npm - @apicircle/core - Versions diffs - 1.0.0 - Mend

@apicircle/core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE +110 -0
package/README.md +35 -0
package/dist/index.cjs +6815 -0
package/dist/index.cjs.map +1 -0
package/dist/index.d.cts +1801 -0
package/dist/index.d.ts +1801 -0
package/dist/index.js +6678 -0
package/dist/index.js.map +1 -0
package/dist/patches-N7mvDpXn.d.cts +85 -0
package/dist/patches-N7mvDpXn.d.ts +85 -0
package/dist/test/mock-idp.cjs +232 -0
package/dist/test/mock-idp.cjs.map +1 -0
package/dist/test/mock-idp.d.cts +32 -0
package/dist/test/mock-idp.d.ts +32 -0
package/dist/test/mock-idp.js +207 -0
package/dist/test/mock-idp.js.map +1 -0
package/dist/workspace/file-backed.cjs +165 -0
package/dist/workspace/file-backed.cjs.map +1 -0
package/dist/workspace/file-backed.d.cts +37 -0
package/dist/workspace/file-backed.d.ts +37 -0
package/dist/workspace/file-backed.js +128 -0
package/dist/workspace/file-backed.js.map +1 -0
package/package.json +72 -0

package/dist/patches-N7mvDpXn.d.cts ADDED Viewed

@@ -0,0 +1,85 @@
+import { WorkspaceSynced, WorkspaceLocal, Request, Folder, Environment, EnvPriorityRef, Assertion, MockServer, ExecutionPlan, WorkspaceSnapshotTrigger } from '@apicircle/shared';
+type WorkspacePatch = {
+    kind: 'request.create';
+    request: Request;
+} | {
+    kind: 'request.update';
+    id: string;
+    patch: Partial<Omit<Request, 'id' | 'createdAt'>>;
+} | {
+    kind: 'request.delete';
+    id: string;
+} | {
+    kind: 'folder.create';
+    folder: Folder;
+} | {
+    kind: 'folder.delete';
+    id: string;
+} | {
+    kind: 'folder.move';
+    id: string;
+    newParentId: string | null;
+} | {
+    kind: 'environment.upsert';
+    environment: Environment;
+} | {
+    kind: 'environment.delete';
+    name: string;
+} | {
+    kind: 'environment.setActive';
+    name: string | null;
+} | {
+    kind: 'environment.setPriority';
+    order: EnvPriorityRef[];
+} | {
+    kind: 'assertion.upsert';
+    requestId: string;
+    assertion: Assertion;
+} | {
+    kind: 'assertion.delete';
+    requestId: string;
+    assertionId: string;
+} | {
+    kind: 'mock.upsert';
+    mock: MockServer;
+} | {
+    kind: 'mock.delete';
+    id: string;
+} | {
+    kind: 'plan.upsert';
+    plan: ExecutionPlan;
+} | {
+    kind: 'plan.delete';
+    id: string;
+} | {
+    kind: 'history.delete_run';
+    runId: string;
+} | {
+    kind: 'history.delete_plan_run';
+    planRunId: string;
+} | {
+    kind: 'history.purge';
+    olderThanMs: number;
+} | {
+    kind: 'snapshot.capture';
+    trigger: WorkspaceSnapshotTrigger;
+    note?: string;
+    id?: string;
+} | {
+    kind: 'snapshot.delete';
+    id: string;
+} | {
+    kind: 'snapshot.restore';
+    id: string;
+} | {
+    kind: 'snapshot.set_max_bytes';
+    maxBytes: number;
+};
+type WorkspacePatchKind = WorkspacePatch['kind'];
+interface WorkspaceState {
+    synced: WorkspaceSynced;
+    local: WorkspaceLocal;
+}
+export type { WorkspaceState as W, WorkspacePatch as a, WorkspacePatchKind as b };

package/dist/patches-N7mvDpXn.d.ts ADDED Viewed

@@ -0,0 +1,85 @@
+import { WorkspaceSynced, WorkspaceLocal, Request, Folder, Environment, EnvPriorityRef, Assertion, MockServer, ExecutionPlan, WorkspaceSnapshotTrigger } from '@apicircle/shared';
+type WorkspacePatch = {
+    kind: 'request.create';
+    request: Request;
+} | {
+    kind: 'request.update';
+    id: string;
+    patch: Partial<Omit<Request, 'id' | 'createdAt'>>;
