@actuate-media/cms-core 0.11.2 → 0.13.0

package/dist/__tests__/cron/cron.test.js

@@ -0,0 +1,262 @@
+import { describe, expect, it, beforeEach, afterEach, vi } from 'vitest';
+import { isAuthorizedCronRequest, processCleanup, processSeoScan } from '../../cron/index.js';
+describe('cron auth', () => {
+    const originalSecret = process.env.CRON_SECRET;
+    afterEach(() => {
+        if (originalSecret === undefined)
+            delete process.env.CRON_SECRET;
+        else
+            process.env.CRON_SECRET = originalSecret;
+    });
+    it('rejects when CRON_SECRET is unset (fail-closed)', () => {
+        delete process.env.CRON_SECRET;
+        expect(isAuthorizedCronRequest('Bearer anything')).toBe(false);
+    });
+    it('rejects when CRON_SECRET is the empty string (fail-closed)', () => {
+        process.env.CRON_SECRET = '';
+        expect(isAuthorizedCronRequest('Bearer anything')).toBe(false);
+    });
+    it('rejects null/undefined header', () => {
+        process.env.CRON_SECRET = 'abc123';
+        expect(isAuthorizedCronRequest(null)).toBe(false);
+        expect(isAuthorizedCronRequest(undefined)).toBe(false);
+    });
+    it('rejects wrong secret', () => {
+        process.env.CRON_SECRET = 'correct-secret';
+        expect(isAuthorizedCronRequest('Bearer wrong-secret')).toBe(false);
+    });
+    it('rejects partially-correct secret of equal length (constant-time)', () => {
+        process.env.CRON_SECRET = 'secret-with-fixed-length';
+        expect(isAuthorizedCronRequest('Bearer secret-with-fixex-length')).toBe(false);
+    });
+    it('accepts correct Bearer token', () => {
+        process.env.CRON_SECRET = 'correct-secret-value';
+        expect(isAuthorizedCronRequest('Bearer correct-secret-value')).toBe(true);
+    });
+    it('accepts bare secret (for self-hosted schedulers without Bearer prefix)', () => {
+        process.env.CRON_SECRET = 'correct-secret-value';
+        expect(isAuthorizedCronRequest('correct-secret-value')).toBe(true);
+    });
+    // Bugbot review #6 (PR #40): the prior `if (a.length !== b.length) return
+    // false` early exit leaked the secret length through response timing.
+    // The HMAC-based comparison must reject mismatched lengths just as
+    // reliably without revealing length information through different code
+    // paths.
+    it.each([
+        ['shorter than secret', 'short'],
+        ['longer than secret', 'a-much-longer-string-than-the-secret-value-itself'],
+        ['empty', ''],
+        ['one char short', 'correct-secret-valu'],
+        ['one char long', 'correct-secret-value-x'],
+    ])('rejects header %s when length differs from secret', (_label, attempt) => {
+        process.env.CRON_SECRET = 'correct-secret-value';
+        expect(isAuthorizedCronRequest(`Bearer ${attempt}`)).toBe(false);
+    });
+});
+describe('processCleanup', () => {
+    let now;
+    beforeEach(() => {
+        now = Date.now();
+        vi.useFakeTimers();
+        vi.setSystemTime(now);
+    });
+    afterEach(() => {
+        vi.useRealTimers();
+    });
+    it('returns zeros when db is empty / has no models', async () => {
+        const result = await processCleanup({});
+        expect(result).toEqual({
+            sessionsDeleted: 0,
+            auditLogsDeleted: 0,
+            documentsDeleted: 0,
+            passwordResetTokensDeleted: 0,
+        });
+    });
+    it('deletes expired/revoked sessions older than the retention window', async () => {
+        const deleteMany = vi.fn().mockResolvedValue({ count: 3 });
+        const db = { session: { deleteMany } };
+        const result = await processCleanup(db, { sessionRetentionMs: 1000 });
+        expect(result.sessionsDeleted).toBe(3);
+        expect(deleteMany).toHaveBeenCalledTimes(1);
+        const where = deleteMany.mock.calls[0][0].where;
+        expect(where.OR[0].revokedAt.lt.getTime()).toBe(now - 1000);
+        expect(where.OR[1].expiresAt.lt.getTime()).toBe(now - 1000);
+    });
+    it('continues other cleanups when one model fails', async () => {
+        const db = {
+            session: { deleteMany: vi.fn().mockRejectedValue(new Error('boom')) },
+            auditLog: { deleteMany: vi.fn().mockResolvedValue({ count: 5 }) },
+            document: { deleteMany: vi.fn().mockResolvedValue({ count: 2 }) },
+        };
+        const warn = vi.spyOn(console, 'warn').mockImplementation(() => { });
+        const result = await processCleanup(db);
+        expect(result.sessionsDeleted).toBe(0);
+        expect(result.auditLogsDeleted).toBe(5);
+        expect(result.documentsDeleted).toBe(2);
+        expect(warn).toHaveBeenCalled();
+        warn.mockRestore();
+    });
+    it('uses default retention windows when none provided', async () => {
+        const deleteMany = vi.fn().mockResolvedValue({ count: 0 });
+        const db = { auditLog: { deleteMany } };
+        await processCleanup(db);
+        const cutoff = deleteMany.mock.calls[0][0].where.timestamp.lt.getTime();
+        // Default audit log retention is 90 days.
