Add AGENTS.md with Docker E2E setup + fix E2E login state race

[yasserfaraazkhan]

Summary

1. AGENTS.md — Cursor Cloud-specific instructions for the desktop repo. Documents Node version, headless Linux launch, and most importantly: how to spin up a local Mattermost server via Docker to run and verify E2E test fixes. No GitHub Actions workflow files needed — agents use @cursoragent PR comments or Cursor Cloud's CI monitoring.

2. E2E login state race fix — Added waitForLoggedIn() helper that polls ServerManager.isLoggedIn directly in the Electron main process (the source of truth), bypassing the slow multi-hop IPC chain that caused 30s timeouts on all three CI platforms. Applied to window_menu, drag_and_drop, popout_windows, tab_management tests. Also added retry-reload for bad_servers expired certificate test.

Approach for Cursor automation: Instead of adding workflow files to the repo, agents are triggered via:

• @cursoragent fix e2e comments on PRs (works today, zero setup)
• Cursor Cloud dashboard CI monitoring (configurable per-repo)

Agents follow AGENTS.md instructions to start a Docker Mattermost server, reproduce failures, fix tests, and verify fixes locally before pushing.

Ticket Link

N/A — developer experience improvements.

Checklist

• read and understood our Contributing Guidelines
• executed npm run lint:js for proper code formatting

Device Information

This PR was tested on: Linux (Cloud Agent VM, Ubuntu)

Release Note

NONE

  

Change Impact: 🟡 Medium

Regression Risk: Changes primarily affect CI/workflows and E2E infrastructure utilities (findPrNumber, postServerInfoComment), plus GitHub Actions that create/update PR comments and launch Cursor agents. These introduce moderate risk of CI-side regressions (mis-posted/unsanitized comments, agent-launch failures, retained cloud instances) and increase blast radius across workflows. Application code changes are limited to test synchronization (waiting for enabled UI state) and are low-risk.

QA Recommendation: Execute several full E2E CI runs (PR-triggered and workflow_dispatch) to verify idempotent/sanitized post-server-info comments, correct mass-failure skipping and agent launches, and acceptable resource retention with label cleanup disabled. Validate that the new enabled-state waits reduce flakiness. Focus manual QA on CI/infrastructure behaviors; minimal app-level manual testing required.

Generated by CodeRabbitAI

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds workflows and utilities to publish E2E server info and launch Cursor agents for failing E2E runs; disables legacy label-cleanup workflow; tightens E2E test synchronization on post-login renderer state; adds AGENTS.md with Cursor Cloud run and workflow security guidance.

Changes

Cohort / File(s)	Summary
Workflows — posting / label cleanup / trigger .github/workflows/e2e-functional.yml, .github/workflows/e2e-label-cleanup.yml, .github/workflows/e2e-fix-trigger.yml, .github/workflows/e2e-cursor-commands.yml	Added post-server-info job to post server info comments; replaced/disabled legacy remove-e2e-label (noop); added E2E Fix Trigger workflow to triage failed platform jobs and launch Cursor agents; added comment-triggered Cursor command workflow.
E2E utilities e2e/utils/github-actions.js	Added findPrNumber(...) to resolve PR number, added postServerInfoComment(...) to create/update an idempotent PR comment, converted removeE2ELabel into a disabled/noop, and updated exports.
E2E tests (sync fixes) e2e/specs/menu_bar/window_menu.test.ts, e2e/specs/server_management/drag_and_drop.test.ts, e2e/specs/server_management/popout_windows.test.ts, e2e/specs/server_management/tab_management.test.ts	Post-login waits now require #newTabButton:not([disabled]) (enabled state) instead of mere presence to ensure renderer login state propagation before proceeding.
Developer docs AGENTS.md	New documentation for Cursor Cloud developer workflows: Node version, key npm scripts, running Electron headless in cloud VMs, E2E prerequisites, native-module rebuild guidance, and workflow security/coding rules.

