split out improvements from cache-components branch

[stipsan]

Split from #3109

[changeset-bot]

🦋 Changeset detected

Latest commit: 9579916

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
next-sanity	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
next-sanity	Ready	Preview, Comment	May 15, 2026 2:26pm
next-sanity-static	Ready	Preview, Comment	May 15, 2026 2:26pm

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​playwright@​1.60.0
	npm/​@​vitest/​browser-playwright@​4.1.6
	npm/​vitest-browser-react@​2.2.0
	npm/​msw@​2.14.6
	github/​actions/​cache@​27d5ce7f107fe9357f9df03efb73ab90386fccae

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Install-time scripts: npm msw during postinstall Install script: postinstall Source: node -e "import('./config/scripts/postinstall.js').catch(() => void 0)" From: packages/next-sanity/package.json → npm/msw@2.14.6 ℹ Read more on: This package | This alert | What is an install script? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/msw@2.14.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[github-actions]

📚 TypeDoc Generation Result

✅ TypeDoc generated successfully!

• File size: 2.5M
• Total exports: 267
• Artifact: typedoc-6c4313f067cc21a87e0dfb358279f503ba785c50
• HTML docs preview: Download artifact

The TypeDoc JSON file has been generated and validated. All documentation scripts completed successfully.

[Copilot]

Pull request overview

Splits a focused set of improvements out of the cache-components branch (#3109) so they can land independently. The changes refine when defineLive calls draftMode()/uses tokens, fix resultSourceMap being unnecessarily requested on sync-tag fetches, allow enabling stega with serverToken, and add a substantial new test setup (MSW + Playwright browser tests with vitest projects).

Changes:

• Tighten defineLive behavior: only call draftMode() when relevant tokens are set, allow stega: true with serverToken, avoid resultSourceMap on the sync-tags request, and demote the missing-token warnings to development-only.
• Skip draftMode() in <SanityLive> when no browserToken is configured.
• Introduce vitest projects (unit + browser), MSW handlers, a Playwright-based browser test suite for SanityLive, and a corresponding CI e2e job.

Reviewed changes

Copilot reviewed 21 out of 22 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/next-sanity/src/live/conditions/react-server/defineLive.tsx	Conditional draftMode()/token usage, unified token for both fetches, resultSourceMap: false on sync-tags, dev-only warnings, conditional includeDrafts default
packages/next-sanity/vitest.config.ts	Splits tests into unit (node) and browser (Playwright) vitest projects
packages/next-sanity/test/setupMocks.ts	MSW node handlers validating query expectations for sanityFetch tests
packages/next-sanity/test/SanityLive.test.tsx	Server-rendering tests for defineLive/SanityLive
packages/next-sanity/test/SanityLive.browser.test.tsx	Browser tests covering SSE/live event handling
packages/next-sanity/test/sanityFetch.test.tsx	Tests for sanityFetch perspective/stega/cacheMode behavior
packages/next-sanity/test/helpers.ts / helpers.browser.ts	Shared test helpers and MSW worker fixture
packages/next-sanity/test/mocks/browser.ts	MSW browser handlers for SSE mock tags
packages/next-sanity/test/mockServiceWorker.js	Generated MSW worker script
packages/next-sanity/package.json	Adds msw, playwright-based browser test deps, splits scripts into test (unit) / test:e2e
package.json	Adds root test:e2e script + playwright devDependency
pnpm-lock.yaml	Lockfile updates for new dependencies
apps/mvp/next.config.ts	Enables fetch logging
.oxlintrc.json	Enables switch-exhaustiveness-check
.github/workflows/ci.yml	Adds e2e job with Playwright browsers cache
.changeset/*.md	Changesets describing the behavioral fixes

Files not reviewed (1)

• pnpm-lock.yaml: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.