@elench/testkit 0.1.77 → 0.1.79

package/lib/config-api/index.mjs

@@ -3,21 +3,23 @@ import {
   clearRuntimeContext,
   getRepoConfig,
   getRuntimeContext,
-  getRuntimeEnv,
   registerRepoConfig,
   registerRuntimeContext,
   runtimeHttp,
   runtimeJson,
 } from "./runtime.mjs";
+import {
+  customProfile,
+  localJsonProfile,
+  multiActorProfile,
+  rawProfile,
+  sessionProfile,
+} from "./profiles.mjs";
 
 export function defineConfig(config) {
   return config || {};
 }
 
-export function defineHttpProfile(profile) {
-  return profile || {};
-}
-
 export function defineFile(metadata) {
   return metadata || {};
 }
@@ -262,73 +264,13 @@ export const toolchain = {
   node: nodeToolchain,
 };
 
-export function clerkSessionProfile(options = {}) {
-  const apiBase = options.apiBase || "https://api.clerk.com/v1";
-  const secretKeyEnv = options.secretKeyEnv || "CLERK_SECRET_KEY";
-  const needsAuth = options.needsAuth !== false;
-
-  return defineHttpProfile({
-    auth: {
-      setup() {
-        return resolveClerkSession({
-          apiBase,
-          secretKey: envValue(secretKeyEnv),
-          needsAuth,
-        });
-      },
-      headers(setupData) {
-        return getClerkAuthHeaders(setupData, { apiBase });
-      },
-    },
-  });
-}
-
-export function jsonSessionProfile(options = {}) {
-  const loginPath = options.loginPath || "/api/auth/login";
-  const cookieName = options.cookieName || "session";
-  const body =
-    typeof options.body === "function"
-      ? options.body
-      : () => ({
-          username: envValue(options.usernameEnv || "TESTKIT_USERNAME"),
-          password: envValue(options.passwordEnv || "TESTKIT_PASSWORD"),
-        });
-
-  return defineHttpProfile({
-    auth: {
-      setup({ env }) {
-        const requestBody = body({ env });
-        const res = runtimeHttp.post(`${env.BASE}${loginPath}`, JSON.stringify(requestBody), {
-          headers: {
-            "Content-Type": "application/json",
-            ...(env.routeParams || {}),
-            ...(options.headers || {}),
-          },
-        });
-
-        if (res.status !== (options.successStatus || 200)) {
-          throw new Error(`Login failed (${res.status}): ${res.body}`);
-        }
-
-        const cookie = res.cookies?.[cookieName]?.[0]?.value ?? null;
-        if (!cookie) {
-          throw new Error(`No ${cookieName} cookie returned from login`);
-        }
-
-        return {
-          cookie,
-          body: safeJson(res),
-        };
-      },
-      headers(session) {
-        if (!session?.cookie) return {};
-        return {
-          Cookie: `${cookieName}=${session.cookie}`,
-        };
-      },
-    },
-  });
-}
+export const profiles = {
+  custom: customProfile,
+  localJson: localJsonProfile,
+  multiActor: multiActorProfile,
+  raw: rawProfile,
+  session: sessionProfile,
+};
 
