@edge-base/server 0.2.3 → 0.2.5

package/src/__tests__/meta-route-registration.test.ts

@@ -1,10 +1,10 @@
 /**
  * Meta-test: route registration completeness.
  *
- * Ensures every route file imported in index.ts is also registered via app.route().
- * The expected route exports are derived from the current route files.
+ * Ensures every route module imported in index.ts is also registered via app.route().
+ * The expected route exports are derived from the route modules the entrypoint actually loads.
  */
-import { readFileSync, readdirSync } from 'fs';
+import { readFileSync } from 'fs';
 import { resolve } from 'path';
 import { fileURLToPath } from 'url';
 import { describe, it, expect } from 'vitest';
@@ -15,9 +15,11 @@ describe('index.ts route registration completeness', () => {
     'utf-8',
   );
   const routesDir = resolve(fileURLToPath(new URL('../routes', import.meta.url)));
-  const EXPECTED_ROUTES = readdirSync(routesDir)
-    .filter((fileName) => fileName.endsWith('.ts'))
-    .sort()
+  const ROUTE_IMPORTS = [...source.matchAll(/import\('\.\/routes\/([^']+\.js)'\)/g)]
+    .map((match) => match[1])
+    .sort();
+  const ROUTE_FILES = ROUTE_IMPORTS.map((fileName) => fileName.replace(/\.js$/, '.ts'));
+  const EXPECTED_ROUTES = ROUTE_FILES
     .flatMap((fileName) => {
       const routeSource = readFileSync(resolve(routesDir, fileName), 'utf-8');
       const directExports = [...routeSource.matchAll(/export const (\w+)\s*=\s*new OpenAPIHono/g)].map(
@@ -29,20 +31,23 @@ describe('index.ts route registration completeness', () => {
       return [...directExports, ...aliasExports];
     });
 
-  const EXPECTED_COUNT = EXPECTED_ROUTES.length;
-
-  it(`total route imports = ${EXPECTED_COUNT}`, () => {
-    const importMatches = source.match(/import \{ \w+ \} from '\.\/routes\//g) || [];
-    expect(importMatches.length).toBe(EXPECTED_COUNT);
+  it(`total route module imports = ${ROUTE_FILES.length}`, () => {
+    expect(ROUTE_IMPORTS.length).toBe(ROUTE_FILES.length);
   });
 
-  for (const routeVar of EXPECTED_ROUTES) {
-    it(`${routeVar} is imported`, () => {
-      expect(source).toMatch(new RegExp(`import\\s*\\{[^}]*\\b${routeVar}\\b[^}]*\\}\\s*from '\\./routes/`));
+  for (const routeFile of ROUTE_FILES) {
+    const routePath = routeFile.replace(/\.ts$/, '.js');
+
+    it(`${routeFile} is dynamically imported`, () => {
+      expect(source).toContain(`import('./routes/${routePath}')`);
     });
+  }
 
+  for (const routeVar of EXPECTED_ROUTES) {
     it(`${routeVar} is registered via app.route()`, () => {
-      expect(source).toMatch(new RegExp(`app\\.route\\([^)]+,\\s*${routeVar}\\)`));
+      const directRegistration = new RegExp(`app\\.route\\([^)]+,\\s*${routeVar}\\)`);
+      const moduleRegistration = new RegExp(`app\\.route\\([^)]+,\\s*\\w+\\.${routeVar}\\)`);
+      expect(directRegistration.test(source) || moduleRegistration.test(source)).toBe(true);
     });
   }
 });