+} | {
+    kind: 'request.delete';
+    id: string;
+} | {
+    kind: 'folder.create';
+    folder: Folder;
+} | {
+    kind: 'folder.delete';
+    id: string;
+} | {
+    kind: 'folder.move';
+    id: string;
+    newParentId: string | null;
+} | {
+    kind: 'environment.upsert';
+    environment: Environment;
+} | {
+    kind: 'environment.delete';
+    name: string;
+} | {
+    kind: 'environment.setActive';
+    name: string | null;
+} | {
+    kind: 'environment.setPriority';
+    order: EnvPriorityRef[];
+} | {
+    kind: 'assertion.upsert';
+    requestId: string;
+    assertion: Assertion;
+} | {
+    kind: 'assertion.delete';
+    requestId: string;
+    assertionId: string;
+} | {
+    kind: 'mock.upsert';
+    mock: MockServer;
+} | {
+    kind: 'mock.delete';
+    id: string;
+} | {
+    kind: 'plan.upsert';
+    plan: ExecutionPlan;
+} | {
+    kind: 'plan.delete';
+    id: string;
+} | {
+    kind: 'history.delete_run';
+    runId: string;
+} | {
+    kind: 'history.delete_plan_run';
+    planRunId: string;
+} | {
+    kind: 'history.purge';
+    olderThanMs: number;
+} | {
+    kind: 'snapshot.capture';
+    trigger: WorkspaceSnapshotTrigger;
+    note?: string;
+    id?: string;
+} | {
+    kind: 'snapshot.delete';
+    id: string;
+} | {
+    kind: 'snapshot.restore';
+    id: string;
+} | {
+    kind: 'snapshot.set_max_bytes';
+    maxBytes: number;
+};
+type WorkspacePatchKind = WorkspacePatch['kind'];
+interface WorkspaceState {
+    synced: WorkspaceSynced;
+    local: WorkspaceLocal;
+}
+export type { WorkspaceState as W, WorkspacePatch as a, WorkspacePatchKind as b };

package/dist/test/mock-idp.cjs ADDED Viewed

@@ -0,0 +1,232 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/auth/oauth2/__fixtures__/mockIdp.ts
+var mockIdp_exports = {};
+__export(mockIdp_exports, {
+  startMockIdp: () => startMockIdp
+});
+module.exports = __toCommonJS(mockIdp_exports);
+var import_node_http = require("http");
+async function startMockIdp() {
+  let nextAuthorizeError = null;
+  const deviceCodes = /* @__PURE__ */ new Map();
+  const server = (0, import_node_http.createServer)((req, res) => {
+    const url = new URL(req.url ?? "/", `http://127.0.0.1`);
+    res.setHeader("Access-Control-Allow-Origin", "*");
+    res.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization, Accept");
+    if (req.method === "OPTIONS") {
+      res.statusCode = 204;
+      res.end();
+      return;
+    }
+    if (url.pathname === "/authorize") {
+      const redirectUri = url.searchParams.get("redirect_uri") ?? "";
+      const state = url.searchParams.get("state") ?? "";
+      const responseType = url.searchParams.get("response_type") ?? "code";
+      if (!redirectUri) {
+        res.statusCode = 400;
+        res.end("redirect_uri required");
+        return;
+      }
+      if (nextAuthorizeError) {
+        const params = new URLSearchParams({
+          error: nextAuthorizeError.error,
+          state
+        });
+        if (nextAuthorizeError.description) {
+          params.set("error_description", nextAuthorizeError.description);
+        }
+        res.statusCode = 302;
+        res.setHeader("Location", `${redirectUri}?${params.toString()}`);
+        res.end();
+        nextAuthorizeError = null;
+        return;
+      }
+      if (responseType === "token") {
+        res.statusCode = 302;
+        res.setHeader(
+          "Location",
