@fuzdev/fuz_app 0.52.0 → 0.53.0

package/dist/testing/attack_surface.d.ts

@@ -16,8 +16,6 @@ export interface AdversarialTestOptions {
  * - wrong role → 403 — every role route, tested with all non-matching roles
  * - authenticated without role → 403 — every role route, no-role context
  * - correct auth passes guard — every protected route, assert not 401/403
- *
- * @param options - the test configuration
  */
 export declare const describe_adversarial_auth: (options: AdversarialTestOptions) => void;
 /**
@@ -83,8 +81,6 @@ export interface StandardAttackSurfaceOptions {
  *
  * Consumer test files call this with project-specific options, then add
  * any project-specific assertions in additional `describe` blocks.
- *
- * @param options - the test configuration
  */
 export declare const describe_standard_attack_surface_tests: (options: StandardAttackSurfaceOptions) => void;
 //# sourceMappingURL=attack_surface.d.ts.map

package/dist/testing/attack_surface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,EAON,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,MAAM,yBAAyB,CAAC;AAoBjC,OAAO,EAA4B,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAsClF,oFAAoF;AACpF,MAAM,WAAW,sBAAsB;IACtC,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,sBAAsB,KAAG,IAkH3E,CAAC;AAIF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,uCAAuC,GACnD,UAAU,2BAA2B,GAAG,IAAI,GAAG,SAAS,KACtD,2BAA2B,GAAG,IAWhC,CAAC;AAEF,0DAA0D;AAC1D,MAAM,WAAW,4BAA4B;IAC5C,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,aAAa,EAAE,MAAM,CAAC;IACtB,iFAAiF;IACjF,sBAAsB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,gHAAgH;IAChH,uBAAuB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACvC,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,qEAAqE;IACrE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,eAAe,CAAC,EAAE,4BAA4B,CAAC;IAC/C;;;;;;;;;;;OAWG;IACH,sBAAsB,CAAC,EAAE,2BAA2B,GAAG,IAAI,CAAC;CAC5D;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,sCAAsC,GAClD,SAAS,4BAA4B,KACnC,IAuEF,CAAC"}
+{"version":3,"file":"attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,EAON,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,MAAM,yBAAyB,CAAC;AAoBjC,OAAO,EAA4B,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAsClF,oFAAoF;AACpF,MAAM,WAAW,sBAAsB;IACtC,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,sBAAsB,KAAG,IAkH3E,CAAC;AAIF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,uCAAuC,GACnD,UAAU,2BAA2B,GAAG,IAAI,GAAG,SAAS,KACtD,2BAA2B,GAAG,IAWhC,CAAC;AAEF,0DAA0D;AAC1D,MAAM,WAAW,4BAA4B;IAC5C,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,aAAa,EAAE,MAAM,CAAC;IACtB,iFAAiF;IACjF,sBAAsB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,gHAAgH;IAChH,uBAAuB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACvC,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,qEAAqE;IACrE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,eAAe,CAAC,EAAE,4BAA4B,CAAC;IAC/C;;;;;;;;;;;OAWG;IACH,sBAAsB,CAAC,EAAE,2BAA2B,GAAG,IAAI,CAAC;CAC5D;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,sCAAsC,GAClD,SAAS,4BAA4B,KACnC,IAuEF,CAAC"}

package/dist/testing/attack_surface.js

@@ -53,8 +53,6 @@ const build_error_schema_lookup = (route_specs, middleware_specs) => {
  * - wrong role → 403 — every role route, tested with all non-matching roles
  * - authenticated without role → 403 — every role route, no-role context
  * - correct auth passes guard — every protected route, assert not 401/403
- *
- * @param options - the test configuration
  */
 export const describe_adversarial_auth = (options) => {
     const { build, roles } = options;
@@ -203,8 +201,6 @@ export const resolve_standard_error_schema_tightness = (consumer) => {
  *
  * Consumer test files call this with project-specific options, then add
  * any project-specific assertions in additional `describe` blocks.
- *
- * @param options - the test configuration
  */
 export const describe_standard_attack_surface_tests = (options) => {
     const { build, snapshot_path, expected_public_routes, expected_api_middleware, roles, api_path_prefix = '/api/', security_policy, } = options;

