError).toBeTruthy();\n await expect(errorAlert).toBeVisible();\n await expect(errorAlert).toContainText(/Please enter a question./i);\n });\n\n test('should ingest ExampleCorp PDF and answer revenue question', async ({ page }) => {\n // Increase timeout for this test due to 30 second wait for ingestion\n test.setTimeout(120000);\n\n // Create test PDF dynamically\n const ragInputDir = path.join(__dirname, '../../rag_input');\n const targetFile = path.join(ragInputDir, 'test_examplecorp_fixture.pdf');\n const ingestedFile = path.join(ragInputDir, 'ingested', 'test_examplecorp_fixture.pdf');\n\n // Ensure rag_input directory exists\n if (!fs.existsSync(ragInputDir)) {\n fs.mkdirSync(ragInputDir, { recursive: true });\n }\n\n // Create the PDF file with test data\n writeMinimalPdf(targetFile);\n\n try {\n // Navigate to RAG page\n await page.goto('/ai/rag');\n await page.waitForLoadState('networkidle');\n\n // Click the \"Ingest Files\" button\n const ingestBtn = page.locator('#ingest-btn');\n await expect(ingestBtn).toBeVisible();\n await ingestBtn.click();\n\n // Wait for ingestion to complete (redirect back to page)\n await page.waitForLoadState('networkidle');\n\n // Verify ingestion was successful (info messages use .alert-primary, not .alert-info)\n const successAlert = page.locator('.alert-success, .alert-primary');\n const errorAlert = page.locator('.alert-danger');\n\n await expect(successAlert.or(errorAlert)).toBeVisible({ timeout: 5000 });\n\n // If there's an error, fail with the error message\n if ((await errorAlert.count()) > 0) {\n const errorText = await errorAlert.textContent();\n throw new Error(`Ingestion failed: ${errorText}`);\n }\n\n await expect(successAlert).toBeVisible();\n\n // Verify the file appears in the Ingested Files list\n const fileInList = page.locator('table.table-striped tbody tr td', { hasText: 'test_examplecorp_fixture.pdf' });\n await expect(fileInList).toBeVisible({ timeout: 5000 });\n\n // Poll for index readiness instead of blind wait\n // MongoDB Atlas Search indexes can take time to build after ingestion\n // We poll by attempting to ask a question and checking for \"index is not ready\" error\n let indexReady = false;\n const maxAttempts = 12; // 12 attempts * 5 seconds = 60 seconds max wait\n\n for (let attempt = 1; attempt <= maxAttempts; attempt++) {\n console.log(`Checking index readiness (attempt ${attempt}/${maxAttempts})...`);\n\n // Fill in a test question\n await page.fill('#question', 'How much money ExampleCorp made in 2023');\n\n // Click the ask button\n await page.click('#ask-btn');\n\n // Wait for response to load\n await page.waitForLoadState('networkidle');\n\n // Check if we got an \"index is not ready\" error\n const errorAlert = page.locator('.alert-danger');\n if ((await errorAlert.count()) > 0) {\n const errorText = await errorAlert.textContent();\n if (errorText.includes('index is not ready') || errorText.includes('not ready')) {\n console.log(`Index not ready yet: ${errorText.substring(0, 100)}...`);\n if (attempt < maxAttempts) {\n // Wait 5 seconds before next attempt\n await page.waitForTimeout(5000);\n // Navigate back to RAG page to try again\n await page.goto('/ai/rag');\n await page.waitForLoadState('networkidle');\n continue;\n }\n } else {\n // Different error - fail immediately\n throw new Error(`Unexpected error: ${errorText}`);\n }\n } else {\n // No error - index is ready and we got a response\n console.log('Index is ready!');\n indexReady = true;\n break;\n }\n }\n\n if (!indexReady) {\n throw new Error('Index did not become ready within the timeout period');\n }\n\n // At this point, we have a response on the page from the polling loop above\n // Verify we got a valid response\n const ragResponseBox = page.locator('.response-box').first();\n const hasResponse = (await ragResponseBox.count()) > 0;\n expect(hasResponse).toBeTruthy();\n\n // Verify the RAG response contains the expected values ($12 and $1.2)\n const ragResponsePre = page.locator('.response-box pre').first();\n await expect(ragResponsePre).toBeVisible();\n const ragResponseText = await ragResponsePre.textContent();\n expect(ragResponseText).toContain('$12');\n expect(ragResponseText).toContain('$1.2');\n\n // Verify