chore(FR-2616): record Story 1 PR links in dev-plan metadata

nowgnuesLee · nowgnuesLee · commit 61ad3d1a42e4 · 2026-04-23T17:00:59.000+09:00
diff --git a/.specs/draft-stoken-login-boundary/metadata.json b/.specs/draft-stoken-login-boundary/metadata.json
@@ -15,40 +15,109 @@
       "title": "Story 1: Introduce STokenLoginBoundary component",
       "prStackBranch": "feat/stoken-login-boundary-story-1-component",
       "subtasks": [
-        { "key": "FR-2628", "title": "[1.1] Rename useEduAppApiEndpoint to useResolvedApiEndpoint" },
-        { "key": "FR-2629", "title": "[1.2] Extend tokenLogin helper with optional extraParams" },
-        { "key": "FR-2630", "title": "[1.3] Add useSToken hook (nuqs) with stoken fallback and deprecation warning" },
-        { "key": "FR-2631", "title": "[1.4] Implement STokenLoginBoundary component core" },
-        { "key": "FR-2632", "title": "[1.5] Default fallback and error card UI" },
-        { "key": "FR-2633", "title": "[1.6] Unit tests for STokenLoginBoundary state transitions and invariants" },
-        { "key": "FR-2634", "title": "[1.7] CI grep rule forbidding URL APIs in STokenLoginBoundary" },
-        { "key": "FR-2635", "title": "[1.8] Verify Manager/Webserver cookie decoding for sToken (Q5)" }
+        {
+          "key": "FR-2628",
+          "title": "[1.1] Rename useEduAppApiEndpoint to useResolvedApiEndpoint",
+          "prNumber": 6850,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6850"
+        },
+        {
+          "key": "FR-2629",
+          "title": "[1.2] Extend tokenLogin helper with optional extraParams",
+          "prNumber": 6851,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6851"
+        },
+        {
+          "key": "FR-2630",
+          "title": "[1.3] Add useSToken hook (nuqs) with stoken fallback and deprecation warning",
+          "prNumber": 6852,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6852"
+        },
+        {
+          "key": "FR-2631",
+          "title": "[1.4] Implement STokenLoginBoundary component core",
+          "prNumber": 6853,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6853"
+        },
+        {
+          "key": "FR-2632",
+          "title": "[1.5] Default fallback and error card UI",
+          "prNumber": 6855,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6855"
+        },
+        {
+          "key": "FR-2633",
+          "title": "[1.6] Unit tests for STokenLoginBoundary state transitions and invariants",
+          "prNumber": 6856,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6856"
+        },
+        {
+          "key": "FR-2634",
+          "title": "[1.7] CI grep rule forbidding URL APIs in STokenLoginBoundary",
+          "prNumber": 6854,
+          "prUrl": "https://github.com/lablup/backend.ai-webui/pull/6854"
+        },
+        {
+          "key": "FR-2635",
+          "title": "[1.8] Verify Manager/Webserver cookie decoding for sToken (Q5)",
+          "prNumber": null,
+          "prUrl": null,
+          "note": "investigation only; no PR; Jira comment with findings"
+        }
       ]
     },
     {
       "key": "FR-2626",
       "url": "https://lablup.atlassian.net/browse/FR-2626",
       "title": "Story 2: Migrate LoginView sToken path to STokenLoginBoundary",
       "prStackBranch": "feat/stoken-login-boundary-story-2-loginview",
-      "blockedBy": ["FR-2625"],
+      "blockedBy": [
+        "FR-2625"
+      ],
       "subtasks": [
-        { "key": "FR-2636", "title": "[2.1] Wrap / and /interactive-login routes with STokenLoginBoundary conditionally" },
-        { "key": "FR-2637", "title": "[2.2] Move postConnectSetup side effects into route-level onSuccess" },
-        { "key": "FR-2638", "title": "[2.3] Remove connectUsingSession sToken branch and URL parsing in LoginView" },
-        { "key": "FR-2639", "title": "[2.4] E2E regression for LoginView sToken entry" }
+        {
+          "key": "FR-2636",
+          "title": "[2.1] Wrap / and /interactive-login routes with STokenLoginBoundary conditionally"
