@fuzdev/fuz_app 0.24.0 → 0.25.0

package/dist/db/migrate.js

@@ -3,7 +3,11 @@
  *
  * Migrations are functions in ordered arrays, grouped by namespace.
  * A `schema_version` table tracks progress per namespace.
- * Each migration runs in its own transaction.
+ *
+ * **Chain-level transactions**: All pending migrations in a namespace run in a
+ * single transaction. Any failure rolls back every migration in that run —
+ * no partial-state recovery. This rules out non-transactional DDL (e.g.,
+ * `CREATE INDEX CONCURRENTLY`); run those out of band.
  *
  * **Forward-only**: No down-migrations. Schema changes are additive.
  * For pre-release development, collapse migrations into a single v0.
@@ -46,9 +50,15 @@ const namespace_lock_key = (namespace) => {
  *
  * Creates the `schema_version` tracking table if it does not exist,
  * then for each namespace: acquires an advisory lock, reads the current
- * version, runs pending migrations in order (each in its own transaction),
+ * version, runs all pending migrations in order inside a single transaction,
  * updates the stored version, and releases the lock.
  *
+ * **Atomicity**: The pending chain for each namespace runs in one transaction —
+ * any failure rolls back every migration that ran in that invocation. The
+ * next run starts from the previously-stored version, re-running the whole
+ * (fixed) chain. Namespaces are independent: a later namespace's failure
+ * does not roll back an earlier namespace that already committed.
+ *
  * **Concurrency**: Uses PostgreSQL advisory locks to serialize concurrent
  * callers on the same namespace. Safe for multi-instance deployments.
  *
@@ -59,7 +69,6 @@ const namespace_lock_key = (namespace) => {
 export const run_migrations = async (db, namespaces) => {
     await db.query(SCHEMA_VERSION_DDL);
     const results = [];
-    /* eslint-disable no-await-in-loop */
     for (const { namespace, migrations } of namespaces) {
         const lock_key = namespace_lock_key(namespace);
         // Acquire advisory lock — serializes concurrent migration runs
@@ -78,24 +87,25 @@ export const run_migrations = async (db, namespaces) => {
             if (current_version === migrations.length) {
                 continue; // up to date
             }
-            // run pending migrations, each in its own transaction with version upsert
-            for (let i = current_version; i < migrations.length; i++) {
-                const { fn, name } = resolve_migration(migrations[i]);
-                const label = name != null ? `"${name}"` : '';
-                try {
-                    await db.transaction(async (tx) => {
+            // run all pending migrations in a single transaction — any failure
+            // rolls back the whole pending chain
+            await db.transaction(async (tx) => {
+                for (let i = current_version; i < migrations.length; i++) {
+                    const { fn, name } = resolve_migration(migrations[i]);
+                    const label = name != null ? `"${name}"` : '';
+                    try {
                         await fn(tx);
                         await tx.query(`INSERT INTO schema_version (namespace, version, applied_at)
 							 VALUES ($1, $2, NOW())
 							 ON CONFLICT (namespace)
 							 DO UPDATE SET version = $2, applied_at = NOW()`, [namespace, i + 1]);
-                    });
-                }
-                catch (err) {
-                    const name_part = label ? ` ${label}` : '';
-                    throw new Error(`Migration ${namespace}[${i}]${name_part} failed: ${err instanceof Error ? err.message : String(err)}`, { cause: err });
+                    }
+                    catch (err) {
+                        const name_part = label ? ` ${label}` : '';
+                        throw new Error(`Migration ${namespace}[${i}]${name_part} failed: ${err instanceof Error ? err.message : String(err)}`, { cause: err });
+                    }
                 }
-            }
+            });
             results.push({
                 namespace,
                 from_version: current_version,
@@ -113,6 +123,5 @@ export const run_migrations = async (db, namespaces) => {
             }
         }
     }
-    /* eslint-enable no-await-in-loop */
     return results;
 };