+          `${redirectUri}#access_token=tk-implicit&token_type=Bearer&expires_in=3600&state=${state}`
+        );
+        res.end();
+        return;
+      }
+      res.statusCode = 302;
+      res.setHeader("Location", `${redirectUri}?code=test-code&state=${state}`);
+      res.end();
+      return;
+    }
+    if (url.pathname === "/token" && req.method === "POST") {
+      collectBody(req, (body) => {
+        const params = new URLSearchParams(body);
+        const grant = params.get("grant_type");
+        const clientId = params.get("client_id");
+        if (!clientId) {
+          jsonError(res, 400, "invalid_client", "client_id missing");
+          return;
+        }
+        if (grant === "client_credentials") {
+          jsonOk(res, {
+            access_token: `tk-cc-${clientId}`,
+            token_type: "Bearer",
+            expires_in: 3600,
+            scope: params.get("scope") ?? ""
+          });
+          return;
+        }
+        if (grant === "password") {
+          if (params.get("password") !== "hunter2") {
+            jsonError(res, 400, "invalid_grant", "wrong password");
+            return;
+          }
+          jsonOk(res, {
+            access_token: `tk-ropc-${params.get("username") ?? ""}`,
+            token_type: "Bearer",
+            expires_in: 3600,
+            refresh_token: "rt-ropc"
+          });
+          return;
+        }
+        if (grant === "authorization_code") {
+          if (params.get("code") !== "test-code") {
+            jsonError(res, 400, "invalid_grant", "unknown code");
+            return;
+          }
+          jsonOk(res, {
+            access_token: "tk-authcode",
+            token_type: "Bearer",
+            expires_in: 3600,
+            refresh_token: "rt-authcode",
+            scope: params.get("scope") ?? ""
+          });
+          return;
+        }
+        if (grant === "refresh_token") {
+          if (params.get("refresh_token") === "rt-rotated-once") {
+            jsonError(res, 400, "invalid_grant", "refresh already used");
+            return;
+          }
+          jsonOk(res, {
+            access_token: "tk-refreshed",
+            token_type: "Bearer",
+            expires_in: 3600,
+            // Rotate: hand back a fresh refresh_token.
+            refresh_token: "rt-rotated-once"
+          });
+          return;
+        }
+        if (grant === "urn:ietf:params:oauth:grant-type:device_code") {
+          const code = params.get("device_code") ?? "";
+          const state = deviceCodes.get(code);
+          if (!state) {
+            jsonError(res, 400, "invalid_grant", "unknown device_code");
+            return;
+          }
+          state.pollCount++;
+          if (state.pollCount < state.approvedAfter) {
+            jsonError(res, 400, "authorization_pending");
+            return;
+          }
+          jsonOk(res, {
+            access_token: "tk-device",
+            token_type: "Bearer",
+            expires_in: 3600
+          });
+          return;
+        }
+        jsonError(res, 400, "unsupported_grant_type");
+      });
+      return;
+    }
+    if (url.pathname === "/device_authorize" && req.method === "POST") {
+      const code = `dc-${Date.now()}`;
+      deviceCodes.set(code, { approvedAfter: 2, pollCount: 0 });
+      jsonOk(res, {
+        device_code: code,
+        user_code: "ABCD-EFGH",
+        verification_uri: `http://127.0.0.1:${server.address().port}/device`,
+        interval: 1,