+        },
+        {
+          "key": "FR-2637",
+          "title": "[2.2] Move postConnectSetup side effects into route-level onSuccess"
+        },
+        {
+          "key": "FR-2638",
+          "title": "[2.3] Remove connectUsingSession sToken branch and URL parsing in LoginView"
+        },
+        {
+          "key": "FR-2639",
+          "title": "[2.4] E2E regression for LoginView sToken entry"
+        }
       ]
     },
     {
       "key": "FR-2627",
       "url": "https://lablup.atlassian.net/browse/FR-2627",
       "title": "Story 3: Migrate EduAppLauncher sToken path to STokenLoginBoundary",
       "prStackBranch": "feat/stoken-login-boundary-story-3-eduapplauncher",
-      "blockedBy": ["FR-2625"],
+      "blockedBy": [
+        "FR-2625"
+      ],
       "subtasks": [
-        { "key": "FR-2640", "title": "[3.1] Investigate get_user_credential(sToken) liveness (Q8)" },
-        { "key": "FR-2641", "title": "[3.2] Wrap /edu-applauncher and /applauncher routes with STokenLoginBoundary" },
-        { "key": "FR-2642", "title": "[3.3] Remove _token_login and manual backend-ai-connected dispatch in EduAppLauncher" },
-        { "key": "FR-2643", "title": "[3.4] E2E regression for EduApp sToken entry with and without session_id" }
+        {
+          "key": "FR-2640",
+          "title": "[3.1] Investigate get_user_credential(sToken) liveness (Q8)"
+        },
+        {
+          "key": "FR-2641",
+          "title": "[3.2] Wrap /edu-applauncher and /applauncher routes with STokenLoginBoundary"
+        },
+        {
+          "key": "FR-2642",
+          "title": "[3.3] Remove _token_login and manual backend-ai-connected dispatch in EduAppLauncher"
+        },
+        {
+          "key": "FR-2643",
+          "title": "[3.4] E2E regression for EduApp sToken entry with and without session_id"
+        }
       ]
     }
   ],
@@ -78,5 +147,5 @@
   },
   "sourceIssues": [],
   "createdAt": "2026-04-21T00:00:00Z",
-  "notes": "Epic FR-2616 filed. Spec Task FR-2618 created as sub-issue under the Epic. Spec PR #6828 resolves FR-2618. Dev plan landed on same PR stack. 3 Stories + 16 sub-tasks created; see stories[] for keys. Directory still uses draft- prefix; rename to FR-2616-stoken-login-boundary as a follow-up."
+  "notes": "Epic FR-2616 filed. Spec Task FR-2618 created as sub-issue under the Epic. Spec PR #6828 resolves FR-2618. Dev plan landed on same PR stack. Story 1 implementation PRs #6850-#6856 submitted (FR-2628-FR-2634 + test). FR-2635 closed as investigation-only (comment on issue). Directory still uses draft- prefix; rename to FR-2616-stoken-login-boundary as a follow-up."
 }
diff --git a/react/src/components/STokenLoginBoundary.test.tsx b/react/src/components/STokenLoginBoundary.test.tsx
@@ -13,15 +13,19 @@
  *   can provoke without network (missing-token, endpoint-unresolved,
  *   server-unreachable, token-invalid).
  * - `errorFallback` prop replaces the built-in card for every kind (Q4).
- * - Source file does not reference forbidden URL APIs (mirrors the CI
- *   grep in FR-2634 so local `pnpm test` catches regressions too).
+ * - Source file does not reference forbidden URL APIs — this is the
+ *   CI-enforced gate for the spec FR-2616 "URL 파라미터 파싱 규약" rule.
  *
  * The helper module is mocked entirely because the real
  * `createBackendAIClient` instantiates a global `BackendAIClient` that is
  * only available at runtime in the browser bundle.
  */
 import '../../__test__/matchMedia.mock.js';
-import { createBackendAIClient, tokenLogin } from '../helper/loginSessionAuth';
+import {
+  connectViaGQL,
+  createBackendAIClient,
+  tokenLogin,
+} from '../helper/loginSessionAuth';
 import * as endpointModule from '../hooks/useResolvedApiEndpoint';
 import {
   STokenLoginBoundary,
@@ -60,6 +64,7 @@ jest.mock('../helper/loginSessionAuth', () => ({
   __esModule: true,
   createBackendAIClient: jest.fn(),
   tokenLogin: jest.fn(),
+  connectViaGQL: jest.fn(),
 }));
 