the No-RAG LLM Response is present (the system shows both responses)\n const noRagResponseBoxes = page.locator('.response-box');\n expect(await noRagResponseBoxes.count()).toBeGreaterThanOrEqual(2);\n\n // The second response box is the No-RAG response\n // It should NOT contain the specific dollar amounts from the PDF since it doesn't have RAG context\n const noRagResponsePre = noRagResponseBoxes.nth(1).locator('pre');\n await expect(noRagResponsePre).toBeVisible();\n const noRagResponseText = await noRagResponsePre.textContent();\n\n // The No-RAG response should not have the specific ExampleCorp data\n expect(noRagResponseText).not.toContain('$12');\n expect(noRagResponseText).not.toContain('$1.2');\n } finally {\n // Clean up: remove the test file from rag_input if still there\n if (fs.existsSync(targetFile)) {\n fs.unlinkSync(targetFile);\n }\n // Clean up: remove the file from ingested directory\n if (fs.existsSync(ingestedFile)) {\n fs.unlinkSync(ingestedFile);\n }\n }\n });\n});\n"
},
{
"path": "test/e2e/trakt.e2e.test.js",
"content": "process.env.API_TEST_FILE = 'e2e/trakt.e2e.test.js';\nconst { test, expect } = require('@playwright/test');\nconst { registerTestInManifest, isInManifest } = require('../tools/fixture-helpers');\n\n// Self-register this test in the manifest when recording\nregisterTestInManifest('e2e/trakt.e2e.test.js');\n\n// Skip this file during replay if it's not in the manifest\nif (process.env.API_MODE === 'replay' && !isInManifest('e2e/trakt.e2e.test.js')) {\n console.log('[fixtures] skipping e2e/trakt.e2e.test.js as it is not in manifest for replay mode - 10 tests');\n test.skip(true, 'Not in manifest for replay mode');\n}\n\ntest.describe('Trakt.tv API Integration', () => {\n let sharedPage;\n\n test.beforeAll(async ({ browser }) => {\n sharedPage = await browser.newPage();\n await sharedPage.goto('/api/trakt');\n await sharedPage.waitForLoadState('networkidle');\n });\n\n test.afterAll(async () => {\n if (sharedPage) await sharedPage.close();\n });\n\n test('should launch app, navigate to Trakt API page, and handle basic page elements', async () => {\n // Basic page checks\n await expect(sharedPage).toHaveTitle(/Trakt\\.tv API/);\n await expect(sharedPage.locator('h2')).toContainText('Trakt.tv API');\n\n // Check for API documentation links\n await expect(sharedPage.locator('.btn-group a[href*=\"trakt.docs.apiary.io\"]')).toBeVisible();\n await expect(sharedPage.locator('.btn-group a[href*=\"trakt.tv/oauth/applications\"]')).toBeVisible();\n await expect(sharedPage.locator('text=/API Docs/i')).toBeVisible();\n await expect(sharedPage.locator('text=/App Dashboard/i')).toBeVisible();\n });\n\n test('should display proper flash message for authentication states', async () => {\n // Check for the specific authentication failure message\n const alertWarning = sharedPage.locator('.alert.alert-warning');\n await expect(alertWarning).toBeVisible();\n\n // Should contain the \"please log in\" message\n await expect(alertWarning).toContainText('Please log in to access your Trakt.tv profile information.');\n });\n\n test('should display public trending movies section', async () => {\n // Check for trending movies section - this should exist with valid API key\n const trendingCard = sharedPage.locator('.card.text-white.bg-info');\n await expect(trendingCard).toBeVisible();\n await expect(trendingCard.locator('.card-header h6')).toContainText('Trending Movies (Public API, top 6)');\n\n // Check for movie items in the trending section\n const movieItems = trendingCard.locator('.col-md-4.col-6.mb-3');\n const movieCount = await movieItems.count();\n expect(movieCount).toBeGreaterThan(0);\n expect(movieCount).toBeLessThanOrEqual(6);\n\n // Check each movie item has required elements\n for (let i = 0; i < Math.min(movieCount, 3); i++) {\n const movieItem = movieItems.nth(i);\n\n // Each movie should have a title\n const titleElement = movieItem.locator('strong');\n await expect(titleElement).toBeVisible();\n\n // Each movie should have watchers count\n const watchersElement = movieItem.locator('small.text-muted');\n await expect(watchersElement).toBeVisible();\n await expect(watchersElement).toContainText('watchers');\n }\n });\n\n test('should