@fuzdev/fuz_app 0.30.0 → 0.32.0

package/dist/testing/integration_helpers.d.ts

@@ -15,17 +15,28 @@ import type { TestApp, TestAccount } from './app_server.js';
  */
 export declare const find_route_spec: (specs: Array<RouteSpec>, method: string, path: string) => RouteSpec | undefined;
 /**
- * Find an auth route by suffix and method.
+ * REST auth route suffixes still on the account/bootstrap surface after the
+ * 2026-04-22 RPC migration. `find_auth_route` rejects any other suffix at
+ * runtime — session/token CRUD, admin operations, and permit flows live on
+ * the RPC surface and should be reached via `rpc_call`.
+ */
+export declare const REST_AUTH_ROUTE_SUFFIXES: readonly ["/login", "/logout", "/password", "/verify", "/signup", "/bootstrap"];
+export type RestAuthRouteSuffix = (typeof REST_AUTH_ROUTE_SUFFIXES)[number];
+/**
+ * Find a REST auth route by suffix and method.
  *
- * Useful for discovering login/logout/verify/revoke paths regardless
- * of consumer prefix (`/api/account/login`, `/api/auth/login`, etc.).
+ * Decouples tests from consumer route prefix (`/api/account/login`,
+ * `/api/auth/login`, etc.). `suffix` must be one of
+ * `REST_AUTH_ROUTE_SUFFIXES` — throws otherwise so a post-migration RPC
+ * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
+ * instead of silently returning `undefined`.
  *
  * @param specs - route specs to search
- * @param suffix - path suffix to match (e.g. `'/login'`)
+ * @param suffix - REST auth path suffix
  * @param method - HTTP method
  * @returns matching route spec, or `undefined`
  */
-export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: string, method: RouteMethod) => RouteSpec | undefined;
+export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuthRouteSuffix, method: RouteMethod) => RouteSpec | undefined;
 /**
  * Validate a response body against the route spec's declared schemas.
  *

package/dist/testing/integration_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,QAAQ,WAAW,KACjB,SAAS,GAAG,SAEd,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAuCF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}
+{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAuCF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}

package/dist/testing/integration_helpers.js

@@ -35,17 +35,37 @@ export const find_route_spec = (specs, method, path) => {
     });
 };
 /**
- * Find an auth route by suffix and method.
+ * REST auth route suffixes still on the account/bootstrap surface after the
+ * 2026-04-22 RPC migration. `find_auth_route` rejects any other suffix at
+ * runtime — session/token CRUD, admin operations, and permit flows live on
+ * the RPC surface and should be reached via `rpc_call`.
+ */
+export const REST_AUTH_ROUTE_SUFFIXES = [
+    '/login',
+    '/logout',
+    '/password',
+    '/verify',
+    '/signup',
+    '/bootstrap',
+];
+/**
+ * Find a REST auth route by suffix and method.
  *
- * Useful for discovering login/logout/verify/revoke paths regardless
- * of consumer prefix (`/api/account/login`, `/api/auth/login`, etc.).
+ * Decouples tests from consumer route prefix (`/api/account/login`,
+ * `/api/auth/login`, etc.). `suffix` must be one of
+ * `REST_AUTH_ROUTE_SUFFIXES` — throws otherwise so a post-migration RPC
+ * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
+ * instead of silently returning `undefined`.
  *
  * @param specs - route specs to search
- * @param suffix - path suffix to match (e.g. `'/login'`)
+ * @param suffix - REST auth path suffix
  * @param method - HTTP method
  * @returns matching route spec, or `undefined`
  */
 export const find_auth_route = (specs, suffix, method) => {
+    if (!REST_AUTH_ROUTE_SUFFIXES.includes(suffix)) {
+        throw new Error(`find_auth_route: unknown suffix ${JSON.stringify(suffix)} — expected one of ${REST_AUTH_ROUTE_SUFFIXES.join(', ')}. Use rpc_call for RPC methods.`);
+    }
     return specs.find((s) => s.method === method && s.path.endsWith(suffix));
 };
 /**