package/dist/testing/audit_completeness.d.ts

@@ -38,7 +38,6 @@ export interface AuditCompletenessTestOptions {
  * event type. Exercises routes via HTTP requests against a real PGlite
  * database, then queries the `audit_log` table to verify events.
  *
- * @param options - session config, route factory, and optional overrides
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   mutation-audit tests drive permit flow, session/token revoke-all, and
  *   invite create/delete through their RPC action specs. Hard-fails via

package/dist/testing/audit_completeness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAyezF,CAAC"}
+{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAyezF,CAAC"}

package/dist/testing/audit_completeness.js

@@ -63,7 +63,6 @@ const json_session_headers = (test_app, extra) => test_app.create_session_header
  * event type. Exercises routes via HTTP requests against a real PGlite
  * database, then queries the `audit_log` table to verify events.
  *
- * @param options - session config, route factory, and optional overrides
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   mutation-audit tests drive permit flow, session/token revoke-all, and
  *   invite create/delete through their RPC action specs. Hard-fails via

package/dist/testing/auth_apps.d.ts

@@ -12,10 +12,7 @@ import { type RouteSpec, type RouteAuth } from '../http/route_spec.js';
 import { type RequestContext } from '../auth/request_context.js';
 import { type CredentialType } from '../hono_context.js';
 /**
- * Create a mock request context with optional role permit.
- *
- * @param role - optional role to grant
- * @returns a valid `RequestContext`
+ * Create a mock `RequestContext` with optional role permit.
  */
 export declare const create_test_request_context: (role?: string) => RequestContext;
 /**
@@ -23,8 +20,7 @@ export declare const create_test_request_context: (role?: string) => RequestCont
  *
  * @param route_specs - the route specs to register
  * @param auth_ctx - optional request context to inject via middleware
- * @param credential_type - optional credential type (default: `'session'` when auth_ctx provided)
- * @returns a configured Hono app
+ * @param credential_type - optional credential type (default: `'session'` when `auth_ctx` provided)
  */
 export declare const create_test_app_from_specs: (route_specs: Array<RouteSpec>, auth_ctx?: RequestContext, credential_type?: CredentialType) => Hono;
 /** Pre-built Hono apps for each auth level, shared across adversarial test suites. */
@@ -39,15 +35,11 @@ export interface AuthTestApps {
  *
  * @param route_specs - the route specs to register
  * @param roles - all roles in the app
- * @returns apps keyed by auth level
  */
 export declare const create_auth_test_apps: (route_specs: Array<RouteSpec>, roles: Array<string>) => AuthTestApps;
 /**
  * Select the Hono test app with correct auth for a route.
  *
- * @param apps - the pre-built auth test apps
- * @param auth - the route's auth options
- * @returns the correctly-authenticated Hono app
  * @throws Error if `auth.type === 'role'` and `auth.role` is not present in
  *   `apps.by_role` — surfaces a missing entry in the `roles` array passed to
  *   `create_auth_test_apps`.

package/dist/testing/auth_apps.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth_apps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/auth_apps.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;GAOG;AAEH,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG1B,OAAO,EAAoB,KAAK,SAAS,EAAE,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AACpF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAI5E;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,MAAM,KAAG,cAI1D,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,0BAA0B,GACtC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,WAAW,cAAc,EACzB,kBAAkB,cAAc,KAC9B,IAkBF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,YAAY;IAC5B,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;;GAMG;AACH,eAAO,MAAM,qBAAqB,GACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,OAAO,KAAK,CAAC,MAAM,CAAC,KAClB,YAeF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,GAAI,MAAM,YAAY,EAAE,MAAM,SAAS,KAAG,IAcrE,CAAC;AAEF,6EAA6E;AAC7E,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,KAAG,MAA4C,CAAC"}
+{"version":3,"file":"auth_apps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/auth_apps.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;GAOG;AAEH,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG1B,OAAO,EAAoB,KAAK,SAAS,EAAE,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AACpF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAI5E;;GAEG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,MAAM,KAAG,cAI1D,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,WAAW,cAAc,EACzB,kBAAkB,cAAc,KAC9B,IAkBF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,YAAY;IAC5B,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,GACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,OAAO,KAAK,CAAC,MAAM,CAAC,KAClB,YAeF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAI,MAAM,YAAY,EAAE,MAAM,SAAS,KAAG,IAcrE,CAAC;AAEF,6EAA6E;AAC7E,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,KAAG,MAA4C,CAAC"}