package/dist/db/status.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"status.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/db/status.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,cAAc,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,mDAAmD;IACnD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,UAAU,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,yCAAyC;IACzC,SAAS,EAAE,OAAO,CAAC;IACnB,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3B,sCAAsC;IACtC,UAAU,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACnC;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,eAAe,GAC3B,IAAI,EAAE,EACN,aAAa,KAAK,CAAC,kBAAkB,CAAC,KACpC,OAAO,CAAC,QAAQ,CA+ElB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,QAAQ,QAAQ,KAAG,MA6BnD,CAAC"}
+{"version":3,"file":"status.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/db/status.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,SAAS,CAAC;AAChC,OAAO,KAAK,EAAC,kBAAkB,EAAC,MAAM,cAAc,CAAC;AAErD;;GAEG;AACH,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,qDAAqD;IACrD,eAAe,EAAE,MAAM,CAAC;IACxB,mDAAmD;IACnD,iBAAiB,EAAE,MAAM,CAAC;IAC1B,wCAAwC;IACxC,UAAU,EAAE,OAAO,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,QAAQ;IACxB,yCAAyC;IACzC,SAAS,EAAE,OAAO,CAAC;IACnB,0CAA0C;IAC1C,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,+BAA+B;IAC/B,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,MAAM,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC;IAC3B,sCAAsC;IACtC,UAAU,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACnC;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,eAAe,GAC3B,IAAI,EAAE,EACN,aAAa,KAAK,CAAC,kBAAkB,CAAC,KACpC,OAAO,CAAC,QAAQ,CA8ElB,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,gBAAgB,GAAI,QAAQ,QAAQ,KAAG,MA6BnD,CAAC"}

package/dist/db/status.js

@@ -36,7 +36,6 @@ export const query_db_status = async (db, namespaces) => {
     const tables = [];
     for (const { table_name } of table_rows) {
         // table_name from information_schema is trusted
-        // eslint-disable-next-line no-await-in-loop
         const result = await db.query_one(`SELECT COUNT(*) as count FROM "${table_name}"`);
         tables.push({
             name: table_name,
@@ -53,7 +52,6 @@ export const query_db_status = async (db, namespaces) => {
 			) as exists`);
         if (sv_exists?.exists) {
             for (const { namespace, migrations: ns_migrations } of namespaces) {
-                // eslint-disable-next-line no-await-in-loop
                 const row = await db.query_one('SELECT version FROM schema_version WHERE namespace = $1', [namespace]);
                 const current_version = row?.version ?? 0;
                 migrations.push({

package/dist/dev/setup.js

@@ -93,7 +93,7 @@ export const setup_env_file = async (deps, env_path, example_path, options) => {
         for (const [key, generate] of Object.entries(replacements)) {
             const pattern = new RegExp(`^${key}=$`, 'm');
             if (pattern.test(content)) {
-                const value = await generate(); // eslint-disable-line no-await-in-loop
+                const value = await generate();
                 content = content.replace(pattern, `${key}=${value}`);
                 changed = true;
                 log.ok(`Generated ${key} in existing ${env_path}`);
@@ -114,7 +114,7 @@ export const setup_env_file = async (deps, env_path, example_path, options) => {
     for (const [key, generate] of Object.entries(replacements)) {
         const pattern = new RegExp(`^${key}=$`, 'm');
         if (pattern.test(content)) {
-            const value = await generate(); // eslint-disable-line no-await-in-loop
+            const value = await generate();
             content = content.replace(pattern, `${key}=${value}`);
         }
     }

package/dist/http/db_routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"db_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/db_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAmB,KAAK,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAWjE;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,WAAW,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3D,+EAA+E;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,GAAI,SAAS,cAAc,KAAG,KAAK,CAAC,SAAS,CAuN9E,CAAC"}
+{"version":3,"file":"db_routes.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/http/db_routes.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAC,MAAM,EAAC,MAAM,yBAAyB,CAAC;AAEpD,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAmB,KAAK,SAAS,EAAC,MAAM,iBAAiB,CAAC;AAWjE;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,UAAU,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,WAAW,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;CACpB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,WAAW,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;IAC3D,+EAA+E;IAC/E,GAAG,CAAC,EAAE,MAAM,CAAC;CACb;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,GAAI,SAAS,cAAc,KAAG,KAAK,CAAC,SAAS,CAsN9E,CAAC"}