package/src/__tests__/plugin-migration-routing.test.ts

@@ -0,0 +1,32 @@
+import { describe, expect, it } from 'vitest';
+import { shouldRunPluginMigrationsForRequestPath } from '../lib/plugin-migration-routing.js';
+
+describe('shouldRunPluginMigrationsForRequestPath', () => {
+  it.each([
+    '/api/auth/sign-in',
+    '/api/db/shared/tables/posts',
+    '/api/functions/send-welcome-email',
+    '/api/sql/shared',
+    '/api/storage/assets/upload',
+    '/admin/api/data/tables/posts',
+  ])('runs plugin migrations before %s', (path) => {
+    expect(shouldRunPluginMigrationsForRequestPath(path)).toBe(true);
+  });
+
+  it.each([
+    '/',
+    '/api/health',
+    '/openapi.json',
+    '/admin',
+    '/admin/login',
+    '/_app/version.json',
+    '/harness/scenarios/demo',
+    '/admin/api/backup',
+    '/admin/api/backup/shared',
+    '/admin/api/data/backup/shared',
+    '/internal/backup',
+    '/internal/backup/shared',
+  ])('skips plugin migrations for %s', (path) => {
+    expect(shouldRunPluginMigrationsForRequestPath(path)).toBe(false);
+  });
+});

package/src/__tests__/provider-aware-sql.test.ts

@@ -122,11 +122,17 @@ describe('provider-aware raw SQL helpers', () => {
 
     const result = await executeProviderAwareSql(
       {
-        config: {},
+        config: {
+          databases: {
+            shared: {
+              tables: { posts: {} },
+            },
+          },
+        },
         workerUrl: 'http://localhost:8787',
         serviceKey: 'service-key',
       },
-      'workspace',
+      'shared',
       undefined,
       'SELECT ? AS id',
       ['p1'],
@@ -146,7 +152,7 @@ describe('provider-aware raw SQL helpers', () => {
           'X-EdgeBase-Service-Key': 'service-key',
         }),
         body: JSON.stringify({
-          namespace: 'workspace',
+          namespace: 'shared',
           id: undefined,
           sql: 'SELECT ? AS id',
           params: ['p1'],

package/src/__tests__/room-auth-state-loss.test.ts

@@ -5,6 +5,128 @@ vi.mock('cloudflare:workers', () => ({
 }));
 