display top trending movie details', async () => {\n // Check for top trending movie section - this should exist with valid API key\n const topTrendingCard = sharedPage.locator('.card.text-white.bg-primary');\n await expect(topTrendingCard).toBeVisible();\n await expect(topTrendingCard.locator('.card-header h6')).toContainText('Top Trending Movie Details');\n\n // Check for movie details\n const movieTitle = topTrendingCard.locator('h4');\n await expect(movieTitle).toBeVisible();\n\n // Check for overview paragraph (look for paragraphs that aren't year/tagline)\n const allParagraphs = topTrendingCard.locator('p');\n const paragraphCount = await allParagraphs.count();\n expect(paragraphCount).toBeGreaterThan(0);\n\n // Look for overview content (usually the longest paragraph)\n let overviewFound = false;\n for (let i = 0; i < paragraphCount; i++) {\n const paragraph = allParagraphs.nth(i);\n const text = await paragraph.textContent();\n const classes = (await paragraph.getAttribute('class')) || '';\n\n // Skip year and tagline paragraphs, look for overview\n if (!classes.includes('mb-1') && !classes.includes('text-muted') && text && text.length > 50) {\n await expect(paragraph).toBeVisible();\n overviewFound = true;\n break;\n }\n }\n\n expect(overviewFound).toBe(true);\n });\n\n test('should handle movie images and trailers', async () => {\n const topTrendingCard = sharedPage.locator('.card.text-white.bg-primary');\n await expect(topTrendingCard).toBeVisible();\n\n // Check for movie poster image\n const posterImage = topTrendingCard.locator('img');\n await expect(posterImage).toBeVisible();\n\n // Verify image has src attribute\n const imgSrc = await posterImage.getAttribute('src');\n expect(imgSrc).toBeTruthy();\n\n // Check for trailer embed (the template renders an Website Terms of Use
\n\nVersion 1.0
\n\nThe Hackathon Starter website located at our web address is a copyrighted work belonging to Hackathon Starter. Certain features of the Site may be subject to additional guidelines, terms, or rules, which will be posted on the Site in connection with such features.
\n\nAll such additional terms, guidelines, and rules are incorporated by reference into these Terms.
\n\n\n These Terms of Use described the legally binding terms and conditions that oversee your use of the Site. BY LOGGING INTO THE SITE, YOU ARE BEING COMPLIANT THAT THESE TERMS and you represent that you have the authority and capacity to enter into these Terms. YOU SHOULD BE AT LEAST 18 YEARS OF\n AGE TO ACCESS THE SITE. IF YOU DISAGREE WITH ALL OF THE PROVISION OF THESE TERMS, DO NOT LOG INTO AND/OR USE THE SITE.\n
\n \n\n\n These terms require the use of arbitration Section 10.2 on an individual basis to resolve disputes and also limit the remedies available to you in the event of a dispute. These Terms of Use were created with the help of the\n Terms Of Use Generator\n and the\n Privacy Policy Generator.\n
\n\nAccess to the Site
\n\nSubject to these Terms. Company grants you a non-transferable, non-exclusive, revocable, limited license to access the Site solely for your own personal, noncommercial use.
\n\n\n Certain Restrictions. The rights approved to you in these Terms are subject to the following restrictions: (a) you shall not sell, rent, lease, transfer, assign, distribute, host, or otherwise commercially exploit the Site; (b) you shall not change, make derivative works of,\n disassemble, reverse compile or reverse engineer any part of the Site; (c) you shall not access the Site in order to build a similar or competitive website; and (d) except as expressly stated herein, no part of the Site may be copied, reproduced, distributed, republished, downloaded,\n displayed, posted or transmitted in any form or by any means unless otherwise indicated, any future release, update, or other addition to functionality of the Site shall be subject to these Terms. All copyright and other proprietary notices on the Site must be retained on all copies thereof.\n
\n\nCompany reserves the right to change, suspend, or cease the Site with or without notice to you. You approved that Company will not be held liable to you or any third-party for any change, interruption, or termination of the Site or any part.