 export {
   clearRepoConfig,
@@ -430,101 +372,3 @@ function compiledEntryFromSource(entry, outDir) {
   const relative = compiled.startsWith("src/") ? compiled.slice(4) : compiled;
   return `${outDir}/${relative}`.replace(/\/+/g, "/");
 }
-
-function envValue(name) {
-  const env = getRuntimeEnv();
-  const value = env?.rawEnv?.[name] || env?.[name];
-  if (!value) {
-    throw new Error(`Missing required env var "${name}" for testkit config`);
-  }
-  return value;
-}
-
-function safeJson(response) {
-  try {
-    return runtimeJson(response);
-  } catch {
-    return null;
-  }
-}
-
-function resolveClerkSession({ apiBase, secretKey, needsAuth }) {
-  if (!needsAuth) {
-    return { jwt: null };
-  }
-
-  const headers = { Authorization: `Bearer ${secretKey}` };
-  const usersRes = runtimeHttp.get(`${apiBase}/users?limit=1&order_by=-created_at`, {
-    headers,
-  });
-  if (usersRes.status !== 200) {
-    throw new Error(`Clerk list users failed (${usersRes.status}): ${usersRes.body}`);
-  }
-
-  const users = runtimeJson(usersRes);
-  if (!users.length) {
-    throw new Error("No Clerk users found for testkit Clerk auth profile");
-  }
-
-  const userId = users[0].id;
-  const sessionsRes = runtimeHttp.get(
-    `${apiBase}/sessions?user_id=${userId}&status=active&limit=1`,
-    { headers }
-  );
-  if (sessionsRes.status !== 200) {
-    throw new Error(`Clerk list sessions failed (${sessionsRes.status}): ${sessionsRes.body}`);
-  }
-
-  const sessions = runtimeJson(sessionsRes);
-  if (!sessions?.length) {
-    throw new Error("No active Clerk session found for testkit Clerk auth profile");
-  }
-
-  const sessionId = sessions[0].id;
-  const tokenRes = runtimeHttp.post(`${apiBase}/sessions/${sessionId}/tokens`, null, {
-    headers: {
-      ...headers,
-      "Content-Type": "application/json",
-    },
-  });
-  if (tokenRes.status !== 200) {
-    throw new Error(`Clerk create token failed (${tokenRes.status}): ${tokenRes.body}`);
-  }
-
-  return {
-    jwt: runtimeJson(tokenRes).jwt,
-    sessionId,
-    secretKey,
-  };
-}
-
-function getClerkAuthHeaders(setupData, { apiBase }) {
-  if (!setupData?.jwt) return {};
-
-  if (!setupData.sessionId || !setupData.secretKey) {
-    return {
-      Authorization: `Bearer ${setupData.jwt}`,
-      "Content-Type": "application/json",
-    };
-  }
-
-  const tokenRes = runtimeHttp.post(`${apiBase}/sessions/${setupData.sessionId}/tokens`, null, {
-    headers: {
-      Authorization: `Bearer ${setupData.secretKey}`,
-      "Content-Type": "application/json",
-    },
-  });
-  if (tokenRes.status !== 200) {
-    return {
-      Authorization: `Bearer ${setupData.jwt}`,
-      "Content-Type": "application/json",
-    };
-  }
-
-  const nextJwt = runtimeJson(tokenRes).jwt;
-  setupData.jwt = nextJwt;
-  return {
-    Authorization: `Bearer ${nextJwt}`,
-    "Content-Type": "application/json",
-  };
-}

package/lib/config-api/index.test.mjs

@@ -4,9 +4,10 @@ import {
   database,
   defineConfig,
   defineFile,
-  defineHttpProfile,
+  profiles,
   toolchain,
 } from "./index.mjs";
+import { clearRuntimeContext, registerRuntimeContext } from "./runtime.mjs";
 
 describe("config api", () => {
   it("defines repo config plainly", () => {
@@ -15,9 +16,286 @@ describe("config api", () => {
     });
   });
 
