npm - @accounter/scraper-app - Versions diffs - 0.0.1 - Mend

@accounter/scraper-app 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/README.md +90 -0
package/docs/plan.md +76 -0
package/index.html +12 -0
package/package.json +40 -0
package/src/env.template +2 -0
package/src/server/__tests__/accounts-routes.test.ts +133 -0
package/src/server/__tests__/check-accounts.test.ts +305 -0
package/src/server/__tests__/filter-payload.test.ts +193 -0
package/src/server/__tests__/graphql-client.integration.test.ts +98 -0
package/src/server/__tests__/graphql-client.test.ts +508 -0
package/src/server/__tests__/healthz.test.ts +22 -0
package/src/server/__tests__/history.test.ts +111 -0
package/src/server/__tests__/otp-manager.test.ts +132 -0
package/src/server/__tests__/scrape-runner.test.ts +144 -0
package/src/server/__tests__/settings-routes.test.ts +117 -0
package/src/server/__tests__/sources-routes.test.ts +149 -0
package/src/server/__tests__/validate-payload.test.ts +193 -0
package/src/server/__tests__/vault-routes.test.ts +174 -0
package/src/server/__tests__/vault.test.ts +33 -0
package/src/server/__tests__/websocket.test.ts +151 -0
package/src/server/account-discovery.ts +49 -0
package/src/server/accounts-routes.ts +74 -0
package/src/server/check-accounts.ts +79 -0
package/src/server/filter-payload.ts +145 -0
package/src/server/graphql/client.ts +103 -0
package/src/server/graphql/mutations.ts +518 -0
package/src/server/history-routes.ts +11 -0
package/src/server/history.ts +53 -0
package/src/server/index.ts +40 -0
package/src/server/otp-manager.ts +63 -0
package/src/server/payload-schemas/amex.schema.ts +2 -0
package/src/server/payload-schemas/cal.schema.ts +27 -0
package/src/server/payload-schemas/currency-rates.schema.ts +11 -0
package/src/server/payload-schemas/discount.schema.ts +26 -0
package/src/server/payload-schemas/isracard.schema.ts +58 -0
package/src/server/payload-schemas/max.schema.ts +27 -0
package/src/server/payload-schemas/poalim-foreign.schema.ts +30 -0
package/src/server/payload-schemas/poalim-ils.schema.ts +31 -0
package/src/server/payload-schemas/poalim-swift.schema.ts +21 -0
package/src/server/scrape-runner.ts +165 -0
package/src/server/scrapers/__tests__/amex.test.ts +142 -0
package/src/server/scrapers/__tests__/cal.test.ts +135 -0
package/src/server/scrapers/__tests__/currency-rates.test.ts +105 -0
package/src/server/scrapers/__tests__/discount.test.ts +160 -0
package/src/server/scrapers/__tests__/isracard.test.ts +142 -0
package/src/server/scrapers/__tests__/max.test.ts +115 -0
package/src/server/scrapers/__tests__/poalim.test.ts +154 -0
package/src/server/scrapers/amex.ts +63 -0
package/src/server/scrapers/cal.ts +56 -0
package/src/server/scrapers/currency-rates.ts +64 -0
package/src/server/scrapers/discount.ts +62 -0
package/src/server/scrapers/isracard.ts +68 -0
package/src/server/scrapers/max.ts +32 -0
package/src/server/scrapers/poalim.ts +103 -0
package/src/server/settings-routes.ts +27 -0
package/src/server/sources-routes.ts +182 -0
package/src/server/validate-payload.ts +74 -0
package/src/server/vault-routes.ts +99 -0
package/src/server/vault-store.ts +42 -0
package/src/server/vault.ts +216 -0
package/src/server/websocket.ts +454 -0
package/src/shared/source-types.ts +10 -0
package/src/shared/types.ts +20 -0
package/src/shared/ws-protocol.ts +177 -0
package/src/test-setup.ts +6 -0
package/src/ui/__tests__/accounts-tab.test.tsx +134 -0
package/src/ui/__tests__/config.test.tsx +99 -0
package/src/ui/__tests__/history.test.tsx +94 -0
package/src/ui/__tests__/run.test.tsx +195 -0
package/src/ui/__tests__/settings-tab.test.tsx +79 -0
package/src/ui/__tests__/sources-tab.test.tsx +139 -0
package/src/ui/__tests__/vault-setup.test.tsx +105 -0
