@fuzdev/fuz_app 0.52.0 → 0.54.0

package/dist/testing/db.js

@@ -36,7 +36,6 @@ export const IS_CI = process.env.CI === 'true';
  * Removes all tables, sequences, indexes, types, and functions.
  * The database instance remains usable after reset.
  *
- * @param db - the database to reset
  * @mutates db - drops the `public` schema and recreates it; all rows in all
  *   tables are gone after this returns.
  */
@@ -57,7 +56,6 @@ let module_db = null;
  * cold-start cost again.
  *
  * @param init_schema - callback to initialize the database schema
- * @returns a factory that creates in-memory pglite databases
  */
 export const create_pglite_factory = (init_schema) => ({
     name: 'pglite',
@@ -209,7 +207,6 @@ export const AUTH_DROP_TABLES = [
  * Safe on fresh databases (`IF EXISTS` on all statements). No-op effect for
  * PGlite (already fresh), but harmless to call unconditionally.
  *
- * @param db - the database to clean
  * @mutates db - drops every table in `AUTH_DROP_TABLES` plus `schema_version`.
  */
 export const drop_auth_schema = async (db) => {
@@ -228,7 +225,6 @@ export const drop_auth_schema = async (db) => {
  *
  * @param factories - one or more database factories to run suites against
  * @param truncate_tables - tables to truncate between tests (children first for FK safety)
- * @returns a `describe_db` function for use in test files
  * @mutates the underlying database between tests — `beforeEach` issues
  *   `TRUNCATE <truncate_tables> CASCADE` against the shared instance.
  */
@@ -258,8 +254,6 @@ export const create_describe_db = (factories, truncate_tables) => {
 };
 /**
  * Log factory status to console.
- *
- * @param factories - the database factories to report on
  */
 export const log_db_factory_status = (factories) => {
     const enabled = factories.filter((f) => !f.skip).map((f) => f.name);

package/dist/testing/error_coverage.d.ts

@@ -71,10 +71,7 @@ export declare class ErrorCoverageCollector {
      * (e.g., `/api/accounts/abc` → `/api/accounts/:id`). When `code` is provided,
      * it is stored alongside the status for per-code coverage tracking.
      *
-     * @param route_specs - route specs for path resolution
-     * @param method - HTTP method
      * @param path - request path (may be concrete)
-     * @param status - observed HTTP status code
      * @param code - observed body `error` code (pass when the route's error
      *   schema declares specific codes via `z.literal` or `z.enum`)
      * @mutates `this.observed` - adds the resolved `"METHOD /spec-path:STATUS"`
@@ -90,10 +87,6 @@ export declare class ErrorCoverageCollector {
      * for per-code coverage. Pass an explicit `code` to override the
      * auto-extracted value or when the body was already consumed.
      *
-     * @param route_specs - route specs for schema lookup and path resolution
-     * @param method - HTTP method
-     * @param path - request path
-     * @param response - the Response to validate and record
      * @param code - observed body `error` code (override; if omitted and the
      *   response body is a JSON object with a string `error` field, that value
      *   is auto-extracted)
@@ -111,10 +104,6 @@ export declare class ErrorCoverageCollector {
      * `z.enum`), reports per-code rows; otherwise reports one row per status.
      * A status-only observation (no code) satisfies all declared codes for that
      * status — the "any-code" rule.
-     *
-     * @param route_specs - route specs to check coverage against
-     * @param options - exclusion configuration (skip routes or statuses)
-     * @returns uncovered entries with method, path, status, and optional code
      */
     uncovered(route_specs: Array<RouteSpec>, options?: CoverageFilterOptions): Array<UncoveredEntry>;
 }
@@ -142,9 +131,6 @@ export interface ErrorCoverageOptions extends CoverageFilterOptions {
  * When `min_coverage` is 0 (default), logs coverage info without failing.
  * When > 0, fails if coverage is below the threshold.
  *
- * @param collector - the coverage collector with recorded observations
- * @param route_specs - route specs to check coverage against
- * @param options - threshold and exclusion configuration
  * @throws AssertionError if `min_coverage > 0` and the covered/total ratio
  *   falls below the threshold — the failure message lists every uncovered
  *   route + status (+ code).

