@accounter/scraper-app 0.0.1

package/README.md

@@ -0,0 +1,90 @@
+# Scraper App
+
+A local web app that scrapes Israeli bank accounts and uploads transactions to your Accounter
+server.
+
+## Prerequisites
+
+- **Node.js** v22 or later
+- A running [Accounter](../../README.md) server with a scraper API key configured
+- Yarn Berry (v4) — the repo uses Yarn workspaces
+
+## How to start
+
+### Development mode
+
+Run the Fastify server (serves the UI and handles scraping):
+
+```bash
+yarn workspace @accounter-helper/scraper-app dev:server
+```
+
+Then open [http://localhost:4001](http://localhost:4001) in your browser.
+
+> The default port is `4001`. Override it with the `PORT` environment variable (see below).
+
+### Build for production
+
+```bash
+yarn workspace @accounter-helper/scraper-app build
+```
+
+This produces:
+
+- `dist/` — compiled Fastify server (run with `node dist/index.js`)
+- `dist/ui/` — compiled React SPA (served statically by the server)
+
+To run the production build:
+
+```bash
+node packages/scraper-app/dist/index.js
+```
+
+## First-run vault setup
+
+1. Open the app in your browser. You will see the **Vault Setup** wizard.
+2. **Step 1 — Choose password**: Enter and confirm a master password. This encrypts all stored
+   credentials.
+3. **Step 2 — Server connection**: Enter your Accounter server URL (e.g.
+   `http://localhost:4000/graphql`) and your scraper API key.
+4. **Step 3 — Confirm**: Review and click **Create vault**. The vault is saved locally as an
+   encrypted file.
+5. You will be taken to the main app. Navigate to **Config → Credentials** to add bank sources.
+
+On subsequent visits, you will be prompted to unlock the vault with your master password.
+
+## Adding bank sources
+
+1. Go to **Config → Credentials**.
+2. Select a source type from the dropdown and click **Add source**.
+3. Fill in the credentials form for your bank (username/password, OTP seed, etc.).
+4. Click **Save**. The source appears in the list.
+
+## Running a scrape
+
+1. Go to the **Run** tab.
+2. Select the sources you want to scrape (all are selected by default).
+3. Set the date range — either "Last N months" or a custom from/to range.
+4. Click **Run**. The scraper runs in the background; task rows show live status.
+5. If a Poalim account requires an OTP, a dialog will appear — enter the code and submit.
+6. When the run completes, a summary shows total new / skipped transactions.
+
+## Environment variables
+
+| Variable     | Default  | Description                             |
+| ------------ | -------- | --------------------------------------- |
+| `PORT`       | `4001`   | HTTP port the Fastify server listens on |
+| `VAULT_PATH` | `.vault` | Path to the encrypted vault file        |
+
+Example:
+
+```bash
+PORT=8080 VAULT_PATH=/data/my.vault node dist/index.js
+```
+
+## Vault backup
+
+The vault file (default: `.vault` in the working directory) contains all encrypted credentials.
+**Back up this file** — if lost, you will need to re-enter all credentials.
+
+The vault file path is also shown in **Config → Settings** with a one-click copy button.