package/dist/testing/rate_limiting.d.ts

@@ -3,6 +3,7 @@ import type { SessionOptions } from '../auth/session_cookie.js';
 import type { AppServerContext, AppServerOptions } from '../server/app_server.js';
 import type { RouteSpec } from '../http/route_spec.js';
 import { type DbFactory } from './db.js';
+import type { RpcEndpointSpec } from '../http/surface.js';
 /**
  * Configuration for `describe_rate_limiting_tests`.
  */
@@ -22,6 +23,12 @@ export interface RateLimitingTestOptions {
      * Default: `2` (tight limit for fast tests).
      */
     max_attempts?: number;
+    /**
+     * RPC endpoint specs — required so the bearer-auth rate limiting test
+     * can probe an authenticated method via the `account_verify` RPC
+     * action. Hard-fails via `require_rpc_endpoint_path` on setup.
+     */
+    rpc_endpoints: Array<RpcEndpointSpec>;
 }
 /**
  * Standard rate limiting integration test suite.

package/dist/testing/rate_limiting.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAKrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA4N/E,CAAC"}
+{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAKrD,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAGxD;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;CACtC;AAED;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAqP/E,CAAC"}

package/dist/testing/rate_limiting.js

@@ -18,7 +18,9 @@ import { AUTH_MIGRATION_NS } from '../auth/migrations.js';
 import { create_test_app } from './app_server.js';
 import { create_pglite_factory, create_describe_db, AUTH_INTEGRATION_TRUNCATE_TABLES, } from './db.js';
 import { find_auth_route, assert_rate_limit_retry_after_header } from './integration_helpers.js';
+import { rpc_call_non_browser, require_rpc_endpoint_path } from './rpc_helpers.js';
 import { run_migrations } from '../db/migrate.js';
+import { account_verify_action_spec } from '../auth/account_action_specs.js';
 /**
  * Standard rate limiting integration test suite.
  *
@@ -37,6 +39,9 @@ import { run_migrations } from '../db/migrate.js';
  */
 export const describe_rate_limiting_tests = (options) => {
     const max_attempts = options.max_attempts ?? 2;
+    // Hard-fail early so consumers see a clear setup error instead of a
+    // confusing test failure when `rpc_endpoints` is missing.
+    const rpc_path = require_rpc_endpoint_path(options.rpc_endpoints);
     const init_schema = async (db) => {
         await run_migrations(db, [AUTH_MIGRATION_NS]);
     };
@@ -177,24 +182,50 @@ export const describe_rate_limiting_tests = (options) => {
                             bearer_ip_rate_limiter,
                         },
                     });
-                    const verify_route = find_auth_route(test_app.route_specs, '/verify', 'GET');
-                    assert.ok(verify_route, 'Expected GET /verify route — ensure create_route_specs includes account routes');
+                    // Probe `account_verify` via RPC with an invalid bearer token.
+                    // The REST `/api/account/verify` shim is status-only (empty body
+                    // for nginx `auth_request`), so we use the RPC surface to exercise
+                    // a typed authenticated method. The bearer_auth rate limiter
+                    // increments per attempt regardless of the route's own auth outcome.
+                    // Use `rpc_call_non_browser` so the default `origin` header is
+                    // suppressed — bearer_auth discards the token when Origin or
+                    // Referer is present (browser context), which would short-circuit
+                    // before the rate limiter records the attempt.
+                    //
+                    // Note: the rate limiter short-circuits before the RPC dispatcher,
+                    // so the 429 response is a REST-shaped `RateLimitError`, not a
+                    // JSON-RPC envelope. We use the underlying `app.request` for the
+                    // blocked probe so `rpc_call_non_browser` doesn't throw on the
+                    // non-envelope body.
+                    const bearer_probe_headers = {
+                        authorization: 'Bearer secret_fuz_token_invalid',
+                    };
                     // Fire max_attempts invalid bearer requests (sequential — must exhaust the window)
                     for (let i = 0; i < max_attempts; i++) {
-                        const res = await test_app.app.request(verify_route.path, {
-                            headers: {
-                                host: 'localhost',
-                                authorization: 'Bearer secret_fuz_token_invalid',
-                            },
+                        const res = await rpc_call_non_browser({
+                            app: test_app.app,
+                            path: rpc_path,
+                            method: account_verify_action_spec.method,
+                            id: 'rl-probe',
+                            headers: bearer_probe_headers,
                         });
                         assert.notStrictEqual(res.status, 429, `Request ${i + 1}/${max_attempts} should not be rate limited`);
                     }
-                    // The next request should be rate limited
-                    const blocked_res = await test_app.app.request(verify_route.path, {
+                    // The next request should be rate limited. The 429 body is REST-shape
+                    // (middleware short-circuits before the RPC dispatcher), so go
+                    // direct — `rpc_call_non_browser` would throw on the non-envelope body.
+                    const blocked_res = await test_app.app.request(rpc_path, {
+                        method: 'POST',
                         headers: {
                             host: 'localhost',
-                            authorization: 'Bearer secret_fuz_token_invalid',
+                            'content-type': 'application/json',
+                            ...bearer_probe_headers,
                         },
+                        body: JSON.stringify({
+                            jsonrpc: '2.0',
+                            method: account_verify_action_spec.method,
+                            id: 'rl-probe-blocked',
+                        }),
                     });
                     assert.strictEqual(blocked_res.status, 429);
                     const body = await blocked_res.json();