 describe('room auth-state loss recovery', () => {
+  it('treats ephemeral timer persistence failures as non-fatal', async () => {
+    const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
+
+    const room: any = Object.create(RoomRuntimeBaseDO.prototype);
+    const pending: Promise<unknown>[] = [];
+    const warnSpy = vi.spyOn(console, 'warn').mockImplementation(() => {});
+
+    room.pendingAuth = new Map([['conn-1', Date.now() + 5_000]]);
+    room.disconnectTimers = new Map();
+    room.namespace = 'game';
+    room.roomId = 'room-1';
+    room.ctx = {
+      storage: {
+        put: vi.fn().mockRejectedValue(new Error('Exceeded allowed rows written in Durable Objects free tier.')),
+        delete: vi.fn(),
+      },
+      waitUntil: vi.fn((promise: Promise<unknown>) => {
+        pending.push(promise);
+      }),
+    };
+
+    expect(() => room.syncEphemeralTimersToStorage()).not.toThrow();
+    await Promise.allSettled(pending);
+
+    expect(warnSpy).toHaveBeenCalledWith(
+      '[Room] Ephemeral timer persistence skipped',
+      expect.objectContaining({
+        room: 'game::room-1',
+        pendingAuthCount: 1,
+        disconnectCount: 0,
+        message: 'Exceeded allowed rows written in Durable Objects free tier.',
+      }),
+    );
+
+    warnSpy.mockRestore();
+  });
+
+  it('persists alarm-backed room deadlines alongside auth and disconnect timers', async () => {
+    const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
+
+    const pending: Promise<unknown>[] = [];
+    const putSpy = vi.fn().mockResolvedValue(undefined);
+    const room: any = Object.create(RoomRuntimeBaseDO.prototype);
+    room.pendingAuth = new Map([['conn-1', 11_111]]);
+    room.disconnectTimers = new Map([['user-1', { fireAt: 22_222, connectionId: 'conn-1' }]]);
+    room._stateSaveAt = 33_333;
+    room._emptyRoomCleanupAt = 44_444;
+    room._stateTTLAlarmAt = 55_555;
+    room.ctx = {
+      storage: {
+        put: putSpy,
+        delete: vi.fn(),
+      },
+      waitUntil: vi.fn((promise: Promise<unknown>) => {
+        pending.push(promise);
+      }),
+    };
+
+    room.syncEphemeralTimersToStorage();
+    await Promise.allSettled(pending);
+
+    expect(putSpy).toHaveBeenCalledWith('roomEphemeralTimers', {
+      pendingAuth: { 'conn-1': 11_111 },
+      disconnects: { 'user-1': { fireAt: 22_222, connectionId: 'conn-1' } },
+      stateSaveAt: 33_333,
+      emptyRoomCleanupAt: 44_444,
+      stateTTLAlarmAt: 55_555,
+    });
+  });
+
+  it('does not rewrite ephemeral timer storage when state is already dirty', async () => {
+    const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
+
+    const room: any = Object.create(RoomRuntimeBaseDO.prototype);
+    room.dirty = false;
+    room._stateSaveAt = 33_333;
+    room.namespaceConfig = {};
+    room.syncEphemeralTimersToStorage = vi.fn();
+    room._scheduleNextAlarm = vi.fn();
+
+    room.markDirty();
+
+    expect(room.dirty).toBe(true);
+    expect(room._stateSaveAt).toBe(33_333);
+    expect(room.syncEphemeralTimersToStorage).not.toHaveBeenCalled();
+    expect(room._scheduleNextAlarm).toHaveBeenCalledTimes(1);
+  });
+
+  it('recovers persisted timers before alarm processing after a cold wake without sockets', async () => {
+    const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
+
+    const room: any = Object.create(RoomRuntimeBaseDO.prototype);
+    room.stateRecoveryNeeded = false;
+    room.roomCreated = false;
+    room.sharedState = {};
+    room.playerStates = new Map();
+    room.serverState = {};
+    room.players = new Map();
+    room.userToConnections = new Map();
+    room.pendingAuth = new Map();
+    room.disconnectTimers = new Map();
+    room._timers = new Map();
+    room._stateSaveAt = null;
+    room._emptyRoomCleanupAt = null;
+    room._stateTTLAlarmAt = null;
+    room._metadata = {};
+    room.config = {};
+    room.ctx = {
+      getWebSockets: vi.fn(() => []),
+    };
+    room.ensureRuntimeReady = vi.fn(async () => {});
+    room.recoverFromStorage = vi.fn(async () => {});
+    room.findWebSocketByConnectionId = vi.fn(() => null);
+    room.finalizePlayerLeave = vi.fn(async () => {});
+    room.syncEphemeralTimersToStorage = vi.fn();
+    room._scheduleNextAlarm = vi.fn();
+
+    await room.alarm();
+
+    expect(room.recoverFromStorage).toHaveBeenCalledTimes(1);
+  });
+
   it('marks websocket metadata rebuilt from hibernation tags as auth-state-lost', async () => {
     const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
 

package/src/__tests__/room-handler-context.test.ts

@@ -48,7 +48,7 @@ describe('RoomsDO handler context', () => {
       },
     };
 
-    const ctx = room.buildHandlerContext();
+    const ctx = await room.buildHandlerContext();
     const inserted = await ctx.admin.db('shared').table('signals').insert({ title: 'Room inserted' });
 
     expect(inserted).toEqual({ id: 'sig-1', title: 'Room inserted' });
@@ -63,7 +63,7 @@ describe('RoomsDO handler context', () => {
         }),
       }),
     );
-  });
+  }, 15_000);
 
   it('routes admin.db().upsert() through the database durable object', async () => {
     const { RoomsDO } = await import('../durable-objects/rooms-do.js');
@@ -104,7 +104,7 @@ describe('RoomsDO handler context', () => {
       },
     };
 
