@auth-gate/testing 0.9.2 → 0.10.0

package/dist/billing/index.d.ts

@@ -0,0 +1,129 @@
+import { BillingConfig, TypedBilling, PlanKey, FeatureKey } from '@auth-gate/billing';
+export { computeDiff, priceConfigKey } from '@auth-gate/billing';
+
+interface AdvanceOptions {
+    days?: number;
+    months?: number;
+}
+type BillingBoundary = "month_end" | "year_end";
+declare class TestClock {
+    private _now;
+    constructor(startDate?: Date);
+    now(): Date;
+    advance(options: AdvanceOptions): Date;
+    /**
+     * Check if advancing from `before` to `after` crosses a billing boundary.
+     */
+    crossesBoundary(before: Date, after: Date, boundary: BillingBoundary): boolean;
+}
+
+interface Subscription {
+    id: string;
+    userId: string;
+    planKey: string;
+    priceIndex: number;
+    status: "active" | "canceled" | "past_due" | "trialing";
+    currentPeriodStart: Date;
+    currentPeriodEnd: Date;
+    cancelAtPeriodEnd: boolean;
+    createdAt: Date;
+}
+interface UsageRecord {
+    userId: string;
+    metric: string;
+    quantity: number;
+    timestamp: Date;
+}
+declare class InMemoryStore {
+    private subscriptions;
+    private usage;
+    private nextId;
+    createSubscription(params: {
+        userId: string;
+        planKey: string;
+        priceIndex?: number;
+        status?: Subscription["status"];
+        periodStart: Date;
+        periodEnd: Date;
+    }): Subscription;
+    getSubscription(id: string): Subscription | undefined;
+    getSubscriptionByUser(userId: string): Subscription | undefined;
+    updateSubscription(id: string, updates: Partial<Pick<Subscription, "planKey" | "priceIndex" | "status" | "cancelAtPeriodEnd" | "currentPeriodStart" | "currentPeriodEnd">>): Subscription | undefined;
+    listSubscriptions(filter?: {
+        status?: Subscription["status"];
+        planKey?: string;
+    }): Subscription[];
+    recordUsage(userId: string, metric: string, quantity: number, timestamp: Date): void;
+    getUsage(userId: string, metric: string, periodStart: Date, periodEnd: Date): number;
+    subscriberCount(planKey: string): number;
+    clear(): void;
+}
+
+interface BooleanCheck {
+    type: "boolean";
+    feature: string;
+    allowed: boolean;
+}
+interface MeteredCheck {
+    type: "metered";
+    feature: string;
+    allowed: boolean;
+    used: number;
+    limit: number;
+    remaining: number;
+}
+type EntitlementCheck = BooleanCheck | MeteredCheck;
+declare class EntitlementChecker {
+    private config;
+    private store;
+    constructor(config: BillingConfig, store: InMemoryStore);
+    check(userId: string, feature: string): EntitlementCheck;
+    checkAll(userId: string): Record<string, EntitlementCheck>;
+}
+
+interface TestBillingOptions {
+    config: BillingConfig;
+    startDate?: Date;
+}
+interface TestBilling {
+    clock: TestClock;
+    store: InMemoryStore;
+    checker: EntitlementChecker;
+    subscribe(userId: string, planKey: string, priceIndex?: number): Subscription;
+    changePlan(userId: string, newPlanKey: string, priceIndex?: number): Subscription;
+    cancel(userId: string): Subscription;
+    reportUsage(userId: string, metric: string, quantity: number): void;
+    checkEntitlement(userId: string, feature: string): EntitlementCheck;
+    getSubscription(userId: string): Subscription | undefined;
+    advanceTime(options: {
+        days?: number;
+        months?: number;
+    }): Date;
+    subscriberCounts(): Record<string, number>;
+}
+interface TypedTestBillingOptions<B extends TypedBilling<any>> {
+    billing: B;
+    startDate?: Date;
+}
+interface TypedTestBilling<B extends TypedBilling<any>> {
+    clock: TestClock;
+    store: InMemoryStore;
+    checker: EntitlementChecker;
+    subscribe(userId: string, planKey: PlanKey<B>, priceIndex?: number): Subscription;
+    changePlan(userId: string, newPlanKey: PlanKey<B>, priceIndex?: number): Subscription;
+    cancel(userId: string): Subscription;
+    reportUsage(userId: string, metric: FeatureKey<B>, quantity: number): void;
+    checkEntitlement(userId: string, feature: FeatureKey<B>): EntitlementCheck;
+    getSubscription(userId: string): Subscription | undefined;
+    advanceTime(options: {
+        days?: number;
+        months?: number;
+    }): Date;
+    subscriberCounts(): Record<PlanKey<B>, number>;
+}
+/** Create typed test billing from a `defineBilling()` config. */
+declare function createTestBilling<B extends TypedBilling<any>>(options: TypedTestBillingOptions<B>): TypedTestBilling<B>;
+/** Create untyped test billing (legacy). */
+declare function createTestBilling(options: TestBillingOptions): TestBilling;
+
+export { type AdvanceOptions, type BillingBoundary, type BooleanCheck, type EntitlementCheck, EntitlementChecker, InMemoryStore, type MeteredCheck, type Subscription, type TestBilling, type TestBillingOptions, TestClock, type TypedTestBilling, type TypedTestBillingOptions, type UsageRecord, createTestBilling };

