--- name: lemana-vpn-testing description: Use when testing, validating, reviewing, or preparing release/update notes for lemana-vpn shell scripts, Swift app code, installer behavior, SSO patches, or live VPN changes. --- # Lemana VPN Testing ## Overview Use a ladder: static checks first, isolated smoke tests second, Swift build third, live VPN only when the changed behavior requires it. Never use live reconnect as a default smoke test. ## Non-Live Verification Run the smallest relevant set, expanding with risk: ```sh sh -n install.sh sh -n uninstall.sh bash -n bin/vpn-lemanapro.sh sh -n tests/smoke.sh tests/smoke.sh swift build -c release --package-path app git diff --check ``` `tests/smoke.sh` is the main repo smoke test. It uses temporary homes and fake `openconnect-lite` sources for patch checks, and it asserts status JSON, install dry-run output, uninstall dry-run output, app wiring, manual/auto flags, no-tty credential behavior, and autofill patch invariants. ## Status Checks For source-script behavior: ```sh bin/vpn-lemanapro.sh --status bin/vpn-lemanapro.sh --status --json ``` For the installed user setup: ```sh vpn --status vpn --status --json ``` Prefer installed status when verifying what the menu-bar app will see, because `VPNManager.swift` calls `~/bin/vpn-lemanapro.sh`. ## Live VPN Checks Live checks are appropriate only for changes to connection start/stop, reconnect, SSO/autofill, Bitwarden/Keychain, `openconnect-lite` patching, status JSON consumed by the app, or DNS cleanup. Before a live check: ```sh vpn --status ``` If already connected, connecting, or reconnecting, do not start another session. Use logs/status and report that live reconnect was skipped to avoid disturbing the current tunnel. When SSO/autofill changed, prefer: ```sh vpn --manual ``` Only use automatic mode after manual mode proves the form is filled correctly: ```sh vpn ``` Use debug only for diagnosis: ```sh vpn-debug tail -f ~/Library/Logs/LemanaVPN-openconnect-lite.log ``` ## Installer/Uninstaller Checks Use dry-runs before real install/uninstall: ```sh sh install.sh --dry-run --non-interactive --minimal sh uninstall.sh --dry-run ``` Real install can modify Homebrew packages, pipx packages, sudoers, `/usr/local/sbin`, `~/.zshrc`, LaunchAgents, Keychain prompts, and the menu-bar app. Real uninstall can stop `LemanaVPN.app`. Be explicit in the answer when those were not run. ## Final Report Report exact commands and results. Always include: - Run: command to use the changed repo/app. - Check: command to verify state or behavior. - Update: `sh install.sh` from checkout or the remote `curl ... | sh`. - Not run: especially any skipped live VPN reconnect, real install, or real uninstall.