@fuzdev/fuz_app 0.52.0 → 0.54.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/actions/CLAUDE.md +29 -9
- package/dist/actions/action_codegen.d.ts +10 -35
- package/dist/actions/action_codegen.d.ts.map +1 -1
- package/dist/actions/action_codegen.js +13 -42
- package/dist/actions/action_peer.d.ts.map +1 -1
- package/dist/actions/action_peer.js +0 -9
- package/dist/actions/action_registry.d.ts +0 -4
- package/dist/actions/action_registry.d.ts.map +1 -1
- package/dist/actions/action_registry.js +4 -10
- package/dist/actions/action_rpc.d.ts +16 -0
- package/dist/actions/action_rpc.d.ts.map +1 -1
- package/dist/actions/action_rpc.js +41 -20
- package/dist/actions/action_spec.d.ts +54 -5
- package/dist/actions/action_spec.d.ts.map +1 -1
- package/dist/actions/action_spec.js +21 -5
- package/dist/actions/frontend_rpc_client.d.ts +1 -9
- package/dist/actions/frontend_rpc_client.d.ts.map +1 -1
- package/dist/actions/frontend_rpc_client.js +1 -9
- package/dist/actions/register_action_ws.d.ts +16 -0
- package/dist/actions/register_action_ws.d.ts.map +1 -1
- package/dist/actions/register_action_ws.js +41 -1
- package/dist/actions/request_tracker.svelte.d.ts +10 -15
- package/dist/actions/request_tracker.svelte.d.ts.map +1 -1
- package/dist/actions/request_tracker.svelte.js +10 -15
- package/dist/actions/rpc_client.d.ts +0 -1
- package/dist/actions/rpc_client.d.ts.map +1 -1
- package/dist/actions/rpc_client.js +3 -17
- package/dist/actions/socket.svelte.d.ts +0 -1
- package/dist/actions/socket.svelte.d.ts.map +1 -1
- package/dist/actions/socket.svelte.js +0 -1
- package/dist/actions/transports.d.ts +4 -3
- package/dist/actions/transports.d.ts.map +1 -1
- package/dist/actions/transports.js +4 -13
- package/dist/actions/transports_ws_auth_guard.d.ts +0 -2
- package/dist/actions/transports_ws_auth_guard.d.ts.map +1 -1
- package/dist/actions/transports_ws_auth_guard.js +0 -2
- package/dist/actions/transports_ws_backend.d.ts.map +1 -1
- package/dist/actions/transports_ws_backend.js +0 -9
- package/dist/auth/CLAUDE.md +43 -19
- package/dist/auth/account_queries.d.ts +0 -3
- package/dist/auth/account_queries.d.ts.map +1 -1
- package/dist/auth/account_queries.js +0 -3
- package/dist/auth/admin_action_specs.d.ts +5 -0
- package/dist/auth/admin_action_specs.d.ts.map +1 -1
- package/dist/auth/admin_action_specs.js +5 -0
- package/dist/auth/api_token_queries.d.ts +0 -1
- package/dist/auth/api_token_queries.d.ts.map +1 -1
- package/dist/auth/api_token_queries.js +0 -1
- package/dist/auth/audit_log_queries.d.ts +0 -1
- package/dist/auth/audit_log_queries.d.ts.map +1 -1
- package/dist/auth/audit_log_queries.js +0 -1
- package/dist/auth/audit_log_routes.d.ts +2 -2
- package/dist/auth/audit_log_routes.js +2 -2
- package/dist/auth/invite_queries.d.ts +0 -1
- package/dist/auth/invite_queries.d.ts.map +1 -1
- package/dist/auth/invite_queries.js +0 -1
- package/dist/auth/permit_offer_action_specs.d.ts +1 -0
- package/dist/auth/permit_offer_action_specs.d.ts.map +1 -1
- package/dist/auth/permit_offer_action_specs.js +1 -0
- package/dist/auth/permit_offer_actions.d.ts.map +1 -1
- package/dist/auth/permit_offer_actions.js +9 -6
- package/dist/auth/permit_offer_queries.d.ts +0 -1
- package/dist/auth/permit_offer_queries.d.ts.map +1 -1
- package/dist/auth/permit_offer_queries.js +0 -1
- package/dist/auth/permit_queries.d.ts +0 -1
- package/dist/auth/permit_queries.d.ts.map +1 -1
- package/dist/auth/permit_queries.js +0 -1
- package/dist/auth/request_context.d.ts +47 -2
- package/dist/auth/request_context.d.ts.map +1 -1
- package/dist/auth/request_context.js +57 -2
- package/dist/auth/self_service_role_actions.d.ts.map +1 -1
- package/dist/auth/self_service_role_actions.js +14 -11
- package/dist/auth/session_lifecycle.d.ts +0 -1
- package/dist/auth/session_lifecycle.d.ts.map +1 -1
- package/dist/auth/session_lifecycle.js +0 -1
- package/dist/auth/session_middleware.d.ts +0 -4
- package/dist/auth/session_middleware.d.ts.map +1 -1
- package/dist/auth/session_middleware.js +0 -4
- package/dist/cli/config.d.ts +0 -3
- package/dist/cli/config.d.ts.map +1 -1
- package/dist/cli/config.js +0 -3
- package/dist/cli/daemon.d.ts +1 -1
- package/dist/cli/daemon.js +1 -1
- package/dist/db/create_db.d.ts +0 -1
- package/dist/db/create_db.d.ts.map +1 -1
- package/dist/db/create_db.js +0 -1
- package/dist/db/db.d.ts +0 -4
- package/dist/db/db.d.ts.map +1 -1
- package/dist/db/db.js +0 -4
- package/dist/db/db_pg.d.ts +2 -2
- package/dist/db/db_pg.js +2 -2
- package/dist/db/db_pglite.d.ts +1 -2
- package/dist/db/db_pglite.d.ts.map +1 -1
- package/dist/db/db_pglite.js +1 -2
- package/dist/db/migrate.d.ts +0 -1
- package/dist/db/migrate.d.ts.map +1 -1
- package/dist/db/migrate.js +0 -1
- package/dist/dev/setup.d.ts +0 -3
- package/dist/dev/setup.d.ts.map +1 -1
- package/dist/dev/setup.js +0 -3
- package/dist/env/load.d.ts +0 -2
- package/dist/env/load.d.ts.map +1 -1
- package/dist/env/load.js +0 -2
- package/dist/hono_context.d.ts +2 -5
- package/dist/hono_context.d.ts.map +1 -1
- package/dist/hono_context.js +2 -5
- package/dist/http/common_routes.d.ts +0 -8
- package/dist/http/common_routes.d.ts.map +1 -1
- package/dist/http/common_routes.js +0 -8
- package/dist/http/db_routes.d.ts +0 -3
- package/dist/http/db_routes.d.ts.map +1 -1
- package/dist/http/db_routes.js +0 -3
- package/dist/http/error_schemas.d.ts +12 -11
- package/dist/http/error_schemas.d.ts.map +1 -1
- package/dist/http/error_schemas.js +11 -7
- package/dist/http/jsonrpc_errors.d.ts +0 -6
- package/dist/http/jsonrpc_errors.d.ts.map +1 -1
- package/dist/http/jsonrpc_errors.js +0 -6
- package/dist/http/origin.d.ts +6 -13
- package/dist/http/origin.d.ts.map +1 -1
- package/dist/http/origin.js +7 -14
- package/dist/http/proxy.d.ts +1 -7
- package/dist/http/proxy.d.ts.map +1 -1
- package/dist/http/proxy.js +1 -7
- package/dist/http/route_spec.d.ts +13 -35
- package/dist/http/route_spec.d.ts.map +1 -1
- package/dist/http/route_spec.js +10 -22
- package/dist/http/schema_helpers.d.ts +0 -4
- package/dist/http/schema_helpers.d.ts.map +1 -1
- package/dist/http/schema_helpers.js +0 -4
- package/dist/http/surface.d.ts +2 -12
- package/dist/http/surface.d.ts.map +1 -1
- package/dist/http/surface.js +1 -12
- package/dist/rate_limiter.d.ts +16 -0
- package/dist/rate_limiter.d.ts.map +1 -1
- package/dist/rate_limiter.js +26 -0
- package/dist/realtime/sse.d.ts +0 -1
- package/dist/realtime/sse.d.ts.map +1 -1
- package/dist/realtime/sse.js +0 -1
- package/dist/realtime/subscriber_registry.d.ts +0 -3
- package/dist/realtime/subscriber_registry.d.ts.map +1 -1
- package/dist/realtime/subscriber_registry.js +0 -3
- package/dist/runtime/fs.d.ts +1 -4
- package/dist/runtime/fs.d.ts.map +1 -1
- package/dist/runtime/fs.js +1 -4
- package/dist/runtime/mock.d.ts +0 -3
- package/dist/runtime/mock.d.ts.map +1 -1
- package/dist/runtime/mock.js +0 -3
- package/dist/server/app_server.d.ts +27 -5
- package/dist/server/app_server.d.ts.map +1 -1
- package/dist/server/app_server.js +19 -7
