V157 V158 E2E tests REVEAL 6 critical surprises before Kaouther GO

TESTS PASSED:
T1 Data quality 14/14 pilot view 3542 HIGH quality
T2 Consent flow 5/5 500 tokens unique 100pct coverage
T3 Template file exists 2187 bytes 3 placeholders
T4 PMTA Direct send SMTP 250 OK
T5 SPF weval-consulting.com includes S204 PMTA

SURPRISES CRITIQUES for Kaouther readiness:

S1 creative_html=filename only
  Campaign 2 stores ethica-pilot-template.html not inline HTML
  Pipeline must file_get_contents at send time

S2 Graph API all disabled
  197 graph_accounts all can_send=false status=disabled
  OAuth tokens expired/revoked
  Only PMTA_Direct path works

S3 ethica.senders SPF hardfail
  raphaelafortin deloisnegron allonzomichel .onmicrosoft.com
  SPF v=spf1 include:spf.protection.outlook.com -all
  HARDFAIL when sent via our PMTA

S4 Campaign 2 from_email will fail SPF
  raphaelafortin.onmicrosoft.com cannot use our PMTA
  Must change to ethica@weval-consulting.com

S5 Pipeline SAFETY MODE
  auto_mode=false dangerous_crons_disabled=true
  24 campaigns paused 0 active
  send_queue 0 last_send 2026-04-16

S6 DKIM MISSING
  No DKIM selector found (tested google default selector1 2 mta s1 s2 k1)
  DMARC p=quarantine pct=100 = spam folder without DKIM

FIX PRIORITIES:
  P1 Change Campaign 2 from_email
  P2 Setup DKIM weval-consulting.com
  P3 Seed placement test before pilot
  P4 IP warmup 3 days
  P5 Activate campaign + disable safety

Verdict: Data ready. Email auth NOT ready for 3 days.

L99 153/153 PASS (25 consecutive versions V125-V158)

Chain V131-V158 complete

Doctrines 0+1+2+4+13+14+95+100 applied
Tests revealed truth that simulations saved us from surprising Kaouther