+        expect(cutoff).toBe(now - 90 * 24 * 60 * 60 * 1000);
+    });
+    // Bugbot review (PR #40, post-fix re-scan): `modelExists` used
+    // `typeof db[name] === 'object'` which is true for `null` because of the
+    // historical `typeof null === 'object'` quirk. With `{ session: null }` the
+    // guard returned true and the subsequent `db.session.deleteMany(...)` call
+    // threw a TypeError that the outer try/catch papered over.
+    it('treats explicitly-null model delegates as missing (regression)', async () => {
+        const db = {
+            session: null,
+            auditLog: null,
+            document: null,
+            passwordResetToken: null,
+        };
+        const result = await processCleanup(db);
+        expect(result).toEqual({
+            sessionsDeleted: 0,
+            auditLogsDeleted: 0,
+            documentsDeleted: 0,
+            passwordResetTokensDeleted: 0,
+        });
+    });
+});
+describe('processSeoScan', () => {
+    it('returns empty result when document model is missing', async () => {
+        const result = await processSeoScan({});
+        expect(result).toEqual({ total: 0, pagesWithIssues: 0, totalProblems: 0, issues: [] });
+    });
+    it('flags missing meta title, description, canonical, schema', async () => {
+        const findMany = vi.fn().mockResolvedValue([
+            {
+                id: 'doc1',
+                title: 'Hello',
+                slug: 'hello',
+                collection: 'pages',
+                data: {},
+                plainText: 'x'.repeat(500),
+            },
+        ]);
+        const db = { document: { findMany } };
+        const result = await processSeoScan(db);
+        expect(result.total).toBe(1);
+        expect(result.pagesWithIssues).toBe(1);
+        const problems = result.issues[0].problems;
+        expect(problems).toContain('Missing meta title');
+        expect(problems).toContain('Missing meta description');
+        expect(problems).toContain('No canonical URL set');
+        expect(problems).toContain('No Schema.org type');
+    });
+    it('respects maxDocuments bound', async () => {
+        const findMany = vi.fn().mockResolvedValue([]);
+        const db = { document: { findMany } };
+        await processSeoScan(db, { maxDocuments: 100 });
+        expect(findMany.mock.calls[0][0].take).toBe(100);
+    });
+    it('does not flag well-formed documents', async () => {
+        const db = {
+            document: {
+                findMany: vi.fn().mockResolvedValue([
+                    {
+                        id: 'doc1',
+                        title: 'Hello',
+                        slug: 'hello',
+                        collection: 'pages',
+                        data: {
+                            metaTitle: 'Hello',
+                            metaDescription: 'A page',
+                            canonical: 'https://example.com/hello',
+                            schemaType: 'Article',
+                            body: '<h1>Hello</h1><img alt="ok" src="x">'.padEnd(400, ' '),
+                        },
+                        plainText: 'x'.repeat(500),
+                    },
+                ]),
+            },
+        };
+        const result = await processSeoScan(db);
+        expect(result.pagesWithIssues).toBe(0);
+        expect(result.totalProblems).toBe(0);
+    });
+    // Bugbot review (PR #40, post-fix re-scan): the `<h1>` heading detection
+    // used `content.includes('<h1')` which is case-sensitive, so documents with
+    // valid uppercase `<H1>` headings (or `<H1 class="...">`) were falsely
+    // flagged as missing. Now matches the case-insensitive `<img>` detection
+    // for consistency with the HTML spec.
+    it.each([
+        ['lowercase <h1>', '<h1>Hello</h1>'],
+        ['uppercase <H1>', '<H1>Hello</H1>'],
+        ['mixed-case <H1 class>', '<H1 class="hero">Hello</H1>'],
+        ['attribute on lowercase', '<h1 id="x">Hello</h1>'],
+    ])('does not flag %s as missing H1 (regression)', async (_label, h1Markup) => {
+        const db = {
+            document: {
+                findMany: vi.fn().mockResolvedValue([
+                    {
+                        id: 'doc1',
+                        title: 'Hello',
+                        slug: 'hello',
+                        collection: 'pages',
+                        data: {
+                            metaTitle: 'Hello',
+                            metaDescription: 'A page',
+                            canonical: 'https://example.com/hello',
+                            schemaType: 'Article',
+                            body: `${h1Markup}<img alt="ok" src="x">`.padEnd(400, ' '),
+                        },
+                        plainText: 'x'.repeat(500),
+                    },
+                ]),
+            },
+        };
+        const result = await processSeoScan(db);
+        expect(result.issues[0]?.problems ?? []).not.toContain('No H1 heading found in content');
+    });
+    // Bugbot review (PR #40, post-fix re-scan #2): the `<img>` regex was
+    // case-insensitive (`/gi`) but the `alt=` substring check inside the filter
+    // was case-sensitive (`img.includes('alt=')`), so `<IMG ALT="text">` matched
+    // the regex and was then falsely counted as missing alt text. Same class of
+    // bug as the H1 case-sensitivity fix above.