+        expires_in: 600
+      });
+      return;
+    }
+    if (url.pathname === "/protected") {
+      const auth = req.headers["authorization"] ?? "";
+      if (!auth.toLowerCase().startsWith("bearer tk-")) {
+        res.statusCode = 401;
+        res.setHeader("Content-Type", "application/json");
+        res.end(JSON.stringify({ error: "unauthorized" }));
+        return;
+      }
+      jsonOk(res, { ok: true, sawAuth: auth });
+      return;
+    }
+    if (url.pathname === "/www-auth-bearer") {
+      res.statusCode = 401;
+      res.setHeader(
+        "WWW-Authenticate",
+        'Bearer error="invalid_token", error_description="The access token expired"'
+      );
+      res.end();
+      return;
+    }
+    res.statusCode = 404;
+    res.end("Not Found");
+  });
+  await new Promise((resolve) => server.listen(0, "127.0.0.1", resolve));
+  const port = server.address().port;
+  const baseUrl = `http://127.0.0.1:${port}`;
+  return {
+    port,
+    url: (path) => `${baseUrl}${path}`,
+    setNextAuthorizeError: (err) => {
+      nextAuthorizeError = err;
+    },
+    approveDevice: () => {
+      for (const state of deviceCodes.values()) state.approvedAfter = state.pollCount + 1;
+    },
+    close: () => new Promise((resolve, reject) => {
+      server.close((err) => err ? reject(err) : resolve());
+    })
+  };
+}
+function jsonOk(res, body) {
+  res.statusCode = 200;
+  res.setHeader("Content-Type", "application/json");
+  res.end(JSON.stringify(body));
+}
+function jsonError(res, status, error, description) {
+  res.statusCode = status;
+  res.setHeader("Content-Type", "application/json");
+  const body = { error };
+  if (description) body.error_description = description;
+  res.end(JSON.stringify(body));
+}
+function collectBody(req, cb) {
+  const chunks = [];
+  req.on("data", (c) => chunks.push(c));
+  req.on("end", () => cb(Buffer.concat(chunks).toString("utf8")));
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  startMockIdp
+});
+//# sourceMappingURL=mock-idp.cjs.map

package/dist/test/mock-idp.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/auth/oauth2/__fixtures__/mockIdp.ts"],"sourcesContent":["/**\n * Programmatic OAuth2 IdP for E2E tests. Implements every grant the\n * studio supports with the simplest possible logic — no real user\n * accounts, no real key material. Tokens are deterministic strings\n * keyed by `client_id` so assertions can match exactly.\n *\n * POST /token — token endpoint (every grant_type)\n * GET /authorize — auth-code / implicit redirect\n * POST /device_authorize — device flow user-code endpoint\n * GET /protected — resource server, requires Bearer header\n * POST /protected — same, lets tests assert on POST too\n * GET /www-auth-bearer — emits WWW-Authenticate Bearer error (no JSON)\n * POST /digest-protected — Digest 401-retry endpoint\n *\n * Spin up via `await startMockIdp()` and tear down with the returned\n * `close()`. Port is dynamic to avoid collisions in CI.