@elench/testkit 0.1.82 → 0.1.84

package/lib/runtime/index.d.ts

@@ -141,9 +141,36 @@ export interface HttpClientConfig<TSetup = unknown> {
   sessionBundle?: AuthSessionBundle<TSetup> | null;
 }
 
-export interface ActorRequestClient {
+export interface MultipartFileInput {
+  contentType?: string;
+  data: unknown;
+  field: string;
+  filename?: string;
+}
+
+export interface MultipartPayload {
+  fields?: Record<string, unknown>;
+  files?: MultipartFileInput[];
+}
+
+export interface MultipartRequestClient {
+  patch(path: string, payload: MultipartPayload, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  post(path: string, payload: MultipartPayload, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  put(path: string, payload: MultipartPayload, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+}
+
+export interface RawRequestClient {
+  (
+    method: RuntimeMethod,
+    path: string,
+    body?: unknown,
+    extraHeaders?: RuntimeHeaders
+  ): RuntimeResponse;
+  as(actorName: string): RawRequestClient;
   delete(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   get(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  headers(extraHeaders?: RuntimeHeaders): RuntimeHeaders;
+  multipart: MultipartRequestClient;
   patch(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   post(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   put(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
@@ -155,24 +182,53 @@ export interface ActorRequestClient {
   ): RuntimeResponse;
 }
 
-export interface HttpClient<TSetup = unknown> {
-  as(actorName: string): ActorRequestClient;
+export interface ActorRequestClient {
+  headers(extraHeaders?: RuntimeHeaders): RuntimeHeaders;
+  multipart: MultipartRequestClient;
+  raw(
+    method: RuntimeMethod,
+    path: string,
+    body?: unknown,
+    extraHeaders?: RuntimeHeaders
+  ): RuntimeResponse;
+  rawDelete(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawGet(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawHeaders(extraHeaders?: RuntimeHeaders): RuntimeHeaders;
+  rawMultipart: MultipartRequestClient;
+  rawPatch(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawPost(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawPut(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawReq: RawRequestClient;
   delete(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   get(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   patch(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   post(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   put(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
-  raw(
+  request(
     method: RuntimeMethod,
     path: string,
     body?: unknown,
     extraHeaders?: RuntimeHeaders
   ): RuntimeResponse;
+}
+
+export interface HttpClient<TSetup = unknown> {
+  as(actorName: string): ActorRequestClient;
+  headers(extraHeaders?: RuntimeHeaders): RuntimeHeaders;
+  multipart: MultipartRequestClient;
+  delete(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  get(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  patch(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  post(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  put(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   rawDelete(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   rawGet(path: string, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  rawHeaders(actorName?: string | null, extraHeaders?: RuntimeHeaders): RuntimeHeaders;
+  rawMultipart: MultipartRequestClient;
   rawPatch(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   rawPost(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
   rawPut(path: string, body?: unknown, extraHeaders?: RuntimeHeaders): RuntimeResponse;
+  raw: RawRequestClient;
   request(
     method: RuntimeMethod,
     path: string,
@@ -255,7 +311,7 @@ export declare function makeRawReq(
   baseUrl: string,
   routeHeaders?: RuntimeHeaders,
   getRawHeaders?: (context: HttpHeaderBuildContext<never>) => RuntimeHeaders | void
-): HttpClient["raw"];
+): RawRequestClient;
 