package/dist/billing/index.mjs

@@ -0,0 +1,252 @@
+import "../chunk-MBTDPSN5.mjs";
+
+// src/billing/clock.ts
+var TestClock = class {
+  constructor(startDate) {
+    this._now = startDate ? new Date(startDate) : /* @__PURE__ */ new Date("2025-01-01T00:00:00Z");
+  }
+  now() {
+    return new Date(this._now);
+  }
+  advance(options) {
+    const next = new Date(this._now);
+    if (options.days) {
+      next.setUTCDate(next.getUTCDate() + options.days);
+    }
+    if (options.months) {
+      next.setUTCMonth(next.getUTCMonth() + options.months);
+    }
+    this._now = next;
+    return this.now();
+  }
+  /**
+   * Check if advancing from `before` to `after` crosses a billing boundary.
+   */
+  crossesBoundary(before, after, boundary) {
+    if (boundary === "month_end") {
+      return before.getUTCMonth() !== after.getUTCMonth() || before.getUTCFullYear() !== after.getUTCFullYear();
+    }
+    if (boundary === "year_end") {
+      return before.getUTCFullYear() !== after.getUTCFullYear();
+    }
+    return false;
+  }
+};
+
+// src/billing/store.ts
+var InMemoryStore = class {
+  constructor() {
+    this.subscriptions = /* @__PURE__ */ new Map();
+    this.usage = [];
+    this.nextId = 1;
+  }
+  createSubscription(params) {
+    var _a, _b;
+    const id = `sub_${this.nextId++}`;
+    const sub = {
+      id,
+      userId: params.userId,
+      planKey: params.planKey,
+      priceIndex: (_a = params.priceIndex) != null ? _a : 0,
+      status: (_b = params.status) != null ? _b : "active",
+      currentPeriodStart: params.periodStart,
+      currentPeriodEnd: params.periodEnd,
+      cancelAtPeriodEnd: false,
+      createdAt: new Date(params.periodStart)
+    };
+    this.subscriptions.set(id, sub);
+    return sub;
+  }
+  getSubscription(id) {
+    return this.subscriptions.get(id);
+  }
+  getSubscriptionByUser(userId) {
+    for (const sub of this.subscriptions.values()) {
+      if (sub.userId === userId && sub.status !== "canceled") return sub;
+    }
+    return void 0;
+  }
+  updateSubscription(id, updates) {
+    const sub = this.subscriptions.get(id);
+    if (!sub) return void 0;
+    Object.assign(sub, updates);
+    return sub;
+  }
+  listSubscriptions(filter) {
+    let subs = [...this.subscriptions.values()];
+    if (filter == null ? void 0 : filter.status) subs = subs.filter((s) => s.status === filter.status);
+    if (filter == null ? void 0 : filter.planKey) subs = subs.filter((s) => s.planKey === filter.planKey);
+    return subs;
+  }
+  recordUsage(userId, metric, quantity, timestamp) {
+    this.usage.push({ userId, metric, quantity, timestamp });
+  }
+  getUsage(userId, metric, periodStart, periodEnd) {
+    return this.usage.filter(
+      (r) => r.userId === userId && r.metric === metric && r.timestamp >= periodStart && r.timestamp < periodEnd
+    ).reduce((sum, r) => sum + r.quantity, 0);
+  }
+  subscriberCount(planKey) {
+    return this.listSubscriptions({ planKey, status: "active" }).length;
+  }
+  clear() {
+    this.subscriptions.clear();
+    this.usage = [];
+    this.nextId = 1;
+  }
+};
+
+// src/billing/entitlements.ts
+var EntitlementChecker = class {
+  constructor(config, store) {
+    this.config = config;
+    this.store = store;
+  }
+  check(userId, feature) {
+    var _a;
+    const sub = this.store.getSubscriptionByUser(userId);
+    if (!sub) {
+      return { type: "boolean", feature, allowed: false };
+    }
+    const plan = this.config.plans[sub.planKey];
+    if (!plan) {
+      return { type: "boolean", feature, allowed: false };
+    }
+    if (plan.entitlements) {
+      const value = plan.entitlements[feature];
+      if (value === void 0) {
+        return { type: "boolean", feature, allowed: false };
+      }
+      if (value === true) {
+        return { type: "boolean", feature, allowed: true };
+      }
+      if (typeof value === "object" && "limit" in value) {
+        const used = this.store.getUsage(
+          userId,
+          feature,
+          sub.currentPeriodStart,
+          sub.currentPeriodEnd
+        );
+        const limit = value.limit;