package/docs/plan.md

@@ -0,0 +1,76 @@
+# Plan: Auto-register discovered accounts into vault.accountRecords
+
+## TL;DR
+
+When a scrape completes successfully, account identifiers extracted from payloads should be
+auto-registered in `vault.accountRecords` as `pending` if not already known. `checkAccounts` should
+then treat `pending` as blocking (same as unknown today), prompting the user to classify before
+upload proceeds.
+
+## Steps
+
+### Phase 1 — Fix `checkAccounts` to treat `pending` as blocking (1 file)
+
+- In `check-accounts.ts`, the `else` branch in `checkAccounts` currently accepts both `'accepted'`
+  and `'pending'`. Split it into explicit `accepted` vs. `pending`→`unknown` so pending accounts
+  block the task.
+
+### Phase 2 — New `registerDiscoveredAccounts` helper (new file or check-accounts.ts)
+
+- Create a function `registerDiscoveredAccounts(sourceType, sourceId, payloads, updateVaultFn)`:
+  1. Call `extractAccountIdentifiers` for each payload to collect all identifiers.
+  2. Read current `vault.accountRecords` via `getVault()`.
+  3. For each identifier not already present (by `sourceType + accountNumber`), create a new
+     `AccountRecord` with a `crypto.randomUUID()` id, the sourceId, sourceType, accountNumber, and
+     `status: 'pending'`.
+  4. If any new records were created, call `updateVault` to persist them.
+- This can live in a new `account-discovery.ts` file to keep check-accounts.ts read-only.
+
+### Phase 3 — Integrate into `websocket.ts` (2 call sites)
+
+**Poalim path** (around line 81):
+
+- After `filteredIls` is built, before `checkAccounts`, call
+  `registerDiscoveredAccounts('poalim', src.id, filteredIls)`.
+- Re-read `vault.accountRecords` via `getVault().accountRecords` for the `checkAccounts` call (the
+  closure `vault` is stale after `updateVault`).
+
+**Non-Poalim path** (around line 194):
+
+- After filtering payloads and before `checkAccounts(src.type, payloads[0]!, ...)`, call
+  `registerDiscoveredAccounts(src.type, src.id, payloads)`.
+- Same stale-vault concern: use `getVault().accountRecords` for the check.
+
+### Phase 4 — No change needed to `accounts-routes.ts`
+
+- `GET /api/vault/accounts` already returns all records including `pending`.
+- `PUT /api/vault/accounts/:id` already handles status updates (pending→accepted/ignored).
+
+## Relevant files
+
+- `packages/scraper-app/src/server/check-accounts.ts` — fix `pending` branch
+- `packages/scraper-app/src/server/account-discovery.ts` — new file with
+  `registerDiscoveredAccounts`
+- `packages/scraper-app/src/server/websocket.ts` — 2 call sites to add discovery + stale-vault fix
+- `packages/scraper-app/src/server/vault-store.ts` — `updateVault` / `getVault` (read-only
+  reference)
+- `packages/scraper-app/src/server/vault.ts` — `AccountRecord` type (read-only reference)
+
+## Verification
+
+1. Run `yarn workspace @accounter-helper/scraper-app test` — existing tests must pass.
+2. Manual: run a scrape with empty `accountRecords`; confirm new `pending` records appear in
+   `GET /api/vault/accounts`.
+3. Manual: task should be blocked with the pending account IDs shown.
+4. Manual: classify an account via `PUT /api/vault/accounts/:id` (status=accepted); re-run; confirm
+   upload proceeds.
+5. Manual: re-run with same accounts; confirm no duplicate `accountRecords` are created.
+
+## Decisions
+
+- `pending` is treated identically to "not found" from the task's perspective (blocks upload).
+- Discovery runs on the filtered payload (after accepted/ignored filter), so ignored-credential
+  accounts are never registered.
+- One `updateVault` call per task (batch all new records), not one per identifier.
+- `branchNumber` is populated for Poalim (from `retrievalTransactionData`); left undefined for card
+  sources.

package/index.html

@@ -0,0 +1,12 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Scraper App</title>
+  </head>
+  <body>
+    <div id="root"></div>
+    <script type="module" src="/src/ui/main.tsx"></script>
+  </body>
+</html>

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@accounter/scraper-app",
+  "version": "0.0.1",
+  "type": "module",
+  "description": "Scraper app with Fastify server and React UI",
+  "license": "MIT",
+  "scripts": {
+    "build": "yarn build:server && yarn build:ui",
+    "build:server": "tsup",
+    "build:ui": "vite build",
+    "dev:server": "tsup --watch --onSuccess 'node dist/server/index.js'",
+    "dev:ui": "vite",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@accounter/modern-poalim-scraper": "workspace:^",
+    "@fastify/static": "9.1.3",
+    "@fastify/websocket": "11.2.0",
+    "date-fns": "4.1.0",
+    "fast-xml-parser": "5.7.2",
+    "fastify": "5.8.5",
+    "graphql-request": "7.4.0",
+    "msw": "2.13.6",
+    "react": "19.2.5",
+    "react-dom": "19.2.5",
+    "ws": "8.20.0",
+    "zod": "4.3.6"
+  },
+  "devDependencies": {
+    "@testing-library/dom": "10.4.1",
+    "@testing-library/react": "16.3.2",
+    "@testing-library/user-event": "14.6.1",
+    "@vitejs/plugin-react": "6.0.1",
+    "tsup": "8.5.1",
+    "typescript": "6.0.3",
+    "vite": "8.0.9",
+    "vitest": "4.1.5"
+  }
+}