-  it("defines HTTP profiles plainly", () => {
-    const profile = defineHttpProfile({ headers: () => ({ Authorization: "Bearer token" }) });
-    expect(typeof profile.headers).toBe("function");
+  it("builds raw HTTP profiles with deterministic forwarded headers", () => {
+    const profile = profiles.raw({
+      headers: {
+        contentTypeJson: true,
+        forwardedFor: "deterministic",
+        values: { "X-Testkit-Mode": "raw" },
+      },
+    });
+
+    const headers = profile.headers?.(null, { env: { BASE: "http://api.test" } });
+    const rawHeaders = profile.rawHeaders?.(null, { env: { BASE: "http://api.test" } });
+
+    expect(headers).toMatchObject({
+      "Content-Type": "application/json",
+      "X-Testkit-Mode": "raw",
+    });
+    expect(headers["X-Forwarded-For"]).toMatch(/^10\.\d+\.\d+\.\d+$/);
+    expect(rawHeaders).toEqual(headers);
+  });
+
+  it("builds session profiles that perform bootstrap/login and derive auth/session headers", () => {
+    const requests = [];
+    registerRuntimeContext({
+      env: {
+        BASE: "http://api.test",
+        routeParams: { "x-route": "route-a" },
+      },
+      http: {
+        post(url, body, params) {
+          requests.push({ url, body, params });
+          if (url.endsWith("/signup")) {
+            return {
+              status: 201,
+              body: JSON.stringify({ data: { organizations: [{ id: "org-signup" }] } }),
+              headers: {
+                "set-cookie": ["fixture_session=signup-token; Path=/", "fixture_refresh=signup-refresh; Path=/"],
+              },
+            };
+          }
+          return {
+            status: 200,
+            body: JSON.stringify({ data: { organizations: [{ id: "org-123" }] } }),
+            headers: {
+              "set-cookie": ["fixture_session=jwt-123; Path=/", "fixture_refresh=refresh-123; Path=/"],
+            },
+          };
+        },
+      },
+    });
+
+    const profile = profiles.session({
+      actor: {
+        bootstrap: {
+          path: "/signup",
+          expect: [201, 409],
+          body: ({ actor }) => ({ email: `${actor}@example.com` }),
+        },
+        login: {
+          path: "/login",
+          expect: 200,
+          body: ({ actor }) => ({ email: `${actor}@example.com` }),
+        },
+        session: {
+          cookies: {
+            jwt: "fixture_session",
+            refreshToken: "fixture_refresh",
+          },
+          fields: {
+            organizationId: "data.organizations[0].id",
+          },
+          auth: {
+            source: { key: "jwt" },
+          },
+        },
+      },
+      headers: {
+        contentTypeJson: true,
+        forwardedFor: "deterministic",
+        fromSession: [{ header: "X-Organization-Id", field: "organizationId" }],
+        values: ({ actor }) => ({ "X-Testkit-Actor": actor || "primary" }),
+      },
+    });
+
+    const session = profile.auth.setup({
+      env: { BASE: "http://api.test", routeParams: { "x-route": "route-a" } },
+    });
+    const authHeaders = profile.auth.headers(session, { env: { BASE: "http://api.test" } });
+    const requestHeaders = profile.headers(session, { env: { BASE: "http://api.test" } });
+
+    expect(requests).toHaveLength(2);
+    expect(requests[0].params.headers["x-route"]).toBe("route-a");
+    expect(session).toEqual({
+      jwt: "jwt-123",
+      refreshToken: "refresh-123",
+      organizationId: "org-123",
+    });
+    expect(authHeaders).toEqual({
+      Authorization: "Bearer jwt-123",
+    });
+    expect(requestHeaders).toMatchObject({
+      "Content-Type": "application/json",
+      "X-Organization-Id": "org-123",
+      "X-Testkit-Actor": "primary",
+    });
+    expect(requestHeaders["X-Forwarded-For"]).toMatch(/^10\.\d+\.\d+\.\d+$/);
+    clearRuntimeContext();
+  });
+
+  it("builds local-json profile presets that derive session, multi-actor, and raw variants", () => {
+    const requests = [];
+    registerRuntimeContext({
+      env: {
+        BASE: "http://api.test",
+      },
+      http: {
+        post(url, body) {
+          const payload = JSON.parse(body);
+          requests.push({ url, payload });
+          const actor = payload.email.startsWith("primary")
+            ? "primary"
+            : payload.email.startsWith("user-a")
+              ? "userA"
+              : "userB";
+          return {
+            status: url.endsWith("/signup") ? 201 : 200,
+            body: JSON.stringify({
+              data: {
+                organizations: [{ id: `org-${actor}` }],
+              },
+            }),
+            headers: {
+              "set-cookie": [
+                `fixture_session=jwt-${actor}; Path=/`,
+                `fixture_refresh=refresh-${actor}; Path=/`,
+              ],
+            },