\n\nNo Support or Maintenance. You agree that Company will have no obligation to provide you with any support in connection with the Site.
\n\n\n Excluding any User Content that you may provide, you are aware that all the intellectual property rights, including copyrights, patents, trademarks, and trade secrets, in the Site and its content are owned by Company or Company’s suppliers. Note that these Terms and access to the Site do not\n give you any rights, title or interest in or to any intellectual property rights, except for the limited access rights expressed in Section 2.1. Company and its suppliers reserve all rights not granted in these Terms.\n
\n\nThird-Party Links & Ads; Other Users
\n\n\n Third-Party Links & Ads. The Site may contain links to third-party websites and services, and/or display advertisements for third-parties. Such Third-Party Links & Ads are not under the control of Company, and Company is not responsible for any Third-Party Links & Ads.\n Company provides access to these Third-Party Links & Ads only as a convenience to you, and does not review, approve, monitor, endorse, warrant, or make any representations with respect to Third-Party Links & Ads. You use all Third-Party Links & Ads at your own risk, and should apply a\n suitable level of caution and discretion in doing so. When you click on any of the Third-Party Links & Ads, the applicable third party’s terms and policies apply, including the third party’s privacy and data gathering practices.\n
\n\n\n Other Users. Each Site user is solely responsible for any and all of its own User Content. Because we do not control User Content, you acknowledge and agree that we are not responsible for any User Content, whether provided by you or by others. You agree that Company will\n not be responsible for any loss or damage incurred as the result of any such interactions. If there is a dispute between you and any Site user, we are under no obligation to become involved.\n
\n\n\n You hereby release and forever discharge the Company and our officers, employees, agents, successors, and assigns from, and hereby waive and relinquish, each and every past, present and future dispute, claim, controversy, demand, right, obligation, liability, action and cause of action of\n every kind and nature, that has arisen or arises directly or indirectly out of, or that relates directly or indirectly to, the Site. If you are a California resident, you hereby waive California civil code section 1542 in connection with the foregoing, which states: \"a general release does\n not extend to claims which the creditor does not know or suspect to exist in his or her favor at the time of executing the release, which if known by him or her must have materially affected his or her settlement with the debtor.\"\n
\n\n\n Cookies and Web Beacons. Like any other website, Hackathon Starter uses ‘cookies’. These cookies are used to store information including visitors’ preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users’\n experience by customizing our web page content based on visitors’ browser type and/or other information.\n
\n\nDisclaimers
\n\n\n The site is provided on an \"as-is\" and \"as available\" basis, and company and our suppliers expressly disclaim any and all warranties and conditions of any kind, whether express, implied, or statutory, including all warranties or conditions of merchantability, fitness for a particular\n purpose, title, quiet enjoyment, accuracy, or non-infringement. We and our suppliers make not guarantee that the site will meet your requirements, will be available on an uninterrupted, timely, secure, or error-free basis, or will be accurate, reliable, free of viruses or other harmful code,\n complete, legal, or safe. If applicable law requires any warranties with respect to the site, all such warranties are limited in duration to ninety (90) days from the date of first use.\n
\n\nSome jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not apply to you. Some jurisdictions do not allow limitations on how long an implied warranty lasts, so the above limitation may not apply to you.
\n\nLimitation on Liability
\n\n\n To the maximum extent permitted by law, in no event shall company or our suppliers be liable to you or any third-party for any lost profits, lost data, costs of procurement of substitute products, or any indirect, consequential, exemplary, incidental, special or punitive damages arising from\n or relating to these terms or your use of, or incapability to use the site even if company has been advised of the possibility of such damages. Access to and use of the site is at your own discretion and risk, and you will be solely responsible for any damage to your device or computer\n system, or loss of data resulting therefrom.\n
\n\n\n To the maximum extent permitted by law, notwithstanding anything to the contrary contained herein, our liability to you for any damages arising from or related to this agreement, will at all times be limited to a maximum of fifty U.S. dollars (u.s. $50). The existence of more than one claim\n will not enlarge this limit. You agree that our suppliers will have no liability of any kind arising from or relating to this agreement.\n
\n\nSome jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so the above limitation or exclusion may not apply to you.