package/src/env.template

@@ -0,0 +1,2 @@
+PORT=4001
+VAULT_PATH=path/to/.vault

package/src/server/__tests__/accounts-routes.test.ts

@@ -0,0 +1,133 @@
+import { randomBytes } from 'node:crypto';
+import { rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import Fastify, { type FastifyInstance } from 'fastify';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { defaultVault, saveVaultFile } from '../vault.js';
+import { lockVault } from '../vault-store.js';
+import { registerVaultRoutes } from '../vault-routes.js';
+
+const PASSWORD = 'test-password-123';
+
+let vaultPath: string;
+let app: FastifyInstance;
+
+beforeEach(async () => {
+  vaultPath = join(tmpdir(), `vault-test-${randomBytes(4).toString('hex')}.vault`);
+  process.env['VAULT_PATH'] = vaultPath;
+
+  const vault = defaultVault();
+  vault.accountRecords.push({
+    id: 'acc-1',
+    sourceId: 'src-a',
+    sourceType: 'poalim',
+    accountNumber: '123456',
+    branchNumber: '700',
+    status: 'pending',
+  });
+  await saveVaultFile(vaultPath, vault, PASSWORD);
+
+  app = Fastify();
+  await registerVaultRoutes(app);
+  await app.ready();
+
+  await app.inject({
+    method: 'POST',
+    url: '/api/vault/unlock',
+    payload: { password: PASSWORD },
+  });
+});
+
+afterEach(async () => {
+  lockVault();
+  await app.close();
+  await rm(vaultPath, { force: true });
+  delete process.env['VAULT_PATH'];
+});
+
+describe('GET /api/vault/accounts', () => {
+  it('returns the pre-seeded account', async () => {
+    const res = await app.inject({ method: 'GET', url: '/api/vault/accounts' });
+    expect(res.statusCode).toBe(200);
+    const list = res.json() as Array<{ id: string; status: string }>;
+    expect(list).toHaveLength(1);
+    expect(list[0].id).toBe('acc-1');
+    expect(list[0].status).toBe('pending');
+  });
+
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({ method: 'GET', url: '/api/vault/accounts' });
+    expect(res.statusCode).toBe(401);
+  });
+});
+
+describe('PUT /api/vault/accounts/:id', () => {
+  it('sets status to accepted and returns updated list', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/acc-1',
+      payload: { status: 'accepted' },
+    });
+    expect(res.statusCode).toBe(200);
+    const list = res.json() as Array<{ id: string; status: string }>;
+    expect(list[0].status).toBe('accepted');
+  });
+
+  it('sets status to ignored', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/acc-1',
+      payload: { status: 'ignored' },
+    });
+    expect(res.statusCode).toBe(200);
+    expect((res.json() as Array<{ status: string }>)[0].status).toBe('ignored');
+  });
+
+  it('persists across re-lock/unlock', async () => {
+    await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/acc-1',
+      payload: { status: 'accepted' },
+    });
+
+    lockVault();
+    await app.inject({
+      method: 'POST',
+      url: '/api/vault/unlock',
+      payload: { password: PASSWORD },
+    });
+
+    const res = await app.inject({ method: 'GET', url: '/api/vault/accounts' });
+    expect((res.json() as Array<{ status: string }>)[0].status).toBe('accepted');
+  });
+
+  it('returns 404 for unknown id', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/does-not-exist',
+      payload: { status: 'accepted' },
+    });
+    expect(res.statusCode).toBe(404);
+  });
+
+  it('returns 400 for invalid status value', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/acc-1',
+      payload: { status: 'pending' },
+    });
+    expect(res.statusCode).toBe(400);
+  });
+
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/accounts/acc-1',
+      payload: { status: 'accepted' },
+    });
+    expect(res.statusCode).toBe(401);
+  });
+});