+        return {
+          type: "metered",
+          feature,
+          allowed: used < limit,
+          used,
+          limit,
+          remaining: Math.max(0, limit - used)
+        };
+      }
+    }
+    if ((_a = plan.features) == null ? void 0 : _a.includes(feature)) {
+      return { type: "boolean", feature, allowed: true };
+    }
+    return { type: "boolean", feature, allowed: false };
+  }
+  checkAll(userId) {
+    const sub = this.store.getSubscriptionByUser(userId);
+    if (!sub) return {};
+    const plan = this.config.plans[sub.planKey];
+    if (!plan) return {};
+    const result = {};
+    if (plan.entitlements) {
+      for (const feature of Object.keys(plan.entitlements)) {
+        result[feature] = this.check(userId, feature);
+      }
+    }
+    if (plan.features) {
+      for (const feature of plan.features) {
+        if (!result[feature]) {
+          result[feature] = { type: "boolean", feature, allowed: true };
+        }
+      }
+    }
+    return result;
+  }
+};
+
+// src/billing/test-billing.ts
+function getPeriodEnd(start, interval) {
+  const end = new Date(start);
+  if (interval === "monthly") {
+    end.setUTCMonth(end.getUTCMonth() + 1);
+  } else {
+    end.setUTCFullYear(end.getUTCFullYear() + 1);
+  }
+  return end;
+}
+function buildTestBilling(config, startDate) {
+  const clock = new TestClock(startDate);
+  const store = new InMemoryStore();
+  const checker = new EntitlementChecker(config, store);
+  return {
+    clock,
+    store,
+    checker,
+    subscribe(userId, planKey, priceIndex = 0) {
+      const plan = config.plans[planKey];
+      if (!plan) throw new Error(`Plan "${planKey}" not found in config`);
+      if (!plan.prices[priceIndex]) throw new Error(`Price index ${priceIndex} not found on plan "${planKey}"`);
+      const existing = store.getSubscriptionByUser(userId);
+      if (existing) throw new Error(`User "${userId}" already has an active subscription (${existing.planKey})`);
+      const now = clock.now();
+      const interval = plan.prices[priceIndex].interval;
+      return store.createSubscription({
+        userId,
+        planKey,
+        priceIndex,
+        periodStart: now,
+        periodEnd: getPeriodEnd(now, interval)
+      });
+    },
+    changePlan(userId, newPlanKey, priceIndex = 0) {
+      const sub = store.getSubscriptionByUser(userId);
+      if (!sub) throw new Error(`User "${userId}" has no active subscription`);
+      const plan = config.plans[newPlanKey];
+      if (!plan) throw new Error(`Plan "${newPlanKey}" not found in config`);
+      if (!plan.prices[priceIndex]) throw new Error(`Price index ${priceIndex} not found on plan "${newPlanKey}"`);
+      store.updateSubscription(sub.id, { planKey: newPlanKey, priceIndex });
+      return store.getSubscription(sub.id);
+    },
+    cancel(userId) {
+      const sub = store.getSubscriptionByUser(userId);
+      if (!sub) throw new Error(`User "${userId}" has no active subscription`);
+      store.updateSubscription(sub.id, { cancelAtPeriodEnd: true });
+      return store.getSubscription(sub.id);
+    },
+    reportUsage(userId, metric, quantity) {
+      store.recordUsage(userId, metric, quantity, clock.now());
+    },
+    checkEntitlement(userId, feature) {
+      return checker.check(userId, feature);
+    },
+    getSubscription(userId) {
+      return store.getSubscriptionByUser(userId);
+    },
+    advanceTime(options) {
+      return clock.advance(options);
+    },
+    subscriberCounts() {
+      const counts = {};
+      for (const planKey of Object.keys(config.plans)) {
+        counts[planKey] = store.subscriberCount(planKey);
+      }
+      return counts;
+    }
+  };
+}
+function createTestBilling(options) {
+  const config = "billing" in options ? options.billing._config : options.config;
+  return buildTestBilling(config, options.startDate);
+}
+
+// src/billing/index.ts
+import { computeDiff, priceConfigKey } from "@auth-gate/billing";
+export {
+  EntitlementChecker,
+  InMemoryStore,
+  TestClock,
+  computeDiff,
+  createTestBilling,
+  priceConfigKey
+};