- package/dist/server/startup.d.ts +0 -2
- package/dist/server/startup.d.ts.map +1 -1
- package/dist/server/startup.js +0 -2
- package/dist/server/static.d.ts +0 -1
- package/dist/server/static.d.ts.map +1 -1
- package/dist/server/static.js +0 -1
- package/dist/server/validate_nginx.d.ts +0 -3
- package/dist/server/validate_nginx.d.ts.map +1 -1
- package/dist/server/validate_nginx.js +0 -3
- package/dist/testing/CLAUDE.md +1 -1
- package/dist/testing/admin_integration.d.ts +0 -1
- package/dist/testing/admin_integration.d.ts.map +1 -1
- package/dist/testing/admin_integration.js +3 -6
- package/dist/testing/adversarial_404.d.ts +0 -2
- package/dist/testing/adversarial_404.d.ts.map +1 -1
- package/dist/testing/adversarial_404.js +0 -2
- package/dist/testing/adversarial_headers.d.ts +0 -1
- package/dist/testing/adversarial_headers.d.ts.map +1 -1
- package/dist/testing/adversarial_headers.js +0 -1
- package/dist/testing/adversarial_input.d.ts +0 -2
- package/dist/testing/adversarial_input.d.ts.map +1 -1
- package/dist/testing/adversarial_input.js +0 -2
- package/dist/testing/app_server.d.ts +22 -0
- package/dist/testing/app_server.d.ts.map +1 -1
- package/dist/testing/app_server.js +2 -4
- package/dist/testing/assertions.d.ts +0 -4
- package/dist/testing/assertions.d.ts.map +1 -1
- package/dist/testing/assertions.js +0 -4
- package/dist/testing/attack_surface.d.ts +0 -4
- package/dist/testing/attack_surface.d.ts.map +1 -1
- package/dist/testing/attack_surface.js +0 -4
- package/dist/testing/audit_completeness.d.ts +0 -1
- package/dist/testing/audit_completeness.d.ts.map +1 -1
- package/dist/testing/audit_completeness.js +0 -1
- package/dist/testing/auth_apps.d.ts +2 -10
- package/dist/testing/auth_apps.d.ts.map +1 -1
- package/dist/testing/auth_apps.js +2 -10
- package/dist/testing/data_exposure.d.ts +0 -11
- package/dist/testing/data_exposure.d.ts.map +1 -1
- package/dist/testing/data_exposure.js +0 -11
- package/dist/testing/db.d.ts +0 -6
- package/dist/testing/db.d.ts.map +1 -1
- package/dist/testing/db.js +0 -6
- package/dist/testing/error_coverage.d.ts +0 -14
- package/dist/testing/error_coverage.d.ts.map +1 -1
- package/dist/testing/error_coverage.js +0 -14
- package/dist/testing/integration.d.ts +0 -1
- package/dist/testing/integration.d.ts.map +1 -1
- package/dist/testing/integration.js +0 -1
- package/dist/testing/integration_helpers.d.ts +1 -36
- package/dist/testing/integration_helpers.d.ts.map +1 -1
- package/dist/testing/integration_helpers.js +1 -43
- package/dist/testing/middleware.d.ts +0 -10
- package/dist/testing/middleware.d.ts.map +1 -1
- package/dist/testing/middleware.js +0 -10
- package/dist/testing/mock_fs.d.ts +0 -2
- package/dist/testing/mock_fs.d.ts.map +1 -1
- package/dist/testing/mock_fs.js +0 -2
- package/dist/testing/rate_limiting.d.ts +0 -1
- package/dist/testing/rate_limiting.d.ts.map +1 -1
- package/dist/testing/rate_limiting.js +0 -1
- package/dist/testing/round_trip.d.ts +0 -2
- package/dist/testing/round_trip.d.ts.map +1 -1
- package/dist/testing/round_trip.js +0 -2
- package/dist/testing/rpc_attack_surface.d.ts +0 -2
- package/dist/testing/rpc_attack_surface.d.ts.map +1 -1
- package/dist/testing/rpc_attack_surface.js +0 -2
- package/dist/testing/rpc_helpers.d.ts +0 -6
- package/dist/testing/rpc_helpers.d.ts.map +1 -1
- package/dist/testing/rpc_helpers.js +0 -6
- package/dist/testing/rpc_round_trip.d.ts +0 -2
- package/dist/testing/rpc_round_trip.d.ts.map +1 -1
- package/dist/testing/rpc_round_trip.js +0 -2
- package/dist/testing/schema_generators.d.ts +0 -3
- package/dist/testing/schema_generators.d.ts.map +1 -1
- package/dist/testing/schema_generators.js +29 -3
- package/dist/testing/sse_round_trip.d.ts +0 -1
- package/dist/testing/sse_round_trip.d.ts.map +1 -1
- package/dist/testing/sse_round_trip.js +0 -1
- package/dist/testing/standard.d.ts +0 -2
- package/dist/testing/standard.d.ts.map +1 -1
- package/dist/testing/standard.js +0 -2
- package/dist/testing/stubs.d.ts +3 -5
- package/dist/testing/stubs.d.ts.map +1 -1
- package/dist/testing/stubs.js +5 -5
- package/dist/testing/surface_invariants.d.ts +0 -3
- package/dist/testing/surface_invariants.d.ts.map +1 -1
- package/dist/testing/surface_invariants.js +0 -3
- package/dist/ui/CLAUDE.md +1 -1
- package/dist/ui/audit_log_state.svelte.js +1 -1
- package/dist/ui/position_helpers.d.ts +0 -3
- package/dist/ui/position_helpers.d.ts.map +1 -1
- package/dist/ui/position_helpers.js +0 -3
- package/dist/ui/sidebar_state.svelte.d.ts +1 -2
- package/dist/ui/sidebar_state.svelte.d.ts.map +1 -1
- package/dist/ui/sidebar_state.svelte.js +1 -2
- package/dist/ui/ui_fetch.d.ts +1 -7
- package/dist/ui/ui_fetch.d.ts.map +1 -1
- package/dist/ui/ui_fetch.js +1 -7
- package/dist/ui/ui_format.d.ts +2 -14
- package/dist/ui/ui_format.d.ts.map +1 -1
- package/dist/ui/ui_format.js +2 -14
- package/package.json +2 -2
package/dist/server/static.d.ts
CHANGED
|
@@ -30,7 +30,6 @@ export type ServeStaticFactory = (options: ServeStaticOptions) => MiddlewareHand
|
|
|
30
30
|
*
|
|
31
31
|
* @param serve_static - runtime-specific `serveStatic` factory
|
|
32
32
|
* @param options - optional root directory and SPA fallback path
|
|
33
|
-
* @returns array of middleware handlers to apply in order
|
|
34
33
|
*/
|
|
35
34
|
export declare const create_static_middleware: (serve_static: ServeStaticFactory, options?: {
|
|
36
35
|
root?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"static.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/static.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAE5C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,iBAAiB,CAAC;AAKpF
|
|
1
|
+
{"version":3,"file":"static.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/static.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,MAAM,CAAC;AAE5C;;GAEG;AACH,MAAM,WAAW,kBAAkB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,kBAAkB,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9C,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAAC,OAAO,EAAE,kBAAkB,KAAK,iBAAiB,CAAC;AAKpF;;;;;;;GAOG;AACH,eAAO,MAAM,wBAAwB,GACpC,cAAc,kBAAkB,EAChC,UAAU;IAAC,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,OAAO,CAAA;CAAC,KACxF,KAAK,CAAC,iBAAiB,CAyBzB,CAAC"}
|
package/dist/server/static.js
CHANGED
|
@@ -17,7 +17,6 @@ const is_spa_route_default = (path) => !path.startsWith('/api/');
|
|
|
17
17
|
*
|
|
18
18
|
* @param serve_static - runtime-specific `serveStatic` factory
|
|
19
19
|
* @param options - optional root directory and SPA fallback path
|
|
20
|
-
* @returns array of middleware handlers to apply in order
|
|
21
20
|
*/
|
|
22
21
|
export const create_static_middleware = (serve_static, options) => {
|
|
23
22
|
const root = options?.root ?? './build';
|
|
@@ -29,9 +29,6 @@ export interface NginxValidationResult {
|
|
|
29
29
|
* Limitations: string pattern matching, not a real nginx parser. Catches
|
|
30
30
|
* common omissions in fuz_app deploy configs but won't catch all possible
|
|
31
31
|
* misconfigurations.