package/dist/testing/rpc_helpers.d.ts

@@ -1,11 +1,17 @@
 import './assert_dev_env.js';
 import { z } from 'zod';
 import { type JsonrpcErrorCode } from '../http/jsonrpc.js';
+import type { RequestResponseActionSpec } from '../actions/action_spec.js';
+import type { RpcAction } from '../actions/action_rpc.js';
+import type { AppSurfaceRpcEndpoint, AppSurfaceRpcMethod, RpcEndpointSpec } from '../http/surface.js';
 /**
  * Create a `RequestInit` for a JSON-RPC POST request.
  *
  * @param method - JSON-RPC method name
- * @param params - params object (omit for null-input methods)
+ * @param params - params object (omit or pass `null` for null-input methods;
+ *                both are serialized without a `params` field so the envelope
+ *                schema accepts the request — `"params":null` is not a valid
+ *                JSON-RPC value)
  * @param id - request id (default `'test'`)
  * @returns a `RequestInit` with the JSON-RPC envelope as body
  */
@@ -41,4 +47,150 @@ export declare const assert_jsonrpc_error_response: (body: unknown, expected_cod
  * @param output_schema - optional Zod schema to validate the `result` field against
  */
 export declare const assert_jsonrpc_success_response: (body: unknown, output_schema?: z.ZodType) => void;
+/**
+ * Minimal transport surface — the duck type `Hono.request` already satisfies.
+ * Extracted so test setups that want an in-process / WS / mock path can plug
+ * a different dispatcher without changing call sites.
+ */
+export type RpcTestTransport = (url: string, init: RequestInit) => Promise<Response>;
+/** Adapt a `Hono`-style app into an `RpcTestTransport`. */
+export declare const http_transport: (app: {
+    request: (input: string, init: RequestInit) => Promise<Response> | Response;
+}) => RpcTestTransport;
+/** Discriminated return from `rpc_call`. `status` is the HTTP status. */
+export type RpcCallResult = {
+    ok: true;
+    status: number;
+    result: unknown;
+} | {
+    ok: false;
+    status: number;
+    error: {
+        code: number;
+        message: string;
+        data?: unknown;
+    };
+};
+/** Arguments for `rpc_call`. */
+export interface RpcCallArgs {
+    /** Hono-like app (anything with a `request(url, init)` method). */
+    app: {
+        request: (input: string, init: RequestInit) => Promise<Response> | Response;
+    };
+    /** RPC endpoint path, e.g. `'/api/rpc'`. */
+    path: string;
+    /** JSON-RPC method name. */
+    method: string;
+    /** Params object. Omit or pass `null` for null-input methods. */
+    params?: unknown;
+    /** Extra request headers (session cookie, bearer, etc.). Overrides defaults. */
+    headers?: Record<string, string>;
+    /** Request id. Defaults to `'test'`. */
+    id?: string | number;
+    /** HTTP verb — `'POST'` (default) or `'GET'` for `side_effects: false` methods. */
+    verb?: 'POST' | 'GET';
+    /**
+     * Suppress the default `origin` header. Required for bearer-auth paths:
+     * `bearer_auth` discards the token when Origin or Referer is present
+     * (browser context), so probing it via `rpc_call` needs this flag — or
+     * use `rpc_call_non_browser`, which sets it for you.
+     */
+    suppress_default_origin?: boolean;
+}
+/**
+ * One-shot JSON-RPC call over a Hono app.
+ *
+ * Merges sensible defaults (`host`, `origin`, `Content-Type`) under
+ * caller-provided headers, fires POST (default) or GET, parses the envelope,
+ * and returns a discriminated result.
+ *
+ * Throws `Error` only on envelope-shape violations (neither
+ * `JsonrpcResponse` nor `JsonrpcErrorResponse` parses) — protocol-level
+ * failures the caller should never tolerate. All JSON-RPC errors come back
+ * via `{ok: false, error}` so assertions can focus on `error.code` /
+ * `error.data.reason`.
+ */
+export declare const rpc_call: (args: RpcCallArgs) => Promise<RpcCallResult>;