package/dist/testing/error_coverage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"error_coverage.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/error_coverage.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,MAAM,CAAC,GAAG,IAWhF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,6EAA6E;AAC7E,MAAM,WAAW,qBAAqB;IACrC,kDAAkD;IAClD,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,iCAAiC;IACjC,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAChC;AAqDD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,sBAAsB;IAClC;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAE3C;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CACL,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACX,IAAI;IAUP;;;;;;;;;;;;;;;;;;;;OAoBG;IACG,iBAAiB,CACtB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,IAAI,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;;;;;;;;;;OAYG;IACH,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC,cAAc,CAAC;CAKhG;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,MAAM,CAAC;AAEtD,2CAA2C;AAC3C,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;IAClE,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,qBAAqB,GACjC,WAAW,sBAAsB,EACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,UAAU,oBAAoB,KAC5B,IAqBF,CAAC"}
+{"version":3,"file":"error_coverage.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/error_coverage.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;GAWG;AAEH,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAGtB,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD;;;;;;;;;;GAUG;AACH,eAAO,MAAM,4BAA4B,GAAI,QAAQ,CAAC,CAAC,OAAO,KAAG,KAAK,CAAC,MAAM,CAAC,GAAG,IAWhF,CAAC;AAEF,sFAAsF;AACtF,MAAM,WAAW,cAAc;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,wFAAwF;IACxF,IAAI,CAAC,EAAE,MAAM,CAAC;CACd;AAED,6EAA6E;AAC7E,MAAM,WAAW,qBAAqB;IACrC,kDAAkD;IAClD,aAAa,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,iCAAiC;IACjC,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAChC;AAqDD;;;;;;;;;;;;;;;GAeG;AACH,qBAAa,sBAAsB;IAClC;;;;;OAKG;IACH,QAAQ,CAAC,QAAQ,EAAE,GAAG,CAAC,MAAM,CAAC,CAAa;IAE3C;;;;;;;;;;;;OAYG;IACH,MAAM,CACL,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,MAAM,EACd,IAAI,CAAC,EAAE,MAAM,GACX,IAAI;IAUP;;;;;;;;;;;;;;;;OAgBG;IACG,iBAAiB,CACtB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAC7B,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,QAAQ,EAClB,IAAI,CAAC,EAAE,MAAM,GACX,OAAO,CAAC,IAAI,CAAC;IAgBhB;;;;;;;;OAQG;IACH,SAAS,CAAC,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,CAAC,EAAE,qBAAqB,GAAG,KAAK,CAAC,cAAc,CAAC;CAKhG;AAED;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,MAAM,CAAC;AAEtD,2CAA2C;AAC3C,MAAM,WAAW,oBAAqB,SAAQ,qBAAqB;IAClE,sEAAsE;IACtE,YAAY,CAAC,EAAE,MAAM,CAAC;CACtB;AAaD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,qBAAqB,GACjC,WAAW,sBAAsB,EACjC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,UAAU,oBAAoB,KAC5B,IAqBF,CAAC"}