+    it.each([
+        ['lowercase img + lowercase alt', '<img src="x" alt="ok">', 0],
+        ['uppercase IMG + uppercase ALT', '<IMG SRC="x" ALT="ok">', 0],
+        ['mixed-case Img + mixed-case Alt', '<Img src="x" Alt="ok">', 0],
+        ['lowercase img with no alt is flagged', '<img src="x">', 1],
+        ['uppercase IMG with no alt is flagged', '<IMG SRC="x">', 1],
+    ])('alt-text scan is case-insensitive — %s', async (_label, imgMarkup, expectedMissing) => {
+        const db = {
+            document: {
+                findMany: vi.fn().mockResolvedValue([
+                    {
+                        id: 'doc1',
+                        title: 'Hello',
+                        slug: 'hello',
+                        collection: 'pages',
+                        data: {
+                            metaTitle: 'Hello',
+                            metaDescription: 'A page',
+                            canonical: 'https://example.com/hello',
+                            schemaType: 'Article',
+                            body: `<h1>Hello</h1>${imgMarkup}`.padEnd(400, ' '),
+                        },
+                        plainText: 'x'.repeat(500),
+                    },
+                ]),
+            },
+        };
+        const result = await processSeoScan(db);
+        const problems = result.issues[0]?.problems ?? [];
+        const altMessages = problems.filter((p) => p.endsWith('image(s) missing alt text'));
+        if (expectedMissing === 0) {
+            expect(altMessages).toHaveLength(0);
+        }
+        else {
+            expect(altMessages).toContain(`${expectedMissing} image(s) missing alt text`);
+        }
+    });
+});
+//# sourceMappingURL=cron.test.js.map

package/dist/__tests__/cron/cron.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cron.test.js","sourceRoot":"","sources":["../../../src/__tests__/cron/cron.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EAAE,uBAAuB,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAA;AAE7F,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;IAE9C,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,cAAc,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;;YAC3D,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,cAAc,CAAA;IAC/C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,OAAO,OAAO,CAAC,GAAG,CAAC,WAAW,CAAA;QAC9B,MAAM,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4DAA4D,EAAE,GAAG,EAAE;QACpE,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,EAAE,CAAA;QAC5B,MAAM,CAAC,uBAAuB,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,QAAQ,CAAA;QAClC,MAAM,CAAC,uBAAuB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACjD,MAAM,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACxD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,gBAAgB,CAAA;QAC1C,MAAM,CAAC,uBAAuB,CAAC,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kEAAkE,EAAE,GAAG,EAAE;QAC1E,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,0BAA0B,CAAA;QACpD,MAAM,CAAC,uBAAuB,CAAC,iCAAiC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAChF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,6BAA6B,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC3E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wEAAwE,EAAE,GAAG,EAAE;QAChF,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IACpE,CAAC,CAAC,CAAA;IAEF,0EAA0E;IAC1E,sEAAsE;IACtE,mEAAmE;IACnE,uEAAuE;IACvE,SAAS;IACT,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,qBAAqB,EAAE,OAAO,CAAC;QAChC,CAAC,oBAAoB,EAAE,mDAAmD,CAAC;QAC3E,CAAC,OAAO,EAAE,EAAE,CAAC;QACb,CAAC,gBAAgB,EAAE,qBAAqB,CAAC;QACzC,CAAC,eAAe,EAAE,wBAAwB,CAAC;KAC5C,CAAC,CAAC,mDAAmD,EAAE,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE;QAC1E,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,sBAAsB,CAAA;QAChD,MAAM,CAAC,uBAAuB,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;IAClE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,IAAI,GAAW,CAAA;IAEf,UAAU,CAAC,GAAG,EAAE;QACd,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QAChB,EAAE,CAAC,aAAa,EAAE,CAAA;QAClB,EAAE,CAAC,aAAa,CAAC,GAAG,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,aAAa,EAAE,CAAA;IACpB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,eAAe,EAAE,CAAC;YAClB,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,0BAA0B,EAAE,CAAC;SAC9B,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;QAChF,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1D,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,CAAA;QAEtC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,EAAE,EAAE,kBAAkB,EAAE,IAAI,EAAE,CAAC,CAAA;QAE9E,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,UAAU,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAA;QAC3C,MAAM,KAAK,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QAChD,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;QAC3D,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAA;IAC7D,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;QAC7D,MAAM,EAAE,GAAG;YACT,OAAO,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,EAAE;YACrE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;YACjE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,EAAE;SAClE,CAAA;QACD,MAAM,IAAI,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;QAEnE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEhD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACvC,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACvC,MAAM,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAC/B,IAAI,CAAC,WAAW,EAAE,CAAA;IACpB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,UAAU,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QAC1D,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,UAAU,EAAE,EAAE,CAAA;QAEvC,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEjC,MAAM,MAAM,GAAG,