// tests/e2e/voyage-playground-network.spec.mjs
// v4.3 Step 30 — Group D SC7 authoritative network-intercept gate.
//
// Instruments page.on('request', ...) to capture every outbound request
// during playground load. Allowlist: nothing (zero external requests).
// All assets MUST be bundled locally (./lib/, ./vendor/, file://...).
//
// Why authoritative: voyage-playground.test.mjs already greps the static
// HTML for http/https URLs (Step 28 SC7), but a runtime intercept also
// catches fetch()/XHR/import calls that are constructed dynamically.

import { test, expect } from '@playwright/test';

test.describe('voyage-playground network — SC7 zero external requests', () => {
  test('no http/https requests during page load', async ({ page }) => {
    const externalRequests = [];

    page.on('request', (request) => {
      const url = request.url();
      // file:// URLs are local — playground is loaded via file:// baseURL
      if (url.startsWith('file://') || url.startsWith('data:') || url.startsWith('blob:')) {
        return;
      }
      // Anything else is external (http://, https://, ws://, ftp://, etc.)
      externalRequests.push({ url, method: request.method(), resourceType: request.resourceType() });
    });

    await page.goto('voyage-playground.html');
    await page.waitForLoadState('networkidle');

    expect(externalRequests, JSON.stringify(externalRequests, null, 2)).toEqual([]);
  });
});