package/dist/testing/error_coverage.js

@@ -113,10 +113,7 @@ export class ErrorCoverageCollector {
      * (e.g., `/api/accounts/abc` → `/api/accounts/:id`). When `code` is provided,
      * it is stored alongside the status for per-code coverage tracking.
      *
-     * @param route_specs - route specs for path resolution
-     * @param method - HTTP method
      * @param path - request path (may be concrete)
-     * @param status - observed HTTP status code
      * @param code - observed body `error` code (pass when the route's error
      *   schema declares specific codes via `z.literal` or `z.enum`)
      * @mutates `this.observed` - adds the resolved `"METHOD /spec-path:STATUS"`
@@ -140,10 +137,6 @@ export class ErrorCoverageCollector {
      * for per-code coverage. Pass an explicit `code` to override the
      * auto-extracted value or when the body was already consumed.
      *
-     * @param route_specs - route specs for schema lookup and path resolution
-     * @param method - HTTP method
-     * @param path - request path
-     * @param response - the Response to validate and record
      * @param code - observed body `error` code (override; if omitted and the
      *   response body is a JSON object with a string `error` field, that value
      *   is auto-extracted)
@@ -176,10 +169,6 @@ export class ErrorCoverageCollector {
      * `z.enum`), reports per-code rows; otherwise reports one row per status.
      * A status-only observation (no code) satisfies all declared codes for that
      * status — the "any-code" rule.
-     *
-     * @param route_specs - route specs to check coverage against
-     * @param options - exclusion configuration (skip routes or statuses)
-     * @returns uncovered entries with method, path, status, and optional code
      */
     uncovered(route_specs, options) {
         return walk_coverage(this, route_specs, options)
@@ -213,9 +202,6 @@ const format_uncovered = (entry) => `${entry.method} ${entry.path} → ${entry.s
  * When `min_coverage` is 0 (default), logs coverage info without failing.
  * When > 0, fails if coverage is below the threshold.
  *
- * @param collector - the coverage collector with recorded observations
- * @param route_specs - route specs to check coverage against
- * @param options - threshold and exclusion configuration
  * @throws AssertionError if `min_coverage > 0` and the covered/total ratio
  *   falls below the threshold — the failure message lists every uncovered
  *   route + status (+ code).

package/dist/testing/integration.d.ts

@@ -51,7 +51,6 @@ export interface StandardIntegrationTestOptions {
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   suite hard-fails via `require_rpc_endpoint_path` rather than running
  *   tests that would crash mid-suite trying to dispatch

package/dist/testing/integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAsBD;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IAg8CF,CAAC"}
+{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAsBD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IAg8CF,CAAC"}

package/dist/testing/integration.js

@@ -56,7 +56,6 @@ const build_test_app_options = (options, db) => ({
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   suite hard-fails via `require_rpc_endpoint_path` rather than running
  *   tests that would crash mid-suite trying to dispatch