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,CAAA;QACxE,0CAA0C;QAC1C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACrD,CAAC,CAAC,CAAA;IAEF,+DAA+D;IAC/D,yEAAyE;IACzE,4EAA4E;IAC5E,2EAA2E;IAC3E,2DAA2D;IAC3D,EAAE,CAAC,gEAAgE,EAAE,KAAK,IAAI,EAAE;QAC9E,MAAM,EAAE,GAAG;YACT,OAAO,EAAE,IAAI;YACb,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,IAAI;YACd,kBAAkB,EAAE,IAAI;SACzB,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,eAAe,EAAE,CAAC;YAClB,gBAAgB,EAAE,CAAC;YACnB,gBAAgB,EAAE,CAAC;YACnB,0BAA0B,EAAE,CAAC;SAC9B,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;QACnE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,CAAA;IACxF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;QACxE,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;YACzC;gBACE,EAAE,EAAE,MAAM;gBACV,KAAK,EAAE,OAAO;gBACd,IAAI,EAAE,OAAO;gBACb,UAAU,EAAE,OAAO;gBACnB,IAAI,EAAE,EAAE;gBACR,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;aAC3B;SACF,CAAC,CAAA;QACF,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAA;QAErC,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAEhD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QAC5B,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAE,CAAC,QAAQ,CAAA;QAC3C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAA;QAChD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAA;QACtD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAA;QAClD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAA;IAClD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,QAAQ,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAA;QAC9C,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,EAAE,CAAA;QAErC,MAAM,cAAc,CAAC,EAAW,EAAE,EAAE,YAAY,EAAE,GAAG,EAAE,CAAC,CAAA;QACxD,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IACnD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,sCAAsC,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBAC9D;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QAED,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;QACtC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACtC,CAAC,CAAC,CAAA;IAEF,yEAAyE;IACzE,4EAA4E;IAC5E,uEAAuE;IACvE,yEAAyE;IACzE,sCAAsC;IACtC,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpC,CAAC,gBAAgB,EAAE,gBAAgB,CAAC;QACpC,CAAC,uBAAuB,EAAE,6BAA6B,CAAC;QACxD,CAAC,wBAAwB,EAAE,uBAAuB,CAAC;KACpD,CAAC,CAAC,6CAA6C,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,GAAG,QAAQ,wBAAwB,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBAC3D;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,gCAAgC,CAAC,CAAA;IAC1F,CAAC,CAAC,CAAA;IAEF,qEAAqE;IACrE,4EAA4E;IAC5E,6EAA6E;IAC7E,4EAA4E;IAC5E,4CAA4C;IAC5C,EAAE,CAAC,IAAI,CAAC;QACN,CAAC,+BAA+B,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAC9D,CAAC,+BAA+B,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAC9D,CAAC,iCAAiC,EAAE,wBAAwB,EAAE,CAAC,CAAC;QAChE,CAAC,sCAAsC,EAAE,eAAe,EAAE,CAAC,CAAC;QAC5D,CAAC,sCAAsC,EAAE,eAAe,EAAE,CAAC,CAAC;KAC7D,CAAC,CAAC,wCAAwC,EAAE,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,eAAe,EAAE,EAAE;QACxF,MAAM,EAAE,GAAG;YACT,QAAQ,EAAE;gBACR,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC;oBAClC;wBACE,EAAE,EAAE,MAAM;wBACV,KAAK,EAAE,OAAO;wBACd,IAAI,EAAE,OAAO;wBACb,UAAU,EAAE,OAAO;wBACnB,IAAI,EAAE;4BACJ,SAAS,EAAE,OAAO;4BAClB,eAAe,EAAE,QAAQ;4BACzB,SAAS,EAAE,2BAA2B;4BACtC,UAAU,EAAE,SAAS;4BACrB,IAAI,EAAE,iBAAiB,SAAS,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC;yBACpD;wBACD,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;qBAC3B;iBACF,CAAC;aACH;SACF,CAAA;QACD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAW,CAAC,CAAA;QAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,QAAQ,IAAI,EAAE,CAAA;QACjD,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,2BAA2B,CAAC,CAAC,CAAA;QACnF,IAAI,eAAe,KAAK,CAAC,EAAE,CAAC;YAC1B,MAAM,CAAC,WAAW,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAA;QACrC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,WAAW,CAAC,CAAC,SAAS,CAAC,GAAG,eAAe,4BAA4B,CAAC,CAAA;QAC/E,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/__tests__/diagnostics/env.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=env.test.d.ts.map

package/dist/__tests__/diagnostics/env.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/diagnostics/env.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/diagnostics/env.test.js

@@ -0,0 +1,119 @@
+import { describe, it, expect } from 'vitest';
+import { validateEnvShape } from '../../diagnostics/env.js';
+function envFrom(values) {
+    return { get: (name) => values[name] };
+}
+describe('validateEnvShape', () => {
+    it('returns ok=false when CMS_SECRET is missing', () => {
+        const r = validateEnvShape(envFrom({ DATABASE_URL: 'postgres://x' }));
+        expect(r.ok).toBe(false);
+        const secret = r.checks.find((c) => c.name === 'CMS_SECRET');
+        expect(secret?.status).toBe('missing');
+    });
+    it('flags a CMS_SECRET shorter than 32 chars as an error', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'too-short',
+            DATABASE_URL: 'postgres://x',
+        }));
+        expect(r.ok).toBe(false);
+        expect(r.checks.find((c) => c.name === 'CMS_SECRET')?.status).toBe('error');
+    });
+    it('flags placeholder-looking CMS_SECRET values', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'change-me-in-prod-this-is-a-placeholder-string-xx',
+            DATABASE_URL: 'postgres://x',
+        }));
+        expect(r.checks.find((c) => c.name === 'CMS_SECRET')?.status).toBe('error');
+    });
+    it('flags a CMS_ENCRYPTION_KEY that is not 64 hex chars', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://x',
+            CMS_ENCRYPTION_KEY: 'aes256-local-dev-key-change-in-prod',
+        }));
+        expect(r.ok).toBe(false);
+        const enc = r.checks.find((c) => c.name === 'CMS_ENCRYPTION_KEY');
+        expect(enc?.status).toBe('error');