 export declare function expectStatus(
   response: RuntimeResponse,
@@ -283,6 +339,83 @@ export declare function expectJsonPath(
   predicate: (value: unknown) => boolean,
   label?: string | null
 ): boolean;
+export declare function expectErrorShape(
+  response: RuntimeResponse,
+  label?: string | null
+): boolean;
+export declare function expectErrorMessage(
+  response: RuntimeResponse,
+  label?: string | null
+): boolean;
+export declare function expectResponse(
+  response: RuntimeResponse,
+  predicate: (response: RuntimeResponse) => boolean,
+  label: string
+): boolean;
+export declare function expectValue<T>(
+  value: T,
+  predicate: (value: T) => boolean,
+  label: string
+): boolean;
+export declare function expectCondition(
+  predicate: () => boolean,
+  label: string
+): boolean;
+
+export declare function runAuthGateChecks(
+  rawReq: RawRequestClient,
+  scope: string,
+  descriptors: {
+    delete?: Array<string>;
+    get?: Array<string>;
+    patch?: Array<string | [string, unknown]>;
+    post?: Array<string | [string, unknown]>;
+    put?: Array<string | [string, unknown]>;
+    validateGetErrorShape?: boolean;
+  }
+): void;
+export declare function runPaginationChecks(
+  req: Pick<HttpClient, "get">,
+  endpoint: string,
+  options?: { auditLogsExtra?: boolean }
+): void;
+
+export interface RuntimeExpectNamespace {
+  condition: typeof expectCondition;
+  error: {
+    message: typeof expectErrorMessage;
+    shape: typeof expectErrorShape;
+  };
+  json: typeof expectJson;
+  jsonPath: typeof expectJsonPath;
+  notStatus: typeof expectNotStatus;
+  response: typeof expectResponse;
+  status: typeof expectStatus;
+  statusOneOf: typeof expectStatusOneOf;
+  value: typeof expectValue;
+}
+
+export interface RuntimeParseNamespace {
+  cookie(response: Pick<RuntimeResponse, "headers">, cookieName: string): string | null;
+  json<T = unknown>(response: Pick<RuntimeResponse, "body">): T;
+  safeJson: typeof safeJson;
+  sse(body: string): Array<{ event: string | null; data: unknown }>;
+  sseEvent<T = unknown>(body: string, eventName: string): T | null;
+}
+
+export interface RuntimeChecksNamespace {
+  authGate: typeof runAuthGateChecks;
+  pagination: typeof runPaginationChecks;
+}
+
+export interface RuntimeNetworkNamespace {
+  deterministicIp(seed: string | number, offset?: number): string;
+}
+
+export declare const expect: RuntimeExpectNamespace;
+export declare const parse: RuntimeParseNamespace;
+export declare const checks: RuntimeChecksNamespace;
+export declare const network: RuntimeNetworkNamespace;
 
 declare global {
   const __ENV: Record<string, string | undefined>;

package/lib/runtime/index.mjs

@@ -1,6 +1,13 @@
 import rawHttp from "k6/http";
 import { Rate, Trend } from "k6/metrics";
 import { fail, sleep } from "k6";
+import { deriveDeterministicIp } from "../runtime-src/shared/error-body.mjs";
+import {
+  extractCookie,
+  getSseEventData,
+  parseJsonBody,
+  parseSseEvents,
+} from "../runtime-src/shared/http-parsing.mjs";
 import {
   formatWaitForTimeoutError,
   normalizeWaitIntervalSeconds,
@@ -27,17 +34,26 @@ export {
   contains,
   defaultOptions,
   evaluateCheck,
-  isSorted,
   json,
+  isSorted,
   singleIterationOptions,
 } from "../runtime-src/k6/checks.js";
 export {
+  expectCondition,
+  expectErrorMessage,
+  expectErrorShape,
   expectJson,
   expectJsonPath,
   expectNotStatus,
+  expectResponse,
   expectStatus,
   expectStatusOneOf,
+  expectValue,
 } from "../runtime-src/k6/http-assertions.js";
+export {
+  runAuthGateChecks,
+  runPaginationChecks,
+} from "../runtime-src/k6/http-checks.js";
 export {
   createDalContext,
   openDb,
@@ -48,13 +64,63 @@ export {
   defaultOptions as httpDefaultOptions,
   getEnv,
   getHttpTrace,
-  makeRawReq,
   makeReq,
+  makeRawReq,
   safeJson,
   summarizeHttpTrace,
   toBodyPreview,
 } from "../runtime-src/k6/http.js";
 