|
|
32
|
-
*
|
|
33
|
-
* @param config - nginx config template string
|
|
34
|
-
* @returns validation result with ok status, warnings, and errors
|
|
35
32
|
*/
|
|
36
33
|
export declare const validate_nginx_config: (config: string) => NginxValidationResult;
|
|
37
34
|
//# sourceMappingURL=validate_nginx.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,2EAA2E;IAC3E,EAAE,EAAE,OAAO,CAAC;IACZ,2EAA2E;IAC3E,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD
|
|
1
|
+
{"version":3,"file":"validate_nginx.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/server/validate_nginx.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,2EAA2E;IAC3E,EAAE,EAAE,OAAO,CAAC;IACZ,2EAA2E;IAC3E,QAAQ,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACxB,mFAAmF;IACnF,MAAM,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAgGD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,GAAI,QAAQ,MAAM,KAAG,qBA+FtD,CAAC"}
|
|
@@ -97,9 +97,6 @@ const location_matches_api = (block) => {
|
|
|
97
97
|
* Limitations: string pattern matching, not a real nginx parser. Catches
|
|
98
98
|
* common omissions in fuz_app deploy configs but won't catch all possible
|
|
99
99
|
* misconfigurations.
|
|
100
|
-
*
|
|
101
|
-
* @param config - nginx config template string
|
|
102
|
-
* @returns validation result with ok status, warnings, and errors
|
|
103
100
|
*/
|
|
104
101
|
export const validate_nginx_config = (config) => {
|
|
105
102
|
const errors = [];
|
package/dist/testing/CLAUDE.md
CHANGED
|
@@ -584,7 +584,7 @@ three. Consumers that only wire admin will hit `method not found:
|
|
|
584
584
|
account_token_create` on first run.
|
|
585
585
|
|
|
586
586
|
Error-coverage scope is narrowed to the REST suffixes still on the
|
|
587
|
-
admin surface (`/audit
|
|
587
|
+
admin surface (`/audit/stream`); the RPC surface is covered by
|
|
588
588
|
`describe_rpc_round_trip_tests`. Post-RPC-migration that surface is
|
|
589
589
|
0–1 routes — when the scoped count is ≤1, the `afterAll` hook logs
|
|
590
590
|
`[error coverage] skipped admin REST coverage assertion — …` and
|
|
@@ -54,7 +54,6 @@ export interface StandardAdminIntegrationTestOptions {
|
|
|
54
54
|
* Output-schema conformance is not in scope — see the module docstring
|
|
55
55
|
* for the suites that cover it.
|
|
56
56
|
*
|
|
57
|
-
* @param options - session config, route factory, role schema, RPC endpoints
|
|
58
57
|
* @throws Error at setup time when `options.rpc_endpoints` is empty — admin
|
|
59
58
|
* permit grant/revoke, session/token revoke-all, and audit-log reads are
|
|
60
59
|
* all RPC-only since the 2026-04-22 migration. Hard-fails via
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD
|
|
1
|
+
{"version":3,"file":"admin_integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/admin_integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgC7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAA0B,KAAK,gBAAgB,EAAC,MAAM,wBAAwB,CAAC;AAEtF,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AASjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,mCAAmC;IACnD,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,4GAA4G;IAC5G,KAAK,EAAE,gBAAgB,CAAC;IACxB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAgCD;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,mCAAmC,KAC1C,IAu1BF,CAAC"}
|
|
@@ -72,7 +72,6 @@ const build_admin_test_app_options = (options, db, roles) => ({
|
|
|
72
72
|
* Output-schema conformance is not in scope — see the module docstring
|
|
73
73
|
* for the suites that cover it.
|
|
74
74
|
*
|
|
75
|
-
* @param options - session config, route factory, role schema, RPC endpoints
|
|
76
75
|
* @throws Error at setup time when `options.rpc_endpoints` is empty — admin
|
|
77
76
|
* permit grant/revoke, session/token revoke-all, and audit-log reads are
|
|
78
77
|
* all RPC-only since the 2026-04-22 migration. Hard-fails via
|
|
@@ -104,16 +103,14 @@ export const describe_standard_admin_integration_tests = (options) => {
|
|
|
104
103
|
// RPC migration: account listing, session/token revoke-all,
|
|
105
104
|
// audit-log reads, and invite CRUD are RPC-only. The only
|
|
106
105
|
// admin REST route remaining is the optional
|
|
107
|
-
// `GET /audit
|
|
106
|
+
// `GET /audit/stream` SSE, plus the shared RPC endpoint
|
|
108
107
|
// path itself (admin methods live behind spec-level role auth).
|
|
109
|
-
// The `/audit
|
|
108
|
+
// The `/audit/stream` suffix tracks the hardcoded path in
|
|
110
109
|
// `auth/audit_log_routes.ts` — if consumers ever need to mount
|
|
111
110
|
// the audit SSE at a different suffix, promote this to an
|
|
112
111
|
// `audit_log_path_suffix` option on
|
|
113
112
|
// `StandardAdminIntegrationTestOptions`.
