FEAT Wire frontend attack view to backend APIs

.devcontainer/devcontainer_setup.sh

@@ -70,6 +70,7 @@ if [ -f "package.json" ]; then
     npm install
 
     # Install Playwright browsers and system dependencies for E2E testing
+    # This may fail if apt repos have signature issues - don't block setup
     echo "📦 Installing Playwright browsers..."
 
     # Remove third-party repos with SHA1 signature issues (rejected since 2026-02-01)
@@ -78,7 +79,11 @@ if [ -f "package.json" ]; then
                /etc/apt/sources.list.d/nodesource.list \
                /etc/apt/sources.list.d/microsoft.list 2>/dev/null || true
 
-    npx playwright install --with-deps chromium
+    if npx playwright install --with-deps chromium; then
+        echo "✅ Playwright browsers installed."
+    else
+        echo "⚠️  Playwright installation failed (apt signature issues). Run 'npx playwright install chromium' manually if needed for E2E tests."
+    fi
 
     echo "✅ Frontend dependencies installed."
 fi

.gitattributes

@@ -1 +1,6 @@
 * text=auto eol=lf
+# Squad: union merge for append-only team state files
+.squad/decisions.md merge=union
+.squad/agents/*/history.md merge=union
+.squad/log/** merge=union
+.squad/orchestration-log/** merge=union

.github/workflows/frontend_tests.yml

@@ -106,8 +106,8 @@ jobs:
       - name: Install Playwright browsers
         run: npx playwright install --with-deps chromium
 
-      - name: Run E2E tests
-        run: npm run test:e2e
+      - name: Run E2E tests (seeded mode)
+        run: npm run test:e2e:seeded
         env:
           CI: true
 

frontend/README.md

@@ -85,6 +85,27 @@ npm run test:e2e:headed   # Run with visible browser windows (requires display)
 npm run test:e2e:ui       # Interactive UI mode (requires display)
 ```
 
+### E2E Test Modes
+
+E2E flow tests run in two modes controlled by Playwright projects and an environment variable:
+
+- **Seeded** (`--project seeded`, default for CI): Messages are stored directly in the database with `send: false` using dummy credentials. No real API keys needed. Tests cover the full UI flow (display, branching, conversation switching, promoting) without calling any external service.
+
+- **Live** (`--project live`, requires `E2E_LIVE_MODE=true`): Messages are sent to real OpenAI endpoints with `send: true`. Each target variant requires its own set of environment variables (e.g., `OPENAI_CHAT_ENDPOINT`, `OPENAI_CHAT_KEY`, `OPENAI_CHAT_MODEL`). Variants whose env vars are missing are automatically skipped. Tests verify that real target responses render correctly.
+
+```bash
+# CI (seeded only — no credentials needed)
+npx playwright test --project seeded
+
+# Live integration (requires real API keys)
+E2E_LIVE_MODE=true npx playwright test --project live
+
+# Run both
+E2E_LIVE_MODE=true npx playwright test
+```
+
+The seeded project runs in the **GitHub Actions** workflow. The live project is intended for an **Azure DevOps pipeline** that has the required secret API keys.
+
 E2E tests use `dev.py` to automatically start both frontend and backend servers. If servers are already running, they will be reused.
 
 > **Note**: `test:e2e:ui` and `test:e2e:headed` require a graphical display and won't work in headless environments like devcontainers. Use `npm run test:e2e` for CI/headless testing.