+import {
+  expectCondition,
+  expectErrorMessage,
+  expectErrorShape,
+  expectJson,
+  expectJsonPath,
+  expectNotStatus,
+  expectResponse,
+  expectStatus,
+  expectStatusOneOf,
+  expectValue,
+} from "../runtime-src/k6/http-assertions.js";
+import {
+  runAuthGateChecks,
+  runPaginationChecks,
+} from "../runtime-src/k6/http-checks.js";
+import { safeJson } from "../runtime-src/k6/http.js";
+
+export const expect = {
+  condition: expectCondition,
+  error: {
+    message: expectErrorMessage,
+    shape: expectErrorShape,
+  },
+  json: expectJson,
+  jsonPath: expectJsonPath,
+  notStatus: expectNotStatus,
+  response: expectResponse,
+  status: expectStatus,
+  statusOneOf: expectStatusOneOf,
+  value: expectValue,
+};
+
+export const parse = {
+  cookie: extractCookie,
+  json: parseJsonBody,
+  safeJson,
+  sse: parseSseEvents,
+  sseEvent: getSseEventData,
+};
+
+export const checks = {
+  authGate: runAuthGateChecks,
+  pagination: runPaginationChecks,
+};
+
+export const network = {
+  deterministicIp: deriveDeterministicIp,
+};
+
 export function getTestkitContext() {
   return readTestkitContext(__ENV);
 }

package/lib/runtime-src/k6/http-assertions.js

@@ -1,4 +1,8 @@
-import { evaluateCheck, recordFailureDetail } from "./checks.js";
+import { check, evaluateCheck, recordFailureDetail } from "./checks.js";
+import {
+  extractErrorMessageFromBody,
+  hasStandardErrorShape,
+} from "../shared/error-body.mjs";
 import { safeJson, summarizeHttpTrace, toBodyPreview } from "./http.js";
 
 export function expectStatus(response, expected, label = null) {
@@ -122,6 +126,32 @@ export function expectJsonPath(response, path, predicate, label = null) {
   );
 }
 
+export function expectErrorShape(response, label = "response has standard error shape") {
+  return expectJson(response, hasStandardErrorShape, label);
+}
+
+export function expectErrorMessage(response, label = "response includes extractable error message") {
+  return expectJson(response, (body) => extractErrorMessageFromBody(body) !== null, label);
+}
+
+export function expectResponse(response, predicate, label) {
+  return check(response, {
+    [normalizeLabel(label, "response matches expectation")]: predicate,
+  });
+}
+
+export function expectValue(value, predicate, label) {
+  return check(value, {
+    [normalizeLabel(label, "value matches expectation")]: predicate,
+  });
+}
+
+export function expectCondition(predicate, label) {
+  return check(null, {
+    [normalizeLabel(label, "condition holds")]: () => Boolean(predicate()),
+  });
+}
+
 function buildHttpAssertionDetail({ kind, title, trace, expected, actual, response, message }) {
   return {
     kind,