package/src/ui/__tests__/vault-unlock.test.tsx +78 -0
package/src/ui/app.tsx +109 -0
package/src/ui/components/error-boundary.tsx +54 -0
package/src/ui/components/otp-modal.tsx +82 -0
package/src/ui/components/skeleton.tsx +58 -0
package/src/ui/components/task-row.tsx +241 -0
package/src/ui/contexts/vault-context.tsx +77 -0
package/src/ui/lib/api.ts +117 -0
package/src/ui/lib/ws.ts +137 -0
package/src/ui/main.tsx +9 -0
package/src/ui/screens/config/accounts-tab.tsx +185 -0
package/src/ui/screens/config/config.tsx +163 -0
package/src/ui/screens/config/settings-tab.tsx +167 -0
package/src/ui/screens/config/source-forms.tsx +518 -0
package/src/ui/screens/config/source-types.ts +91 -0
package/src/ui/screens/config/sources-tab.tsx +176 -0
package/src/ui/screens/history.tsx +234 -0
package/src/ui/screens/run.tsx +266 -0
package/src/ui/screens/vault-setup.tsx +120 -0
package/src/ui/screens/vault-unlock.tsx +38 -0
package/tsconfig.json +15 -0
package/tsup.config.ts +10 -0
package/vite.config.ts +24 -0
package/vitest.config.ts +7 -0

package/src/server/__tests__/otp-manager.test.ts ADDED Viewed

@@ -0,0 +1,132 @@
+import { afterEach, describe, expect, it, vi } from 'vitest';
+import { OtpCancelledError, OtpManager, OtpTimeoutError } from '../otp-manager.js';
+import type { ServerMessage } from '../../shared/ws-protocol.js';
+function makeEmit() {
+  const sent: ServerMessage[] = [];
+  const emit = (msg: ServerMessage) => sent.push(msg);
+  return { emit, sent };
+}
+afterEach(() => {
+  vi.useRealTimers();
+});
+describe('waitForOtp', () => {
+  it('resolves with the correct string when submitOtp is called', async () => {
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit);
+    manager.submitOtp('src-1', '123456');
+    await expect(promise).resolves.toBe('123456');
+  });
+  it('rejects with OtpTimeoutError after timeout elapses', async () => {
+    vi.useFakeTimers();
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit, 100);
+    vi.advanceTimersByTime(100);
+    await expect(promise).rejects.toBeInstanceOf(OtpTimeoutError);
+  });
+  it('emits otp-required immediately on call', async () => {
+    const manager = new OtpManager();
+    const { emit, sent } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit);
+    expect(sent).toEqual([{ type: 'otp-required', sourceId: 'src-1' }]);
+    manager.submitOtp('src-1', 'x');
+    await promise;
+  });
+  it('OtpTimeoutError carries the sourceId', async () => {
+    vi.useFakeTimers();
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-timeout', emit, 100);
+    vi.advanceTimersByTime(100);
+    try {
+      await promise;
+    } catch (e) {
+      expect(e).toBeInstanceOf(OtpTimeoutError);
+      expect((e as OtpTimeoutError).sourceId).toBe('src-timeout');
+    }
+  });
+});
+describe('submitOtp', () => {
+  it('is a no-op for an unknown sourceId', () => {
+    const manager = new OtpManager();
+    expect(() => manager.submitOtp('does-not-exist', '000000')).not.toThrow();
+  });
+  it('clears the pending entry so a second submit is a no-op', async () => {
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit);
+    manager.submitOtp('src-1', 'first');
+    manager.submitOtp('src-1', 'second'); // should not throw or double-resolve
+    await expect(promise).resolves.toBe('first');
+  });
+});
+describe('cancelOtp', () => {
+  it('rejects the waiting promise with OtpCancelledError', async () => {
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit);
+    manager.cancelOtp('src-1');
+    await expect(promise).rejects.toBeInstanceOf(OtpCancelledError);
+  });
+  it('is a no-op for an unknown sourceId', () => {
+    const manager = new OtpManager();
+    expect(() => manager.cancelOtp('does-not-exist')).not.toThrow();
+  });
+});