+/**
+ * Same as `rpc_call` but without the default `origin` header. Use for
+ * bearer-auth probes: `bearer_auth` discards the token when Origin or
+ * Referer is present (browser context), so a bearer probe via `rpc_call`
+ * would short-circuit to 401 before the token is ever validated.
+ *
+ * Equivalent to `rpc_call({...args, suppress_default_origin: true})`.
+ */
+export declare const rpc_call_non_browser: (args: Omit<RpcCallArgs, "suppress_default_origin">) => Promise<RpcCallResult>;
+/**
+ * Typed discriminated result returned by `rpc_call_for_spec`. The success
+ * branch's `result` is inferred from `TSpec['output']`. The error branch
+ * stays untyped because JSON-RPC `error.data` shapes vary per error and
+ * are asserted per call site.
+ */
+export type RpcCallResultForSpec<TSpec extends RequestResponseActionSpec> = {
+    ok: true;
+    status: number;
+    result: z.infer<TSpec['output']>;
+} | {
+    ok: false;
+    status: number;
+    error: {
+        code: number;
+        message: string;
+        data?: unknown;
+    };
+};
+/** Arguments for `rpc_call_for_spec`. `spec` replaces the loose `method` field. */
+export type RpcCallForSpecArgs<TSpec extends RequestResponseActionSpec> = Omit<RpcCallArgs, 'method' | 'params'> & {
+    /** Action spec whose `method` drives the envelope and whose `input`/`output` types pin params + result. */
+    spec: TSpec;
+    /** Params, typed against `spec.input`. */
+    params: z.infer<TSpec['input']>;
+};
+/**
+ * Typed wrapper over `rpc_call` — binds `params` to `z.infer<spec.input>`
+ * and the success `result` to `z.infer<spec.output>` via the generic.
+ *
+ * Success results are validated at runtime against `spec.output` (same
+ * contract as `rpc_call_typed`); a mismatch throws. Error responses come
+ * back on the discriminated `{ok: false, error}` branch — use this for
+ * happy-path + denial-path assertions where the error `data.reason` shape
+ * is still asserted manually. For adversarial input tests that send
+ * malformed params, use the untyped `rpc_call`.
+ */
+export declare const rpc_call_for_spec: <TSpec extends RequestResponseActionSpec>(args: RpcCallForSpecArgs<TSpec>) => Promise<RpcCallResultForSpec<TSpec>>;
+/**
+ * Same as `rpc_call` but parses the success `result` through the given
+ * output schema and returns typed data. Envelope-level failures or error
+ * responses throw — use the untyped `rpc_call` for tests that need to
+ * assert on specific error shapes.
+ */
+export declare const rpc_call_typed: <T>(args: RpcCallArgs, output_schema: z.ZodType<T>) => Promise<T>;
+/**
+ * Find the `RpcAction` for a method within a set of RPC endpoint specs.
+ * Returns both the endpoint path and the matched action. `undefined` when
+ * the method is not registered.
+ */
+export declare const find_rpc_action: (rpc_endpoints: ReadonlyArray<RpcEndpointSpec>, method: string) => {
+    path: string;
+    action: RpcAction;
+} | undefined;
+/**
+ * Find the generated surface entry for a method — the shape returned by
+ * `generate_app_surface` (JSON-serializable, useful for schema assertions
+ * at the boundary of a consumer test).
+ */
+export declare const find_rpc_method: (rpc_endpoints: ReadonlyArray<AppSurfaceRpcEndpoint>, method: string) => {
+    path: string;
+    method_spec: AppSurfaceRpcMethod;
+} | undefined;
+/**
+ * Resolve a single RPC endpoint path — the common case where a consumer
+ * mounts exactly one `create_rpc_endpoint`. Throws when `rpc_endpoints` is
+ * empty (hard-fail; see the suite options docs) or ambiguous (more than one
+ * endpoint registered).
+ *
+ * Callers that need multi-endpoint support should iterate `rpc_endpoints`
+ * directly.
+ */
+export declare const require_rpc_endpoint_path: (rpc_endpoints: ReadonlyArray<RpcEndpointSpec>) => string;
 //# sourceMappingURL=rpc_helpers.d.ts.map