-    const ctx = room.buildHandlerContext();
+    const ctx = await room.buildHandlerContext();
     const upserted = await ctx.admin.db('shared').table('signals').upsert({
       id: 'sig-1',
       title: 'Room upserted',
@@ -126,7 +126,7 @@ describe('RoomsDO handler context', () => {
         }),
       }),
     );
-  });
+  }, 15_000);
 
   it('returns 409 when creating a Cloudflare RealtimeKit session while media is already published', async () => {
     const { RoomsDO } = await import('../durable-objects/rooms-do.js');

package/src/__tests__/room-rate-limit-scopes.test.ts

@@ -0,0 +1,38 @@
+import { describe, expect, it, vi } from 'vitest';
+
+vi.mock('cloudflare:workers', () => ({
+  DurableObject: class DurableObject {},
+}));
+
+describe('room rate-limit scopes', () => {
+  it('keeps signal/media/admin buckets independent per connection', async () => {
+    const { RoomRuntimeBaseDO } = await import('../durable-objects/room-runtime-base.js');
+
+    const room: any = Object.create(RoomRuntimeBaseDO.prototype);
+    room.namespaceConfig = {
+      rateLimit: {
+        actions: 2,
+        signals: 4,
+        media: 1,
+        admin: 1,
+      },
+    };
+    room.rateBuckets = new Map();
+
+    expect(room.checkRateLimit('conn-1', 'signals')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'signals')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'signals')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'signals')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'signals')).toBe(false);
+
+    expect(room.checkRateLimit('conn-1', 'media')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'media')).toBe(false);
+
+    expect(room.checkRateLimit('conn-1', 'admin')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'admin')).toBe(false);
+
+    expect(room.checkRateLimit('conn-1', 'actions')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'actions')).toBe(true);
+    expect(room.checkRateLimit('conn-1', 'actions')).toBe(false);
+  });
+});

package/src/__tests__/runtime-startup.test.ts

@@ -0,0 +1,49 @@
+import { afterEach, describe, expect, it, vi } from 'vitest';
+
+vi.mock('cloudflare:workers', () => ({
+  DurableObject: class DurableObject {},
+}));
+
+afterEach(() => {
+  vi.resetModules();
+  if (typeof globalThis === 'object' && globalThis !== null) {
+    delete (globalThis as Record<string, unknown>).__EDGEBASE_RUNTIME_CONFIG__;
+  }
+});
+
+describe('runtime startup bootstrap', () => {
+  it('initializes runtime config idempotently for lazy server and DO entrypoints', async () => {
+    const { ensureServerStartup } = await import('../lib/runtime-startup.js');
+    const { parseConfig } = await import('../lib/do-router.js');
+
+    await expect(ensureServerStartup()).resolves.toBeUndefined();
+    const firstConfig = parseConfig();
+
+    await expect(ensureServerStartup()).resolves.toBeUndefined();
+    const secondConfig = parseConfig();
+
+    expect(firstConfig).toEqual(secondConfig);
+    expect(secondConfig).toBeTypeOf('object');
+  });
+
+  it('does not clobber an explicitly injected runtime config', async () => {
+    const { ensureServerStartup } = await import('../lib/runtime-startup.js');
+    const { parseConfig, setConfig } = await import('../lib/do-router.js');
+
+    setConfig({
+      release: false,
+      auth: {
+        allowedRedirectUrls: ['http://localhost:4173'],
+      },
+    });
+
+    await expect(ensureServerStartup()).resolves.toBeUndefined();
+
+    expect(parseConfig()).toMatchObject({
+      release: false,
+      auth: {
+        allowedRedirectUrls: ['http://localhost:4173'],
+      },
+    });
+  });
+});

package/src/__tests__/scheduled.test.ts

@@ -6,12 +6,14 @@ const {
   ensureAuthSchemaMock,
   deleteAnonMock,
   resolveAuthDbMock,
+  executePluginMigrationsMock,
 } = vi.hoisted(() => ({
   cleanExpiredSessionsMock: vi.fn(),
   cleanStaleAnonymousAccountsMock: vi.fn(),
   ensureAuthSchemaMock: vi.fn(),
   deleteAnonMock: vi.fn(),
   resolveAuthDbMock: vi.fn(),
+  executePluginMigrationsMock: vi.fn(),
 }));
 
 vi.mock('cloudflare:workers', () => ({
@@ -44,6 +46,10 @@ vi.mock('../lib/auth-db-adapter.js', async () => {
   };
 });
 