package/dist/testing/auth_apps.js

@@ -16,10 +16,7 @@ import { CREDENTIAL_TYPE_KEY } from '../hono_context.js';
 import { create_stub_db } from './stubs.js';
 import { create_test_account, create_test_actor, create_test_permit } from './entities.js';
 /**
- * Create a mock request context with optional role permit.
- *
- * @param role - optional role to grant
- * @returns a valid `RequestContext`
+ * Create a mock `RequestContext` with optional role permit.
  */
 export const create_test_request_context = (role) => ({
     account: create_test_account({ id: 'acc_1', username: 'testuser' }),
@@ -31,8 +28,7 @@ export const create_test_request_context = (role) => ({
  *
  * @param route_specs - the route specs to register
  * @param auth_ctx - optional request context to inject via middleware
- * @param credential_type - optional credential type (default: `'session'` when auth_ctx provided)
- * @returns a configured Hono app
+ * @param credential_type - optional credential type (default: `'session'` when `auth_ctx` provided)
  */
 export const create_test_app_from_specs = (route_specs, auth_ctx, credential_type) => {
     const app = new Hono();
@@ -52,7 +48,6 @@ export const create_test_app_from_specs = (route_specs, auth_ctx, credential_typ
  *
  * @param route_specs - the route specs to register
  * @param roles - all roles in the app
- * @returns apps keyed by auth level
  */
 export const create_auth_test_apps = (route_specs, roles) => {
     const by_role = new Map();
@@ -69,9 +64,6 @@ export const create_auth_test_apps = (route_specs, roles) => {
 /**
  * Select the Hono test app with correct auth for a route.
  *
- * @param apps - the pre-built auth test apps
- * @param auth - the route's auth options
- * @returns the correctly-authenticated Hono app
  * @throws Error if `auth.type === 'role'` and `auth.role` is not present in
  *   `apps.by_role` — surfaces a missing entry in the `roles` array passed to
  *   `create_auth_test_apps`.

package/dist/testing/data_exposure.d.ts

@@ -9,23 +9,14 @@ import { type DbFactory } from './db.js';
  *
  * Walks `properties`, `items`, `allOf`/`anyOf`/`oneOf`, and
  * `additionalProperties` to find every declared field name at any depth.
- *
- * @param schema - JSON Schema object
- * @returns set of all property names found
  */
 export declare const collect_json_schema_property_names: (schema: unknown) => Set<string>;
 /**
  * Assert that no output schema in the surface contains sensitive field names.
- *
- * @param surface - the app surface to check
- * @param sensitive_fields - field names to flag
  */
 export declare const assert_output_schemas_no_sensitive_fields: (surface: AppSurface, sensitive_fields?: ReadonlyArray<string>) => void;
 /**
  * Assert that non-admin route output schemas don't contain admin-only fields.
- *
- * @param surface - the app surface to check
- * @param admin_only_fields - field names that are admin-only
  */
 export declare const assert_non_admin_schemas_no_admin_fields: (surface: AppSurface, admin_only_fields?: ReadonlyArray<string>) => void;
 /** Options for `describe_data_exposure_tests`. */
@@ -55,8 +46,6 @@ export interface DataExposureTestOptions {
  * 2. Runtime — fire real requests and check response bodies against blocklists
  * 3. Cross-privilege — admin routes return 403 for non-admin, error responses
  *    contain no sensitive fields
- *
- * @param options - test configuration
  */
 export declare const describe_data_exposure_tests: (options: DataExposureTestOptions) => void;
 //# sourceMappingURL=data_exposure.d.ts.map