package/src/server/__tests__/check-accounts.test.ts

@@ -0,0 +1,305 @@
+import { afterEach, describe, expect, it } from 'vitest';
+import { checkAccounts } from '../check-accounts.js';
+import type { AccountRecord } from '../check-accounts.js';
+import { _resetRunState, startRun, type ScrapeTask } from '../scrape-runner.js';
+import type { ServerMessage } from '../../shared/ws-protocol.js';
+
+const poalimPayload = {
+  transactions: [],
+  retrievalTransactionData: { accountNumber: 100000, branchNumber: 600, bankNumber: 12 },
+};
+
+const isracardPayload = {
+  Header: { Status: '1', Message: null },
+  CardsTransactionsListBean: {
+    cardNumberList: ['CARD 9876', 'CARD 4545'],
+    Index0: {
+      '@AllCards': 'AllCards',
+      CurrentCardTransactions: [
+        { txnIsrael: null, txnAbroad: null },
+        { txnIsrael: null, txnAbroad: null },
+      ],
+    },
+  },
+};
+
+const calPayload = [
+  { card: 'ACC-1', month: '2024-01', transactions: [] },
+  { card: 'ACC-2', month: '2024-01', transactions: [] },
+];
+
+const maxPayload = [
+  { accountNumber: '7', txns: [] },
+  { accountNumber: '8', txns: [] },
+];
+
+const discountPayload = [
+  { accountNumber: 'ACC-001', month: '2024-01', balance: 5000, transactions: [] },
+  { accountNumber: 'ACC-002', month: '2024-01', balance: 3000, transactions: [] },
+];
+
+function makeRecord(
+  sourceType: AccountRecord['sourceType'],
+  accountNumber: string,
+  status: AccountRecord['status'] = 'accepted',
+): AccountRecord {
+  return {
+    id: `${sourceType}-${accountNumber}`,
+    sourceId: 'src-1',
+    sourceType,
+    accountNumber,
+    status,
+  };
+}
+
+describe('checkAccounts — poalim', () => {
+  it('accepted when account is in known list with accepted status', () => {
+    const known = [makeRecord('poalim', '100000', 'accepted')];
+    const result = checkAccounts('poalim', poalimPayload, known);
+    expect(result.accepted).toEqual(['100000']);
+    expect(result.ignored).toEqual([]);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('unknown when account has pending status', () => {
+    const known = [makeRecord('poalim', '100000', 'pending')];
+    const result = checkAccounts('poalim', poalimPayload, known);
+    expect(result.accepted).toEqual([]);
+    expect(result.unknown).toEqual(['100000']);
+  });
+
+  it('unknown when account is not in known list', () => {
+    const result = checkAccounts('poalim', poalimPayload, []);
+    expect(result.unknown).toEqual(['100000']);
+    expect(result.accepted).toEqual([]);
+  });
+
+  it('ignored when account status is ignored', () => {
+    const known = [makeRecord('poalim', '100000', 'ignored')];
+    const result = checkAccounts('poalim', poalimPayload, known);
+    expect(result.ignored).toEqual(['100000']);
+    expect(result.accepted).toEqual([]);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('does not match account from a different sourceType', () => {
+    const known = [makeRecord('discount', '100000', 'accepted')];
+    const result = checkAccounts('poalim', poalimPayload, known);
+    expect(result.unknown).toEqual(['100000']);
+  });
+});
+
+describe('checkAccounts — discount', () => {
+  it('classifies accountNumber identifiers from payload', () => {
+    const known = [
+      makeRecord('discount', 'ACC-001', 'accepted'),
+      makeRecord('discount', 'ACC-002', 'ignored'),
+    ];
+    const result = checkAccounts('discount', discountPayload, known);
+    expect(result.accepted).toEqual(['ACC-001']);
+    expect(result.ignored).toEqual(['ACC-002']);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('returns unknown for unrecognised accountNumber', () => {
+    const result = checkAccounts('discount', discountPayload, []);