package/dist/{chunk-OV3AFWVB.mjs → chunk-7QV2KZWA.mjs}

@@ -1,10 +1,3 @@
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-
 // src/constants.ts
 var TEST_EMAIL_DOMAIN = "test.authgate.dev";
 var TEST_OTP_CODE = "424242";
@@ -170,7 +163,6 @@ var AuthGateTest = class {
 };
 
 export {
-  __require,
   TEST_EMAIL_DOMAIN,
   TEST_OTP_CODE,
   AuthGateTest

package/dist/chunk-MBTDPSN5.mjs

@@ -0,0 +1,27 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+
+export {
+  __spreadValues,
+  __require
+};

package/dist/cypress.mjs

@@ -1,6 +1,7 @@
 import {
   AuthGateTest
-} from "./chunk-OV3AFWVB.mjs";
+} from "./chunk-7QV2KZWA.mjs";
+import "./chunk-MBTDPSN5.mjs";
 
 // src/cypress.ts
 import { createAuthGateClient } from "@auth-gate/core";

package/dist/index.mjs

@@ -2,7 +2,8 @@ import {
   AuthGateTest,
   TEST_EMAIL_DOMAIN,
   TEST_OTP_CODE
-} from "./chunk-OV3AFWVB.mjs";
+} from "./chunk-7QV2KZWA.mjs";
+import "./chunk-MBTDPSN5.mjs";
 export {
   AuthGateTest,
   TEST_EMAIL_DOMAIN,

package/dist/playwright.mjs

@@ -1,7 +1,9 @@
 import {
-  AuthGateTest,
+  AuthGateTest
+} from "./chunk-7QV2KZWA.mjs";
+import {
   __require
-} from "./chunk-OV3AFWVB.mjs";
+} from "./chunk-MBTDPSN5.mjs";
 
 // src/playwright.ts
 import { createAuthGateClient } from "@auth-gate/core";