+    });
+    it('accepts a valid 64-hex-char CMS_ENCRYPTION_KEY', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://x',
+            CMS_ENCRYPTION_KEY: 'a1b2'.repeat(16), // 64 hex chars
+        }));
+        expect(r.checks.find((c) => c.name === 'CMS_ENCRYPTION_KEY')?.status).toBe('ok');
+    });
+    it('flags non-hex chars in the encryption key', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://x',
+            CMS_ENCRYPTION_KEY: 'z'.repeat(64), // wrong alphabet
+        }));
+        expect(r.checks.find((c) => c.name === 'CMS_ENCRYPTION_KEY')?.status).toBe('error');
+    });
+    it('flags an invalid Upstash URL when only one of URL/token is set', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://x',
+            UPSTASH_REDIS_REST_URL: 'https://r.upstash.io',
+            // no token
+        }));
+        expect(r.checks.find((c) => c.name === 'UPSTASH_REDIS_REST_TOKEN')?.status).toBe('error');
+    });
+    it('flags a CRON_SECRET that is too short', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://x',
+            CRON_SECRET: 'short',
+        }));
+        expect(r.checks.find((c) => c.name === 'CRON_SECRET')?.status).toBe('error');
+    });
+    it('returns ok=true when every required var is well-formed', () => {
+        const r = validateEnvShape(envFrom({
+            CMS_SECRET: 'a'.repeat(40),
+            DATABASE_URL: 'postgres://user:pass@host:5432/db',
+            CMS_ENCRYPTION_KEY: 'a1b2'.repeat(16),
+            CRON_SECRET: 'a-real-cron-secret-of-sufficient-length',
+            BLOB_READ_WRITE_TOKEN: 'vercel_blob_rw_xxx',
+            RESEND_API_KEY: 're_xxx',
+        }));
+        expect(r.ok).toBe(true);
+        expect(r.errorCount).toBe(0);
+    });
+    // Bugbot review (PR #41): the unauthenticated /health endpoint surfaces
+    // these messages, and the previous "ok" wording (`Configured (42 chars).`)
+    // leaked exact secret lengths to anyone who could reach the URL — narrowing
+    // brute-force search space with no operational benefit. Lengths must not
+    // appear in any "ok" message.
+    it.each([
+        [
+            'CMS_SECRET',
+            {
+                CMS_SECRET: 'a'.repeat(42),
+                DATABASE_URL: 'postgres://x',
+            },
+        ],
+        [
+            'CMS_ENCRYPTION_KEY',
+            {
+                CMS_SECRET: 'a'.repeat(40),
+                DATABASE_URL: 'postgres://x',
+                CMS_ENCRYPTION_KEY: 'a1b2'.repeat(16),
+            },
+        ],
+        [
+            'CRON_SECRET',
+            {
+                CMS_SECRET: 'a'.repeat(40),
+                DATABASE_URL: 'postgres://x',
+                CRON_SECRET: 'a-real-cron-secret-of-sufficient-length',
+            },
+        ],
+    ])('does not include exact length in the "ok" message for %s', (name, env) => {
+        const r = validateEnvShape(envFrom(env));
+        const check = r.checks.find((c) => c.name === name);
+        expect(check?.status).toBe('ok');
+        expect(check?.message ?? '').not.toMatch(/\d+\s*chars?/i);
+    });
+});
+//# sourceMappingURL=env.test.js.map

package/dist/__tests__/diagnostics/env.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"env.test.js","sourceRoot":"","sources":["../../../src/__tests__/diagnostics/env.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EAAE,gBAAgB,EAAE,MAAM,0BAA0B,CAAA;AAE3D,SAAS,OAAO,CAAC,MAA0C;IACzD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAY,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAA;AAChD,CAAC;AAED,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,CAAC,GAAG,gBAAgB,CAAC,OAAO,CAAC,EAAE,YAAY,EAAE,cAAc,EAAE,CAAC,CAAC,CAAA;QACrE,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACxB,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,CAAA;QAC5D,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,WAAW;YACvB,YAAY,EAAE,cAAc;SAC7B,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACxB,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,mDAAmD;YAC/D,YAAY,EAAE,cAAc;SAC7B,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,YAAY,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC7E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,cAAc;YAC5B,kBAAkB,EAAE,qCAAqC;SAC1D,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;QACxB,MAAM,GAAG,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,CAAA;QACjE,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,cAAc;YAC5B,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,eAAe;SACvD,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAClF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,cAAc;YAC5B,kBAAkB,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,iBAAiB;SACtD,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,oBAAoB,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IACrF,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,cAAc;YAC5B,sBAAsB,EAAE,sBAAsB;YAC9C,WAAW;SACZ,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,0BAA0B,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC3F,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,cAAc;YAC5B,WAAW,EAAE,OAAO;SACrB,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,aAAa,CAAC,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;IAC9E,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,wDAAwD,EAAE,GAAG,EAAE;QAChE,MAAM,CAAC,GAAG,gBAAgB,CACxB,OAAO,CAAC;YACN,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;YAC1B,YAAY,EAAE,mCAAmC;YACjD,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,WAAW,EAAE,yCAAyC;YACtD,qBAAqB,EAAE,oBAAoB;YAC3C,cAAc,EAAE,QAAQ;SACzB,CAAC,CACH,CAAA;QACD,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACvB,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IAC9B,CAAC,CAAC,CAAA;IAEF,wEAAwE;IACxE,2EAA2E;IAC3E,4EAA4E;IAC5E,yEAAyE;IACzE,8BAA8B;IAC9B,