package/dist/testing/integration_helpers.d.ts

@@ -8,10 +8,7 @@ import type { TestApp, TestAccount } from './app_server.js';
  *
  * Supports both exact matches and parameterized paths (`:param` segments).
  *
- * @param specs - route specs to search
- * @param method - HTTP method
  * @param path - request path (exact or with concrete param values)
- * @returns matching route spec, or `undefined`
  */
 export declare const find_route_spec: (specs: Array<RouteSpec>, method: string, path: string) => RouteSpec | undefined;
 /**
@@ -31,14 +28,7 @@ export type RestAuthRouteSuffix = (typeof REST_AUTH_ROUTE_SUFFIXES)[number];
  * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
  * instead of silently returning `undefined`.
  *
- * @param specs - route specs to search
- * @param suffix - REST auth path suffix
- * @param method - HTTP method
- * @returns matching route spec, or `undefined`
- * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES` — surfaces
- *   accidental use of a post-RPC-migration method name (e.g.
- *   `/sessions/revoke-all`) at the call site rather than silently returning
- *   `undefined`.
+ * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES`.
  */
 export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuthRouteSuffix, method: RouteMethod) => RouteSpec | undefined;
 /**
@@ -47,10 +37,6 @@ export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuth
  * For 2xx responses, validates against `spec.output`.
  * For error responses, validates against the merged error schema for that status code.
  *
- * @param route_specs - route specs for schema lookup
- * @param method - HTTP method of the request
- * @param path - path of the request
- * @param response - the Response to validate
  * @throws Error if no route spec matches `method` + `path`, if the response
  *   body fails to parse against the declared output / error schema, or if the
  *   response is non-JSON despite a declared schema for that status.
@@ -58,10 +44,6 @@ export declare const find_auth_route: (specs: Array<RouteSpec>, suffix: RestAuth
 export declare const assert_response_matches_spec: (route_specs: Array<RouteSpec>, method: string, path: string, response: Response) => Promise<void>;
 /**
  * Create an expired test cookie — validly signed but with an expiry timestamp in 1970.
- *
- * @param keyring - keyring for signing
- * @param session_options - session config
- * @returns signed cookie value with long-past expiry
  */
 export declare const create_expired_test_cookie: (keyring: Keyring, session_options: SessionOptions<string>) => Promise<string>;
 /**
@@ -69,10 +51,7 @@ export declare const create_expired_test_cookie: (keyring: Keyring, session_opti
  *
  * Error schemas use `z.looseObject` (intentional — multiple producers), but
  * test responses should be checked for fields that could leak information.
- * Flags any field not in the known-safe set so callers can decide whether to
- * fail or log.
  *
- * @param body - parsed error response JSON
  * @returns array of unexpected field names (empty = clean)
  */
 export declare const check_error_response_fields: (body: Record<string, unknown>) => Array<string>;
@@ -82,16 +61,12 @@ export declare const check_error_response_fields: (body: Record<string, unknown>
  * Checks both field names and string values for patterns indicating
  * stack traces, SQL, or internal paths.
  *
- * @param body - parsed error response JSON
  * @param context - description for error messages
  */
 export declare const assert_no_error_info_leakage: (body: Record<string, unknown>, context: string) => void;
 /**
  * Assert that a 429 response includes a valid `Retry-After` header
  * matching the JSON body's `retry_after` field.
- *
- * @param response - the 429 response
- * @param body - parsed JSON body with `retry_after` field
  */
 export declare const assert_rate_limit_retry_after_header: (response: Response, body: {
     retry_after: number;
@@ -104,16 +79,11 @@ export declare const ADMIN_ONLY_FIELD_BLOCKLIST: ReadonlyArray<string>;
  * Recursively collect all key names from a parsed JSON value.
  *
  * Walks objects and arrays to find every property name at any nesting depth.
- *
- * @param value - parsed JSON value
- * @returns set of all key names found
  */
 export declare const collect_json_keys_recursive: (value: unknown) => Set<string>;
 /**
  * Assert that a parsed JSON body contains no fields from the given blocklist.
  *
- * @param body - parsed response JSON
- * @param blocklist - field names to check for
  * @param context - description for error messages
  */
 export declare const assert_no_sensitive_fields_in_json: (body: unknown, blocklist: ReadonlyArray<string>, context: string) => void;
@@ -126,11 +96,6 @@ export declare const assert_no_sensitive_fields_in_json: (body: unknown, blockli
  * - `role: admin` — the admin account's session cookie
  * - `role: <other>` — the test app's bootstrapped keeper session
  * - `keeper` — the test app's daemon token
- *
- * @param spec - route spec to inspect
- * @param test_app - the assembled test app (for bootstrapped credentials)
- * @param authed_account - an account with no roles (for `authenticated` auth)
- * @param admin_account - an account with `admin` role (for role-gated routes)
  */
 export declare const pick_auth_headers: (spec: RouteSpec, test_app: TestApp, authed_account: TestAccount, admin_account: TestAccount) => Record<string, string>;
 //# sourceMappingURL=integration_helpers.d.ts.map

package/dist/testing/integration_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;;;;GASG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAuCF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}
+{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAElE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAgCF;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,4BAA4B,GACxC,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,SAAS,MAAM,KACb,IAkBF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAcvB,CAAC"}

