[blocker]: Playwright CI never launches backend. The Playwright workflow installs dependencies and immediately runsnpx playwright test, but it neither starts the QueryWeaver backend/frontend nor setsPLAYWRIGHT_BASE_URL, so every navigation/API helper will hit an empty localhost port and time out on CI. Add a step (or PlaywrightwebServer config) that starts the API/frontend, waits for it to become reachable, and exportsPLAYWRIGHT_BASE_URL before the tests run.

[blocker] This job installs deps and immediately executesnpx playwright test, but it never starts the QueryWeaver API/UI (or configures Playwright’swebServer). With no server listening onhttp://localhost:5000 every navigation/auth request in the suite will hitECONNREFUSED on CI. Please add a step (orwebServer config) that boots the backend and waits for it to be ready before running the tests so the workflow can actually exercise the app.

[major]: API request contexts leak. Each helper creates arequest.newContext() when one isn’t supplied but never disposes it, so repeated calls leak HTTP sessions/processes and eventually hang the runner. Track whether the helper created the context (e.g.,const shouldDispose = !availableRequest) andawait requestContext.dispose() in a finally block when true.

[major] Each helper here spins up a freshAPIRequestContext when one isn’t provided, but none of them ever dispose it. In a longer suite these stacks of orphaned contexts leak HTTP sessions/processes until Playwright hangs or hits the browser limit. Please track whether the helper created the context (e.g.const shouldDispose = !availableRequest) and callawait requestContext.dispose() in afinally block when appropriate so we don’t leak resources between API calls.

[major]: DELETE helpers drop authentication.deleteRequest always creates a brand-newAPIRequestContext, sodeleteGraph/deleteToken lose the cookies/headers established by login and the backend rejects the call. Allow callers to pass an existing request context (like the GET/POST helpers do) so authenticated state is preserved for DELETE operations.

[major] Unlike the GET/POST/PATCH helpers,deleteRequest always creates a brand‑newAPIRequestContext, so callers such asdeleteGraph/deleteToken drop the authenticated session they just established and hit the endpoint without cookies/headers. Please accept the optionalavailableRequest parameter (mirroring the other helpers) and reuse it so DELETE calls keep the same auth context as the rest of the API interactions.

[major]: Wrapper reuses handles after closing.closeBrowser() closes the page/browser but leavesthis.browser andthis.context populated, so the nextcreateNewPage() reuses handles Playwright has already torn down and throws target-closed errors. After closing, dispose the context and set boththis.browser andthis.context to null (or recreate them) so later calls relaunch cleanly.

[major]closeBrowser() only closes the page and then the raw browser handle, but it never closes the activeBrowserContext or resetthis.browser/this.context tonull. After one test finishes those fields keep pointing at Playwright objects that have already been torn down, so the nextcreateNewPage will try to reuse a dead context and throwbrowserContext.newPage: Protocol error: Target closed. Pleaseawait this.context?.close() and null the fields (browser/context/page) when shutting down so a subsequent run can relaunch cleanly.