|
|
114
|
-
const admin_routes = captured_route_specs.filter((s) => s.path.endsWith('/audit
|
|
115
|
-
s.auth.type === 'role' &&
|
|
116
|
-
s.auth.role === 'admin');
|
|
113
|
+
const admin_routes = captured_route_specs.filter((s) => s.path.endsWith('/audit/stream') && s.auth.type === 'role' && s.auth.role === 'admin');
|
|
117
114
|
// Adaptive threshold: when the scoped admin REST surface is
|
|
118
115
|
// effectively empty (0–1 routes, typical post-RPC-migration),
|
|
119
116
|
// the 20% baseline is meaningless — a single SSE route that
|
|
@@ -8,8 +8,6 @@ import type { AdversarialTestOptions } from './attack_surface.js';
|
|
|
8
8
|
* 2. Fires a request with valid-format params (nil UUIDs for UUID params)
|
|
9
9
|
* 3. Validates response status is 404
|
|
10
10
|
* 4. Validates response body matches the declared 404 Zod schema
|
|
11
|
-
*
|
|
12
|
-
* @param options - the test configuration
|
|
13
11
|
*/
|
|
14
12
|
export declare const describe_adversarial_404: (options: AdversarialTestOptions) => void;
|
|
15
13
|
//# sourceMappingURL=adversarial_404.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversarial_404.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_404.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AAyBhE
|
|
1
|
+
{"version":3,"file":"adversarial_404.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_404.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AAyBhE;;;;;;;;GAQG;AACH,eAAO,MAAM,wBAAwB,GAAI,SAAS,sBAAsB,KAAG,IA2E1E,CAAC"}
|
|
@@ -47,8 +47,6 @@ const extract_404_error_code = (schema) => {
|
|
|
47
47
|
* 2. Fires a request with valid-format params (nil UUIDs for UUID params)
|
|
48
48
|
* 3. Validates response status is 404
|
|
49
49
|
* 4. Validates response body matches the declared 404 Zod schema
|
|
50
|
-
*
|
|
51
|
-
* @param options - the test configuration
|
|
52
50
|
*/
|
|
53
51
|
export const describe_adversarial_404 = (options) => {
|
|
54
52
|
const { build, roles } = options;
|
|
@@ -16,7 +16,6 @@ export interface AdversarialHeaderCase {
|
|
|
16
16
|
* 7 standard adversarial header cases applicable to any middleware stack.
|
|
17
17
|
*
|
|
18
18
|
* @param allowed_origin - an origin that passes the origin check
|
|
19
|
-
* @returns the standard adversarial header cases
|
|
20
19
|
*/
|
|
21
20
|
export declare const create_standard_adversarial_cases: (allowed_origin: string) => Array<AdversarialHeaderCase>;
|
|
22
21
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversarial_headers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_headers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAY7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAG3B,OAAO,EAGN,KAAK,0BAA0B,EAC/B,MAAM,iBAAiB,CAAC;AAIzB,+DAA+D;AAC/D,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAClC,qGAAqG;IACrG,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC9C;AAID
|
|
1
|
+
{"version":3,"file":"adversarial_headers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_headers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAY7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAG3B,OAAO,EAGN,KAAK,0BAA0B,EAC/B,MAAM,iBAAiB,CAAC;AAIzB,+DAA+D;AAC/D,MAAM,WAAW,qBAAqB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;IAClC,qGAAqG;IACrG,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;CAC9C;AAID;;;;GAIG;AACH,eAAO,MAAM,iCAAiC,GAC7C,gBAAgB,MAAM,KACpB,KAAK,CAAC,qBAAqB,CA+D7B,CAAC;AAIF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,qCAAqC,GACjD,YAAY,MAAM,EAClB,SAAS,0BAA0B,EACnC,gBAAgB,MAAM,EACtB,cAAc,KAAK,CAAC,qBAAqB,CAAC,KACxC,IAkCF,CAAC"}
|
|
@@ -15,7 +15,6 @@ import { create_test_middleware_stack_app, TEST_MIDDLEWARE_PATH, } from './middl
|
|
|
15
15
|
* 7 standard adversarial header cases applicable to any middleware stack.
|
|
16
16
|
*
|
|
17
17
|
* @param allowed_origin - an origin that passes the origin check
|
|
18
|
-
* @returns the standard adversarial header cases
|
|
19
18
|
*/
|
|
20
19
|
export const create_standard_adversarial_cases = (allowed_origin) => [
|
|
21
20
|
{
|
|
@@ -52,8 +52,6 @@ export declare const generate_query_test_cases: (query_schema: z.ZodObject) => A
|
|
|
52
52
|
* Tests input body validation and params validation for all routes.
|
|
53
53
|
* Uses correct auth credentials so auth guards pass and validation
|
|
54
54
|
* middleware is actually exercised.
|
|
55
|
-
*
|
|
56
|
-
* @param options - the test configuration
|
|
57
55
|
*/
|
|
58
56
|
export declare const describe_adversarial_input: (options: AdversarialTestOptions) => void;
|
|
59
57
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"adversarial_input.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_input.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAUtB,OAAO,EAEN,0BAA0B,EAC1B,uBAAuB,EAGvB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AA8ChE,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,OAAO,0BAA0B,GAAG,OAAO,uBAAuB,CAAC;CACnF;AAED,UAAU,cAAc;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAID;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,aAAa,CAyLtF,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,eAAe,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,cAAc,CA+B3F,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CA4CxF,CAAC;AAqBF
|
|
1
|
+
{"version":3,"file":"adversarial_input.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/adversarial_input.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAUtB,OAAO,EAEN,0BAA0B,EAC1B,uBAAuB,EAGvB,MAAM,0BAA0B,CAAC;AAElC,OAAO,KAAK,EAAC,sBAAsB,EAAC,MAAM,qBAAqB,CAAC;AA8ChE,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,OAAO,CAAC;IACd,cAAc,EAAE,OAAO,0BAA0B,GAAG,OAAO,uBAAuB,CAAC;CACnF;AAED,UAAU,cAAc;IACvB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC/B;AAED,UAAU,aAAa;IACtB,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC9B;AAID;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,aAAa,CAyLtF,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,eAAe,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,cAAc,CA+B3F,CAAC;AAIF;;;;;;GAMG;AACH,eAAO,MAAM,yBAAyB,GAAI,cAAc,CAAC,CAAC,SAAS,KAAG,KAAK,CAAC,aAAa,CA4CxF,CAAC;AAqBF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GAAI,SAAS,sBAAsB,KAAG,IA4M5E,CAAC"}
|
|
@@ -355,8 +355,6 @@ const build_query_url = (path, query) => {
|
|
|
355
355
|
* Tests input body validation and params validation for all routes.
|
|
356
356
|
* Uses correct auth credentials so auth guards pass and validation
|
|
357
357
|
* middleware is actually exercised.
|
|
358
|
-
*
|
|
359
|
-
* @param options - the test configuration
|
|
360
358
|
*/
|
|
361
359
|
export const describe_adversarial_input = (options) => {
|
|
362
360
|
const { build, roles } = options;
|
|
@@ -126,6 +126,28 @@ export interface TestAppServerOptions {
|
|
|
126
126
|
*/
|
|
127
127
|
audit_log_config?: AuditLogConfig;
|
|
128
128
|
}
|
|
129
|
+
/**
|
|
130
|
+
* Create an app server with a bootstrapped account for testing.
|
|
131
|
+
*
|
|
132
|
+
* Sets up:
|
|
133
|
+
* - Auth tables (via cached PGlite factory, or reuses existing `db`)
|
|
134
|
+
* - A keeper account with hashed password
|
|
135
|
+
* - Role permits for each role in `options.roles`
|
|
136
|
+
* - An API token for Bearer auth
|
|
137
|
+
* - A session with a signed cookie value
|
|
138
|
+
*
|
|
139
|
+
* Uses `stub_password_deps` by default — deterministic hashing that works
|
|
140
|
+
* correctly for login/logout tests without Argon2 overhead.