package/dist/testing/rpc_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAW7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,oBAAoB,CAAC;AAE5B;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,WAID,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,eAAe,MAAM,EACrB,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,MAMF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,OAAO,EACb,gBAAgB,gBAAgB,KAC9B,IAUF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,GAAI,MAAM,OAAO,EAAE,gBAAgB,CAAC,CAAC,OAAO,KAAG,IAU1F,CAAC"}
+{"version":3,"file":"rpc_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AACxD,OAAO,KAAK,EAAC,qBAAqB,EAAE,mBAAmB,EAAE,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAEpG;;;;;;;;;;GAUG;AACH,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,WAQF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kBAAkB,GAC9B,eAAe,MAAM,EACrB,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,MAMF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,OAAO,EACb,gBAAgB,gBAAgB,KAC9B,IAUF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,+BAA+B,GAAI,MAAM,OAAO,EAAE,gBAAgB,CAAC,CAAC,OAAO,KAAG,IAU1F,CAAC;AAIF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAErF,2DAA2D;AAC3D,eAAO,MAAM,cAAc,GACzB,KAAK;IACL,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;CAC5E,KAAG,gBAEmB,CAAC;AAEzB,yEAAyE;AACzE,MAAM,MAAM,aAAa,GACtB;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAC3C;IACA,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAC;CACtD,CAAC;AAEL,gCAAgC;AAChC,MAAM,WAAW,WAAW;IAC3B,mEAAmE;IACnE,GAAG,EAAE;QAAC,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAA;KAAC,CAAC;IACnF,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf,iEAAiE;IACjE,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,wCAAwC;IACxC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,mFAAmF;IACnF,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IACtB;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAcD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,QAAQ,GAAU,MAAM,WAAW,KAAG,OAAO,CAAC,aAAa,CA0DvE,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,KAChD,OAAO,CAAC,aAAa,CAAuD,CAAC;AAEhF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAAC,KAAK,SAAS,yBAAyB,IACrE;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;CAAC,GAC5D;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAA;CAAC,CAAC;AAEvF,mFAAmF;AACnF,MAAM,MAAM,kBAAkB,CAAC,KAAK,SAAS,yBAAyB,IAAI,IAAI,CAC7E,WAAW,EACX,QAAQ,GAAG,QAAQ,CACnB,GAAG;IACH,2GAA2G;IAC3G,IAAI,EAAE,KAAK,CAAC;IACZ,0CAA0C;IAC1C,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,iBAAiB,GAAU,KAAK,SAAS,yBAAyB,EAC9E,MAAM,kBAAkB,CAAC,KAAK,CAAC,KAC7B,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAarC,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAU,CAAC,EACrC,MAAM,WAAW,EACjB,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KACzB,OAAO,CAAC,CAAC,CAcX,CAAC;AAIF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,eAAe,CAAC,EAC7C,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,SAAS,CAAA;CAAC,GAAG,SAOtC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,qBAAqB,CAAC,EACnD,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,mBAAmB,CAAA;CAAC,GAAG,SAOrD,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,GACrC,eAAe,aAAa,CAAC,eAAe,CAAC,KAC3C,MAYF,CAAC"}