+describe('hasPendingOtp', () => {
+  it('returns true while waiting, false after resolution', async () => {
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const promise = manager.waitForOtp('src-1', emit);
+    expect(manager.hasPendingOtp('src-1')).toBe(true);
+    manager.submitOtp('src-1', 'otp');
+    await promise;
+    expect(manager.hasPendingOtp('src-1')).toBe(false);
+  });
+  it('returns false for an unknown sourceId', () => {
+    const manager = new OtpManager();
+    expect(manager.hasPendingOtp('nope')).toBe(false);
+  });
+});
+describe('concurrent waitForOtp for different sourceIds', () => {
+  it('resolves each independently', async () => {
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const p1 = manager.waitForOtp('src-a', emit);
+    const p2 = manager.waitForOtp('src-b', emit);
+    manager.submitOtp('src-a', 'otp-for-a');
+    await expect(p1).resolves.toBe('otp-for-a');
+    manager.submitOtp('src-b', 'otp-for-b');
+    await expect(p2).resolves.toBe('otp-for-b');
+  });
+  it('timing out one does not affect the other', async () => {
+    vi.useFakeTimers();
+    const manager = new OtpManager();
+    const { emit } = makeEmit();
+    const p1 = manager.waitForOtp('src-short', emit, 100);
+    const p2 = manager.waitForOtp('src-long', emit, 10_000);
+    vi.advanceTimersByTime(100);
+    await expect(p1).rejects.toBeInstanceOf(OtpTimeoutError);
+    manager.submitOtp('src-long', 'still-good');
+    await expect(p2).resolves.toBe('still-good');
+  });
+});

package/src/server/__tests__/scrape-runner.test.ts ADDED Viewed

@@ -0,0 +1,144 @@
+import { afterEach, describe, expect, it } from 'vitest';
+import { _resetRunState, startRun, type ScrapeTask } from '../scrape-runner.js';
+import type { ServerMessage } from '../../shared/ws-protocol.js';
+type TaskResult = { inserted: number; skipped: number; insertedIds: string[]; insertedTransactions: []; changedTransactions: [] };
+function makeTask(
+  sourceId: string,
+  run: () => Promise<TaskResult> = async () => ({
+    inserted: 2,
+    skipped: 1,
+    insertedIds: ['id-1', 'id-2'],
+    insertedTransactions: [],
+    changedTransactions: [],
+  }),
+): ScrapeTask {
+  return { sourceId, nickname: sourceId, type: 'poalim', run };
+}
+afterEach(() => {
+  _resetRunState();
+});
+// ── Sequential ────────────────────────────────────────────────────────────────
+describe('sequential mode', () => {
+  it('emits pending×2 → running→done task1 → running→done task2 → run-complete', async () => {
+    const events: ServerMessage[] = [];
+    const emit = (msg: ServerMessage) => events.push(msg);
+    await startRun([makeTask('src-1'), makeTask('src-2')], false, emit);
+    expect(events[0]).toEqual({ type: 'task-pending', sourceId: 'src-1' });
+    expect(events[1]).toEqual({ type: 'task-pending', sourceId: 'src-2' });
+    expect(events[2]).toMatchObject({ type: 'task-running', sourceId: 'src-1' });
+    expect(events[3]).toMatchObject({ type: 'task-done', sourceId: 'src-1', inserted: 2, skipped: 1 });
+    expect(events[4]).toMatchObject({ type: 'task-running', sourceId: 'src-2' });
+    expect(events[5]).toMatchObject({ type: 'task-done', sourceId: 'src-2', inserted: 2, skipped: 1 });
+    expect(events[6]).toEqual({ type: 'run-complete', totalInserted: 4, totalSkipped: 2, errors: 0 });
+    expect(events).toHaveLength(7);
+  });
+  it('returns a RunRecord with correct totals and timestamps', async () => {
+    const before = new Date();
+    const record = await startRun([makeTask('src-1')], false, () => {});
+    const after = new Date();
+    expect(record.id).toMatch(/^[\da-f-]{36}$/);
+    expect(record.totalInserted).toBe(2);
+    expect(record.totalSkipped).toBe(1);
+    expect(record.errorCount).toBe(0);