|
|
141
|
+
*
|
|
142
|
+
* @param options - session options and optional overrides
|
|
143
|
+
* @returns a `TestAppServer` ready for HTTP testing
|
|
144
|
+
* @mutates the underlying database — when `db` is supplied, resets singleton
|
|
145
|
+
* state (`bootstrap_lock.bootstrapped`, `app_settings.open_signup`) before
|
|
146
|
+
* bootstrapping; in either branch inserts an account, actor, role permits,
|
|
147
|
+
* API token, and session row. When `audit_log_config` is provided, also
|
|
148
|
+
* sets `backend.deps.audit_log_config` so `create_app_server`'s shallow
|
|
149
|
+
* spread picks it up.
|
|
150
|
+
*/
|
|
129
151
|
export declare const create_test_app_server: (options: TestAppServerOptions) => Promise<TestAppServer>;
|
|
130
152
|
/**
|
|
131
153
|
* Configuration for `create_test_app`.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAI9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AASjD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC3C,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,2BAA2B,KAClC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;
|
|
1
|
+
{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,KAAK,EAAC,cAAc,EAAE,aAAa,EAAC,MAAM,6BAA6B,CAAC;AAC/E,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,0BAA0B,CAAC;AACzD,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAI9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AASjD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC3C,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,2BAA2B,KAClC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;OAMG;IACH,cAAc,CAAC,EAAE,CAAC,KAAK,EAAE,aAAa,KAAK,IAAI,CAAC;IAChD;;;;;;;;;OASG;IACH,gBAAgB,CAAC,EAAE,cAAc,CAAC;CAClC;AAKD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,oBAAoB,KAC3B,OAAO,CAAC,aAAa,CA8FvB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IACjE,yEAAyE;IACzE,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE;;;;;;;;OAQG;IACH,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,gHAAgH;IAChH,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;CACF;AAED;;;;;;;;GAQG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,CACpC,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,eAAe,CAAC,CAC9F,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,8DAA8D;IAC9D,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,kEAAkE;IAClE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,gEAAgE;IAChE,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,iEAAiE;IACjE,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxF,qDAAqD;IACrD,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACtB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,oBAAoB,KAAG,OAAO,CAAC,OAAO,CAyGpF,CAAC"}
|
|
@@ -72,6 +72,8 @@ export const bootstrap_test_account = async (options) => {
|
|
|
72
72
|
session_cookie,
|
|
73
73
|
};
|
|
74
74
|
};
|
|
75
|
+
/** Silent logger for tests — suppresses all output. */
|
|
76
|
+
const test_log = new Logger('test', { level: 'off' });
|
|
75
77
|
/**
|
|
76
78
|
* Create an app server with a bootstrapped account for testing.
|
|
77
79
|
*
|
|
@@ -93,11 +95,7 @@ export const bootstrap_test_account = async (options) => {
|
|
|
93
95
|
* API token, and session row. When `audit_log_config` is provided, also
|
|
94
96
|
* sets `backend.deps.audit_log_config` so `create_app_server`'s shallow
|
|
95
97
|
* spread picks it up.
|
|
96
|
-
* @throws Error if `create_validated_keyring(TEST_COOKIE_SECRET)` rejects —
|
|
97
|
-
* should never happen with the literal stub but surfaced eagerly.
|
|
98
98
|
*/
|
|
99
|
-
/** Silent logger for tests — suppresses all output. */
|
|
100
|
-
const test_log = new Logger('test', { level: 'off' });
|
|
101
99
|
export const create_test_app_server = async (options) => {
|
|
102
100
|
const { session_options, db: existing_db, db_type = 'pglite-memory', password = stub_password_deps, username = 'keeper', password_value = 'test-password-123', roles = [ROLE_KEEPER], on_audit_event = () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
|
|
103
101
|
audit_log_config, } = options;
|
|
@@ -5,9 +5,7 @@ import type { RouteErrorSchemas } from '../http/error_schemas.js';
|
|
|
5
5
|
/**
|
|
6
6
|
* Resolve an absolute path relative to the caller's module.
|
|
7
7
|
*
|
|
8
|
-
* @param filename - the filename to resolve
|
|
9
8
|
* @param import_meta_url - the caller's `import.meta.url`
|
|
10
|
-
* @returns absolute path
|
|
11
9
|
*/
|
|
12
10
|
export declare const resolve_fixture_path: (filename: string, import_meta_url: string) => string;
|
|
13
11
|
/**
|
|
@@ -26,8 +24,6 @@ export declare const resolve_fixture_path: (filename: string, import_meta_url: s
|
|
|
26
24
|
export declare const assert_surface_matches_snapshot: (surface: AppSurface, snapshot_path: string) => void;
|
|
27
25
|
/**
|
|
28
26
|
* Verify surface generation is deterministic (build twice, compare).
|
|
29
|
-
*
|
|
30
|
-
* @param build_surface - function that builds the surface
|
|
31
27
|
*/
|
|
32
28
|
export declare const assert_surface_deterministic: (build_surface: () => AppSurface) => void;
|
|
33
29
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"assertions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/assertions.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAe7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,UAAU,EAAE,eAAe,EAAC,MAAM,oBAAoB,CAAC;AACpE,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,0BAA0B,CAAC;AAEhE
|
|
1
|
+
{"version":3,"file":"assertions.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/assertions.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAe7B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAE3B,OAAO,KAAK,EAAC,UAAU,EAAE,eAAe,EAAC,MAAM,oBAAoB,CAAC;AACpE,OAAO,KAAK,EAAC,iBAAiB,EAAC,MAAM,0BAA0B,CAAC;AAEhE;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,GAAI,UAAU,MAAM,EAAE,iBAAiB,MAAM,KAAG,MACtB,CAAC;AAE5D;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,+BAA+B,GAC3C,SAAS,UAAU,EACnB,eAAe,MAAM,KACnB,IAOF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,4BAA4B,GAAI,eAAe,MAAM,UAAU,KAAG,IAE9E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,kCAAkC,GAC9C,SAAS,UAAU,EACnB,iBAAiB,KAAK,CAAC,MAAM,CAAC,KAC5B,IAWF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,sBAAsB,GAClC,QAAQ,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,EACtC,OAAO,eAAe,EACtB,QAAQ,MAAM,KACZ,CAAC,CAAC,OAAO,GAAG,SAGd,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,yBAAyB,GACrC,QAAQ,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,EACtC,OAAO,eAAe,EACtB,QAAQ,MAAM,EACd,MAAM,OAAO,KACX,IAIF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GACxC,SAAS,UAAU,EACnB,aAAa,MAAM,EACnB,qBAAqB,KAAK,CAAC,MAAM,CAAC,KAChC,IAUF,CAAC"}
|
|
@@ -14,9 +14,7 @@ import { assert } from 'vitest';
|
|
|
14
14
|
/**
|
|
15
15
|
* Resolve an absolute path relative to the caller's module.
|
|
16
16
|
*
|
|
17
|
-
* @param filename - the filename to resolve
|
|
18
17
|
* @param import_meta_url - the caller's `import.meta.url`
|
|
19
|
-
* @returns absolute path
|
|
20
18
|
*/
|
|
21
19
|
export const resolve_fixture_path = (filename, import_meta_url) => resolve(dirname(fileURLToPath(import_meta_url)), filename);
|
|
22
20
|
/**
|
|
@@ -38,8 +36,6 @@ export const assert_surface_matches_snapshot = (surface, snapshot_path) => {
|
|
|
38
36
|
};
|
|
39
37
|
/**
|
|
40
38
|
* Verify surface generation is deterministic (build twice, compare).