package/dist/testing/rpc_helpers.js

@@ -1,8 +1,10 @@
 import './assert_dev_env.js';
 /**
- * JSON-RPC request construction and response assertion helpers.
+ * JSON-RPC test helpers — request construction, response assertion, and
+ * one-shot call ergonomics.
  *
- * Shared by `rpc_attack_surface.ts` and `rpc_round_trip.ts`.
+ * Shared by `rpc_attack_surface.ts`, `rpc_round_trip.ts`, and
+ * consumer-facing admin/audit suites that exercise RPC methods directly.
  *
  * @module
  */
@@ -13,15 +15,23 @@ import { JSONRPC_VERSION, JsonrpcErrorResponse, JsonrpcResponse, } from '../http
  * Create a `RequestInit` for a JSON-RPC POST request.
  *
  * @param method - JSON-RPC method name
- * @param params - params object (omit for null-input methods)
+ * @param params - params object (omit or pass `null` for null-input methods;
+ *                both are serialized without a `params` field so the envelope
+ *                schema accepts the request — `"params":null` is not a valid
+ *                JSON-RPC value)
  * @param id - request id (default `'test'`)
  * @returns a `RequestInit` with the JSON-RPC envelope as body
  */
-export const create_rpc_post_init = (method, params, id = 'test') => ({
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ jsonrpc: JSONRPC_VERSION, method, params, id }),
-});
+export const create_rpc_post_init = (method, params, id = 'test') => {
+    const envelope = { jsonrpc: JSONRPC_VERSION, method, id };
+    if (params !== undefined && params !== null)
+        envelope.params = params;
+    return {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify(envelope),
+    };
+};
 /**
  * Build a GET URL with JSON-RPC query parameters.
  *
@@ -72,3 +82,169 @@ export const assert_jsonrpc_success_response = (body, output_schema) => {
         assert.ok(output_result.success, `JSON-RPC result does not match output schema: ${JSON.stringify(output_result.error?.issues)}`);
     }
 };
+/** Adapt a `Hono`-style app into an `RpcTestTransport`. */
+export const http_transport = (app) => async (url, init) => app.request(url, init);
+/** Base default headers merged into every `rpc_call` request. */
+const RPC_CALL_DEFAULT_HEADERS_BASE = {
+    host: 'localhost',
+    'Content-Type': 'application/json',
+};
+/** Default headers merged into every `rpc_call` request. Includes `origin`. */
+const RPC_CALL_DEFAULT_HEADERS = {
+    ...RPC_CALL_DEFAULT_HEADERS_BASE,
+    origin: 'http://localhost:5173',
+};
+/**
+ * One-shot JSON-RPC call over a Hono app.
+ *
+ * Merges sensible defaults (`host`, `origin`, `Content-Type`) under
+ * caller-provided headers, fires POST (default) or GET, parses the envelope,
+ * and returns a discriminated result.
+ *
+ * Throws `Error` only on envelope-shape violations (neither
+ * `JsonrpcResponse` nor `JsonrpcErrorResponse` parses) — protocol-level
+ * failures the caller should never tolerate. All JSON-RPC errors come back
+ * via `{ok: false, error}` so assertions can focus on `error.code` /
+ * `error.data.reason`.
+ */
+export const rpc_call = async (args) => {
+    const { app, path, method, params, headers, id = 'test', verb = 'POST', suppress_default_origin, } = args;
+    const defaults = suppress_default_origin
+        ? RPC_CALL_DEFAULT_HEADERS_BASE
+        : RPC_CALL_DEFAULT_HEADERS;
+    let url;
+    let init;
+    if (verb === 'GET') {
+        url = create_rpc_get_url(path, method, params, id);
+        init = { method: 'GET', headers: { ...defaults, ...headers } };
+    }
+    else {
+        url = path;
+        const post = create_rpc_post_init(method, params, id);
+        init = {
+            method: 'POST',
+            headers: {
+                ...defaults,
+                ...post.headers,
+                ...headers,
+            },
+            body: post.body,
+        };
+    }
+    const res = await app.request(url, init);
+    const status = res.status;
+    const body = await res.json();
+    const success = JsonrpcResponse.safeParse(body);
+    if (success.success) {
+        return { ok: true, status, result: success.data.result };
+    }
+    const error = JsonrpcErrorResponse.safeParse(body);
+    if (error.success) {
+        return {
+            ok: false,
+            status,
+            error: {
+                code: error.data.error.code,
+                message: error.data.error.message,
+                data: error.data.error.data,
+            },
+        };
+    }