+vi.mock('../lib/plugin-migrations.js', () => ({
+  executePluginMigrations: executePluginMigrationsMock,
+}));
+
 describe('scheduled handler', () => {
   beforeEach(() => {
     vi.resetModules();
@@ -52,6 +58,7 @@ describe('scheduled handler', () => {
     ensureAuthSchemaMock.mockReset().mockResolvedValue(undefined);
     deleteAnonMock.mockReset().mockResolvedValue(undefined);
     resolveAuthDbMock.mockReset().mockReturnValue({ kind: 'auth-db' });
+    executePluginMigrationsMock.mockReset().mockResolvedValue(undefined);
   });
 
   it('runs system cleanup even when no user schedule functions are registered', async () => {
@@ -77,4 +84,52 @@ describe('scheduled handler', () => {
     expect(cleanStaleAnonymousAccountsMock.mock.calls[0]?.[0]).toEqual({ kind: 'auth-db' });
     expect(deleteAnonMock).not.toHaveBeenCalled();
   }, 15_000);
+
+  it('runs plugin migration reconciliation before scheduled work when plugins are configured', async () => {
+    const worker = (await import('../index.js')).default;
+    const pending: Promise<unknown>[] = [];
+    const ctx = {
+      waitUntil: vi.fn((promise: Promise<unknown>) => {
+        pending.push(Promise.resolve(promise));
+      }),
+    };
+    const env = {
+      EDGEBASE_CONFIG: {
+        release: true,
+        plugins: [
+          {
+            name: 'cert-plugin',
+            version: '0.1.0',
+            config: {},
+          },
+        ],
+      },
+    };
+
+    await worker.scheduled(
+      { scheduledTime: Date.parse('2026-03-07T03:00:00Z') } as never,
+      env as never,
+      ctx as never,
+    );
+
+    expect(executePluginMigrationsMock).toHaveBeenCalledWith(
+      [
+        expect.objectContaining({
+          name: 'cert-plugin',
+          version: '0.1.0',
+        }),
+      ],
+      env,
+      expect.objectContaining({
+        plugins: [
+          expect.objectContaining({
+            name: 'cert-plugin',
+            version: '0.1.0',
+          }),
+        ],
+      }),
+      'http://internal',
+    );
+    await Promise.all(pending);
+  }, 15_000);
 });

package/src/__tests__/service-key-db-proxy.test.ts

@@ -1,4 +1,4 @@
-import { afterEach, describe, expect, it } from 'vitest';
+import { afterEach, describe, expect, it, vi } from 'vitest';
 import { defineConfig } from '@edge-base/shared';
 import { EdgeBaseError } from '@edge-base/shared';
 import { setConfig } from '../lib/do-router.js';
@@ -117,6 +117,7 @@ describe('DB proxy service key forwarding', () => {
       databases: {
         workspace: {
           provider: 'do',
+          instance: true,
           tables: {
             users: {},
           },
@@ -203,6 +204,7 @@ describe('DB proxy service key forwarding', () => {
       databases: {
         workspace: {
           provider: 'do',
+          instance: true,
           tables: {
             users: {},
           },
@@ -375,6 +377,125 @@ describe('DB proxy service key forwarding', () => {
     await expect(response.json()).resolves.toEqual({ id: 'u1', name: 'June' });
   });
 