|
|
41
|
-
*
|
|
42
|
-
* @param build_surface - function that builds the surface
|
|
43
39
|
*/
|
|
44
40
|
export const assert_surface_deterministic = (build_surface) => {
|
|
45
41
|
assert.deepStrictEqual(build_surface(), build_surface());
|
|
@@ -16,8 +16,6 @@ export interface AdversarialTestOptions {
|
|
|
16
16
|
* - wrong role → 403 — every role route, tested with all non-matching roles
|
|
17
17
|
* - authenticated without role → 403 — every role route, no-role context
|
|
18
18
|
* - correct auth passes guard — every protected route, assert not 401/403
|
|
19
|
-
*
|
|
20
|
-
* @param options - the test configuration
|
|
21
19
|
*/
|
|
22
20
|
export declare const describe_adversarial_auth: (options: AdversarialTestOptions) => void;
|
|
23
21
|
/**
|
|
@@ -83,8 +81,6 @@ export interface StandardAttackSurfaceOptions {
|
|
|
83
81
|
*
|
|
84
82
|
* Consumer test files call this with project-specific options, then add
|
|
85
83
|
* any project-specific assertions in additional `describe` blocks.
|
|
86
|
-
*
|
|
87
|
-
* @param options - the test configuration
|
|
88
84
|
*/
|
|
89
85
|
export declare const describe_standard_attack_surface_tests: (options: StandardAttackSurfaceOptions) => void;
|
|
90
86
|
//# sourceMappingURL=attack_surface.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,EAON,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,MAAM,yBAAyB,CAAC;AAoBjC,OAAO,EAA4B,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAsClF,oFAAoF;AACpF,MAAM,WAAW,sBAAsB;IACtC,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAED
|
|
1
|
+
{"version":3,"file":"attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,EAON,KAAK,4BAA4B,EACjC,KAAK,2BAA2B,EAChC,MAAM,yBAAyB,CAAC;AAoBjC,OAAO,EAA4B,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAsClF,oFAAoF;AACpF,MAAM,WAAW,sBAAsB;IACtC,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,GAAI,SAAS,sBAAsB,KAAG,IAkH3E,CAAC;AAIF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,uCAAuC,GACnD,UAAU,2BAA2B,GAAG,IAAI,GAAG,SAAS,KACtD,2BAA2B,GAAG,IAWhC,CAAC;AAEF,0DAA0D;AAC1D,MAAM,WAAW,4BAA4B;IAC5C,+EAA+E;IAC/E,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,aAAa,EAAE,MAAM,CAAC;IACtB,iFAAiF;IACjF,sBAAsB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtC,gHAAgH;IAChH,uBAAuB,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACvC,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACrB,qEAAqE;IACrE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,iEAAiE;IACjE,eAAe,CAAC,EAAE,4BAA4B,CAAC;IAC/C;;;;;;;;;;;OAWG;IACH,sBAAsB,CAAC,EAAE,2BAA2B,GAAG,IAAI,CAAC;CAC5D;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,sCAAsC,GAClD,SAAS,4BAA4B,KACnC,IAuEF,CAAC"}
|
|
@@ -53,8 +53,6 @@ const build_error_schema_lookup = (route_specs, middleware_specs) => {
|
|
|
53
53
|
* - wrong role → 403 — every role route, tested with all non-matching roles
|
|
54
54
|
* - authenticated without role → 403 — every role route, no-role context
|
|
55
55
|
* - correct auth passes guard — every protected route, assert not 401/403
|
|
56
|
-
*
|
|
57
|
-
* @param options - the test configuration
|
|
58
56
|
*/
|
|
59
57
|
export const describe_adversarial_auth = (options) => {
|
|
60
58
|
const { build, roles } = options;
|
|
@@ -203,8 +201,6 @@ export const resolve_standard_error_schema_tightness = (consumer) => {
|
|
|
203
201
|
*
|
|
204
202
|
* Consumer test files call this with project-specific options, then add
|
|
205
203
|
* any project-specific assertions in additional `describe` blocks.
|
|
206
|
-
*
|
|
207
|
-
* @param options - the test configuration
|
|
208
204
|
*/
|
|
209
205
|
export const describe_standard_attack_surface_tests = (options) => {
|
|
210
206
|
const { build, snapshot_path, expected_public_routes, expected_api_middleware, roles, api_path_prefix = '/api/', security_policy, } = options;
|
|
@@ -38,7 +38,6 @@ export interface AuditCompletenessTestOptions {
|
|
|
38
38
|
* event type. Exercises routes via HTTP requests against a real PGlite
|
|
39
39
|
* database, then queries the `audit_log` table to verify events.
|
|
40
40
|
*
|
|
41
|
-
* @param options - session config, route factory, and optional overrides
|
|
42
41
|
* @throws Error at setup time when `options.rpc_endpoints` is empty — the
|
|
43
42
|
* mutation-audit tests drive permit flow, session/token revoke-all, and
|
|
44
43
|
* invite create/delete through their RPC action specs. Hard-fails via
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD
|
|
1
|
+
{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAoDD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAyezF,CAAC"}
|
|
@@ -63,7 +63,6 @@ const json_session_headers = (test_app, extra) => test_app.create_session_header
|
|
|
63
63
|
* event type. Exercises routes via HTTP requests against a real PGlite
|
|
64
64
|
* database, then queries the `audit_log` table to verify events.
|
|
65
65
|
*
|
|
66
|
-
* @param options - session config, route factory, and optional overrides
|
|
67
66
|
* @throws Error at setup time when `options.rpc_endpoints` is empty — the
|
|
68
67
|
* mutation-audit tests drive permit flow, session/token revoke-all, and
|
|
69
68
|
* invite create/delete through their RPC action specs. Hard-fails via
|
|
@@ -12,10 +12,7 @@ import { type RouteSpec, type RouteAuth } from '../http/route_spec.js';
|
|
|
12
12
|
import { type RequestContext } from '../auth/request_context.js';
|
|
13
13
|
import { type CredentialType } from '../hono_context.js';
|
|
14
14
|
/**
|
|
15
|
-
* Create a mock
|
|
16
|
-
*
|
|
17
|
-
* @param role - optional role to grant
|
|
18
|
-
* @returns a valid `RequestContext`
|
|
15
|
+
* Create a mock `RequestContext` with optional role permit.
|
|
19
16
|
*/
|
|
20
17
|
export declare const create_test_request_context: (role?: string) => RequestContext;
|
|
21
18
|
/**
|
|
@@ -23,8 +20,7 @@ export declare const create_test_request_context: (role?: string) => RequestCont
|
|
|
23
20
|
*
|
|
24
21
|
* @param route_specs - the route specs to register
|
|
25
22
|
* @param auth_ctx - optional request context to inject via middleware
|
|
26
|
-
* @param credential_type - optional credential type (default: `'session'` when auth_ctx provided)
|
|
27
|
-
* @returns a configured Hono app
|
|
23
|
+
* @param credential_type - optional credential type (default: `'session'` when `auth_ctx` provided)
|
|
28
24
|
*/
|
|
29
25
|
export declare const create_test_app_from_specs: (route_specs: Array<RouteSpec>, auth_ctx?: RequestContext, credential_type?: CredentialType) => Hono;
|
|
30
26
|
/** Pre-built Hono apps for each auth level, shared across adversarial test suites. */
|
|
@@ -39,15 +35,11 @@ export interface AuthTestApps {
|
|
|
39
35
|
*
|
|
40
36
|
* @param route_specs - the route specs to register
|
|
41
37
|
* @param roles - all roles in the app
|
|
42
|
-
* @returns apps keyed by auth level
|
|
43
38
|
*/
|
|
44
39
|
export declare const create_auth_test_apps: (route_specs: Array<RouteSpec>, roles: Array<string>) => AuthTestApps;
|
|
45
40
|
/**
|
|
46
41
|
* Select the Hono test app with correct auth for a route.