 jest.mock('backend.ai-ui', () => {
@@ -88,6 +93,9 @@ jest.mock('jotai', () => {
 const mockedCreateBackendAIClient =
   createBackendAIClient as jest.MockedFunction<typeof createBackendAIClient>;
 const mockedTokenLogin = tokenLogin as jest.MockedFunction<typeof tokenLogin>;
+const mockedConnectViaGQL = connectViaGQL as jest.MockedFunction<
+  typeof connectViaGQL
+>;
 const endpointState = (
   endpointModule as unknown as { __endpointState: { endpoint: string } }
 ).__endpointState;
@@ -97,12 +105,15 @@ const setEndpoint = (next: string) => {
 
 type FakeClient = {
   get_manager_version: jest.Mock;
+  check_login: jest.Mock;
   token_login: jest.Mock;
 };
 
-const buildFakeClient = (): FakeClient => ({
+const buildFakeClient = (overrides: Partial<FakeClient> = {}): FakeClient => ({
   get_manager_version: jest.fn().mockResolvedValue('1.0'),
+  check_login: jest.fn().mockResolvedValue(false),
   token_login: jest.fn().mockResolvedValue(true),
+  ...overrides,
 });
 
 const renderBoundary = (
@@ -150,6 +161,7 @@ beforeEach(() => {
     clientConfig: {},
   }));
   mockedTokenLogin.mockResolvedValue([]);
+  mockedConnectViaGQL.mockResolvedValue([]);
 });
 
 afterEach(() => {
@@ -242,6 +254,30 @@ describe('STokenLoginBoundary', () => {
     expect(connectedEventCount).toBe(0);
   });
 
+  test('skips token_login when the browser already holds a valid session', async () => {
+    // Reuse the existing session: check_login resolves truthy.
+    const client = buildFakeClient({
+      check_login: jest.fn().mockResolvedValue(true),
+    });
+    mockedCreateBackendAIClient.mockImplementation(() => ({
+      client,
+      clientConfig: {},
+    }));
+    const onSuccess = jest.fn();
+    renderBoundary({ onSuccess });
+
+    await waitFor(() => {
+      expect(screen.getByText('children-rendered')).toBeInTheDocument();
+    });
+    // Fast-path assertions: no re-authentication was attempted, but the
+    // GQL wiring still ran and the connected event fired exactly once so
+    // Relay and plugin subscribers unblock.
+    expect(mockedTokenLogin).not.toHaveBeenCalled();
+    expect(mockedConnectViaGQL).toHaveBeenCalledTimes(1);
+    expect(connectedEventCount).toBe(1);
+    expect(onSuccess).toHaveBeenCalledTimes(1);
+  });
+
   test('errorFallback replaces the built-in card for every kind', async () => {
     const tokenErr = new Error('bad token');
     mockedTokenLogin.mockRejectedValue(tokenErr);
@@ -268,8 +304,8 @@ describe('STokenLoginBoundary source', () => {
       'utf8',
     );
     // Strip block comments and line comments so the rule documentation in
-    // the file header is not flagged. This mirrors the awk-driven stripping
-    // inside scripts/check-stoken-login-boundary-url-free.sh.
+    // the file header (which intentionally names the forbidden APIs) is
+    // not flagged.
     const stripped = source
       .replace(/\/\*[\s\S]*?\*\//g, '')
       .split('\n')