\n\n\n Term and Termination. Subject to this Section, these Terms will remain in full force and effect while you use the Site. We may suspend or terminate your rights to use the Site at any time for any reason at our sole discretion, including for any use of the Site in violation\n of these Terms. Upon termination of your rights under these Terms, your Account and right to access and use the Site will terminate immediately. You understand that any termination of your Account may involve deletion of your User Content associated with your Account from our live databases.\n Company will not have any liability whatsoever to you for any termination of your rights under these Terms. Even after your rights under these Terms are terminated, the following provisions of these Terms will remain in effect: Sections 2 through 2.5, Section 3 and Sections 4 through 10.\n
\n\nCopyright Policy
\n\n\n Company respects the intellectual property of others and asks that users of our Site do the same. In connection with our Site, we have adopted and implemented a policy respecting copyright law that provides for the removal of any infringing materials and for the termination of users of our\n online Site who are repeated infringers of intellectual property rights, including copyrights. If you believe that one of our users is, through the use of our Site, unlawfully infringing the copyright(s) in a work, and wish to have the allegedly infringing material removed, the following\n information in the form of a written notification (pursuant to 17 U.S.C. § 512(c)) must be provided to our designated Copyright Agent:\n
\n\n- \n
- your physical or electronic signature; \n
- identification of the copyrighted work(s) that you claim to have been infringed; \n
- identification of the material on our services that you claim is infringing and that you request us to remove; \n
- sufficient information to permit us to locate such material; \n
- your address, telephone number, and e-mail address; \n
- a statement that you have a good faith belief that use of the objectionable material is not authorized by the copyright owner, its agent, or under the law; and \n
- a statement that the information in the notification is accurate, and under penalty of perjury, that you are either the owner of the copyright that has allegedly been infringed or that you are authorized to act on behalf of the copyright owner. \n
\n Please note that, pursuant to 17 U.S.C. § 512(f), any misrepresentation of material fact in a written notification automatically subjects the complaining party to liability for any damages, costs and attorney’s fees incurred by us in connection with the written notification and allegation of\n copyright infringement.\n
\n\nGeneral
\n\n\n These Terms are subject to occasional revision, and if we make any substantial changes, we may notify you by sending you an e-mail to the last e-mail address you provided to us and/or by prominently posting notice of the changes on our Site. You are responsible for providing us with your\n most current e-mail address. In the event that the last e-mail address that you have provided us is not valid our dispatch of the e-mail containing such notice will nonetheless constitute effective notice of the changes described in the notice. Any changes to these Terms will be effective\n upon the earliest of thirty (30) calendar days following our dispatch of an e-mail notice to you or thirty (30) calendar days following our posting of notice of the changes on our Site. These changes will be effective immediately for new users of our Site. Continued use of our Site following\n notice of such changes shall indicate your acknowledgement of such changes and agreement to be bound by the terms and conditions of such changes. Dispute Resolution. Please read this Arbitration Agreement carefully. It is part of your contract with Company and affects your rights. It\n contains procedures for MANDATORY BINDING ARBITRATION AND A CLASS ACTION WAIVER.\n
\n\n\n Applicability of Arbitration Agreement. All claims and disputes in connection with the Terms or the use of any product or service provided by the Company that cannot be resolved informally or in small claims court shall be resolved by binding arbitration on an individual\n basis under the terms of this Arbitration Agreement. Unless otherwise agreed to, all arbitration proceedings shall be held in English. This Arbitration Agreement applies to you and the Company, and to any subsidiaries, affiliates, agents, employees, predecessors in interest, successors, and\n assigns, as well as all authorized or unauthorized users or beneficiaries of services or goods provided under the Terms.\n
\n\n\n Notice Requirement and Informal Dispute Resolution.\n Before either party may seek arbitration, the party must first send to the other party a written Notice of Dispute describing the nature and basis of the claim or dispute, and the requested relief. A Notice to the Company should be sent to: 221B Baker Street. After the Notice is received,\n you and the Company may attempt to resolve the claim or dispute informally. If you and the Company do not resolve the claim or dispute within thirty (30) days after the Notice is received, either party may begin an arbitration proceeding. The amount of any settlement offer made by any party\n may not be disclosed to the arbitrator until after the arbitrator has determined the amount of the award to which either party is entitled.\n