|
|
47
42
|
*
|
|
48
|
-
* @param apps - the pre-built auth test apps
|
|
49
|
-
* @param auth - the route's auth options
|
|
50
|
-
* @returns the correctly-authenticated Hono app
|
|
51
43
|
* @throws Error if `auth.type === 'role'` and `auth.role` is not present in
|
|
52
44
|
* `apps.by_role` — surfaces a missing entry in the `roles` array passed to
|
|
53
45
|
* `create_auth_test_apps`.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth_apps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/auth_apps.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;GAOG;AAEH,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG1B,OAAO,EAAoB,KAAK,SAAS,EAAE,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AACpF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAI5E
|
|
1
|
+
{"version":3,"file":"auth_apps.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/auth_apps.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;GAOG;AAEH,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG1B,OAAO,EAAoB,KAAK,SAAS,EAAE,KAAK,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAExF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AACpF,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAI5E;;GAEG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,MAAM,KAAG,cAI1D,CAAC;AAEH;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,WAAW,cAAc,EACzB,kBAAkB,cAAc,KAC9B,IAkBF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,YAAY;IAC5B,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,MAAM,EAAE,IAAI,CAAC;IACb,OAAO,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;CAC3B;AAED;;;;;GAKG;AACH,eAAO,MAAM,qBAAqB,GACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,OAAO,KAAK,CAAC,MAAM,CAAC,KAClB,YAeF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAAI,MAAM,YAAY,EAAE,MAAM,SAAS,KAAG,IAcrE,CAAC;AAEF,6EAA6E;AAC7E,eAAO,MAAM,iBAAiB,GAAI,MAAM,MAAM,KAAG,MAA4C,CAAC"}
|
|
@@ -16,10 +16,7 @@ import { CREDENTIAL_TYPE_KEY } from '../hono_context.js';
|
|
|
16
16
|
import { create_stub_db } from './stubs.js';
|
|
17
17
|
import { create_test_account, create_test_actor, create_test_permit } from './entities.js';
|
|
18
18
|
/**
|
|
19
|
-
* Create a mock
|
|
20
|
-
*
|
|
21
|
-
* @param role - optional role to grant
|
|
22
|
-
* @returns a valid `RequestContext`
|
|
19
|
+
* Create a mock `RequestContext` with optional role permit.
|
|
23
20
|
*/
|
|
24
21
|
export const create_test_request_context = (role) => ({
|
|
25
22
|
account: create_test_account({ id: 'acc_1', username: 'testuser' }),
|
|
@@ -31,8 +28,7 @@ export const create_test_request_context = (role) => ({
|
|
|
31
28
|
*
|
|
32
29
|
* @param route_specs - the route specs to register
|
|
33
30
|
* @param auth_ctx - optional request context to inject via middleware
|
|
34
|
-
* @param credential_type - optional credential type (default: `'session'` when auth_ctx provided)
|
|
35
|
-
* @returns a configured Hono app
|
|
31
|
+
* @param credential_type - optional credential type (default: `'session'` when `auth_ctx` provided)
|
|
36
32
|
*/
|
|
37
33
|
export const create_test_app_from_specs = (route_specs, auth_ctx, credential_type) => {
|
|
38
34
|
const app = new Hono();
|
|
@@ -52,7 +48,6 @@ export const create_test_app_from_specs = (route_specs, auth_ctx, credential_typ
|
|
|
52
48
|
*
|
|
53
49
|
* @param route_specs - the route specs to register
|
|
54
50
|
* @param roles - all roles in the app
|
|
55
|
-
* @returns apps keyed by auth level
|
|
56
51
|
*/
|
|
57
52
|
export const create_auth_test_apps = (route_specs, roles) => {
|
|
58
53
|
const by_role = new Map();
|
|
@@ -69,9 +64,6 @@ export const create_auth_test_apps = (route_specs, roles) => {
|
|
|
69
64
|
/**
|
|
70
65
|
* Select the Hono test app with correct auth for a route.
|
|
71
66
|
*
|
|
72
|
-
* @param apps - the pre-built auth test apps
|
|
73
|
-
* @param auth - the route's auth options
|
|
74
|
-
* @returns the correctly-authenticated Hono app
|
|
75
67
|
* @throws Error if `auth.type === 'role'` and `auth.role` is not present in
|
|
76
68
|
* `apps.by_role` — surfaces a missing entry in the `roles` array passed to
|
|
77
69
|
* `create_auth_test_apps`.
|
|
@@ -9,23 +9,14 @@ import { type DbFactory } from './db.js';
|
|
|
9
9
|
*
|
|
10
10
|
* Walks `properties`, `items`, `allOf`/`anyOf`/`oneOf`, and
|
|
11
11
|
* `additionalProperties` to find every declared field name at any depth.
|
|
12
|
-
*
|
|
13
|
-
* @param schema - JSON Schema object
|
|
14
|
-
* @returns set of all property names found
|
|
15
12
|
*/
|
|
16
13
|
export declare const collect_json_schema_property_names: (schema: unknown) => Set<string>;
|
|
17
14
|
/**
|
|
18
15
|
* Assert that no output schema in the surface contains sensitive field names.
|
|
19
|
-
*
|
|
20
|
-
* @param surface - the app surface to check
|
|
21
|
-
* @param sensitive_fields - field names to flag
|
|
22
16
|
*/
|
|
23
17
|
export declare const assert_output_schemas_no_sensitive_fields: (surface: AppSurface, sensitive_fields?: ReadonlyArray<string>) => void;
|
|
24
18
|
/**
|
|
25
19
|
* Assert that non-admin route output schemas don't contain admin-only fields.
|
|
26
|
-
*
|
|
27
|
-
* @param surface - the app surface to check
|
|
28
|
-
* @param admin_only_fields - field names that are admin-only
|
|
29
20
|
*/
|
|
30
21
|
export declare const assert_non_admin_schemas_no_admin_fields: (surface: AppSurface, admin_only_fields?: ReadonlyArray<string>) => void;
|
|
31
22
|
/** Options for `describe_data_exposure_tests`. */
|
|
@@ -55,8 +46,6 @@ export interface DataExposureTestOptions {
|
|
|
55
46
|
* 2. Runtime — fire real requests and check response bodies against blocklists
|
|
56
47
|
* 3. Cross-privilege — admin routes return 403 for non-admin, error responses
|
|
57
48
|
* contain no sensitive fields
|
|
58
|
-
*
|
|
59
|
-
* @param options - test configuration
|
|
60
49
|
*/
|
|
61
50
|
export declare const describe_data_exposure_tests: (options: DataExposureTestOptions) => void;
|
|
62
51
|
//# sourceMappingURL=data_exposure.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgB7B,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAe9D
|
|
1
|
+
{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgB7B,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAe9D;;;;;GAKG;AACH,eAAO,MAAM,kCAAkC,GAAI,QAAQ,OAAO,KAAG,GAAG,CAAC,MAAM,CAuB9E,CAAC;AAIF;;GAEG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,UAAU,EACnB,mBAAkB,aAAa,CAAC,MAAM,CAA6B,KACjE,IAWF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wCAAwC,GACpD,SAAS,UAAU,EACnB,oBAAmB,aAAa,CAAC,MAAM,CAA8B,KACnE,IAcF,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACvC,4DAA4D;IAC5D,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,wCAAwC;IACxC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4CAA4C;IAC5C,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,2FAA2F;IAC3F,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,iGAAiG;IACjG,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAmC/E,CAAC"}
|
|
@@ -25,9 +25,6 @@ import { SENSITIVE_FIELD_BLOCKLIST, ADMIN_ONLY_FIELD_BLOCKLIST, assert_no_sensit
|
|
|
25
25
|
*
|
|
26
26
|
* Walks `properties`, `items`, `allOf`/`anyOf`/`oneOf`, and
|
|
27
27
|
* `additionalProperties` to find every declared field name at any depth.