package/dist/testing/integration_helpers.js

@@ -13,10 +13,7 @@ import { ROLE_ADMIN } from '../auth/role_schema.js';
  *
  * Supports both exact matches and parameterized paths (`:param` segments).
  *
- * @param specs - route specs to search
- * @param method - HTTP method
  * @param path - request path (exact or with concrete param values)
- * @returns matching route spec, or `undefined`
  */
 export const find_route_spec = (specs, method, path) => {
     // exact match first
@@ -57,14 +54,7 @@ export const REST_AUTH_ROUTE_SUFFIXES = [
  * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
  * instead of silently returning `undefined`.
  *
- * @param specs - route specs to search
- * @param suffix - REST auth path suffix
- * @param method - HTTP method
- * @returns matching route spec, or `undefined`
- * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES` — surfaces
- *   accidental use of a post-RPC-migration method name (e.g.
- *   `/sessions/revoke-all`) at the call site rather than silently returning
- *   `undefined`.
+ * @throws Error if `suffix` is not in `REST_AUTH_ROUTE_SUFFIXES`.
  */
 export const find_auth_route = (specs, suffix, method) => {
     if (!REST_AUTH_ROUTE_SUFFIXES.includes(suffix)) {
@@ -78,10 +68,6 @@ export const find_auth_route = (specs, suffix, method) => {
  * For 2xx responses, validates against `spec.output`.
  * For error responses, validates against the merged error schema for that status code.
  *
- * @param route_specs - route specs for schema lookup
- * @param method - HTTP method of the request
- * @param path - path of the request
- * @param response - the Response to validate
  * @throws Error if no route spec matches `method` + `path`, if the response
  *   body fails to parse against the declared output / error schema, or if the
  *   response is non-JSON despite a declared schema for that status.
@@ -132,22 +118,11 @@ export const assert_response_matches_spec = async (route_specs, method, path, re
 };
 /**
  * Create an expired test cookie — validly signed but with an expiry timestamp in 1970.
- *
- * @param keyring - keyring for signing
- * @param session_options - session config
- * @returns signed cookie value with long-past expiry
  */
 export const create_expired_test_cookie = async (keyring, session_options) => {
     // now_seconds=1 puts the expiry at 1 + max_age seconds past epoch — still in 1970
     return create_session_cookie_value(keyring, 'expired_test_token', session_options, 1);
 };
-/**
- * Assert that a 429 response includes a valid `Retry-After` header
- * matching the JSON body's `retry_after` field.
- *
- * @param response - the 429 response
- * @param body - parsed JSON body with `retry_after` field
- */
 /**
  * Known safe fields that may appear in any error response.
  *
@@ -181,10 +156,7 @@ const LEAKY_FIELD_PATTERNS = [
  *
  * Error schemas use `z.looseObject` (intentional — multiple producers), but
  * test responses should be checked for fields that could leak information.
- * Flags any field not in the known-safe set so callers can decide whether to
- * fail or log.
  *
- * @param body - parsed error response JSON
  * @returns array of unexpected field names (empty = clean)
  */
 export const check_error_response_fields = (body) => {
@@ -202,7 +174,6 @@ export const check_error_response_fields = (body) => {
  * Checks both field names and string values for patterns indicating
  * stack traces, SQL, or internal paths.
  *
- * @param body - parsed error response JSON
  * @param context - description for error messages
  */
 export const assert_no_error_info_leakage = (body, context) => {
@@ -221,9 +192,6 @@ export const assert_no_error_info_leakage = (body, context) => {
 /**
  * Assert that a 429 response includes a valid `Retry-After` header
  * matching the JSON body's `retry_after` field.
- *
- * @param response - the 429 response
- * @param body - parsed JSON body with `retry_after` field
  */
 export const assert_rate_limit_retry_after_header = (response, body) => {
     const header = response.headers.get('Retry-After');
@@ -241,9 +209,6 @@ export const ADMIN_ONLY_FIELD_BLOCKLIST = ['updated_by', 'created_by'];
  * Recursively collect all key names from a parsed JSON value.
  *
  * Walks objects and arrays to find every property name at any nesting depth.
- *
- * @param value - parsed JSON value
- * @returns set of all key names found
  */
 export const collect_json_keys_recursive = (value) => {
     const keys = new Set();
@@ -266,8 +231,6 @@ export const collect_json_keys_recursive = (value) => {
 /**
  * Assert that a parsed JSON body contains no fields from the given blocklist.
  *
- * @param body - parsed response JSON
- * @param blocklist - field names to check for
  * @param context - description for error messages
  */
 export const assert_no_sensitive_fields_in_json = (body, blocklist, context) => {
@@ -285,11 +248,6 @@ export const assert_no_sensitive_fields_in_json = (body, blocklist, context) =>
  * - `role: admin` — the admin account's session cookie
  * - `role: <other>` — the test app's bootstrapped keeper session
  * - `keeper` — the test app's daemon token
- *
- * @param spec - route spec to inspect
- * @param test_app - the assembled test app (for bootstrapped credentials)
- * @param authed_account - an account with no roles (for `authenticated` auth)
- * @param admin_account - an account with `admin` role (for role-gated routes)
  */
 export const pick_auth_headers = (spec, test_app, authed_account, admin_account) => {
     switch (spec.auth.type) {