+    throw new Error(`rpc_call: response is not a valid JSON-RPC envelope (method=${method}, status=${status}): ${JSON.stringify(body)}`);
+};
+/**
+ * Same as `rpc_call` but without the default `origin` header. Use for
+ * bearer-auth probes: `bearer_auth` discards the token when Origin or
+ * Referer is present (browser context), so a bearer probe via `rpc_call`
+ * would short-circuit to 401 before the token is ever validated.
+ *
+ * Equivalent to `rpc_call({...args, suppress_default_origin: true})`.
+ */
+export const rpc_call_non_browser = (args) => rpc_call({ ...args, suppress_default_origin: true });
+/**
+ * Typed wrapper over `rpc_call` — binds `params` to `z.infer<spec.input>`
+ * and the success `result` to `z.infer<spec.output>` via the generic.
+ *
+ * Success results are validated at runtime against `spec.output` (same
+ * contract as `rpc_call_typed`); a mismatch throws. Error responses come
+ * back on the discriminated `{ok: false, error}` branch — use this for
+ * happy-path + denial-path assertions where the error `data.reason` shape
+ * is still asserted manually. For adversarial input tests that send
+ * malformed params, use the untyped `rpc_call`.
+ */
+export const rpc_call_for_spec = async (args) => {
+    const { spec, params, ...rest } = args;
+    const res = await rpc_call({ ...rest, method: spec.method, params });
+    if (!res.ok) {
+        return res;
+    }
+    const parsed = spec.output.safeParse(res.result);
+    if (!parsed.success) {
+        throw new Error(`rpc_call_for_spec(${spec.method}) result did not match spec.output: ${JSON.stringify(parsed.error.issues)}`);
+    }
+    return { ok: true, status: res.status, result: parsed.data };
+};
+/**
+ * Same as `rpc_call` but parses the success `result` through the given
+ * output schema and returns typed data. Envelope-level failures or error
+ * responses throw — use the untyped `rpc_call` for tests that need to
+ * assert on specific error shapes.
+ */
+export const rpc_call_typed = async (args, output_schema) => {
+    const res = await rpc_call(args);
+    if (!res.ok) {
+        throw new Error(`rpc_call_typed(${args.method}) returned error: code=${res.error.code} message=${res.error.message} data=${JSON.stringify(res.error.data)}`);
+    }
+    const parsed = output_schema.safeParse(res.result);
+    if (!parsed.success) {
+        throw new Error(`rpc_call_typed(${args.method}) result did not match output schema: ${JSON.stringify(parsed.error.issues)}`);
+    }
+    return parsed.data;
+};
+// -- registry/surface lookup helpers -----------------------------------------
+/**
+ * Find the `RpcAction` for a method within a set of RPC endpoint specs.
+ * Returns both the endpoint path and the matched action. `undefined` when
+ * the method is not registered.
+ */
+export const find_rpc_action = (rpc_endpoints, method) => {
+    for (const ep of rpc_endpoints) {
+        for (const action of ep.actions) {
+            if (action.spec.method === method)
+                return { path: ep.path, action };
+        }
+    }
+    return undefined;
+};
+/**
+ * Find the generated surface entry for a method — the shape returned by
+ * `generate_app_surface` (JSON-serializable, useful for schema assertions
+ * at the boundary of a consumer test).
+ */
+export const find_rpc_method = (rpc_endpoints, method) => {
+    for (const ep of rpc_endpoints) {
+        for (const method_spec of ep.methods) {
+            if (method_spec.name === method)
+                return { path: ep.path, method_spec };
+        }
+    }
+    return undefined;
+};
+/**
+ * Resolve a single RPC endpoint path — the common case where a consumer
+ * mounts exactly one `create_rpc_endpoint`. Throws when `rpc_endpoints` is
+ * empty (hard-fail; see the suite options docs) or ambiguous (more than one
+ * endpoint registered).
+ *
+ * Callers that need multi-endpoint support should iterate `rpc_endpoints`
+ * directly.
+ */
+export const require_rpc_endpoint_path = (rpc_endpoints) => {
+    if (rpc_endpoints.length === 0) {
+        throw new Error('rpc_endpoints is empty — the admin/audit integration suites require an RPC endpoint. Pass `rpc_endpoints` on the suite options.');
+    }
+    if (rpc_endpoints.length > 1) {
+        throw new Error(`rpc_endpoints has ${rpc_endpoints.length} entries; this helper expects exactly one. Iterate rpc_endpoints manually for multi-endpoint setups.`);
+    }
+    return rpc_endpoints[0].path;
+};

