e2e-authlisted

# Authenticated browser e2e Run a real browser as a signed-in user — for the **acceptance** gate (deterministic Playwright specs) or a one-off verification. The assertions are never the hard part; **getting authenticated without a human** is. This skill is how. > Knowledge recipe: `ai/knowledge/test-patterns/playwright-auth.md`. Reference helper: `tools/e2e/clerk-auth.mjs`. ## The wall (read first) You cannot drive the login form in automation: the provider's **bot detection**, **new-device / MFA email codes**, and CAPTCHA block it. And it fails *silently* — a smoke whose test step is non-blocking still goes green while authenticating nothing. **A non-blocking auth check is worse than none** (a project can ship auth-gated changes for weeks against a hollow check). The fix always has the same shape: 1. Use the provider's **test bypass** to get a *real* session past bot-detection/MFA. 2. Sign in **once** in global setup. 3. Cache the session with Playwright **`storageState`**. 4. Every spec (and any agent-browser walkthrough) loads it — no UI login. ## Playwright, not agent-browser, for auth-gated specs agent-browser / Claude-in-Chrome can only **abort or mock** requests — they can't **rewrite** a request to append the provider's test token, and have no init-script hook. Token injection needs Playwright's `page.route`. So: - **Auth-gated deterministic specs → Playwright.** - **Judgment walkthroughs (user-value gate)** → Claude-in-Chrome is fine, but load the saved `storage