EAAE,CAAC,IAAI,CAAC;QACN;YACE,YAAY;YACZ;gBACE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,YAAY,EAAE,cAAc;aAC7B;SACF;QACD;YACE,oBAAoB;YACpB;gBACE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,YAAY,EAAE,cAAc;gBAC5B,kBAAkB,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;aACtC;SACF;QACD;YACE,aAAa;YACb;gBACE,UAAU,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC;gBAC1B,YAAY,EAAE,cAAc;gBAC5B,WAAW,EAAE,yCAAyC;aACvD;SACF;KACF,CAAC,CAAC,0DAA0D,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC3E,MAAM,CAAC,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAA;QACxC,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAA;QACnD,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QAChC,MAAM,CAAC,KAAK,EAAE,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,eAAe,CAAC,CAAA;IAC3D,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/__tests__/diagnostics/logger.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=logger.test.d.ts.map

package/dist/__tests__/diagnostics/logger.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/diagnostics/logger.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/diagnostics/logger.test.js

@@ -0,0 +1,111 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { createLogger } from '../../diagnostics/logger.js';
+describe('createLogger', () => {
+    const errorSpy = vi.spyOn(console, 'error').mockImplementation(() => { });
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => { });
+    const infoSpy = vi.spyOn(console, 'info').mockImplementation(() => { });
+    const debugSpy = vi.spyOn(console, 'debug').mockImplementation(() => { });
+    const originalLevel = process.env.ACTUATE_LOG_LEVEL;
+    const originalFormat = process.env.ACTUATE_LOG_FORMAT;
+    const originalNodeEnv = process.env.NODE_ENV;
+    beforeEach(() => {
+        errorSpy.mockClear();
+        warnSpy.mockClear();
+        infoSpy.mockClear();
+        debugSpy.mockClear();
+    });
+    afterEach(() => {
+        if (originalLevel === undefined)
+            delete process.env.ACTUATE_LOG_LEVEL;
+        else
+            process.env.ACTUATE_LOG_LEVEL = originalLevel;
+        if (originalFormat === undefined)
+            delete process.env.ACTUATE_LOG_FORMAT;
+        else
+            process.env.ACTUATE_LOG_FORMAT = originalFormat;
+        if (originalNodeEnv === undefined)
+            delete process.env.NODE_ENV;
+        else
+            process.env.NODE_ENV = originalNodeEnv;
+    });
+    it('emits all levels by default in non-production', () => {
+        delete process.env.NODE_ENV;
+        delete process.env.ACTUATE_LOG_LEVEL;
+        const log = createLogger('test');
+        log.error('e');
+        log.warn('w');
+        log.info('i');
+        log.debug('d');
+        expect(errorSpy).toHaveBeenCalled();
+        expect(warnSpy).toHaveBeenCalled();
+        expect(infoSpy).toHaveBeenCalled();
+        // info-level default does NOT include debug
+        expect(debugSpy).not.toHaveBeenCalled();
+    });
+    it('silences info+debug when level=warn', () => {
+        process.env.ACTUATE_LOG_LEVEL = 'warn';
+        const log = createLogger('test');
+        log.error('e');
+        log.warn('w');
+        log.info('i');
+        log.debug('d');
+        expect(errorSpy).toHaveBeenCalled();
+        expect(warnSpy).toHaveBeenCalled();
+        expect(infoSpy).not.toHaveBeenCalled();
+        expect(debugSpy).not.toHaveBeenCalled();
+    });
+    it('only emits errors when level=error', () => {
+        process.env.ACTUATE_LOG_LEVEL = 'error';
+        const log = createLogger('test');
+        log.error('e');
+        log.warn('w');
+        log.info('i');
+        expect(errorSpy).toHaveBeenCalled();
+        expect(warnSpy).not.toHaveBeenCalled();
+        expect(infoSpy).not.toHaveBeenCalled();
+    });
+    it('emits nothing when level=silent', () => {
+        process.env.ACTUATE_LOG_LEVEL = 'silent';
+        const log = createLogger('test');
+        log.error('e');
+        log.warn('w');
+        expect(errorSpy).not.toHaveBeenCalled();
+        expect(warnSpy).not.toHaveBeenCalled();
+    });
+    it('defaults to warn in NODE_ENV=production', () => {
+        process.env.NODE_ENV = 'production';
+        delete process.env.ACTUATE_LOG_LEVEL;
+        const log = createLogger('test');
+        log.error('e');
+        log.warn('w');
+        log.info('i');
+        expect(errorSpy).toHaveBeenCalled();
+        expect(warnSpy).toHaveBeenCalled();
+        expect(infoSpy).not.toHaveBeenCalled();
+    });
+    it('emits one-line JSON when format=json', () => {
+        process.env.ACTUATE_LOG_LEVEL = 'info';
+        process.env.ACTUATE_LOG_FORMAT = 'json';
+        const log = createLogger('rate-limit');
+        log.error('boom', { reason: 'upstream-down', retry: 3 });
+        expect(errorSpy).toHaveBeenCalledOnce();
+        const line = errorSpy.mock.calls[0][0];
+        expect(typeof line).toBe('string');
+        const parsed = JSON.parse(line);
+        expect(parsed.level).toBe('error');
+        expect(parsed.scope).toBe('rate-limit');
+        expect(parsed.msg).toBe('boom');
+        expect(parsed.details).toEqual({ reason: 'upstream-down', retry: 3 });
+        expect(typeof parsed.ts).toBe('string');
+    });
+    it('uses [actuate][scope] prefix in text mode', () => {
+        process.env.ACTUATE_LOG_LEVEL = 'info';
+        delete process.env.ACTUATE_LOG_FORMAT;
+        const log = createLogger('rate-limit');
+        log.warn('hi');
+        expect(warnSpy).toHaveBeenCalledOnce();
+        expect(warnSpy.mock.calls[0][0]).toBe('[actuate][rate-limit]');
+        expect(warnSpy.mock.calls[0][1]).toBe('hi');
+    });
+});
+//# sourceMappingURL=logger.test.js.map