+    expect(record.startedAt >= before).toBe(true);
+    expect(record.completedAt <= after).toBe(true);
+  });
+});
+// ── Concurrent ────────────────────────────────────────────────────────────────
+describe('concurrent mode', () => {
+  it('both running events arrive before either done event', async () => {
+    const events: ServerMessage[] = [];
+    const emit = (msg: ServerMessage) => events.push(msg);
+    const delayed = (): Promise<TaskResult> =>
+      new Promise(res => setTimeout(() => res({ inserted: 1, skipped: 0, insertedIds: ['x'], insertedTransactions: [], changedTransactions: [] }), 20));
+    await startRun([makeTask('src-1', delayed), makeTask('src-2', delayed)], true, emit);
+    const runningIdxs = events.flatMap((e, i) => (e.type === 'task-running' ? [i] : []));
+    const doneIdxs = events.flatMap((e, i) => (e.type === 'task-done' ? [i] : []));
+    expect(runningIdxs).toHaveLength(2);
+    expect(doneIdxs).toHaveLength(2);
+    expect(Math.max(...runningIdxs)).toBeLessThan(Math.min(...doneIdxs));
+  });
+  it('totals reflect both tasks', async () => {
+    const record = await startRun(
+      [makeTask('src-1'), makeTask('src-2')],
+      true,
+      () => {},
+    );
+    expect(record.totalInserted).toBe(4);
+    expect(record.totalSkipped).toBe(2);
+  });
+});
+// ── Task error ────────────────────────────────────────────────────────────────
+describe('task error handling', () => {
+  it('emits task-error when run() throws, other task still completes', async () => {
+    const events: ServerMessage[] = [];
+    const emit = (msg: ServerMessage) => events.push(msg);
+    const failing = makeTask('src-1', async () => {
+      throw new Error('Scraper exploded');
+    });
+    await startRun([failing, makeTask('src-2')], false, emit);
+    const taskError = events.find(
+      e => e.type === 'task-error' && 'sourceId' in e && e.sourceId === 'src-1',
+    );
+    expect(taskError).toBeTruthy();
+    expect((taskError as { message: string }).message).toContain('Scraper exploded');
+    expect(events.some(e => e.type === 'task-done' && 'sourceId' in e && e.sourceId === 'src-2')).toBe(true);
+    expect(events.at(-1)).toMatchObject({ type: 'run-complete', errors: 1 });
+  });
+  it('run-complete totals reflect only the successful task', async () => {
+    const record = await startRun(
+      [
+        makeTask('src-1', async () => {
+          throw new Error('fail');
+        }),
+        makeTask('src-2'),
+      ],
+      false,
+      () => {},
+    );
+    expect(record.totalInserted).toBe(2); // only src-2
+    expect(record.totalSkipped).toBe(1);
+  });
+});
+// ── In-progress guard ─────────────────────────────────────────────────────────
+describe('in-progress guard', () => {
+  it('throws when called while a run is already in progress', async () => {
+    const neverResolves = (): Promise<TaskResult> => new Promise(_r => {});
+    // Start a run that never finishes (don't await it)
+    const firstRun = startRun([makeTask('src-1', neverResolves)], false, () => {});
+    // Second call should reject immediately because _running is already true
+    await expect(startRun([makeTask('src-2')], false, () => {})).rejects.toThrow(
+      'Run already in progress',
+    );
+    // Cleanup: _resetRunState is called in afterEach, firstRun hangs but that's OK
+    void firstRun;
+  });
+});

package/src/server/__tests__/settings-routes.test.ts ADDED Viewed

@@ -0,0 +1,117 @@
+import { randomBytes } from 'node:crypto';
+import { rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import Fastify, { type FastifyInstance } from 'fastify';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { defaultVault, saveVaultFile } from '../vault.js';
+import { lockVault } from '../vault-store.js';