package/dist/testing/data_exposure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgB7B,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAe9D;;;;;;;;GAQG;AACH,eAAO,MAAM,kCAAkC,GAAI,QAAQ,OAAO,KAAG,GAAG,CAAC,MAAM,CAuB9E,CAAC;AAIF;;;;;GAKG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,UAAU,EACnB,mBAAkB,aAAa,CAAC,MAAM,CAA6B,KACjE,IAWF,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wCAAwC,GACpD,SAAS,UAAU,EACnB,oBAAmB,aAAa,CAAC,MAAM,CAA8B,KACnE,IAcF,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACvC,4DAA4D;IAC5D,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,wCAAwC;IACxC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4CAA4C;IAC5C,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,2FAA2F;IAC3F,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,iGAAiG;IACjG,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAmC/E,CAAC"}
+{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgB7B,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAe9D;;;;;GAKG;AACH,eAAO,MAAM,kCAAkC,GAAI,QAAQ,OAAO,KAAG,GAAG,CAAC,MAAM,CAuB9E,CAAC;AAIF;;GAEG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,UAAU,EACnB,mBAAkB,aAAa,CAAC,MAAM,CAA6B,KACjE,IAWF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wCAAwC,GACpD,SAAS,UAAU,EACnB,oBAAmB,aAAa,CAAC,MAAM,CAA8B,KACnE,IAcF,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACvC,4DAA4D;IAC5D,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,wCAAwC;IACxC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4CAA4C;IAC5C,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,2FAA2F;IAC3F,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,iGAAiG;IACjG,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAmC/E,CAAC"}

package/dist/testing/data_exposure.js

@@ -25,9 +25,6 @@ import { SENSITIVE_FIELD_BLOCKLIST, ADMIN_ONLY_FIELD_BLOCKLIST, assert_no_sensit
  *
  * Walks `properties`, `items`, `allOf`/`anyOf`/`oneOf`, and
  * `additionalProperties` to find every declared field name at any depth.
- *
- * @param schema - JSON Schema object
- * @returns set of all property names found
  */
 export const collect_json_schema_property_names = (schema) => {
     const names = new Set();
@@ -59,9 +56,6 @@ export const collect_json_schema_property_names = (schema) => {
 // --- Schema-level assertions ---
 /**
  * Assert that no output schema in the surface contains sensitive field names.
- *
- * @param surface - the app surface to check
- * @param sensitive_fields - field names to flag
  */
 export const assert_output_schemas_no_sensitive_fields = (surface, sensitive_fields = SENSITIVE_FIELD_BLOCKLIST) => {
     for (const route of surface.routes) {
@@ -75,9 +69,6 @@ export const assert_output_schemas_no_sensitive_fields = (surface, sensitive_fie
 };
 /**
  * Assert that non-admin route output schemas don't contain admin-only fields.
- *
- * @param surface - the app surface to check
- * @param admin_only_fields - field names that are admin-only
  */
 export const assert_non_admin_schemas_no_admin_fields = (surface, admin_only_fields = ADMIN_ONLY_FIELD_BLOCKLIST) => {
     const non_admin = surface.routes.filter((r) => r.auth.type !== 'keeper' && !(r.auth.type === 'role' && r.auth.role === 'admin'));
@@ -98,8 +89,6 @@ export const assert_non_admin_schemas_no_admin_fields = (surface, admin_only_fie
  * 2. Runtime — fire real requests and check response bodies against blocklists
  * 3. Cross-privilege — admin routes return 403 for non-admin, error responses
  *    contain no sensitive fields
- *
- * @param options - test configuration
  */
 export const describe_data_exposure_tests = (options) => {
     const { build, sensitive_fields = SENSITIVE_FIELD_BLOCKLIST, admin_only_fields = ADMIN_ONLY_FIELD_BLOCKLIST, } = options;