package/dist/__tests__/diagnostics/logger.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.test.js","sourceRoot":"","sources":["../../../src/__tests__/diagnostics/logger.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,QAAQ,CAAA;AACxE,OAAO,EAAE,YAAY,EAAE,MAAM,6BAA6B,CAAA;AAE1D,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IACxE,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IACtE,MAAM,OAAO,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IACtE,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;IAExE,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;IACnD,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;IACrD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAA;IAE5C,UAAU,CAAC,GAAG,EAAE;QACd,QAAQ,CAAC,SAAS,EAAE,CAAA;QACpB,OAAO,CAAC,SAAS,EAAE,CAAA;QACnB,OAAO,CAAC,SAAS,EAAE,CAAA;QACnB,QAAQ,CAAC,SAAS,EAAE,CAAA;IACtB,CAAC,CAAC,CAAA;IAEF,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,aAAa,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;;YAChE,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,aAAa,CAAA;QAClD,IAAI,cAAc,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;;YAClE,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,cAAc,CAAA;QACpD,IAAI,eAAe,KAAK,SAAS;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAA;;YACzD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,eAAe,CAAA;IAC7C,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,OAAO,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAA;QAC3B,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;QACpC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAChC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,MAAM,CAAC,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAClC,4CAA4C;QAC5C,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAA;QACtC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAChC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,MAAM,CAAC,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QACtC,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,OAAO,CAAA;QACvC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAChC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,MAAM,CAAC,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QACtC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,QAAQ,CAAA;QACxC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAChC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,MAAM,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;QACvC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,YAAY,CAAA;QACnC,OAAO,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;QACpC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAA;QAChC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QACd,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;QACb,MAAM,CAAC,QAAQ,CAAC,CAAC,gBAAgB,EAAE,CAAA;QACnC,MAAM,CAAC,OAAO,CAAC,CAAC,gBAAgB,EAAE,CAAA;QAClC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAA;IACxC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAA;QACtC,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,MAAM,CAAA;QACvC,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAA;QACtC,GAAG,CAAC,KAAK,CAAC,MAAM,EAAE,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QACxD,MAAM,CAAC,QAAQ,CAAC,CAAC,oBAAoB,EAAE,CAAA;QACvC,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAW,CAAA;QACjD,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QAClC,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAA;QAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;QACvC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAC/B,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,CAAC,CAAA;QACrE,MAAM,CAAC,OAAO,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;IACzC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,MAAM,CAAA;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAA;QACrC,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAA;QACtC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;QACd,MAAM,CAAC,OAAO,CAAC,CAAC,oBAAoB,EAAE,CAAA;QACtC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAA;QAC/D,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;IAC9C,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}

package/dist/__tests__/security/encrypted-fields.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=encrypted-fields.test.d.ts.map

package/dist/__tests__/security/encrypted-fields.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-fields.test.d.ts","sourceRoot":"","sources":["../../../src/__tests__/security/encrypted-fields.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/security/encrypted-fields.test.js

@@ -0,0 +1,60 @@
+import { describe, expect, it } from 'vitest';
+import { encryptField, decryptField, InvalidEncryptionKeyError, } from '../../security/encrypted-fields.js';
+const VALID_KEY = 'a'.repeat(64); // 64 hex chars = 32 bytes
+const ALT_KEY = 'b'.repeat(64);
+describe('encrypted-fields key validation', () => {
+    it('rejects empty key', async () => {
+        await expect(encryptField('hello', '')).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('rejects undefined / non-string key', async () => {
+        await expect(encryptField('hello', undefined)).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('rejects too-short key', async () => {
+        await expect(encryptField('hello', 'a'.repeat(32))).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('rejects too-long key', async () => {
+        await expect(encryptField('hello', 'a'.repeat(128))).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('rejects non-hex characters', async () => {
+        await expect(encryptField('hello', 'z'.repeat(63) + 'a')).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('rejects the placeholder dev key from the .env example', async () => {
+        // "aes256-local-dev-key-change-in-prod" is 35 chars, not 64, and contains '-'.