Sequence Diagram

sequenceDiagram
    participant WF as Workflow
    participant Util as e2e/utils/github-actions.js
    participant GH as GitHub API
    participant Cursor as Cursor API
    participant PR as Pull Request

    WF->>Util: findPrNumber(context, prNumberInput)
    Util->>GH: inspect workflow run / list PRs / lookup by head branch & sha
    GH-->>Util: PR metadata or null
    Util-->>WF: resolved prNumber

    WF->>Util: postServerInfoComment(platforms, prNumber, server metadata)
    Util->>GH: list PR comments (search marker)
    GH-->>Util: existing comments
    alt marker found
        Util->>GH: update existing comment
    else
        Util->>GH: create new comment
    end
    GH-->>PR: comment posted/updated

    WF->>GH: read workflow_run -> gather job conclusions
    WF->>GH: read PR comment with server URLs (marker)
    WF->>Cursor: POST launch-agent (prompt + server URLs + PR URL)
    Cursor-->>WF: response (agentId / agentUrl)
    WF->>GH: post PR comment announcing agent and CI link

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• PR #3774 — Modifies the same workflows and e2e/utils/github-actions.js (adds findPrNumber and postServerInfoComment, disables label-cleanup).
• PR #3691 — Related changes around PR association and label-removal logic in e2e/utils/github-actions.js.

Suggested labels

3: Security Review, E2E/Run

Suggested reviewers

• devinbinnie
• esarafianou
• saturninoabril

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the two main changes: adding AGENTS.md documentation and fixing an E2E login state race condition in tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cursor/setup-agents-md-c5d4

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🧪 E2E Test Servers Ready

Matterwick has provisioned the following Mattermost instances for this PR.
Use them to reproduce and debug failing tests against the exact same servers:

Platform	Server URL
linux	https://desktop-pr-3773-linux-69dc910b.test.mattermost.cloud
macos	https://desktop-pr-3773-macos-69dc910b.test.mattermost.cloud
windows	https://desktop-pr-3773-windows-69dc910b.test.mattermost.cloud

Admin username: admin
Server version: master

Run a single spec against one of these servers:

MM_TEST_SERVER_URL=<url above> \
  MM_TEST_USER_NAME=<username above> \
  MM_TEST_PASSWORD=<MM_DESKTOP_E2E_USER_CREDENTIALS secret> \
  npx playwright test <spec-file> --reporter=list --workers=1

Servers are active for the duration of this workflow run. Label cleanup is disabled — servers may be retained afterwards for agent-driven test fixing.