|
|
28
|
-
*
|
|
29
|
-
* @param schema - JSON Schema object
|
|
30
|
-
* @returns set of all property names found
|
|
31
28
|
*/
|
|
32
29
|
export const collect_json_schema_property_names = (schema) => {
|
|
33
30
|
const names = new Set();
|
|
@@ -59,9 +56,6 @@ export const collect_json_schema_property_names = (schema) => {
|
|
|
59
56
|
// --- Schema-level assertions ---
|
|
60
57
|
/**
|
|
61
58
|
* Assert that no output schema in the surface contains sensitive field names.
|
|
62
|
-
*
|
|
63
|
-
* @param surface - the app surface to check
|
|
64
|
-
* @param sensitive_fields - field names to flag
|
|
65
59
|
*/
|
|
66
60
|
export const assert_output_schemas_no_sensitive_fields = (surface, sensitive_fields = SENSITIVE_FIELD_BLOCKLIST) => {
|
|
67
61
|
for (const route of surface.routes) {
|
|
@@ -75,9 +69,6 @@ export const assert_output_schemas_no_sensitive_fields = (surface, sensitive_fie
|
|
|
75
69
|
};
|
|
76
70
|
/**
|
|
77
71
|
* Assert that non-admin route output schemas don't contain admin-only fields.
|
|
78
|
-
*
|
|
79
|
-
* @param surface - the app surface to check
|
|
80
|
-
* @param admin_only_fields - field names that are admin-only
|
|
81
72
|
*/
|
|
82
73
|
export const assert_non_admin_schemas_no_admin_fields = (surface, admin_only_fields = ADMIN_ONLY_FIELD_BLOCKLIST) => {
|
|
83
74
|
const non_admin = surface.routes.filter((r) => r.auth.type !== 'keeper' && !(r.auth.type === 'role' && r.auth.role === 'admin'));
|
|
@@ -98,8 +89,6 @@ export const assert_non_admin_schemas_no_admin_fields = (surface, admin_only_fie
|
|
|
98
89
|
* 2. Runtime — fire real requests and check response bodies against blocklists
|
|
99
90
|
* 3. Cross-privilege — admin routes return 403 for non-admin, error responses
|
|
100
91
|
* contain no sensitive fields
|
|
101
|
-
*
|
|
102
|
-
* @param options - test configuration
|
|
103
92
|
*/
|
|
104
93
|
export const describe_data_exposure_tests = (options) => {
|
|
105
94
|
const { build, sensitive_fields = SENSITIVE_FIELD_BLOCKLIST, admin_only_fields = ADMIN_ONLY_FIELD_BLOCKLIST, } = options;
|
package/dist/testing/db.d.ts
CHANGED
|
@@ -20,7 +20,6 @@ export interface DbFactory {
|
|
|
20
20
|
* Removes all tables, sequences, indexes, types, and functions.
|
|
21
21
|
* The database instance remains usable after reset.
|
|
22
22
|
*
|
|
23
|
-
* @param db - the database to reset
|
|
24
23
|
* @mutates db - drops the `public` schema and recreates it; all rows in all
|
|
25
24
|
* tables are gone after this returns.
|
|
26
25
|
*/
|
|
@@ -35,7 +34,6 @@ export declare const reset_pglite: (db: Db) => Promise<void>;
|
|
|
35
34
|
* cold-start cost again.
|
|
36
35
|
*
|
|
37
36
|
* @param init_schema - callback to initialize the database schema
|
|
38
|
-
* @returns a factory that creates in-memory pglite databases
|
|
39
37
|
*/
|
|
40
38
|
export declare const create_pglite_factory: (init_schema: (db: Db) => Promise<void>) => DbFactory;
|
|
41
39
|
/**
|
|
@@ -91,7 +89,6 @@ export declare const AUTH_DROP_TABLES: readonly ["app_settings", "invite", "audi
|
|
|
91
89
|
* Safe on fresh databases (`IF EXISTS` on all statements). No-op effect for
|
|
92
90
|
* PGlite (already fresh), but harmless to call unconditionally.
|
|
93
91
|
*
|
|
94
|
-
* @param db - the database to clean
|
|
95
92
|
* @mutates db - drops every table in `AUTH_DROP_TABLES` plus `schema_version`.
|
|
96
93
|
*/
|
|
97
94
|
export declare const drop_auth_schema: (db: Db) => Promise<void>;
|
|
@@ -105,15 +102,12 @@ export declare const drop_auth_schema: (db: Db) => Promise<void>;
|
|
|
105
102
|
*
|
|
106
103
|
* @param factories - one or more database factories to run suites against
|
|
107
104
|
* @param truncate_tables - tables to truncate between tests (children first for FK safety)
|
|
108
|
-
* @returns a `describe_db` function for use in test files
|
|
109
105
|
* @mutates the underlying database between tests — `beforeEach` issues
|
|
110
106
|
* `TRUNCATE <truncate_tables> CASCADE` against the shared instance.
|
|
111
107
|
*/
|
|
112
108
|
export declare const create_describe_db: (factories: DbFactory | Array<DbFactory>, truncate_tables: Array<string>) => ((name: string, fn: (get_db: () => Db) => void) => void);
|
|
113
109
|
/**
|
|
114
110
|
* Log factory status to console.
|
|
115
|
-
*
|
|
116
|
-
* @param factories - the database factories to report on
|
|
117
111
|
*/
|
|
118
112
|
export declare const log_db_factory_status: (factories: Array<DbFactory>) => void;
|
|
119
113
|
//# sourceMappingURL=db.d.ts.map
|
package/dist/testing/db.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"db.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA6B7B,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAKpC;;GAEG;AACH,eAAO,MAAM,KAAK,SAA4B,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED
|
|
1
|
+
{"version":3,"file":"db.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA6B7B,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAKpC;;GAEG;AACH,eAAO,MAAM,KAAK,SAA4B,CAAC;AAE/C;;GAEG;AACH,MAAM,WAAW,SAAS;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,OAAO,CAAC,EAAE,CAAC,CAAC;IAC1B,KAAK,EAAE,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,YAAY,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAGvD,CAAC;AAMF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,qBAAqB,GAAI,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,KAAG,SAkB7E,CAAC;AAEH;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,iBAAiB,GAC7B,aAAa,CAAC,EAAE,EAAE,EAAE,KAAK,OAAO,CAAC,IAAI,CAAC,EACtC,WAAW,MAAM,KACf,SA2DF,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,oBAAoB,UAQhC,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,gCAAgC,UAAyC,CAAC;AAEvF;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,+IAWnB,CAAC;AAEX;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gBAAgB,GAAU,IAAI,EAAE,KAAG,OAAO,CAAC,IAAI,CAK3D,CAAC;AAEF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,kBAAkB,GAC9B,WAAW,SAAS,GAAG,KAAK,CAAC,SAAS,CAAC,EACvC,iBAAiB,KAAK,CAAC,MAAM,CAAC,KAC5B,CAAC,CAAC,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,IAAI,KAAK,IAAI,CAwBzD,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,qBAAqB,GAAI,WAAW,KAAK,CAAC,SAAS,CAAC,KAAG,IAMnE,CAAC"}
|