\n */\n\nimport { createServer, type IncomingMessage, type Server, type ServerResponse } from 'node:http';\nimport { type AddressInfo } from 'node:net';\n\ninterface DeviceState {\n approvedAfter: number; // poll count threshold\n pollCount: number;\n}\n\nexport interface MockIdp {\n port: number;\n url: (path: string) => string;\n /** Force the next /authorize redirect to include this error param. */\n setNextAuthorizeError: (err: { error: string; description?: string } | null) => void;\n /** Approve the current device flow (subsequent /token polls succeed). */\n approveDevice: () => void;\n close: () => Promise<void>;\n}\n\nexport async function startMockIdp(): Promise<MockIdp> {\n let nextAuthorizeError: { error: string; description?: string } | null = null;\n const deviceCodes = new Map<string, DeviceState>();\n\n const server: Server = createServer((req, res) => {\n const url = new URL(req.url ?? '/', `http://127.0.0.1`);\n\n // Permissive CORS so the web app's fetch can reach the IdP across\n // origins (e.g. http://localhost:5174 → http://127.0.0.1:<idp>).\n // Real IdPs aren't this permissive — but only the test harness\n // ever talks to this server.\n res.setHeader('Access-Control-Allow-Origin', '*');\n res.setHeader('Access-Control-Allow-Methods', 'GET,POST,OPTIONS');\n res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Accept');\n if (req.method === 'OPTIONS') {\n res.statusCode = 204;\n res.end();\n return;\n }\n\n if (url.pathname === '/authorize') {\n const redirectUri = url.searchParams.get('redirect_uri') ?? '';\n const state = url.searchParams.get('state') ?? '';\n const responseType = url.searchParams.get('response_type') ?? 'code';\n if (!redirectUri) {\n res.statusCode = 400;\n res.end('redirect_uri required');\n return;\n }\n if (nextAuthorizeError) {\n const params = new URLSearchParams({\n error: nextAuthorizeError.error,\n state,\n });\n if (nextAuthorizeError.description) {\n params.set('error_description', nextAuthorizeError.description);\n }\n res.statusCode = 302;\n res.setHeader('Location', `${redirectUri}?${params.toString()}`);\n res.end();\n nextAuthorizeError = null;\n return;\n }\n if (responseType === 'token') {\n // Implicit: redirect with fragment.\n res.statusCode = 302;\n res.setHeader(\n 'Location',\n `${redirectUri}#access_token=tk-implicit&token_type=Bearer&expires_in=3600&state=${state}`,\n );\n res.end();\n return;\n }\n // Default: auth-code redirect.\n res.statusCode = 302;\n res.setHeader('Location', `${redirectUri}?code=test-code&state=${state}`);\n res.end();\n return;\n }\n\n if (url.pathname === '/token' && req.method === 'POST') {\n collectBody(req, (body) => {\n const params = new URLSearchParams(body);\n const grant = params.get('grant_type');\n const clientId = params.get('client_id');\n if (!clientId) {\n jsonError(res, 400, 'invalid_client', 'client_id missing');\n return;\n }\n if (grant === 'client_credentials') {\n jsonOk(res, {\n access_token: `tk-cc-${clientId}`,\n token_type: 'Bearer',\n expires_in: 3600,\n scope: params.get('scope') ?? '',\n });\n return;\n }\n if (grant === 'password') {\n if (params.get('password') !== 'hunter2') {\n jsonError(res, 400, 'invalid_grant', 'wrong password');\n return;\n }\n jsonOk(res, {\n access_token: `tk-ropc-${params.get('username') ?? ''}`,\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'rt-ropc',\n });\n return;\n }\n if (grant === 'authorization_code') {\n if (params.get('code') !== 'test-code') {\n jsonError(res, 400, 'invalid_grant', 'unknown code');\n return;\n }\n // PKCE clients carry code_verifier — accept any non-empty value.\n jsonOk(res, {\n access_token: 'tk-authcode',\n token_type: 'Bearer',\n expires_in: 3600,\n refresh_token: 'rt-authcode',\n scope: params.get('scope') ?? '',\n });\n return;\n }\n if (grant === 'refresh_token') {\n if (params.get('refresh_token') === 'rt-rotated-once') {\n jsonError(res, 400, 'invalid_grant', 'refresh already used');\n return;\n }\n jsonOk(res, {\n access_token: 'tk-refreshed',\n token_type: 'Bearer',\n expires_in: 3600,\n // Rotate: hand back a fresh refresh_token.