Workflow run: https://github.com/mattermost/desktop/actions/runs/24454531995

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Around line 13-15: Update the fenced code block in AGENTS.md to include the
bash language tag so markdown linter and readers recognize the snippet;
specifically change the block that contains `source ~/.nvm/nvm.sh && nvm use
20.15.0` to use ```bash as the opening fence (i.e., replace the current opening
``` with ```bash).

In `@e2e/utils/github-actions.js`:
- Line 194: Update the misleading description string "'> Servers are active for
the duration of this workflow run and destroyed afterwards.'" in
e2e/utils/github-actions.js to reflect that label cleanup is disabled and
servers may be retained after the run; replace the sentence with text like
"Servers are active for the duration of this workflow run and may be retained
afterwards (label cleanup disabled)" so the message matches current workflow
behavior.
- Around line 158-162: The current sanitizeMd function allows newline characters
and raw HTML-like content which can break GitHub comment tables; update
sanitizeMd (used by platformRows) to also escape or remove newline characters
(replace \n and \r with a space or escaped sequence) and escape HTML-sensitive
characters (&, <, >) in addition to pipes, backticks and brackets so neither
platform names nor URLs can inject table breaks or raw HTML; ensure platformRows
continues to call the updated sanitizeMd for both p.platform and p.url.
- Around line 121-123: The current logic finds a PR by matching
run.data.head_sha but falls back to prs.data[0], which can cause posting to the
wrong PR; change the return to only return the matched PR number (e.g., return
matching ? matching.number : null) instead of (matching || prs.data[0]).number,
and update any callers of this function to check for a null/undefined PR number
and skip posting comments when null; reference the variables matching,
prs.data[0], and run.data.head_sha to locate the code to change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: d686c302-d133-4228-8d51-9be4268513a4

📥 Commits

Reviewing files that changed from the base of the PR and between 9a0b647 and 9f6cb9a.

📒 Files selected for processing (8)

• .github/workflows/e2e-functional.yml
• .github/workflows/e2e-label-cleanup.yml
• AGENTS.md
• e2e/specs/menu_bar/window_menu.test.ts
• e2e/specs/server_management/drag_and_drop.test.ts
• e2e/specs/server_management/popout_windows.test.ts
• e2e/specs/server_management/tab_management.test.ts
• e2e/utils/github-actions.js

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (2)

AGENTS.md (1)

26-26: Avoid hardcoded test suite/test counts in docs.

(73 suites, 1118 tests) will drift quickly and become stale; consider keeping this generic or linking to CI status instead.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@AGENTS.md` at line 26, Remove the hardcoded test counts from the
documentation line that references the npm test command (the string "npm run
test:unit" and its parent table row) and replace the parenthetical "(73 suites,
1118 tests)" with a generic description like "Run unit tests" or a link to the
CI/build status badge; update the AGENTS.md table row so it references the test
command only or points to CI for live counts.

e2e/utils/github-actions.js (1)

239-309: Delete the commented-out label-removal implementation.

The function is already a noop. Keeping the old body in comments leaves stale logic around, including code paths you intentionally backed away from, and makes future re-enablement easier to copy/paste incorrectly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@e2e/utils/github-actions.js` around lines 239 - 309, Remove the entire
commented-out removeE2ELabel implementation block (the multi-line comment that
defines async function removeE2ELabel and its try/catch logic) so the file only
contains the noop behavior (the existing console.log('removeE2ELabel: commented
out for testing purposes — label removal is disabled.')); ensure no leftover
commented code referencing removeE2ELabel, github, context, run, prs, or related
label-removal logic remains.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@AGENTS.md`:
- Line 3: Change the header text "Cursor Cloud specific instructions" to use a
hyphenated compound adjective: update it to "Cursor Cloud-specific instructions"
(replace the existing heading string) so the grammar and style are correct.

In `@e2e/utils/github-actions.js`:
- Around line 209-215: The current lookup uses github.rest.issues.listComments
with per_page:100 which only fetches a single page and can miss an existing
MARKER comment; update the logic that retrieves comments (the call to
github.rest.issues.listComments and the subsequent existing =
comments.find(...)) to paginate through all pages (e.g., use github.paginate or
iterate pages) for the given owner, repo, and prNumber, then search the
aggregated comments array for the MARKER to ensure you never create duplicate
marker comments.

---

Nitpick comments:
In `@AGENTS.md`:
- Line 26: Remove the hardcoded test counts from the documentation line that
references the npm test command (the string "npm run test:unit" and its parent
table row) and replace the parenthetical "(73 suites, 1118 tests)" with a
generic description like "Run unit tests" or a link to the CI/build status
badge; update the AGENTS.md table row so it references the test command only or