package/dist/testing/db.d.ts

@@ -20,7 +20,6 @@ export interface DbFactory {
  * Removes all tables, sequences, indexes, types, and functions.
  * The database instance remains usable after reset.
  *
- * @param db - the database to reset
  * @mutates db - drops the `public` schema and recreates it; all rows in all
  *   tables are gone after this returns.
  */
@@ -35,7 +34,6 @@ export declare const reset_pglite: (db: Db) => Promise<void>;
  * cold-start cost again.
  *
  * @param init_schema - callback to initialize the database schema
- * @returns a factory that creates in-memory pglite databases
  */
 export declare const create_pglite_factory: (init_schema: (db: Db) => Promise<void>) => DbFactory;
 /**
@@ -91,7 +89,6 @@ export declare const AUTH_DROP_TABLES: readonly ["app_settings", "invite", "audi
  * Safe on fresh databases (`IF EXISTS` on all statements). No-op effect for
  * PGlite (already fresh), but harmless to call unconditionally.
  *
- * @param db - the database to clean
  * @mutates db - drops every table in `AUTH_DROP_TABLES` plus `schema_version`.
  */
 export declare const drop_auth_schema: (db: Db) => Promise<void>;
@@ -105,15 +102,12 @@ export declare const drop_auth_schema: (db: Db) => Promise<void>;
  *
  * @param factories - one or more database factories to run suites against
  * @param truncate_tables - tables to truncate between tests (children first for FK safety)
- * @returns a `describe_db` function for use in test files
  * @mutates the underlying database between tests — `beforeEach` issues
  *   `TRUNCATE <truncate_tables> CASCADE` against the shared instance.
  */
 export declare const create_describe_db: (factories: DbFactory | Array<DbFactory>, truncate_tables: Array<string>) => ((name: string, fn: (get_db: () => Db) => void) => void);
 /**
  * Log factory status to console.
- *
- * @param factories - the database factories to report on
  */
 export declare const log_db_factory_status: (factories: Array<DbFactory>) => void;
 //# sourceMappingURL=db.d.ts.map

package/dist/testing/db.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"db.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA6B7B,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAKpC;;GAEG;AACH,eAAO,MAAM,KAAK,SAA4B,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,YAAY,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAGvD,CAAC;AAMF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,qBAAqB,GAAI,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,KAAG,SAkB7E,CAAC;AAEH;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAC7B,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EACtC,WAAW,MAAM,KACf,SA2DF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,UAQhC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,UAAyC,CAAC;AAEvF;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,+IAWnB,CAAC;AAEX;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,gBAAgB,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAK3D,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,kBAAkB,GAC9B,WAAW,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,EACvC,iBAAiB,KAAK,CAAC,MAAM,CAAC,KAC5B,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,KAAK,IAAI,CAwBzD,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,qBAAqB,GAAI,WAAW,KAAK,CAAC,SAAS,CAAC,KAAG,IAMnE,CAAC"}
+{"version":3,"file":"db.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA6B7B,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAKpC;;GAEG;AACH,eAAO,MAAM,KAAK,SAA4B,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAGvD,CAAC;AAMF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,GAAI,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,KAAG,SAkB7E,CAAC;AAEH;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAC7B,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EACtC,WAAW,MAAM,KACf,SA2DF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,UAQhC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,UAAyC,CAAC;AAEvF;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,+IAWnB,CAAC;AAEX;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gBAAgB,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAK3D,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,kBAAkB,GAC9B,WAAW,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,EACvC,iBAAiB,KAAK,CAAC,MAAM,CAAC,KAC5B,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,KAAK,IAAI,CAwBzD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAI,WAAW,KAAK,CAAC,SAAS,CAAC,KAAG,IAMnE,CAAC"}

package/dist/testing/db.js

@@ -36,7 +36,6 @@ export const IS_CI = process.env.CI === 'true';
  * Removes all tables, sequences, indexes, types, and functions.
  * The database instance remains usable after reset.
  *
- * @param db - the database to reset
  * @mutates db - drops the `public` schema and recreates it; all rows in all
  *   tables are gone after this returns.
  */
@@ -57,7 +56,6 @@ let module_db = null;
  * cold-start cost again.
  *
  * @param init_schema - callback to initialize the database schema
- * @returns a factory that creates in-memory pglite databases
  */
 export const create_pglite_factory = (init_schema) => ({
     name: 'pglite',
@@ -209,7 +207,6 @@ export const AUTH_DROP_TABLES = [
  * Safe on fresh databases (`IF EXISTS` on all statements). No-op effect for
  * PGlite (already fresh), but harmless to call unconditionally.
  *
- * @param db - the database to clean
  * @mutates db - drops every table in `AUTH_DROP_TABLES` plus `schema_version`.
  */
 export const drop_auth_schema = async (db) => {
@@ -228,7 +225,6 @@ export const drop_auth_schema = async (db) => {
  *
  * @param factories - one or more database factories to run suites against
  * @param truncate_tables - tables to truncate between tests (children first for FK safety)
- * @returns a `describe_db` function for use in test files
  * @mutates the underlying database between tests — `beforeEach` issues
  *   `TRUNCATE <truncate_tables> CASCADE` against the shared instance.
  */
@@ -258,8 +254,6 @@ export const create_describe_db = (factories, truncate_tables) => {
 };
 /**
  * Log factory status to console.
- *
- * @param factories - the database factories to report on
  */
 export const log_db_factory_status = (factories) => {
     const enabled = factories.filter((f) => !f.skip).map((f) => f.name);