+import { registerVaultRoutes } from '../vault-routes.js';
+const PASSWORD = 'test-password-123';
+let vaultPath: string;
+let app: FastifyInstance;
+beforeEach(async () => {
+  vaultPath = join(tmpdir(), `vault-test-${randomBytes(4).toString('hex')}.vault`);
+  process.env['VAULT_PATH'] = vaultPath;
+  await saveVaultFile(vaultPath, defaultVault(), PASSWORD);
+  app = Fastify();
+  await registerVaultRoutes(app);
+  await app.ready();
+  await app.inject({
+    method: 'POST',
+    url: '/api/vault/unlock',
+    payload: { password: PASSWORD },
+  });
+});
+afterEach(async () => {
+  lockVault();
+  await app.close();
+  await rm(vaultPath, { force: true });
+  delete process.env['VAULT_PATH'];
+});
+describe('GET /api/vault/settings', () => {
+  it('returns default settings after unlock', async () => {
+    const res = await app.inject({ method: 'GET', url: '/api/vault/settings' });
+    expect(res.statusCode).toBe(200);
+    expect(res.json()).toMatchObject({
+      showBrowser: false,
+      fetchBankOfIsraelRates: true,
+      concurrentScraping: false,
+    });
+  });
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({ method: 'GET', url: '/api/vault/settings' });
+    expect(res.statusCode).toBe(401);
+  });
+});
+describe('PUT /api/vault/settings', () => {
+  it('merges partial update and persists', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/settings',
+      payload: { showBrowser: true, serverUrl: 'https://example.com' },
+    });
+    expect(res.statusCode).toBe(200);
+    const settings = res.json() as Record<string, unknown>;
+    expect(settings.showBrowser).toBe(true);
+    expect(settings.serverUrl).toBe('https://example.com');
+    expect(settings.fetchBankOfIsraelRates).toBe(true);
+  });
+  it('GET after PUT reflects saved value', async () => {
+    await app.inject({
+      method: 'PUT',
+      url: '/api/vault/settings',
+      payload: { apiKey: 'my-key' },
+    });
+    const res = await app.inject({ method: 'GET', url: '/api/vault/settings' });
+    expect(res.json()).toMatchObject({ apiKey: 'my-key' });
+  });
+  it('survives re-lock and re-unlock (persisted to disk)', async () => {
+    await app.inject({
+      method: 'PUT',
+      url: '/api/vault/settings',
+      payload: { serverUrl: 'https://persisted.example' },
+    });
+    lockVault();
+    await app.inject({
+      method: 'POST',
+      url: '/api/vault/unlock',
+      payload: { password: PASSWORD },
+    });
+    const res = await app.inject({ method: 'GET', url: '/api/vault/settings' });
+    expect(res.json()).toMatchObject({ serverUrl: 'https://persisted.example' });
+  });
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/settings',
+      payload: { showBrowser: true },
+    });
+    expect(res.statusCode).toBe(401);
+  });
+  it('returns 400 for invalid field types', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/settings',
+      payload: { showBrowser: 'not-a-boolean' },
+    });
+    expect(res.statusCode).toBe(400);
+  });
+});

package/src/server/__tests__/sources-routes.test.ts ADDED Viewed

@@ -0,0 +1,149 @@
+import { randomBytes } from 'node:crypto';
+import { rm } from 'node:fs/promises';
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+import Fastify, { type FastifyInstance } from 'fastify';
+import { afterEach, beforeEach, describe, expect, it } from 'vitest';
+import { defaultVault, saveVaultFile } from '../vault.js';
+import { lockVault } from '../vault-store.js';
+import { registerVaultRoutes } from '../vault-routes.js';
+const PASSWORD = 'test-password-123';
+let vaultPath: string;
+let app: FastifyInstance;
+beforeEach(async () => {
+  vaultPath = join(tmpdir(), `vault-test-${randomBytes(4).toString('hex')}.vault`);