points to CI for live counts.

In `@e2e/utils/github-actions.js`:
- Around line 239-309: Remove the entire commented-out removeE2ELabel
implementation block (the multi-line comment that defines async function
removeE2ELabel and its try/catch logic) so the file only contains the noop
behavior (the existing console.log('removeE2ELabel: commented out for testing
purposes — label removal is disabled.')); ensure no leftover commented code
referencing removeE2ELabel, github, context, run, prs, or related label-removal
logic remains.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: cf8de842-29f3-4f85-acc2-b7c96bbdb30e

📥 Commits

Reviewing files that changed from the base of the PR and between 9f6cb9a and 634ee0b.

📒 Files selected for processing (2)

• AGENTS.md
• e2e/utils/github-actions.js

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/e2e-fix-trigger.yml:
- Around line 232-240: The "Launch Cursor agent to fix E2E failures" step emits
AGENT_URL via $GITHUB_OUTPUT but has no id and the downstream "Post agent launch
notice on PR" step incorrectly reads ${ env.AGENT_URL }; add an id (e.g., id:
launch_agent) to the launcher step and expose its output, then wire that output
into the PR-comment step by referencing steps.launch_agent.outputs.AGENT_URL (or
set env.AGENT_URL: ${{ steps.launch_agent.outputs.AGENT_URL }}) so the comment
uses the actual AGENT_URL instead of remaining "(pending)".
- Around line 243-306: The sed substitution breaks when SERVER_BLOCK contains
pipe characters because sed uses | as the delimiter; replace the two-step
write+sed flow with an unquoted heredoc that expands variables directly into
PROMPT to avoid delimiter issues. Specifically, stop writing
/tmp/agent-prompt.txt then running PROMPT=$(sed ... /tmp/agent-prompt.txt);
instead construct PROMPT with an unquoted here-doc (e.g., PROMPT=$(cat
<<PROMPT_EOF
...body...
PROMPT_EOF
) ) so ${FAILING_SUMMARY}, ${SERVER_BLOCK}, and ${WORKFLOW_RUN_URL} are expanded
in-place and you can remove the sed invocation and its use of | as a delimiter.
- Around line 160-164: The mass-failure early return path (condition using
allPlatformsFailed or totalFailures >= threshold) returns before the
workflow_run_url output is set, leaving workflow_run_url empty for later steps;
update the mass-failure branch so that before calling core.setOutput('skip',
'true') and returning you also call core.setOutput('workflow_run_url', <the same
URL value used later>) (ensure the same variable or expression used to set
workflow_run_url later is invoked here), so the "Post skip notice for mass
failures" step can read a valid URL even when returning early.
- Around line 120-158: The code currently hard-codes platform buckets
(platformFailures, platformJobIds) and classifies jobs by substring checks on
job.name (in the loop over jobs.data.jobs), which drops any non-matching
platform names; instead, change the logic to use dynamic platform keys derived
from the actual job names or the matrix input: build platformFailures and
platformJobIds as maps keyed by the normalized job.name or matrix.platform
value, increment/set entries for each jobs.data.jobs item (use job.id and
job.conclusion), and replace the fixed-output lines and the allPlatformsFailed
check with logic that iterates over Object.keys(platformFailures) (e.g., check
all values > 0) and emits outputs for each dynamic key (or aggregate them)
rather than only linux/macos/windows; update any references to platformFailures,
platformJobIds, and allPlatformsFailed accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: ccb113ac-29db-49dc-8225-e7c61f593dc3

📥 Commits

Reviewing files that changed from the base of the PR and between 634ee0b and 526681e.

📒 Files selected for processing (1)

• .github/workflows/e2e-fix-trigger.yml

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/e2e-cursor-commands.yml:
- Around line 40-45: The job's if condition that currently checks for
pull_request presence and comment body containing '@cursor fix e2e' or '@cursor
add e2e' must also enforce commenter authorization; modify the multiline if
block (the "if: |" conditional that checks contains(github.event.comment.body,
...)) to require github.event.comment.author_association be one of trusted
values (e.g., OWNER, MEMBER, COLLABORATOR) before proceeding, so combine the
existing comment-body checks with an additional membership check for
github.event.comment.author_association equals OWNER or MEMBER or COLLABORATOR.
- Around line 67-70: The workflow currently injects github.event.comment.body
directly into the inline script via template interpolation (the commentBody
variable) which risks script injection; change the job to set an environment
variable (e.g., COMMENT_BODY) using github.event.comment.body and in the inline
script read and normalize it from process.env (e.g., const commentBody =
process.env.COMMENT_BODY?.toLowerCase()) instead of interpolating into the
script source; keep existing uses of context.repo (owner, repo) and prNumber but
replace direct interpolation of github.event.comment.body with the env-based
process.env access.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 77af3938-d612-4542-9dd2-f1a77c82392f

📥 Commits

Reviewing files that changed from the base of the PR and between 526681e and 2fe719d.

📒 Files selected for processing (1)

• .github/workflows/e2e-cursor-commands.yml

[devinbinnie]

Thanks @yasserfaraazkhan :)