package/dist/testing/error_coverage.d.ts

@@ -71,10 +71,7 @@ export declare class ErrorCoverageCollector {
      * (e.g., `/api/accounts/abc` → `/api/accounts/:id`). When `code` is provided,
      * it is stored alongside the status for per-code coverage tracking.
      *
-     * @param route_specs - route specs for path resolution
-     * @param method - HTTP method
      * @param path - request path (may be concrete)
-     * @param status - observed HTTP status code
      * @param code - observed body `error` code (pass when the route's error
      *   schema declares specific codes via `z.literal` or `z.enum`)
      * @mutates `this.observed` - adds the resolved `"METHOD /spec-path:STATUS"`
@@ -90,10 +87,6 @@ export declare class ErrorCoverageCollector {
      * for per-code coverage. Pass an explicit `code` to override the
      * auto-extracted value or when the body was already consumed.
      *
-     * @param route_specs - route specs for schema lookup and path resolution
-     * @param method - HTTP method
-     * @param path - request path
-     * @param response - the Response to validate and record
      * @param code - observed body `error` code (override; if omitted and the
      *   response body is a JSON object with a string `error` field, that value
      *   is auto-extracted)
@@ -111,10 +104,6 @@ export declare class ErrorCoverageCollector {
      * `z.enum`), reports per-code rows; otherwise reports one row per status.
      * A status-only observation (no code) satisfies all declared codes for that
      * status — the "any-code" rule.
-     *
-     * @param route_specs - route specs to check coverage against
-     * @param options - exclusion configuration (skip routes or statuses)
-     * @returns uncovered entries with method, path, status, and optional code
      */
     uncovered(route_specs: Array<RouteSpec>, options?: CoverageFilterOptions): Array<UncoveredEntry>;
 }
@@ -142,9 +131,6 @@ export interface ErrorCoverageOptions extends CoverageFilterOptions {
  * When `min_coverage` is 0 (default), logs coverage info without failing.
  * When > 0, fails if coverage is below the threshold.
  *
- * @param collector - the coverage collector with recorded observations
- * @param route_specs - route specs to check coverage against
- * @param options - threshold and exclusion configuration
  * @throws AssertionError if `min_coverage > 0` and the covered/total ratio
  *   falls below the threshold — the failure message lists every uncovered
  *   route + status (+ code).

package/dist/testing/error_coverage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error_coverage.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/error_coverage.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,MAAM,CAAC,GAAG,IAWhF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,6EAA6E;AAC7E,MAAM,WAAW,qBAAqB;IACrC,kDAAkD;IAClD,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,iCAAiC;IACjC,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAChC;AAqDD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,sBAAsB;IAClC;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAE3C;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACL,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACX,IAAI;IAUP;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,iBAAiB,CACtB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,IAAI,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC,cAAc,CAAC;CAKhG;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,MAAM,CAAC;AAEtD,2CAA2C;AAC3C,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;IAClE,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,qBAAqB,GACjC,WAAW,sBAAsB,EACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,UAAU,oBAAoB,KAC5B,IAqBF,CAAC"}
+{"version":3,"file":"error_coverage.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/error_coverage.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,MAAM,CAAC,GAAG,IAWhF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,6EAA6E;AAC7E,MAAM,WAAW,qBAAqB;IACrC,kDAAkD;IAClD,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,iCAAiC;IACjC,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAChC;AAqDD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,sBAAsB;IAClC;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAE3C;;;;;;;;;;;;OAYG;IACH,MAAM,CACL,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACX,IAAI;IAUP;;;;;;;;;;;;;;;;OAgBG;IACG,iBAAiB,CACtB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,IAAI,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;;;;;;OAQG;IACH,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC,cAAc,CAAC;CAKhG;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,MAAM,CAAC;AAEtD,2CAA2C;AAC3C,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;IAClE,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,qBAAqB,GACjC,WAAW,sBAAsB,EACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,UAAU,oBAAoB,KAC5B,IAqBF,CAAC"}