+    expect(result.unknown).toEqual(['ACC-001', 'ACC-002']);
+    expect(result.accepted).toEqual([]);
+  });
+
+  it('deduplicates accountNumber across multiple months for the same account', () => {
+    const sameAccountTwoMonths = [
+      { accountNumber: 'ACC-001', month: '2024-01', balance: 5000, transactions: [] },
+      { accountNumber: 'ACC-001', month: '2024-02', balance: 4800, transactions: [] },
+    ];
+    const result = checkAccounts('discount', sameAccountTwoMonths, []);
+    expect(result.unknown).toEqual(['ACC-001']);
+  });
+});
+
+describe('checkAccounts — isracard / amex', () => {
+  it('classifies each card from CurrentCardTransactions', () => {
+    const known = [
+      makeRecord('isracard', '4545', 'accepted'),
+      makeRecord('isracard', '9876', 'ignored'),
+    ];
+    const result = checkAccounts('isracard', isracardPayload, known);
+    expect(result.accepted).toEqual(['4545']);
+    expect(result.ignored).toEqual(['9876']);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('returns unknown cards not in known list', () => {
+    const known = [makeRecord('isracard', '9876', 'accepted')];
+    const result = checkAccounts('isracard', isracardPayload, known);
+    expect(result.unknown).toEqual(['4545']);
+  });
+
+  it('works the same for amex payload type', () => {
+    const known = [makeRecord('amex', '4545', 'ignored')];
+    const result = checkAccounts('amex', isracardPayload, known);
+    expect(result.ignored).toEqual(['4545']);
+    expect(result.unknown).toEqual(['9876']);
+  });
+
+  it('returns empty when there are no cards in payload', () => {
+    const emptyPayload = {
+      Header: { Status: '1', Message: null },
+      CardsTransactionsListBean: {
+        cardNumberList: [],
+        Index0: { '@AllCards': 'AllCards', CurrentCardTransactions: [] },
+      },
+    };
+    const result = checkAccounts('isracard', emptyPayload, []);
+    expect(result).toEqual({ accepted: [], ignored: [], unknown: [] });
+  });
+
+  it('collects identifiers from cardNumberList', () => {
+    const multiIndexPayload = {
+      Header: { Status: '1', Message: null },
+      CardsTransactionsListBean: {
+        cardNumberList: ['CARD 1111', 'CARD 2222', 'CARD 3333'],
+        Index0: {
+          '@AllCards': 'AllCards',
+          CurrentCardTransactions: [{ '@cardTransactions': 'CARD-A' }],
+        },
+        Index1: {
+          '@AllCards': 'AllCards',
+          CurrentCardTransactions: [{ '@cardTransactions': 'CARD-B' }],
+        },
+        Index2: {
+          '@AllCards': 'AllCards',
+          CurrentCardTransactions: [{ '@cardTransactions': 'CARD-C' }],
+        },
+      },
+    };
+    const result = checkAccounts('isracard', multiIndexPayload, []);
+    expect(result.unknown.sort()).toEqual(['1111', '2222', '3333']);
+  });
+
+  it('ignores non-Index* keys in CardsTransactionsListBean', () => {
+    const payloadWithExtraKeys = {
+      Header: { Status: '1', Message: null },
+      CardsTransactionsListBean: {
+        cardNumberList: ['CARD 0101'],
+        Index0: {
+          '@AllCards': 'AllCards',
+          CurrentCardTransactions: [],
+        },
+        cardIdx: '0',
+        card0: { some: 'data' },
+      },
+    };
+    const result = checkAccounts('isracard', payloadWithExtraKeys, []);
+    expect(result.unknown).toEqual(['0101']);
+  });
+});
+
+describe('checkAccounts — cal', () => {
+  it('classifies card identifiers', () => {
+    const known = [
+      makeRecord('cal', 'ACC-1', 'accepted'),
+      makeRecord('cal', 'ACC-2', 'ignored'),
+    ];
+    const result = checkAccounts('cal', calPayload, known);
+    expect(result.accepted).toEqual(['ACC-1']);