+  process.env['VAULT_PATH'] = vaultPath;
+  await saveVaultFile(vaultPath, defaultVault(), PASSWORD);
+  app = Fastify();
+  await registerVaultRoutes(app);
+  await app.ready();
+  await app.inject({
+    method: 'POST',
+    url: '/api/vault/unlock',
+    payload: { password: PASSWORD },
+  });
+});
+afterEach(async () => {
+  lockVault();
+  await app.close();
+  await rm(vaultPath, { force: true });
+  delete process.env['VAULT_PATH'];
+});
+describe('GET /api/vault/sources', () => {
+  it('returns empty list initially', async () => {
+    const res = await app.inject({ method: 'GET', url: '/api/vault/sources' });
+    expect(res.statusCode).toBe(200);
+    expect(res.json()).toEqual([]);
+  });
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({ method: 'GET', url: '/api/vault/sources' });
+    expect(res.statusCode).toBe(401);
+  });
+});
+describe('POST /api/vault/sources', () => {
+  it('appends a poalim source and returns updated list', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'poalim', userCode: 'user1', password: 'pass1' },
+    });
+    expect(res.statusCode).toBe(200);
+    const list = res.json() as Array<{ type: string; userCode: string; id: string }>;
+    expect(list).toHaveLength(1);
+    expect(list[0].type).toBe('poalim');
+    expect(list[0].userCode).toBe('user1');
+    expect(list[0].id).toBeTruthy();
+  });
+  it('appends a discount source', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'discount', ID: 'D123', password: 'pass2' },
+    });
+    expect(res.statusCode).toBe(200);
+    const list = res.json() as Array<{ type: string }>;
+    expect(list[0].type).toBe('discount');
+  });
+  it('returns 400 for missing required fields', async () => {
+    const res = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'poalim' },
+    });
+    expect(res.statusCode).toBe(400);
+  });
+  it('returns 401 when vault is locked', async () => {
+    lockVault();
+    const res = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'poalim', userCode: 'user1', password: 'pass1' },
+    });
+    expect(res.statusCode).toBe(401);
+  });
+});
+describe('PUT /api/vault/sources/:id', () => {
+  it('updates a source and returns updated list', async () => {
+    const addRes = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'poalim', userCode: 'user1', password: 'pass1' },
+    });
+    const [added] = addRes.json() as Array<{ id: string; nickname?: string }>;
+    const res = await app.inject({
+      method: 'PUT',
+      url: `/api/vault/sources/${added.id}`,
+      payload: { nickname: 'My Poalim' },
+    });
+    expect(res.statusCode).toBe(200);
+    const list = res.json() as Array<{ id: string; nickname?: string }>;
+    expect(list[0].nickname).toBe('My Poalim');
+  });
+  it('returns 404 for unknown id', async () => {
+    const res = await app.inject({
+      method: 'PUT',
+      url: '/api/vault/sources/does-not-exist',
+      payload: { nickname: 'x' },
+    });
+    expect(res.statusCode).toBe(404);
+  });
+});
+describe('DELETE /api/vault/sources/:id', () => {
+  it('removes a source and returns updated list', async () => {
+    const addRes = await app.inject({
+      method: 'POST',
+      url: '/api/vault/sources',
+      payload: { type: 'max', username: 'maxuser', password: 'pass3' },
+    });
+    const [added] = addRes.json() as Array<{ id: string }>;
+    const res = await app.inject({
+      method: 'DELETE',
+      url: `/api/vault/sources/${added.id}`,
+    });
+    expect(res.statusCode).toBe(200);
+    expect(res.json()).toEqual([]);
+  });
+  it('returns 404 for unknown id', async () => {
+    const res = await app.inject({ method: 'DELETE', url: '/api/vault/sources/ghost' });
+    expect(res.statusCode).toBe(404);
+  });
+});