+          };
+        },
+      },
+    });
+
+    const auth = profiles.localJson({
+      password: "TestkitPass2026",
+      identities: {
+        primary: {
+          email: "primary@example.com",
+          name: "Primary User",
+          organizationName: "Primary Org",
+        },
+        userA: {
+          email: "user-a@example.com",
+          name: "User A",
+          organizationName: "Org A",
+        },
+        userB: {
+          email: "user-b@example.com",
+          name: "User B",
+          organizationName: "Org B",
+        },
+      },
+      session: {
+        authCookie: "fixture_session",
+        refreshCookie: "fixture_refresh",
+        organizationIdPath: "data.organizations[0].id",
+      },
+      headers: {
+        contentTypeJson: true,
+        forwardedFor: "deterministic",
+        organization: "X-Organization-Id",
+      },
+    });
+
+    const defaultProfile = auth.session();
+    const defaultSetup = defaultProfile.auth.setup({ env: { BASE: "http://api.test" } });
+    expect(defaultSetup).toEqual({
+      jwt: "jwt-primary",
+      refreshToken: "refresh-primary",
+      organizationId: "org-primary",
+    });
+    expect(defaultProfile.auth.headers(defaultSetup)).toEqual({
+      Authorization: "Bearer jwt-primary",
+    });
+    expect(defaultProfile.headers(defaultSetup, { env: { BASE: "http://api.test" } })).toMatchObject({
+      "Content-Type": "application/json",
+      "X-Organization-Id": "org-primary",
+    });
+
+    const dualProfile = auth.multiActor({
+      primaryActor: "userA",
+      actors: ["userA", "userB"],
+    });
+    const dualSetup = dualProfile.auth.setup({ env: { BASE: "http://api.test" } });
+    expect(dualSetup.userA.organizationId).toBe("org-userA");
+    expect(dualSetup.userB.organizationId).toBe("org-userB");
+    expect(dualProfile.auth.headers(dualSetup)).toEqual({
+      Authorization: "Bearer jwt-userA",
+    });
+
+    const rawProfile = auth.raw();
+    expect(rawProfile.rawHeaders(null, { env: { BASE: "http://api.test" } })).toMatchObject({
+      "Content-Type": "application/json",
+    });
+
+    expect(requests.map((entry) => entry.url)).toEqual([
+      "http://api.test/api/v1/auth/signup",
+      "http://api.test/api/v1/auth/login",
+      "http://api.test/api/v1/auth/signup",
+      "http://api.test/api/v1/auth/login",
+      "http://api.test/api/v1/auth/signup",
+      "http://api.test/api/v1/auth/login",
+    ]);
+    clearRuntimeContext();
+  });
+
+  it("builds multi-actor profiles and derives headers from the primary actor by default", () => {
+    const responses = {
+      alpha: {
+        status: 200,
+        body: JSON.stringify({ data: { organizations: [{ id: "org-alpha" }] } }),
+        headers: { "set-cookie": "fixture_session=token-alpha; Path=/" },
+      },
+      beta: {
+        status: 200,
+        body: JSON.stringify({ data: { organizations: [{ id: "org-beta" }] } }),
+        headers: { "set-cookie": "fixture_session=token-beta; Path=/" },
+      },
+    };
+    registerRuntimeContext({
+      env: {
+        BASE: "http://api.test",
+      },
+      http: {
+        post(_url, body) {
+          const payload = JSON.parse(body);
+          return payload.email.startsWith("alpha") ? responses.alpha : responses.beta;
+        },
+      },
+    });
+
+    const profile = profiles.multiActor({
+      primaryActor: "userA",
+      actors: {
+        userA: {
+          login: {
+            path: "/login",
+            body: () => ({ email: "alpha@example.com" }),
+          },
+          session: {
+            cookies: { jwt: "fixture_session" },
+            fields: { organizationId: "data.organizations[0].id" },
+            auth: { source: { key: "jwt" } },
+          },
+        },
+        userB: {
+          login: {
+            path: "/login",
+            body: () => ({ email: "beta@example.com" }),
+          },
+          session: {
+            cookies: { jwt: "fixture_session" },
+            fields: { organizationId: "data.organizations[0].id" },
+            auth: { source: { key: "jwt" } },
+          },
+        },
+      },
+      headers: {
+        fromSession: [{ header: "X-Organization-Id", field: "organizationId" }],
+      },
+    });
+
+    const setupData = profile.auth.setup({ env: { BASE: "http://api.test" } });
+    expect(setupData.userA.organizationId).toBe("org-alpha");
+    expect(setupData.userB.organizationId).toBe("org-beta");
+    expect(profile.auth.headers(setupData)).toEqual({
+      Authorization: "Bearer token-alpha",
+    });
+    expect(profile.headers(setupData, { env: { BASE: "http://api.test" } })).toMatchObject({
+      "X-Organization-Id": "org-alpha",
+    });
+    clearRuntimeContext();
   });
 
   it("defines file-local metadata plainly", () => {