\n\n\n Arbitration Rules. Arbitration shall be initiated through the American Arbitration Association, an established alternative dispute resolution provider that offers arbitration as set forth in this section. If AAA is not available to arbitrate, the parties shall agree to\n select an alternative ADR Provider. The rules of the ADR Provider shall govern all aspects of the arbitration except to the extent such rules are in conflict with the Terms. The AAA Consumer Arbitration Rules governing the arbitration are available online at adr.org or by calling the AAA at\n 1-800-778-7879. The arbitration shall be conducted by a single, neutral arbitrator. Any claims or disputes where the total amount of the award sought is less than Ten Thousand U.S. Dollars (US $10,000.00) may be resolved through binding non-appearance-based arbitration, at the option of the\n party seeking relief. For claims or disputes where the total amount of the award sought is Ten Thousand U.S. Dollars (US $10,000.00) or more, the right to a hearing will be determined by the Arbitration Rules. Any hearing will be held in a location within 100 miles of your residence, unless\n you reside outside of the United States, and unless the parties agree otherwise. If you reside outside of the U.S., the arbitrator shall give the parties reasonable notice of the date, time and place of any oral hearings. Any judgment on the award rendered by the arbitrator may be entered in\n any court of competent jurisdiction. If the arbitrator grants you an award that is greater than the last settlement offer that the Company made to you prior to the initiation of arbitration, the Company will pay you the greater of the award or $2,500.00. Each party shall bear its own costs\n and disbursements arising out of the arbitration and shall pay an equal share of the fees and costs of the ADR Provider.\n
\n\n\n Additional Rules for Non-Appearance Based Arbitration.\n If non-appearance based arbitration is elected, the arbitration shall be conducted by telephone, online and/or based solely on written submissions; the specific manner shall be chosen by the party initiating the arbitration. The arbitration shall not involve any personal appearance by the\n parties or witnesses unless otherwise agreed by the parties.\n
\n\nTime Limits. If you or the Company pursues arbitration, the arbitration action must be initiated and/or demanded within the statute of limitations and within any deadline imposed under the AAA Rules for the pertinent claim.
\n\n\n Authority of Arbitrator. If arbitration is initiated, the arbitrator will decide the rights and liabilities of you and the Company, and the dispute will not be consolidated with any other matters or joined with any other cases or parties. The arbitrator shall have the\n authority to grant motions dispositive of all or part of any claim. The arbitrator shall have the authority to award monetary damages, and to grant any non-monetary remedy or relief available to an individual under applicable law, the AAA Rules, and the Terms. The arbitrator shall issue a\n written award and statement of decision describing the essential findings and conclusions on which the award is based. The arbitrator has the same authority to award relief on an individual basis that a judge in a court of law would have. The award of the arbitrator is final and binding upon\n you and the Company.\n
\n\n\n Waiver of Jury Trial. THE PARTIES HEREBY WAIVE THEIR CONSTITUTIONAL AND STATUTORY RIGHTS TO GO TO COURT AND HAVE A TRIAL IN FRONT OF A JUDGE OR A JURY, instead electing that all claims and disputes shall be resolved by arbitration under this Arbitration Agreement.\n Arbitration procedures are typically more limited, more efficient and less expensive than rules applicable in a court and are subject to very limited review by a court. In the event any litigation should arise between you and the Company in any state or federal court in a suit to vacate or\n enforce an arbitration award or otherwise, YOU AND THE COMPANY WAIVE ALL RIGHTS TO A JURY TRIAL, instead electing that the dispute be resolved by a judge.\n
\n\n\n Waiver of Class or Consolidated Actions. All claims and disputes within the scope of this arbitration agreement must be arbitrated or litigated on an individual basis and not on a class basis, and claims of more than one customer or user cannot be arbitrated or litigated\n jointly or consolidated with those of any other customer or user.\n
\n\n\n Confidentiality. All aspects of the arbitration proceeding shall be strictly confidential. The parties agree to maintain confidentiality unless otherwise required by law. This paragraph shall not prevent a party from submitting to a court of law any information necessary to\n enforce this Agreement, to enforce an arbitration award, or to seek injunctive or equitable relief.\n
\n\n\n Severability. If any part or parts of this Arbitration Agreement are found under the law to be invalid or unenforceable by a court of competent jurisdiction, then such specific part or parts shall be of no force and effect and shall be severed and the remainder of the\n Agreement shall continue in full force and effect.\n
\n\nRight to Waive. Any or all of the rights and limitations set forth in this Arbitration Agreement may be waived by the party against whom the claim is asserted. Such waiver shall not waive or affect any other portion of this Arbitration Agreement.