+        await expect(encryptField('hello', 'aes256-local-dev-key-change-in-prod')).rejects.toBeInstanceOf(InvalidEncryptionKeyError);
+    });
+    it('error message points operators at the random-bytes generator', async () => {
+        try {
+            await encryptField('hello', 'short');
+            throw new Error('should have thrown');
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(InvalidEncryptionKeyError);
+            expect(err.message).toContain('randomBytes(32)');
+        }
+    });
+});
+describe('encrypted-fields round-trip', () => {
+    it('encrypts and decrypts with the same key', async () => {
+        const plaintext = 'hello, world — with unicode ✓';
+        const encrypted = await encryptField(plaintext, VALID_KEY);
+        expect(encrypted).not.toBe(plaintext);
+        const decrypted = await decryptField(encrypted, VALID_KEY);
+        expect(decrypted).toBe(plaintext);
+    });
+    it('produces different ciphertext on every call (unique IV)', async () => {
+        const a = await encryptField('same input', VALID_KEY);
+        const b = await encryptField('same input', VALID_KEY);
+        expect(a).not.toBe(b);
+    });
+    it('rejects ciphertext encrypted with a different key', async () => {
+        const encrypted = await encryptField('secret', VALID_KEY);
+        await expect(decryptField(encrypted, ALT_KEY)).rejects.toThrow();
+    });
+    it('rejects tampered ciphertext (AES-GCM auth tag enforces integrity)', async () => {
+        const encrypted = await encryptField('secret', VALID_KEY);
+        // Flip one byte at the end (inside the auth tag region)
+        const tampered = encrypted.slice(0, -2) + (encrypted.slice(-2) === 'ff' ? '00' : 'ff');
+        await expect(decryptField(tampered, VALID_KEY)).rejects.toThrow();
+    });
+});
+//# sourceMappingURL=encrypted-fields.test.js.map

package/dist/__tests__/security/encrypted-fields.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encrypted-fields.test.js","sourceRoot":"","sources":["../../../src/__tests__/security/encrypted-fields.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAA;AAC7C,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,yBAAyB,GAC1B,MAAM,oCAAoC,CAAA;AAE3C,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA,CAAC,0BAA0B;AAC3D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAA;AAE9B,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;IAC/C,EAAE,CAAC,mBAAmB,EAAE,KAAK,IAAI,EAAE;QACjC,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAAC,yBAAyB,CAAC,CAAA;IAC3F,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,oCAAoC,EAAE,KAAK,IAAI,EAAE;QAClD,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,SAA8B,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CACxF,yBAAyB,CAC1B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACrC,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CACxE,yBAAyB,CAC1B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QACpC,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CACzE,yBAAyB,CAC1B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,cAAc,CAC9E,yBAAyB,CAC1B,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,uDAAuD,EAAE,KAAK,IAAI,EAAE;QACrE,+EAA+E;QAC/E,MAAM,MAAM,CACV,YAAY,CAAC,OAAO,EAAE,qCAAqC,CAAC,CAC7D,CAAC,OAAO,CAAC,cAAc,CAAC,yBAAyB,CAAC,CAAA;IACrD,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,8DAA8D,EAAE,KAAK,IAAI,EAAE;QAC5E,IAAI,CAAC;YACH,MAAM,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YACpC,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAA;QACvC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,CAAC,CAAC,cAAc,CAAC,yBAAyB,CAAC,CAAA;YACrD,MAAM,CAAE,GAAa,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAA;QAC7D,CAAC;IACH,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA;AAEF,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,SAAS,GAAG,+BAA+B,CAAA;QACjD,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC1D,MAAM,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;QACrC,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,SAAS,CAAC,CAAA;QAC1D,MAAM,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAA;IACnC,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,yDAAyD,EAAE,KAAK,IAAI,EAAE;QACvE,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;QACrD,MAAM,CAAC,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,SAAS,CAAC,CAAA;QACrD,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACvB,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;QACjE,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QACzD,MAAM,MAAM,CAAC,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IAClE,CAAC,CAAC,CAAA;IAEF,EAAE,CAAC,mEAAmE,EAAE,KAAK,IAAI,EAAE;QACjF,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QACzD,wDAAwD;QACxD,MAAM,QAAQ,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;QACtF,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,EAAE,CAAA;IACnE,CAAC,CAAC,CAAA;AACJ,CAAC,CAAC,CAAA"}