\n refresh_token: 'rt-rotated-once',\n });\n return;\n }\n if (grant === 'urn:ietf:params:oauth:grant-type:device_code') {\n const code = params.get('device_code') ?? '';\n const state = deviceCodes.get(code);\n if (!state) {\n jsonError(res, 400, 'invalid_grant', 'unknown device_code');\n return;\n }\n state.pollCount++;\n if (state.pollCount < state.approvedAfter) {\n jsonError(res, 400, 'authorization_pending');\n return;\n }\n jsonOk(res, {\n access_token: 'tk-device',\n token_type: 'Bearer',\n expires_in: 3600,\n });\n return;\n }\n jsonError(res, 400, 'unsupported_grant_type');\n });\n return;\n }\n\n if (url.pathname === '/device_authorize' && req.method === 'POST') {\n const code = `dc-${Date.now()}`;\n deviceCodes.set(code, { approvedAfter: 2, pollCount: 0 });\n jsonOk(res, {\n device_code: code,\n user_code: 'ABCD-EFGH',\n verification_uri: `http://127.0.0.1:${(server.address() as AddressInfo).port}/device`,\n interval: 1,\n expires_in: 600,\n });\n return;\n }\n\n if (url.pathname === '/protected') {\n const auth = req.headers['authorization'] ?? '';\n if (!auth.toLowerCase().startsWith('bearer tk-')) {\n res.statusCode = 401;\n res.setHeader('Content-Type', 'application/json');\n res.end(JSON.stringify({ error: 'unauthorized' }));\n return;\n }\n jsonOk(res, { ok: true, sawAuth: auth });\n return;\n }\n\n if (url.pathname === '/www-auth-bearer') {\n res.statusCode = 401;\n res.setHeader(\n 'WWW-Authenticate',\n 'Bearer error=\"invalid_token\", error_description=\"The access token expired\"',\n );\n res.end();\n return;\n }\n\n res.statusCode = 404;\n res.end('Not Found');\n });\n\n await new Promise<void>((resolve) => server.listen(0, '127.0.0.1', resolve));\n const port = (server.address() as AddressInfo).port;\n const baseUrl = `http://127.0.0.1:${port}`;\n\n return {\n port,\n url: (path) => `${baseUrl}${path}`,\n setNextAuthorizeError: (err) => {\n nextAuthorizeError = err;\n },\n approveDevice: () => {\n for (const state of deviceCodes.values()) state.approvedAfter = state.pollCount + 1;\n },\n close: () =>\n new Promise<void>((resolve, reject) => {\n server.close((err) => (err ? reject(err) : resolve()));\n }),\n };\n}\n\nfunction jsonOk(res: ServerResponse, body: unknown): void {\n res.statusCode = 200;\n res.setHeader('Content-Type', 'application/json');\n res.end(JSON.stringify(body));\n}\n\nfunction jsonError(res: ServerResponse, status: number, error: string, description?: string): void {\n res.statusCode = status;\n res.setHeader('Content-Type', 'application/json');\n const body: Record<string, string> = { error };\n if (description) body.error_description = description;\n res.end(JSON.stringify(body));\n}\n\nfunction collectBody(req: IncomingMessage, cb: (body: string) => void): void {\n const chunks: Buffer[] = [];\n req.on('data', (c: Buffer) => chunks.push(c));\n