+    expect(result.ignored).toEqual(['ACC-2']);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('returns unknown for unrecognised card', () => {
+    const result = checkAccounts('cal', calPayload, []);
+    expect(result.unknown).toEqual(['ACC-1', 'ACC-2']);
+  });
+});
+
+describe('checkAccounts — max', () => {
+  it('classifies unique cardIndex values from transactions', () => {
+    const known = [
+      makeRecord('max', '7', 'accepted'),
+      makeRecord('max', '8', 'ignored'),
+    ];
+    const result = checkAccounts('max', maxPayload, known);
+    expect(result.accepted).toEqual(['7']);
+    expect(result.ignored).toEqual(['8']);
+    expect(result.unknown).toEqual([]);
+  });
+
+  it('deduplicates accountNumber across multiple entries for the same card', () => {
+    const twoEntriesSameCard = [
+      { accountNumber: '7', txns: [] },
+      { accountNumber: '7', txns: [] },
+    ];
+    const result = checkAccounts('max', twoEntriesSameCard, []);
+    expect(result.unknown).toEqual(['7']);
+  });
+
+  it('returns empty arrays when there are no accounts', () => {
+    const result = checkAccounts('max', [], []);
+    expect(result).toEqual({ accepted: [], ignored: [], unknown: [] });
+  });
+});
+
+describe('runner integration — task-blocked on unknown accounts', () => {
+  afterEach(() => {
+    _resetRunState();
+  });
+
+  it('emits task-blocked (not a crash) when checkAccounts finds unknown accounts', async () => {
+    const events: ServerMessage[] = [];
+    const emit = (msg: ServerMessage) => events.push(msg);
+
+    const task: ScrapeTask = {
+      sourceId: 'poalim-src',
+      nickname: 'poalim-src',
+      type: 'poalim',
+      run: async () => {
+        const check = checkAccounts('poalim', poalimPayload, []);
+        if (check.unknown.length > 0) {
+          emit({ type: 'task-blocked', sourceId: 'poalim-src', sourceType: 'poalim', unknownAccounts: check.unknown });
+          return { inserted: 0, skipped: 0, insertedIds: [] };
+        }
+        return { inserted: 1, skipped: 0, insertedIds: ['x'] };
+      },
+    };
+
+    await startRun([task], false, emit);
+
+    const blocked = events.find(e => e.type === 'task-blocked');
+    expect(blocked).toBeTruthy();
+    expect((blocked as { unknownAccounts: string[] }).unknownAccounts).toContain('100000');
+    expect(events.at(-1)).toMatchObject({ type: 'run-complete', totalInserted: 0, totalSkipped: 0 });
+  });
+
+  it('continues remaining tasks after a blocked task', async () => {
+    const events: ServerMessage[] = [];
+    const emit = (msg: ServerMessage) => events.push(msg);
+
+    const blockedTask: ScrapeTask = {
+      sourceId: 'src-1',
+      nickname: 'src-1',
+      type: 'poalim',
+      run: async () => {
+        const check = checkAccounts('poalim', poalimPayload, []);
+        if (check.unknown.length > 0) {
+          emit({ type: 'task-blocked', sourceId: 'src-1', sourceType: 'poalim', unknownAccounts: check.unknown });
+          return { inserted: 0, skipped: 0, insertedIds: [] };
+        }
+        return { inserted: 1, skipped: 0, insertedIds: ['x'] };
+      },
+    };
+
+    const normalTask: ScrapeTask = {
+      sourceId: 'src-2',
+      nickname: 'src-2',
+      type: 'poalim',
+      run: async () => ({ inserted: 2, skipped: 1, insertedIds: ['a', 'b'] }),
+    };
+
+    await startRun([blockedTask, normalTask], false, emit);
+
+    expect(events.some(e => e.type === 'task-blocked')).toBe(true);
+    expect(events.some(e => e.type === 'task-done' && 'sourceId' in e && e.sourceId === 'src-2')).toBe(true);
+    expect(events.at(-1)).toMatchObject({ type: 'run-complete', totalInserted: 2, totalSkipped: 1 });
+  });
+});