package/dist/http/db_routes.js

@@ -66,7 +66,6 @@ export const create_db_route_specs = (options) => {
 					 ORDER BY table_name`);
                 const tables = [];
                 for (const { table_name } of table_names) {
-                    // eslint-disable-next-line no-await-in-loop
                     const result = await route.db.query_one(`SELECT COUNT(*) as count FROM "${assert_valid_sql_identifier(table_name)}"`);
                     tables.push({
                         name: table_name,

package/dist/testing/admin_integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAGtF,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAUjB;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAwnCF,CAAC"}
+{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAGtF,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAUjB;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAsnCF,CAAC"}

package/dist/testing/admin_integration.js

@@ -804,7 +804,6 @@ export const describe_standard_admin_integration_tests = (options) => {
                 const admin_routes = test_app.route_specs.filter((s) => s.path.startsWith(prefix) && s.auth.type === 'role' && s.auth.role === 'admin');
                 // Hit admin routes without auth to exercise 401 error schemas
                 for (const route of admin_routes.slice(0, 5)) {
-                    // eslint-disable-next-line no-await-in-loop
                     const res = await test_app.app.request(route.path, {
                         method: route.method,
                         headers: { host: 'localhost' },
@@ -826,12 +825,10 @@ export const describe_standard_admin_integration_tests = (options) => {
                     s.auth.role === 'admin');
                 assert.ok(admin_get_routes.length > 0, 'Expected at least one admin GET route — ensure create_route_specs includes admin routes');
                 for (const route of admin_get_routes) {
-                    // eslint-disable-next-line no-await-in-loop
                     const res = await test_app.app.request(route.path, {
                         headers: test_app.create_session_headers(),
                     });
                     assert.strictEqual(res.status, 200, `${route.method} ${route.path} should return 200`);
-                    // eslint-disable-next-line no-await-in-loop
                     await assert_response_matches_spec(test_app.route_specs, route.method, route.path, res);
                 }
             });

package/dist/testing/app_server.js

@@ -51,7 +51,7 @@ export const bootstrap_test_account = async (options) => {
     });
     // Grant roles
     for (const role of roles) {
-        await query_grant_permit(deps, { actor_id: actor.id, role, granted_by: null }); // eslint-disable-line no-await-in-loop
+        await query_grant_permit(deps, { actor_id: actor.id, role, granted_by: null });
     }
     // Create API token
     const { token: api_token, id: token_id, token_hash } = generate_api_token();

package/dist/testing/data_exposure.js

@@ -171,18 +171,17 @@ const describe_data_exposure_runtime_tests = (options) => {
                     if (skip_set.has(route_key))
                         continue;
                     const url = resolve_valid_path(spec.path, spec.params);
-                    // eslint-disable-next-line no-await-in-loop
                     const res = await test_app.app.request(url, {
                         method: spec.method,
                         headers: { host: 'localhost', origin: 'http://localhost:5173' },
                     });
                     if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
-                        await res.body?.cancel(); // eslint-disable-line no-await-in-loop
+                        await res.body?.cancel();
                         continue;
                     }
                     let error_body;
                     try {
-                        error_body = await res.clone().json(); // eslint-disable-line no-await-in-loop
+                        error_body = await res.clone().json();
                     }
                     catch {
                         continue;
@@ -200,7 +199,6 @@ const describe_data_exposure_runtime_tests = (options) => {
                         continue;
                     const url = resolve_valid_path(spec.path, spec.params);
                     const headers = authed_account.create_session_headers();
-                    // eslint-disable-next-line no-await-in-loop
                     const res = await test_app.app.request(url, {
                         method: spec.method,
                         headers,
@@ -208,7 +206,7 @@ const describe_data_exposure_runtime_tests = (options) => {
                     assert.strictEqual(res.status, 403, `${route_key} should return 403 for non-admin user`);
                     let error_body;
                     try {
-                        error_body = await res.clone().json(); // eslint-disable-line no-await-in-loop
+                        error_body = await res.clone().json();
                     }
                     catch {
                         continue;
@@ -247,16 +245,16 @@ const describe_data_exposure_runtime_tests = (options) => {
                         },
                         ...(body ? { body: JSON.stringify(body) } : {}),
                     };
-                    const res = await test_app.app.request(url, request_init); // eslint-disable-line no-await-in-loop
+                    const res = await test_app.app.request(url, request_init);
                     if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
-                        await res.body?.cancel(); // eslint-disable-line no-await-in-loop
+                        await res.body?.cancel();
                         continue;
                     }
                     if (!res.ok)
                         continue;
                     let response_body;
                     try {
-                        response_body = await res.clone().json(); // eslint-disable-line no-await-in-loop
+                        response_body = await res.clone().json();
                     }
                     catch {
                         continue;