req.on('end', () => cb(Buffer.concat(chunks).toString('utf8')));\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAkBA,uBAAqF;AAkBrF,eAAsB,eAAiC;AACrD,MAAI,qBAAqE;AACzE,QAAM,cAAc,oBAAI,IAAyB;AAEjD,QAAM,aAAiB,+BAAa,CAAC,KAAK,QAAQ;AAChD,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AAMtD,QAAI,UAAU,+BAA+B,GAAG;AAChD,QAAI,UAAU,gCAAgC,kBAAkB;AAChE,QAAI,UAAU,gCAAgC,qCAAqC;AACnF,QAAI,IAAI,WAAW,WAAW;AAC5B,UAAI,aAAa;AACjB,UAAI,IAAI;AACR;AAAA,IACF;AAEA,QAAI,IAAI,aAAa,cAAc;AACjC,YAAM,cAAc,IAAI,aAAa,IAAI,cAAc,KAAK;AAC5D,YAAM,QAAQ,IAAI,aAAa,IAAI,OAAO,KAAK;AAC/C,YAAM,eAAe,IAAI,aAAa,IAAI,eAAe,KAAK;AAC9D,UAAI,CAAC,aAAa;AAChB,YAAI,aAAa;AACjB,YAAI,IAAI,uBAAuB;AAC/B;AAAA,MACF;AACA,UAAI,oBAAoB;AACtB,cAAM,SAAS,IAAI,gBAAgB;AAAA,UACjC,OAAO,mBAAmB;AAAA,UAC1B;AAAA,QACF,CAAC;AACD,YAAI,mBAAmB,aAAa;AAClC,iBAAO,IAAI,qBAAqB,mBAAmB,WAAW;AAAA,QAChE;AACA,YAAI,aAAa;AACjB,YAAI,UAAU,YAAY,GAAG,WAAW,IAAI,OAAO,SAAS,CAAC,EAAE;AAC/D,YAAI,IAAI;AACR,6BAAqB;AACrB;AAAA,MACF;AACA,UAAI,iBAAiB,SAAS;AAE5B,YAAI,aAAa;AACjB,YAAI;AAAA,UACF;AAAA,UACA,GAAG,WAAW,qEAAqE,KAAK;AAAA,QAC1F;AACA,YAAI,IAAI;AACR;AAAA,MACF;AAEA,UAAI,aAAa;AACjB,UAAI,UAAU,YAAY,GAAG,WAAW,yBAAyB,KAAK,EAAE;AACxE,UAAI,IAAI;AACR;AAAA,IACF;AAEA,QAAI,IAAI,aAAa,YAAY,IAAI,WAAW,QAAQ;AACtD,kBAAY,KAAK,CAAC,SAAS;AACzB,cAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,cAAM,QAAQ,OAAO,IAAI,YAAY;AACrC,cAAM,WAAW,OAAO,IAAI,WAAW;AACvC,YAAI,CAAC,UAAU;AACb,oBAAU,KAAK,KAAK,kBAAkB,mBAAmB;AACzD;AAAA,QACF;AACA,YAAI,UAAU,sBAAsB;AAClC,iBAAO,KAAK;AAAA,YACV,cAAc,SAAS,QAAQ;AAAA,YAC/B,YAAY;AAAA,YACZ,YAAY;AAAA,YACZ,OAAO,OAAO,IAAI,OAAO,KAAK;AAAA,UAChC,CAAC;AACD;AAAA,QACF;AACA,YAAI,UAAU,YAAY;AACxB,cAAI,OAAO,IAAI,UAAU,MAAM,WAAW;AACxC,sBAAU,KAAK,KAAK,iBAAiB,gBAAgB;AACrD;AAAA,UACF;AACA,iBAAO,KAAK;AAAA,YACV,cAAc,WAAW,OAAO,IAAI,UAAU,KAAK,EAAE;AAAA,YACrD,YAAY;AAAA,YACZ,YAAY;AAAA,YACZ,eAAe;AAAA,UACjB,CAAC;AACD;AAAA,QACF;AACA,YAAI,UAAU,sBAAsB;AAClC,cAAI,OAAO,IAAI,MAAM,MAAM,aAAa;AACtC,sBAAU,KAAK,KAAK,iBAAiB,cAAc;AACnD;AAAA,UACF;AAEA,iBAAO,KAAK;AAAA,YACV,cAAc;AAAA,YACd,YAAY;AAAA,YACZ,YAAY;AAAA,YACZ,eAAe;AAAA,YACf,OAAO,OAAO,IAAI,OAAO,KAAK;AAAA,UAChC,CAAC;AACD;AAAA,QACF;AACA,YAAI,UAAU,iBAAiB;AAC7B,cAAI,OAAO,IAAI,eAAe,MAAM,mBAAmB;AACrD,sBAAU,KAAK,KAAK,iBAAiB,sBAAsB;AAC3D;AAAA,UACF;AACA,iBAAO,KAAK;AAAA,YACV,cAAc;AAAA,YACd,YAAY;AAAA,YACZ,YAAY;AAAA;AAAA,YAEZ,eAAe;AAAA,UACjB,CAAC;AACD;AAAA,QACF;AACA,YAAI,UAAU,gDAAgD;AAC5D,gBAAM,OAAO,OAAO,IAAI,aAAa,KAAK;AAC1C,gBAAM,QAAQ,YAAY,IAAI,IAAI;AAClC,cAAI,CAAC,OAAO;AACV,sBAAU,KAAK,KAAK,iBAAiB,qBAAqB;AAC1D;AAAA,UACF;AACA,gBAAM;AACN,cAAI,MAAM,YAAY,MAAM,eAAe;AACzC,sBAAU,KAAK,KAAK,uBAAuB;AAC3C;AAAA,UACF;AACA,iBAAO,KAAK;AAAA,YACV,cAAc;AAAA,YACd,YAAY;AAAA,YACZ,YAAY;AAAA,UACd,CAAC;AACD;AAAA,QACF;AACA,kBAAU,KAAK,KAAK,wBAAwB;AAAA,MAC9C,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,aAAa,uBAAuB,IAAI,WAAW,QAAQ;AACjE,YAAM,OAAO,MAAM,KAAK,IAAI,CAAC;AAC7B,kBAAY,IAAI,MAAM,EAAE,eAAe,GAAG,WAAW,EAAE,CAAC;AACxD,aAAO,KAAK;AAAA,QACV,aAAa;AAAA,QACb,WAAW;AAAA,QACX,kBAAkB,oBAAqB,OAAO,QAAQ,EAAkB,IAAI;AAAA,QAC5E,UAAU;AAAA,QACV,YAAY;AAAA,MACd,CAAC;AACD;AAAA,IACF;AAEA,QAAI,IAAI,aAAa,cAAc;AACjC,YAAM,OAAO,IAAI,QAAQ,eAAe,KAAK;AAC7C,UAAI,CAAC,KAAK,YAAY,EAAE,WAAW,YAAY,GAAG;AAChD,YAAI,aAAa;AACjB,YAAI,UAAU,gBAAgB,kBAAkB;AAChD,YAAI,IAAI,KAAK,UAAU,EAAE,OAAO,eAAe,CAAC,CAAC;AACjD;AAAA,MACF;AACA,aAAO,KAAK,EAAE,IAAI,MAAM,SAAS,KAAK,CAAC;AACvC;AAAA,IACF;AAEA,QAAI,IAAI,aAAa,oBAAoB;AACvC,UAAI,aAAa;AACjB,UAAI;AAAA,QACF;AAAA,QACA;AAAA,MACF;AACA,UAAI,IAAI;AACR;AAAA,IACF;AAEA,QAAI,aAAa;AACjB,QAAI,IAAI,WAAW;AAAA,EACrB,CAAC;AAED,QAAM,IAAI,QAAc,CAAC,YAAY,OAAO,OAAO,GAAG,aAAa,OAAO,CAAC;AAC3E,QAAM,OAAQ,OAAO,QAAQ,EAAkB;AAC/C,QAAM,UAAU,oBAAoB,IAAI;AAExC,SAAO;AAAA,IACL;AAAA,IACA,KAAK,CAAC,SAAS,GAAG,OAAO,GAAG,IAAI;AAAA,IAChC,uBAAuB,CAAC,QAAQ;AAC9B,2BAAqB;AAAA,IACvB;AAAA,IACA,eAAe,MAAM;AACnB,iBAAW,SAAS,YAAY,OAAO,EAAG,OAAM,gBAAgB,MAAM,YAAY;AAAA,IACpF;AAAA,IACA,OAAO,MACL,IAAI,QAAc,CAAC,SAAS,WAAW;AACrC,aAAO,MAAM,CAAC,QAAS,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAE;AAAA,IACvD,CAAC;AAAA,EACL;AACF;AAEA,SAAS,OAAO,KAAqB,MAAqB;AACxD,MAAI,aAAa;AACjB,MAAI,UAAU,gBAAgB,kBAAkB;AAChD,MAAI,IAAI,KAAK,UAAU,IAAI,CAAC;AAC9B;AAEA,SAAS,UAAU,KAAqB,QAAgB,OAAe,aAA4B;AACjG,MAAI,aAAa;AACjB,MAAI,UAAU,gBAAgB,kBAAkB;AAChD,QAAM,OAA+B,EAAE,MAAM;AAC7C,MAAI,YAAa,MAAK,oBAAoB;AAC1C,MAAI,IAAI,KAAK,UAAU,IAAI,CAAC;AAC9B;AAEA,SAAS,YAAY,KAAsB,IAAkC;AAC3E,QAAM,SAAmB,CAAC;AAC1B,MAAI,GAAG,QAAQ,CAAC,MAAc,OAAO,KAAK,CAAC,CAAC;AAC5C,MAAI,GAAG,OAAO,MAAM,GAAG,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM,CAAC,CAAC;AAChE;","names":[]}

package/dist/test/mock-idp.d.cts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Programmatic OAuth2 IdP for E2E tests. Implements every grant the
+ * studio supports with the simplest possible logic — no real user
+ * accounts, no real key material. Tokens are deterministic strings
+ * keyed by `client_id` so assertions can match exactly.
+ *
+ *   POST /token              — token endpoint (every grant_type)
+ *   GET  /authorize          — auth-code / implicit redirect
+ *   POST /device_authorize   — device flow user-code endpoint
+ *   GET  /protected          — resource server, requires Bearer header
+ *   POST /protected          — same, lets tests assert on POST too
+ *   GET  /www-auth-bearer    — emits WWW-Authenticate Bearer error (no JSON)
+ *   POST /digest-protected   — Digest 401-retry endpoint
+ *
+ * Spin up via `await startMockIdp()` and tear down with the returned
+ * `close()`. Port is dynamic to avoid collisions in CI.
+ */
+interface MockIdp {
+    port: number;
+    url: (path: string) => string;
+    /** Force the next /authorize redirect to include this error param. */
+    setNextAuthorizeError: (err: {
+        error: string;
+        description?: string;
+    } | null) => void;
+    /** Approve the current device flow (subsequent /token polls succeed). */
+    approveDevice: () => void;
+    close: () => Promise<void>;
+}
+declare function startMockIdp(): Promise<MockIdp>;
+export { type MockIdp, startMockIdp };

package/dist/test/mock-idp.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Programmatic OAuth2 IdP for E2E tests. Implements every grant the
+ * studio supports with the simplest possible logic — no real user
+ * accounts, no real key material. Tokens are deterministic strings
+ * keyed by `client_id` so assertions can match exactly.
+ *
+ *   POST /token              — token endpoint (every grant_type)
+ *   GET  /authorize          — auth-code / implicit redirect
+ *   POST /device_authorize   — device flow user-code endpoint
+ *   GET  /protected          — resource server, requires Bearer header
+ *   POST /protected          — same, lets tests assert on POST too
+ *   GET  /www-auth-bearer    — emits WWW-Authenticate Bearer error (no JSON)
+ *   POST /digest-protected   — Digest 401-retry endpoint
+ *
+ * Spin up via `await startMockIdp()` and tear down with the returned
+ * `close()`. Port is dynamic to avoid collisions in CI.
+ */
+interface MockIdp {
+    port: number;
+    url: (path: string) => string;
+    /** Force the next /authorize redirect to include this error param. */
+    setNextAuthorizeError: (err: {
+        error: string;
+        description?: string;
+    } | null) => void;
+    /** Approve the current device flow (subsequent /token polls succeed). */
+    approveDevice: () => void;
+    close: () => Promise<void>;
+}
+declare function startMockIdp(): Promise<MockIdp>;
+export { type MockIdp, startMockIdp };