+  it('auto-retries single-instance provider=do namespaces when the DO asks for bootstrap authorization', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        app: {
+          provider: 'do',
+          tables: {
+            posts: {
+              access: {
+                read: () => true,
+              },
+            },
+          },
+        },
+      },
+    }));
+
+    const forwardedHeaders: Headers[] = [];
+    let callCount = 0;
+    const app = createApp();
+    const response = await app.request('/api/db/app/tables/posts', {
+      method: 'GET',
+    }, createEnv((_input, init) => {
+      forwardedHeaders.push(new Headers(init?.headers));
+      callCount += 1;
+      if (callCount === 1) {
+        return new Response(JSON.stringify({ needsCreate: true, namespace: 'app' }), {
+          status: 201,
+          headers: { 'Content-Type': 'application/json' },
+        });
+      }
+      return new Response(JSON.stringify({ items: [] }), {
+        status: 200,
+        headers: { 'Content-Type': 'application/json' },
+      });
+    }));
+
+    expect(response.status).toBe(200);
+    await expect(response.json()).resolves.toEqual({ items: [] });
+    expect(forwardedHeaders).toHaveLength(2);
+    expect(forwardedHeaders[0].get('X-DO-Create-Authorized')).toBeNull();
+    expect(forwardedHeaders[1].get('X-DO-Create-Authorized')).toBe('1');
+  });
+
+  it('rejects instanceId route segments for single-instance namespaces before touching the DO', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        app: {
+          provider: 'do',
+          tables: {
+            posts: {
+              access: {
+                read: () => true,
+              },
+            },
+          },
+        },
+      },
+    }));
+
+    const onFetch = vi.fn();
+    const app = createApp();
+    const response = await app.request('/api/db/app/attacker/tables/posts', {
+      method: 'GET',
+    }, createEnv(onFetch));
+
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "instanceId is not allowed for single-instance namespace 'app'",
+    });
+    expect(onFetch).not.toHaveBeenCalled();
+  });
+
+  it('rejects missing instanceId for dynamic namespaces even for service key requests', async () => {
+    setConfig(defineConfig({
+      release: true,
+      databases: {
+        workspace: {
+          provider: 'do',
+          instance: true,
+          tables: {
+            users: {},
+          },
+        },
+      },
+      serviceKeys: {
+        keys: [
+          {
+            kid: 'root',
+            tier: 'root',
+            scopes: ['*'],
+            secretSource: 'inline',
+            inlineSecret: 'sk-root',
+          },
+        ],
+      },
+    }));
+
+    const onFetch = vi.fn();
+    const app = createApp();
+    const response = await app.request('/api/db/workspace/tables/users', {
+      method: 'POST',
+      headers: {
+        'X-EdgeBase-Service-Key': 'sk-root',
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({ id: 'user-1' }),
+    }, createEnv(onFetch));
+
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "instanceId is required for dynamic namespace 'workspace'",
+    });
+    expect(onFetch).not.toHaveBeenCalled();
+  });
+
   it('does not trust raw X-EdgeBase-Internal on public DB requests', async () => {
     setConfig(defineConfig({
       release: true,

package/src/__tests__/sql-route.test.ts

@@ -48,6 +48,72 @@ describe('sql route', () => {
     });
   });
 
+  it('rejects ids for single-instance namespaces before touching any backend', async () => {
+    setConfig(
+      defineConfig({
+        databases: {
+          shared: {
+            tables: {
+              posts: { schema: { title: { type: 'string' } } },
+            },
+          },
+        },
+        serviceKeys: {
+          keys: [
+            {
+              kid: 'root',
+              tier: 'root',
+              scopes: ['*'],
+              secretSource: 'inline',
+              inlineSecret: 'sk-root',
+            },
+          ],
+        },
+      }),
+    );
+
+    const env = {
+      DATABASE: {
+        idFromName: vi.fn(),
+        get: vi.fn(),
+      },
+      DB_D1_SHARED: {
+        prepare: vi.fn(),
+      },
+    } as unknown as Env;
+
+    const app = createApp();
+    const response = await app.request(
+      '/api/sql',
+      {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'X-EdgeBase-Service-Key': 'sk-root',
+        },
+        body: JSON.stringify({
+          namespace: 'shared',
+          id: 'shadow',
+          sql: 'SELECT 1',
+        }),
+      },
+      env,
+    );
+
+    expect(response.status).toBe(400);
+    await expect(response.json()).resolves.toMatchObject({
+      code: 400,
+      message: "id is not allowed for single-instance namespace 'shared'",
+    });
+    expect(
+      (env as unknown as { DATABASE: { get: ReturnType<typeof vi.fn> } }).DATABASE.get,
+    ).not.toHaveBeenCalled();
+    expect(
+      (env as unknown as { DB_D1_SHARED: { prepare: ReturnType<typeof vi.fn> } }).DB_D1_SHARED
+        .prepare,
+    ).not.toHaveBeenCalled();
+  });
+
   it('retries dynamic DO SQL after create handshake and forwards the DO name', async () => {
     setConfig(
       defineConfig({