package/dist/testing/db.js

@@ -206,7 +206,7 @@ export const AUTH_DROP_TABLES = [
  */
 export const drop_auth_schema = async (db) => {
     for (const table of AUTH_DROP_TABLES) {
-        await db.query(`DROP TABLE IF EXISTS ${assert_valid_sql_identifier(table)} CASCADE`); // eslint-disable-line no-await-in-loop
+        await db.query(`DROP TABLE IF EXISTS ${assert_valid_sql_identifier(table)} CASCADE`);
     }
     await db.query('DROP TABLE IF EXISTS schema_version CASCADE');
 };

package/dist/testing/integration.js

@@ -840,7 +840,6 @@ export const describe_standard_integration_tests = (options) => {
                     const route = find_auth_route(test_app.route_specs, suffix, suffix === '/tokens/create' || suffix === '/sessions/revoke-all' ? 'POST' : 'GET');
                     if (!route)
                         continue;
-                    // eslint-disable-next-line no-await-in-loop
                     const res = await test_app.app.request(route.path, {
                         method: route.method,
                         headers: { host: 'localhost' },

package/dist/testing/rate_limiting.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAKrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA+N/E,CAAC"}
+{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAKrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA4N/E,CAAC"}

package/dist/testing/rate_limiting.js

@@ -64,7 +64,6 @@ export const describe_rate_limiting_tests = (options) => {
                     const login_route = find_auth_route(test_app.route_specs, '/login', 'POST');
                     assert.ok(login_route, 'Expected POST /login route — ensure create_route_specs includes account routes');
                     // Fire max_attempts failed login requests (sequential — must exhaust the window)
-                    /* eslint-disable no-await-in-loop */
                     for (let i = 0; i < max_attempts; i++) {
                         const res = await test_app.app.request(login_route.path, {
                             method: 'POST',
@@ -77,7 +76,6 @@ export const describe_rate_limiting_tests = (options) => {
                         });
                         assert.notStrictEqual(res.status, 429, `Request ${i + 1}/${max_attempts} should not be rate limited`);
                     }
-                    /* eslint-enable no-await-in-loop */
                     // The next request should be rate limited
                     const blocked_res = await test_app.app.request(login_route.path, {
                         method: 'POST',
@@ -119,7 +117,6 @@ export const describe_rate_limiting_tests = (options) => {
                     assert.ok(login_route, 'Expected POST /login route — ensure create_route_specs includes account routes');
                     const target_username = 'rate_limit_target';
                     // Fire max_attempts failed login requests for the same username
-                    /* eslint-disable no-await-in-loop */
                     for (let i = 0; i < max_attempts; i++) {
                         const res = await test_app.app.request(login_route.path, {
                             method: 'POST',
@@ -132,7 +129,6 @@ export const describe_rate_limiting_tests = (options) => {
                         });
                         assert.notStrictEqual(res.status, 429, `Request ${i + 1}/${max_attempts} should not be rate limited`);
                     }
-                    /* eslint-enable no-await-in-loop */
                     // The next request for the same username should be rate limited
                     const blocked_res = await test_app.app.request(login_route.path, {
                         method: 'POST',
@@ -184,7 +180,6 @@ export const describe_rate_limiting_tests = (options) => {
                     const verify_route = find_auth_route(test_app.route_specs, '/verify', 'GET');
                     assert.ok(verify_route, 'Expected GET /verify route — ensure create_route_specs includes account routes');
                     // Fire max_attempts invalid bearer requests (sequential — must exhaust the window)
-                    /* eslint-disable no-await-in-loop */
                     for (let i = 0; i < max_attempts; i++) {
                         const res = await test_app.app.request(verify_route.path, {
                             headers: {
@@ -194,7 +189,6 @@ export const describe_rate_limiting_tests = (options) => {
                         });
                         assert.notStrictEqual(res.status, 429, `Request ${i + 1}/${max_attempts} should not be rate limited`);
                     }
-                    /* eslint-enable no-await-in-loop */
                     // The next request should be rate limited
                     const blocked_res = await test_app.app.request(verify_route.path, {
                         headers: {