\n\nSurvival of Agreement. This Arbitration Agreement will survive the termination of your relationship with Company.
\n\nSmall Claims Court. Nonetheless the foregoing, either you or the Company may bring an individual action in small claims court.
\n\n\n Emergency Equitable Relief. Anyhow the foregoing, either party may seek emergency equitable relief before a state or federal court in order to maintain the status quo pending arbitration. A request for interim measures shall not be deemed a waiver of any other rights or\n obligations under this Arbitration Agreement.\n
\n\n\n Claims Not Subject to Arbitration. Notwithstanding the foregoing, claims of defamation, violation of the Computer Fraud and Abuse Act, and infringement or misappropriation of the other party’s patent, copyright, trademark or trade secrets shall not be subject to this\n Arbitration Agreement.\n
\n\nIn any circumstances where the foregoing Arbitration Agreement permits the parties to litigate in court, the parties hereby agree to submit to the personal jurisdiction of the courts located within Netherlands County, California, for such purposes.
\n\n\n The Site may be subject to U.S. export control laws and may be subject to export or import regulations in other countries. You agree not to export, re-export, or transfer, directly or indirectly, any U.S. technical data acquired from Company, or any products utilizing such data, in violation\n of the United States export laws or regulations.\n
\n\n\n Company is located at the address in Section 10.8. If you are a California resident, you may report complaints to the Complaint Assistance Unit of the Division of Consumer Product of the California Department of Consumer Affairs by contacting them in writing at 400 R Street, Sacramento, CA\n 95814, or by telephone at (800) 952-5210.\n
\n\n\n Electronic Communications. The communications between you and Company use electronic means, whether you use the Site or send us emails, or whether Company posts notices on the Site or communicates with you via email. For contractual purposes, you (a) consent to receive\n communications from Company in an electronic form; and (b) agree that all terms and conditions, agreements, notices, disclosures, and other communications that Company provides to you electronically satisfy any legal obligation that such communications would satisfy if it were be in a hard\n copy writing.\n
\n\n\n Entire Terms. These Terms constitute the entire agreement between you and us regarding the use of the Site. Our failure to exercise or enforce any right or provision of these Terms shall not operate as a waiver of such right or provision. The section titles in these Terms\n are for convenience only and have no legal or contractual effect. The word \"including\" means \"including without limitation\". If any provision of these Terms is held to be invalid or unenforceable, the other provisions of these Terms will be unimpaired and the invalid or unenforceable\n provision will be deemed modified so that it is valid and enforceable to the maximum extent permitted by law. Your relationship to Company is that of an independent contractor, and neither party is an agent or partner of the other. These Terms, and your rights and obligations herein, may not\n be assigned, subcontracted, delegated, or otherwise transferred by you without Company’s prior written consent, and any attempted assignment, subcontract, delegation, or transfer in violation of the foregoing will be null and void. Company may freely assign these Terms. The terms and\n conditions set forth in these Terms shall be binding upon assignees.\n
\n\nYour Privacy. Please read our Privacy Policy.
\n\n\n Copyright/Trademark Information. Copyright ©. All rights reserved. All trademarks, logos and service marks displayed on the Site are our property or the property of other third-parties. You are not permitted to use these Marks without our prior written consent or the consent\n of such third party which may own the Marks.\n
\n\nContact Information
\n\nAddress: 221B Baker Street
\nEmail: contact@yourdomain.com
\n