Hardening/e2e critical path tests

[OsagieCynthia]

Hardening: E2E Tests, Observability, Governance & Frontend Components

Closes #426
Closes #425
Closes #424
Closes #427

Changes

1. E2E Critical Path Tests (#177)

• File: backend/test/critical-path.e2e-spec.ts
• Coverage:
  • Happy path: Create → Deposit → Confirm → Release
  • Dispute path: Initiate → Review → Resolve
  • Negative flows: Invalid transitions, unauthorized access
  • Data integrity: Cross-layer validation
• Tests: 15 test cases covering full escrow lifecycle

2. Request Correlation & Audit Logging (#181)

• Interceptors:
  • CorrelationIdInterceptor: Generates/forwards X-Correlation-ID headers
  • AuditLogInterceptor: Logs structured audit entries for mutations
• Entity: AuditLog with indexed fields for fast querying
• Migration: CreateAuditLogsTable with 5 indices for performance
• Integration: Registered globally in AppModule

3. Code Ownership & Governance (#180)

• CODEOWNERS: Defines ownership for critical paths (contracts, auth, blockchain, disputes)
• CONTRIBUTING.md: Contribution guidelines, review requirements, commit conventions
• OBSERVABILITY.md: Incident tracing runbook with correlation ID usage guide

4. Frontend Component (#105)

• ContractDetailsCard: Displays contract details, parties, loss ratio with visual split bar
• Features: Copy contract ID, truncated addresses, risk level indicator, creation timestamp

Key Features

Observability

• Every request gets a unique correlation ID
• Audit logs track all mutations with actor, resource, status, duration
• Structured logging enables forensic traceability
• Indices on correlation_id, resource_id, actor, timestamp for fast queries

Testing

• E2E tests validate full trade lifecycle
• Tests run against disposable test database
• Covers happy path, dispute path, and negative flows
• Deterministic pass/fail locally

Governance

• CODEOWNERS enforces required reviews on critical paths
• Clear ownership for contracts, auth, blockchain, disputes
• Contribution guidelines document review process
• Runbook explains how to trace incidents using correlation IDs

Commits

1. observability: add correlation ID interceptor for request tracing
2. observability: add audit log interceptor for mutation tracking
3. observability: add AuditLog entity for structured audit logging
4. observability: add migration for audit_logs table with indices
5. observability: register correlation ID and audit log interceptors globally
6. hardening: add E2E tests for critical trade path
7. governance: add CODEOWNERS file with critical path ownership
8. governance: add CONTRIBUTING.md with code ownership policy
9. observability: add incident tracing runbook with correlation ID usage guide
10. feat: add ContractDetailsCard component with contract details and loss ratio display

Testing

• All TypeScript files pass diagnostics (no errors)
• E2E tests ready to run with npm run test:e2e
• Frontend component uses existing Tailwind patterns from SavingsPoolCard
• No breaking changes to existing code

Acceptance Criteria Met

✅ E2E suite covers create, deposit, confirm, release, dispute flows
✅ Tests validate API, DB, and business logic integration
✅ Correlation IDs trace requests through entire system
✅ Audit logs include endpoint, actor, resource, request ID
✅ CODEOWNERS enforces required reviews on critical paths
✅ Governance policy documented in CONTRIBUTING.md
✅ Incident tracing runbook provided in OBSERVABILITY.md
✅ ContractDetailsCard displays contract details and loss ratio

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nestera	Ready	Preview, Comment	Mar 28, 2026 9:12pm