package/dist/testing/error_coverage.js

@@ -113,10 +113,7 @@ export class ErrorCoverageCollector {
      * (e.g., `/api/accounts/abc` → `/api/accounts/:id`). When `code` is provided,
      * it is stored alongside the status for per-code coverage tracking.
      *
-     * @param route_specs - route specs for path resolution
-     * @param method - HTTP method
      * @param path - request path (may be concrete)
-     * @param status - observed HTTP status code
      * @param code - observed body `error` code (pass when the route's error
      *   schema declares specific codes via `z.literal` or `z.enum`)
      * @mutates `this.observed` - adds the resolved `"METHOD /spec-path:STATUS"`
@@ -140,10 +137,6 @@ export class ErrorCoverageCollector {
      * for per-code coverage. Pass an explicit `code` to override the
      * auto-extracted value or when the body was already consumed.
      *
-     * @param route_specs - route specs for schema lookup and path resolution
-     * @param method - HTTP method
-     * @param path - request path
-     * @param response - the Response to validate and record
      * @param code - observed body `error` code (override; if omitted and the
      *   response body is a JSON object with a string `error` field, that value
      *   is auto-extracted)
@@ -176,10 +169,6 @@ export class ErrorCoverageCollector {
      * `z.enum`), reports per-code rows; otherwise reports one row per status.
      * A status-only observation (no code) satisfies all declared codes for that
      * status — the "any-code" rule.
-     *
-     * @param route_specs - route specs to check coverage against
-     * @param options - exclusion configuration (skip routes or statuses)
-     * @returns uncovered entries with method, path, status, and optional code
      */
     uncovered(route_specs, options) {
         return walk_coverage(this, route_specs, options)
@@ -213,9 +202,6 @@ const format_uncovered = (entry) => `${entry.method} ${entry.path} → ${entry.s
  * When `min_coverage` is 0 (default), logs coverage info without failing.
  * When > 0, fails if coverage is below the threshold.
  *
- * @param collector - the coverage collector with recorded observations
- * @param route_specs - route specs to check coverage against
- * @param options - threshold and exclusion configuration
  * @throws AssertionError if `min_coverage > 0` and the covered/total ratio
  *   falls below the threshold — the failure message lists every uncovered
  *   route + status (+ code).

package/dist/testing/integration.d.ts

@@ -51,7 +51,6 @@ export interface StandardIntegrationTestOptions {
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   suite hard-fails via `require_rpc_endpoint_path` rather than running
  *   tests that would crash mid-suite trying to dispatch

package/dist/testing/integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAsBD;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IAg8CF,CAAC"}
+{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAsBD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IAg8CF,CAAC"}

package/dist/testing/integration.js

@@ -56,7 +56,6 @@ const build_test_app_options = (options, db) => ({
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   suite hard-fails via `require_rpc_endpoint_path` rather than running
  *   tests that would crash mid-suite trying to dispatch