package/dist/testing/rpc_round_trip.js

@@ -108,8 +108,8 @@ export const describe_rpc_round_trip_tests = (options) => {
                         const init = create_rpc_post_init(action.spec.method, params);
                         // merge auth headers into init
                         Object.assign(init.headers, headers);
-                        const res = await test_app.app.request(ep_spec.path, init); // eslint-disable-line no-await-in-loop
-                        const body = await res.json(); // eslint-disable-line no-await-in-loop
+                        const res = await test_app.app.request(ep_spec.path, init);
+                        const body = await res.json();
                         // validate well-formed JSON-RPC; successful responses also checked against output schema
                         try {
                             if (res.ok) {
@@ -141,8 +141,8 @@ export const describe_rpc_round_trip_tests = (options) => {
                         const params = override ?? generate_valid_body(action.spec.input) ?? undefined;
                         const headers = pick_rpc_auth_headers(surface_method, test_app, authed_account, admin_account);
                         const url = create_rpc_get_url(ep_spec.path, action.spec.method, params);
-                        const res = await test_app.app.request(url, { headers }); // eslint-disable-line no-await-in-loop
-                        const body = await res.json(); // eslint-disable-line no-await-in-loop
+                        const res = await test_app.app.request(url, { headers });
+                        const body = await res.json();
                         try {
                             if (res.ok) {
                                 assert_jsonrpc_success_response(body, action.spec.output);

package/dist/testing/sse_round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/sse_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAmB7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAwB,KAAK,SAAS,EAAuB,MAAM,oBAAoB,CAAC;AAE/F,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAkB,KAAK,OAAO,EAAE,KAAK,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAM9D,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAChC,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,OAAO,EAAE,CAAC,GAAG,EAAE;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E;;;OAGG;IACH,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,8CAA8C;AAC9C,MAAM,WAAW,mBAAmB;IACnC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD,8BAA8B;IAC9B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;CAChC;AA0HD;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,mBAAmB,KAAG,IA4GvE,CAAC"}
+{"version":3,"file":"sse_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/sse_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAmB7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAwB,KAAK,SAAS,EAAuB,MAAM,oBAAoB,CAAC;AAE/F,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAkB,KAAK,OAAO,EAAE,KAAK,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAM9D,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAChC,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,OAAO,EAAE,CAAC,GAAG,EAAE;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E;;;OAGG;IACH,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,8CAA8C;AAC9C,MAAM,WAAW,mBAAmB;IACnC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD,8BAA8B;IAC9B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;CAChC;AAyHD;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,mBAAmB,KAAG,IA4GvE,CAAC"}

package/dist/testing/sse_round_trip.js

@@ -57,7 +57,7 @@ const create_sse_frame_reader = (reader) => {
                     buffer = buffer.slice(idx + 2);
                     return frame;
                 }
-                const cont = await pump_once(timeout_ms); // eslint-disable-line no-await-in-loop
+                const cont = await pump_once(timeout_ms);
                 if (!cont)
                     throw new Error('SSE stream ended before a frame was received');
             }
@@ -72,7 +72,6 @@ const create_sse_frame_reader = (reader) => {
                 if (remaining <= 0)
                     return false;
                 try {
-                    // eslint-disable-next-line no-await-in-loop
                     await pump_once(Math.min(remaining, timeout_ms));
                 }
                 catch {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.24.0",
+  "version": "0.25.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",
@@ -50,7 +50,7 @@
     "@fuzdev/gro": "^0.197.3",
     "@jridgewell/trace-mapping": "^0.3.31",
     "@node-rs/argon2": "^2.0.2",
-    "@ryanatkn/eslint-config": "^0.10.1",
+    "@ryanatkn/eslint-config": "^0.11.0",
     "@sveltejs/acorn-typescript": "^1.0.9",
     "@sveltejs/adapter-static": "^3.0.10",
     "@sveltejs/kit": "^2.55.0",