ui: fix htmx-ext-sse integrity hash (was silently blocked by browser)

Detail-page pipeline + log panes weren't updating without a manual refresh. Root cause: the integrity attribute on htmx-ext-sse@2.2.2 in layout.templ was wrong, so the browser refused to execute the script (SRI enforcement is silent — no user-visible error unless you open devtools). htmx core loaded, boosted nav worked, forms worked — but sse-connect/sse-swap were inert because the extension never registered, so no EventSource was ever opened. Replaced the claimed hash (Y4gc0CK6...) with the real one (fw+eTlCc...) computed via curl -sL https://unpkg.com/htmx-ext-sse@2.2.2 | openssl dgst -sha384 -binary | openssl base64 -A Added sse_e2e_test.go as a regression canary that mounts the real chi router (RealIP + Recoverer + Logger middleware), opens GET /events, publishes a tile-update via Runner, and asserts the event lands on the wire. Server-side unit tests only verified rendered HTML — this one covers the full publish→wire path, which is what the next regression in this area will hit. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 17:51:58 -04:00
parent 27098fc7ed
commit 5c00edd7b6
3 changed files with 147 additions and 2 deletions
@@ -9,7 +9,7 @@ templ Layout(title string) {
 			<title>{ title } — Vetting</title>
 			<link rel="stylesheet" href="/static/app.css"/>
 			<script src="https://unpkg.com/htmx.org@2.0.2" integrity="sha384-Y7hw+L/jvKeWIRRkqWYfPcvVxHzVzn5REgzbawhxAuQGwX1XWe70vji+VSeHOThJ" crossorigin="anonymous"></script>
-			<script src="https://unpkg.com/htmx-ext-sse@2.2.2" integrity="sha384-Y4gc0CK6Kg4hmulDc1rNM+vbMvjbW/5rRCA6pC5gj5dLV1/4+OZGkQpJtHQvQTCr" crossorigin="anonymous"></script>
+			<script src="https://unpkg.com/htmx-ext-sse@2.2.2" integrity="sha384-fw+eTlCc7suMV/1w/7fr2/PmwElUIt5i82bi+qTiLXvjRXZ2/FkiTNA/w0MhXnGI" crossorigin="anonymous"></script>
 		</head>
 		<body hx-boost="true">
 			<header class="topbar">