package/dist/testing/integration_helpers.d.ts

@@ -8,10 +8,7 @@ import type { TestApp, TestAccount } from './app_server.js';
  *
  * Supports both exact matches and parameterized paths (`:param` segments).
  *
- * @param specs - route specs to search
- * @param method - HTTP method
  * @param path - request path (exact or with concrete param values)
- * @returns matching route spec, or `undefined`
  */
 export declare const find_route_spec: (specs: Array<RouteSpec>, method: string, path: string) => RouteSpec | undefined;
 /**
@@ -31,14 +28,7 @@ export type RestAuthRouteSuffix = (typeof REST_AUTH_ROUTE_SUFFIXES)[number];
  * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
  * instead of silently returning `undefined`.
  *
- * @param specs - route specs to search
- * @param suffix - REST auth path suffix
- * @param method - HTTP method
- * @returns matching route spec, or `undefined`
- * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES` — surfaces
- *   accidental use of a post-RPC-migration method name (e.g.
- *   `/sessions/revoke-all`) at the call site rather than silently returning
- *   `undefined`.
+ * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES`.
  */
 export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuthRouteSuffix, method: RouteMethod) => RouteSpec | undefined;
 /**
@@ -47,10 +37,6 @@ export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuth
  * For 2xx responses, validates against `spec.output`.
  * For error responses, validates against the merged error schema for that status code.
  *
- * @param route_specs - route specs for schema lookup
- * @param method - HTTP method of the request
- * @param path - path of the request
- * @param response - the Response to validate
  * @throws Error if no route spec matches `method` + `path`, if the response
  *   body fails to parse against the declared output / error schema, or if the
  *   response is non-JSON despite a declared schema for that status.
@@ -58,10 +44,6 @@ export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuth
 export declare const assert_response_matches_spec: (route_specs: Array<RouteSpec>, method: string, path: string, response: Response) => Promise<void>;
 /**
  * Create an expired test cookie — validly signed but with an expiry timestamp in 1970.
- *
- * @param keyring - keyring for signing
- * @param session_options - session config
- * @returns signed cookie value with long-past expiry
  */
 export declare const create_expired_test_cookie: (keyring: Keyring, session_options: SessionOptions<string>) => Promise<string>;
 /**
@@ -69,10 +51,7 @@ export declare const create_expired_test_cookie: (keyring: Keyring, session_opti
  *
  * Error schemas use `z.looseObject` (intentional — multiple producers), but
  * test responses should be checked for fields that could leak information.
- * Flags any field not in the known-safe set so callers can decide whether to
- * fail or log.
  *
- * @param body - parsed error response JSON
  * @returns array of unexpected field names (empty = clean)
  */
 export declare const check_error_response_fields: (body: Record<string, unknown>) => Array<string>;
@@ -82,16 +61,12 @@ export declare const check_error_response_fields: (body: Record<string, unknown>
  * Checks both field names and string values for patterns indicating
  * stack traces, SQL, or internal paths.
  *
- * @param body - parsed error response JSON
  * @param context - description for error messages
  */
 export declare const assert_no_error_info_leakage: (body: Record<string, unknown>, context: string) => void;
 /**
  * Assert that a 429 response includes a valid `Retry-After` header
  * matching the JSON body's `retry_after` field.
- *
- * @param response - the 429 response
- * @param body - parsed JSON body with `retry_after` field
  */
 export declare const assert_rate_limit_retry_after_header: (response: Response, body: {
     retry_after: number;
@@ -104,16 +79,11 @@ export declare const ADMIN_ONLY_FIELD_BLOCKLIST: ReadonlyArray<string>;
  * Recursively collect all key names from a parsed JSON value.
  *
  * Walks objects and arrays to find every property name at any nesting depth.
- *
- * @param value - parsed JSON value
- * @returns set of all key names found
  */
 export declare const collect_json_keys_recursive: (value: unknown) => Set<string>;
 /**
  * Assert that a parsed JSON body contains no fields from the given blocklist.
  *
- * @param body - parsed response JSON
- * @param blocklist - field names to check for
  * @param context - description for error messages
  */
 export declare const assert_no_sensitive_fields_in_json: (body: unknown, blocklist: ReadonlyArray<string>, context: string) => void;
@@ -126,11 +96,6 @@ export declare const assert_no_sensitive_fields_in_json: (body: unknown, blockli
  * - `role: admin` — the admin account's session cookie
  * - `role: <other>` — the test app's bootstrapped keeper session
  * - `keeper` — the test app's daemon token
- *
- * @param spec - route spec to inspect
- * @param test_app - the assembled test app (for bootstrapped credentials)
- * @param authed_account - an account with no roles (for `authenticated` auth)
- * @param admin_account - an account with `admin` role (for role-gated routes)
  */
 export declare const pick_auth_headers: (spec: RouteSpec, test_app: TestApp, authed_account: TestAccount, admin_account: TestAccount) => Record<string, string>;
 //# sourceMappingURL=integration_helpers.d.ts.map

package/dist/testing/integration_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAuCF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}
+{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAgCF;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}