package/lib/runtime-src/k6/http-checks.js

@@ -0,0 +1,120 @@
+import { group } from "./checks.js";
+import {
+  expectErrorShape,
+  expectNotStatus,
+  expectResponse,
+  expectStatus,
+  expectStatusOneOf,
+} from "./http-assertions.js";
+
+const DEFAULT_PAGINATION_CASES = [
+  { qs: "limit=0", label: "limit=0", expect400: false },
+  { qs: "limit=-1", label: "limit=-1", expect400: true },
+  { qs: "limit=999999", label: "limit=999999", expect400: false },
+  { qs: "limit=abc", label: "limit=abc", expect400: true },
+  { qs: "offset=-1", label: "offset=-1", expect400: true },
+  { qs: "offset=1.5", label: "offset=1.5", expect400: true },
+];
+
+const AUDIT_LOGS_PAGINATION_CASES = [
+  { qs: "limit=1e3", label: "limit=1e3 (scientific notation)" },
+  { qs: "limit=Infinity", label: "limit=Infinity" },
+  { qs: "limit=NaN", label: "limit=NaN" },
+  { qs: "offset=NaN", label: "offset=NaN" },
+  { qs: "limit=", label: "limit= (empty)" },
+  { qs: "offset=", label: "offset= (empty)" },
+  { qs: "limit=0x10", label: "limit=0x10 (hex)" },
+];
+
+export function runAuthGateChecks(rawReq, scope, descriptors = {}) {
+  const {
+    get = [],
+    post = [],
+    patch = [],
+    delete: deleteCases = [],
+    put = [],
+    validateGetErrorShape = false,
+  } = descriptors;
+
+  runMethodAuthGateChecks(rawReq, scope, "GET", get, validateGetErrorShape);
+  runMethodAuthGateChecks(rawReq, scope, "POST", post);
+  runMethodAuthGateChecks(rawReq, scope, "PATCH", patch);
+  runMethodAuthGateChecks(rawReq, scope, "DELETE", deleteCases);
+  runMethodAuthGateChecks(rawReq, scope, "PUT", put);
+}
+
+export function runPaginationChecks(req, endpoint, options = {}) {
+  group(`${endpoint} — pagination abuse`, () => {
+    for (const { qs, label, expect400 } of DEFAULT_PAGINATION_CASES) {
+      const url = `${endpoint}?${qs}`;
+      const response = req.get(url);
+
+      expectNotStatus(response, 500, `${label} → not 500`);
+      if (response.status === 500) {
+        expectResponse(response, () => true, `BUG: ${endpoint} crashes on ${label}`);
+      }
+
+      if (expect400) {
+        expectStatus(response, 400, `${label} → 400`);
+        if (response.status === 200) {
+          expectResponse(response, () => true, `BUG: ${endpoint} accepts ${label}`);
+        }
+      }
+
+      if (label === "limit=abc" && response.body) {
+        expectResponse(response, (value) => !value.body.includes("NaN"), `${label} → no NaN in response`);
+      }
+    }
+
+    if (!options.auditLogsExtra) {
+      return;
+    }
+
+    for (const { qs, label } of AUDIT_LOGS_PAGINATION_CASES) {
+      const url = `${endpoint}?${qs}`;
+      const response = req.get(url);
+
+      expectNotStatus(response, 500, `audit-logs ${label} → not 500`);
+      if (response.status === 500) {
+        expectResponse(response, () => true, `BUG: audit-logs crashes on ${label}`);
+      }
+
+      expectStatusOneOf(response, [400, 200], `audit-logs ${label} → 400 (not silently accepted)`);
+      if (response.status === 200 && response.body) {
+        expectResponse(response, (value) => !value.body.includes("NaN"), `audit-logs ${label} → no NaN in response`);
+      }
+    }
+  });
+}
+
+function runMethodAuthGateChecks(rawReq, scope, method, cases, validateErrorShape = false) {
+  if (!Array.isArray(cases) || cases.length === 0) {
+    return;
+  }
+
+  group(`${scope} ${method} endpoints return 401 without auth`, () => {
+    for (const entry of cases) {
+      const { path, body } = normalizeRequestCase(entry);
+      const response = rawReq(method, path, body);
+
+      expectStatus(response, 401, `${method} ${path} → 401`);
+      if (validateErrorShape && method === "GET" && response.status === 401) {
+        expectErrorShape(response, `${method} ${path} error shape`);
+      }
+    }
+  });
+}
+
+function normalizeRequestCase(entry) {
+  if (Array.isArray(entry)) {
+    return {
+      path: entry[0],
+      body: entry[1],
+    };
+  }
+
+  return {
+    path: entry,
+    body: undefined,
+  };
+}

package/lib/runtime-src/k6/http-suite-runtime.js

@@ -64,14 +64,18 @@ export function createSuiteActors(sessionBundle, client, profileMeta) {
   const actorNames = profileMeta?.actorNames || Object.keys(sessionBundle?.actors || {});
   const entries = actorNames.map((actorName) => {
     const actorRecord = sessionBundle?.actors?.[actorName] || null;
+    const actorClient = client.as(actorName);
     return {
       email: actorRecord?.email || null,
+      headers: actorClient.headers(),
       index: Number(actorRecord?.actorIndex ?? 0),
       key: actorName,
       name: actorRecord?.name || null,
       organizationKey: actorRecord?.organizationKey || null,
       organizationName: actorRecord?.organizationName || null,
-      req: client.as(actorName),
+      rawHeaders: actorClient.rawHeaders(),
+      rawReq: actorClient.rawReq,
+      req: actorClient,
       session: actorRecord?.session || null,
     };
   });