package/dist/rbac/index.cjs

@@ -0,0 +1,223 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getOwnPropSymbols = Object.getOwnPropertySymbols;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __propIsEnum = Object.prototype.propertyIsEnumerable;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __spreadValues = (a, b) => {
+  for (var prop in b || (b = {}))
+    if (__hasOwnProp.call(b, prop))
+      __defNormalProp(a, prop, b[prop]);
+  if (__getOwnPropSymbols)
+    for (var prop of __getOwnPropSymbols(b)) {
+      if (__propIsEnum.call(b, prop))
+        __defNormalProp(a, prop, b[prop]);
+    }
+  return a;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/rbac/index.ts
+var rbac_exports = {};
+__export(rbac_exports, {
+  RbacChecker: () => RbacChecker,
+  createTestRbacConfig: () => createTestRbacConfig,
+  createTestResource: () => createTestResource,
+  createTestRole: () => createTestRole,
+  expectNoPermission: () => expectNoPermission,
+  expectPermission: () => expectPermission,
+  expectRolePermissions: () => expectRolePermissions
+});
+module.exports = __toCommonJS(rbac_exports);
+
+// src/rbac/builders.ts
+function createTestRbacConfig(overrides) {
+  return __spreadValues({
+    resources: {
+      documents: { actions: ["read", "write", "delete"] }
+    },
+    roles: {
+      admin: {
+        name: "Admin",
+        grants: {
+          documents: { read: true, write: true, delete: true }
+        }
+      },
+      viewer: {
+        name: "Viewer",
+        isDefault: true,
+        grants: {
+          documents: { read: true }
+        }
+      }
+    }
+  }, overrides);
+}
+function createTestResource(key, actions, overrides) {
+  return {
+    [key]: __spreadValues({
+      actions
+    }, overrides)
+  };
+}
+function createTestRole(key, name, grants, overrides) {
+  return {
+    [key]: __spreadValues({
+      name,
+      grants
+    }, overrides)
+  };
+}
+
+// src/rbac/checker.ts
+var RbacChecker = class {
+  /**
+   * @param input - Either a plain `RbacConfig` object, or a `TypedRbac`
+   *   instance (from `defineRbac()`) which exposes `_config`.
+   */
+  constructor(input) {
+    this.config = "_config" in input ? input._config : input;
+  }
+  /**
+   * Check whether a role has a specific permission.
+   *
+   * @param roleKey    - The role key (e.g. `"admin"`).
+   * @param permission - A `"resource:action"` string (e.g. `"documents:read"`).
+   * @returns `true` if the role (or any ancestor via inheritance) grants the permission.
+   */
+  hasPermission(roleKey, permission) {
+    return this.getPermissions(roleKey).has(permission);
+  }
+  /**
+   * Collect all permissions for a role, including inherited ones.
+   *
+   * @param roleKey - The role key.
+   * @returns A `Set<string>` of `"resource:action"` strings.
+   */
+  getPermissions(roleKey) {
+    const permissions = /* @__PURE__ */ new Set();
+    this.collectPermissions(roleKey, permissions, /* @__PURE__ */ new Set());
+    return permissions;
+  }
+  /**
+   * Find all roles that grant a specific permission.
+   *
+   * @param permission - A `"resource:action"` string.
+   * @returns Array of role keys that have the permission (directly or via inheritance).
+   */
+  getRolesWithPermission(permission) {
+    const result = [];
+    for (const roleKey of Object.keys(this.config.roles)) {
+      if (this.hasPermission(roleKey, permission)) {
+        result.push(roleKey);
+      }
+    }
+    return result;
+  }
+  /**
+   * Recursively collect permissions for a role, following `inherits` chains.
+   * Uses a `visited` set to prevent infinite loops from circular inheritance.
+   */
+  collectPermissions(roleKey, permissions, visited) {
+    if (visited.has(roleKey)) return;
+    visited.add(roleKey);
+    const role = this.config.roles[roleKey];
+    if (!role) return;
+    for (const [resource, actions] of Object.entries(role.grants)) {
+      for (const [action, value] of Object.entries(
+        actions
+      )) {
+        if (isGranted(value)) {
+          permissions.add(`${resource}:${action}`);
+        }
+      }
+    }
+    if (role.inherits) {
+      for (const parentKey of role.inherits) {
+        this.collectPermissions(parentKey, permissions, visited);
+      }
+    }
+  }
+};
+function isGranted(value) {
+  if (value === true) return true;
+  if (typeof value === "string") return true;
+  if (typeof value === "object" && value !== null && "when" in value) return true;
+  return false;
+}
+
+// src/rbac/assertions.ts
+function toChecker(input) {
+  return new RbacChecker(input);
+}
+function expectPermission(rbac, roleKey, permission) {
+  const checker = toChecker(rbac);
+  if (!checker.hasPermission(roleKey, permission)) {
+    const actual = checker.getPermissions(roleKey);
+    const permList = actual.size > 0 ? Array.from(actual).sort().join(", ") : "(none)";
+    throw new Error(
+      `Expected role "${roleKey}" to have permission "${permission}", but it does not. Actual permissions: [${permList}]`
+    );
+  }
+}
+function expectNoPermission(rbac, roleKey, permission) {
+  const checker = toChecker(rbac);
+  if (checker.hasPermission(roleKey, permission)) {
+    throw new Error(
+      `Expected role "${roleKey}" NOT to have permission "${permission}", but it does.`
+    );
+  }
+}
+function expectRolePermissions(rbac, roleKey, expected) {
+  const checker = toChecker(rbac);
+  const actual = checker.getPermissions(roleKey);
+  const expectedSet = new Set(expected);
+  const missing = [];
+  const extra = [];
+  for (const perm of expectedSet) {
+    if (!actual.has(perm)) {
+      missing.push(perm);
+    }
+  }
+  for (const perm of actual) {
+    if (!expectedSet.has(perm)) {
+      extra.push(perm);
+    }
+  }
+  if (missing.length > 0 || extra.length > 0) {
+    const parts = [];
+    if (missing.length > 0) {
+      parts.push(`Missing: [${missing.sort().join(", ")}]`);
+    }
+    if (extra.length > 0) {
+      parts.push(`Extra: [${extra.sort().join(", ")}]`);
+    }
+    throw new Error(
+      `Role "${roleKey}" permissions do not match expected set. ${parts.join(". ")}`
+    );
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  RbacChecker,
+  createTestRbacConfig,
+  createTestResource,
+  createTestRole,
+  expectNoPermission,
+  expectPermission,
+  expectRolePermissions
+});