package/dist/testing/sse_round_trip.d.ts

@@ -6,6 +6,7 @@ import { type EventSpec } from '../realtime/sse.js';
 import type { AuditLogEvent } from '../auth/audit_log_schema.js';
 import { type TestApp, type TestAccount } from './app_server.js';
 import { type DbFactory } from './db.js';
+import type { RpcEndpointSpec } from '../http/surface.js';
 /** Config for a single SSE route under test. */
 export interface SseRouteTestSpec {
     /** Full HTTP path of the SSE endpoint (e.g., `'/api/tx/subscribe'`). */
@@ -48,6 +49,13 @@ export interface SseRouteTestOptions {
      * closes the tested streams.
      */
     on_audit_event?: (event: AuditLogEvent) => void;
+    /**
+     * RPC endpoint specs — required so the close-on-revoke assertion can
+     * dispatch `account_session_revoke_all` via RPC (the former REST route
+     * `POST /api/account/sessions/revoke-all` was removed in the 2026-04-23
+     * migration). Hard-fails via `require_rpc_endpoint_path` on setup.
+     */
+    rpc_endpoints: Array<RpcEndpointSpec>;
     /** SSE routes to exercise. */
     routes: Array<SseRouteTestSpec>;
 }

package/dist/testing/sse_round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sse_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/sse_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAmB7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAwB,KAAK,SAAS,EAAuB,MAAM,oBAAoB,CAAC;AAE/F,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAkB,KAAK,OAAO,EAAE,KAAK,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAM9D,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAChC,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,OAAO,EAAE,CAAC,GAAG,EAAE;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E;;;OAGG;IACH,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,8CAA8C;AAC9C,MAAM,WAAW,mBAAmB;IACnC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD,8BAA8B;IAC9B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;CAChC;AAyHD;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,mBAAmB,KAAG,IA4GvE,CAAC"}
+{"version":3,"file":"sse_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/sse_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAmB7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAwB,KAAK,SAAS,EAAuB,MAAM,oBAAoB,CAAC;AAE/F,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/D,OAAO,EAAkB,KAAK,OAAO,EAAE,KAAK,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAChF,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAM9D,OAAO,KAAK,EAAC,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAGxD,gDAAgD;AAChD,MAAM,WAAW,gBAAgB;IAChC,wEAAwE;IACxE,IAAI,EAAE,MAAM,CAAC;IACb;;;;OAIG;IACH,OAAO,EAAE,CAAC,GAAG,EAAE;QAAC,QAAQ,EAAE,OAAO,CAAC;QAAC,OAAO,EAAE,WAAW,CAAA;KAAC,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3E;;;OAGG;IACH,WAAW,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC/B;;;;OAIG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAED,8CAA8C;AAC9C,MAAM,WAAW,mBAAmB;IACnC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,qDAAqD;IACrD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;OAKG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;OAKG;IACH,aAAa,EAAE,KAAK,CAAC,eAAe,CAAC,CAAC;IACtC,8BAA8B;IAC9B,MAAM,EAAE,KAAK,CAAC,gBAAgB,CAAC,CAAC;CAChC;AAyHD;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,mBAAmB,KAAG,IAkHvE,CAAC"}