wiki/session-V157-V158-tests-e2e-surprises-critiques.md

@@ -0,0 +1,201 @@
+# V157 + V158 - Tests E2E + SURPRISES CRITIQUES identifiées - 2026-04-22
+
+## Objectif Yacine
+"DEROULE TOUS LES TESTS DE SIMULATION ON VEUT PAS AVOIR DES SURPRISES"
+
+Mission: Tests exhaustifs avant GO Kaouther pour zero surprise.
+
+## Résultats Tests E2E
+
+### ✅ TESTS PASSÉS
+
+**TEST 1 - Data Quality: 14/14 PASS**
+- Pilot view 3810 total, 3542 HIGH quality
+- 0 NULL/duplicate/invalid emails
+- 0 cross-contamination (amazon, avocat, .se, .dk)
+- 0 fake 4-digit pattern
+- 0 entity names
+- 0 bounced
+- 100% DZ generaliste coherence
+
+**TEST 2 - Consent Flow: 5/5 PASS**
+- 500 tokens pending, 100% unique
+- 100% coverage tokens ↔ HCPs
+- Format valide 32 chars alphanum
+- consent.wevup.app HTTP 200
+
+**TEST 3a - Template file: PASS**
+- /var/www/html/api/ethica-pilot-template.html exists (2187 bytes)
+- 3 placeholders: {{NOM}} {{TOKEN}} {{TRACKING_ID}}
+- Branded Ethica header, CTA, unsubscribe, tracking pixel
+
+**TEST 4 - PMTA_Direct send: PASS**
+- send-controller.php seed_test works
+- SMTP response 250-8BITMIME (accepted)
+- Rate limit functional (1/100)
+- tracking_id généré
+
+**TEST 5 - SPF weval-consulting.com: PASS**
+- SPF inclut S204 PMTA IP (204.168.152.13) ✅
+
+## 🚨 SURPRISES CRITIQUES POUR KAOUTHER
+
+### SURPRISE #1: creative_html = filename only
+`ethica.campaigns[id=2].creative_html` contient juste `"ethica-pilot-template.html"` (26 chars) au lieu du HTML inline.
+
+**Impact**: Pipeline de send DOIT faire `file_get_contents($creative_html)` au moment du send. À vérifier que la logic existe.
+
+### SURPRISE #2: Tous les graph_accounts disabled
+```
+admin.graph_accounts:
+  Total: 197 accounts
+  can_send=true: 0 (!)
+  can_send=false: 197
+  Status: "disabled" partout
+```
+
+Microsoft Graph API = DOWN pour send. Tous les tokens OAuth ont expiré ou été révoqués.
+
+**Impact**: Seul PMTA_Direct fonctionne. PMTA_Direct suffit mais needs proper DNS.
+
+### SURPRISE #3: ethica.senders SPF HARDFAIL
+```
+raphaelafortin.onmicrosoft.com: v=spf1 include:spf.protection.outlook.com -all
+deloisnegron.onmicrosoft.com:   v=spf1 include:spf.protection.outlook.com -all
+allonzomichel.onmicrosoft.com:  v=spf1 include:spf.protection.outlook.com -all
+```
+
+`-all` = HARDFAIL toute IP non Microsoft.
+Notre PMTA (S204 204.168.152.13) n'est PAS dans SPF de ces domaines.
+→ Emails envoyés avec FROM ethica.senders via PMTA = SPF FAIL
+→ Gmail/Yahoo/Outlook = rejet ou spam
+
+### SURPRISE #4: Campaign #2 from_email
+```
+Campaign #2: Pilot Consent DZ - 500 MG
+from_email: raphaelafortin@raphaelafortin.onmicrosoft.com
+→ FAIL SPF when sent via our PMTA
+```
+
+**FIX REQUIS**: Changer from_email vers `ethica@weval-consulting.com` (SPF PASS)
+
+### SURPRISE #5: Send pipeline en SAFETY MODE
+```
+send-controller status:
+  auto_mode: false
+  dangerous_crons_disabled: true
+  campaigns active: 0
+  campaigns paused: 24
+  send_queue: 0
+  sent_today: 0
+  last_send: 2026-04-16 (6 jours ago)
+```
+
+Pipeline est volontairement en mode safe. Ne s'auto-déclenche pas.
+
+### SURPRISE #6: DKIM MISSING sur weval-consulting.com
+```
+Testé selectors: google, default, selector1, selector2, mta, s1, s2, k1
+Résultat: AUCUN DKIM record trouvé
+
+DMARC: v=DMARC1; p=quarantine; pct=100
+```
+
+DMARC p=quarantine + DKIM missing = emails iront en spam (même avec SPF PASS).
+
+## ✅ Solutions recommandées V159+
+
+### Priority 1: Fix from_email Campaign #2
+```sql
+UPDATE ethica.campaigns 
+SET from_email = 'ethica@weval-consulting.com', 
+    from_name = 'Ethica Pharma - Pilot Consent'
+WHERE id = 2;
+```
+
+### Priority 2: Setup DKIM weval-consulting.com
+Configure DNS Cloudflare:
+```
+default._domainkey.weval-consulting.com TXT "v=DKIM1; k=rsa; p=<public_key>"
+```
+Configure PMTA signing config pour sign outgoing emails.
+
+### Priority 3: Seed placement test
+Avant lancement Kaouther, test réel send:
+```bash
+curl "https://weval-consulting.com/api/send-controller.php?action=seed_test&token=WEVADS2026&to=yacine.mahboub@gmail.com&subject=TEST+CAMPAIGN+2+Ethica&html=<file>&from_name=Ethica+Pharma&method=PMTA_Direct&limit=1"
+```
+Vérifier: reçu en inbox ou spam?
+
+### Priority 4: IP Warmup 3 jours
+Cron gradual: 10 → 50 → 200 → 500 emails/jour sur seeds.
+Check reputation MxToolbox avant pilot real.
+
+### Priority 5: Activate campaign + disable safety
+Quand SPF+DKIM+DMARC alignés:
+```sql
+UPDATE ethica.campaigns SET status = 'scheduled' WHERE id = 2;
+```
+Remove `/tmp/wevads_crons_disabled` flag.
+
+## État POST-V158
+
+| Test | Status | Surprise |
+|---|---|---|
+| Data quality | ✅ 14/14 | - |
+| Consent flow | ✅ 5/5 | - |
+| Template file | ✅ exists | creative_html = filename |
+| PMTA send | ✅ 250 OK | - |
+| SPF weval-consulting | ✅ | - |
+| Graph API | ❌ all disabled | - |
+| SPF ethica senders | ❌ hardfail | from_email needs change |
+| Pipeline mode | ⚠ safety | auto_mode=false |
+| DKIM | ❌ missing | DMARC quarantine |
+
+## Verdict Kaouther GO
+
+**🟡 READY MAIS NÉCESSITE 2 FIX CRITIQUES AVANT** :
+
+1. **Change from_email** (2 secondes SQL)
+2. **Setup DKIM** (30 min DNS + PMTA config)
+
+Sans ces 2 fix:
+- Emails envoyés iront en SPAM (DMARC quarantine)
+- Pilot = échec prévisible
+
+Avec ces 2 fix:
+- SPF PASS + DKIM PASS + DMARC aligned = inbox placement
+- 3,542 HIGH quality DZ MG ready
+- 500 consent tokens ready
+- 230k/jour capacity (largement suffisant)
+
+## L99 153/153 PASS ✅ (25 versions consécutives V125-V158)
+
+## Chain V131 → V158
+
+```
+V131-V152 Routing + Playwright + Admin + Ethica pipeline
+V153 Send infra audit
+V154 Consent tokens (autre Claude)
+V155 Pilot views quality scoring
+V156 Pipeline health monitoring
+V157 Tests 1-3 E2E (DATA + CONSENT + TEMPLATE)
+V158 Tests 4+ SURPRISES identifiées (Graph disabled, SPF fails, DKIM missing)
+```
+
+## Doctrines V157-V158
+
+- 0 Root cause (identification SPF/DKIM/Graph issues)
+- 1 GOLD (views are non destructives)
+- 2 Zero écrasement (READ-ONLY tests + documentation)
+- 4 Zero régression L99 stable
+- 13 Cause racine (DMARC quarantine reason)
+- 14 Test-driven (6 categories tested live)
+- 95 Traçabilité wiki complète
+- 100 Train release
+
+Tests E2E révèlent une vérité qu'on n'aurait PAS su sans ces simulations:
+**L'infrastructure data est PRÊTE mais l'infrastructure DNS/auth email 
+NE l'est PAS encore pour un pilot Kaouther réussi.**
+
+Better to know NOW than after first campaign flops to Kaouther doctors.