package/dist/testing/middleware.d.ts

@@ -63,7 +63,6 @@ export interface BearerAuthMocks {
  * `query_account_by_id`, `query_actor_by_account`, and `query_permit_find_active_for_actor`
  * so each test case controls return values independently.
  *
- * @param tc - the test config providing mock return values
  * @returns mocks bundle with spy references
  * @mutates module-level `vi.mock` registrations for `api_token_queries`,
  *   `account_queries`, and `permit_queries` — each call resets and re-binds
@@ -77,10 +76,6 @@ export declare const TEST_CLIENT_IP = "127.0.0.1";
  *
  * The route handler at `/api/test` returns the resolved context in the response body,
  * enabling assertions on `REQUEST_CONTEXT_KEY` and `CREDENTIAL_TYPE_KEY`.
- *
- * @param tc - the test config providing mock behavior
- * @param ip_rate_limiter - optional rate limiter (null to disable)
- * @returns the app and mocks bundle
  */
 export declare const create_bearer_auth_test_app: (tc: BearerAuthTestOptions, ip_rate_limiter?: RateLimiter | null) => {
     app: Hono;
@@ -90,10 +85,6 @@ export declare const create_bearer_auth_test_app: (tc: BearerAuthTestOptions, ip
  * Run a table of bearer auth middleware test cases.
  *
  * Generates one `test()` per case inside a `describe()` block.
- *
- * @param suite_name - the describe block name
- * @param cases - the test case table
- * @param ip_rate_limiter - optional rate limiter shared across cases
  */
 export declare const describe_bearer_auth_cases: (suite_name: string, cases: Array<BearerAuthTestCase>, ip_rate_limiter?: RateLimiter | null) => void;
 /** Path used by the echo route in `create_test_middleware_stack_app`. */
@@ -123,7 +114,6 @@ export interface TestMiddlewareStackApp {
  * All DB queries return undefined (no real database needed).
  * The echo route at `TEST_MIDDLEWARE_PATH` returns `{ok, client_ip, has_context}`.
  *
- * @param options - middleware stack configuration
  * @returns the app and mock spies (reconfigure via `mockImplementation` for valid-token paths)
  * @mutates module-level `vi.mock` registrations for the four bearer-auth query
  *   modules — each call resets the spies before wiring the stack.

package/dist/testing/middleware.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;GAQG;AAEH,OAAO,EAAC,EAAE,EAAyB,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAC1B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAU3B,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAqBpF,gEAAgE;AAChE,MAAM,WAAW,qBAAqB;IACrC,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oEAAoE;IACpE,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,4CAA4C;IAC5C,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+CAA+C;IAC/C,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,2DAA2D;IAC3D,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gFAAgF;IAChF,eAAe,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;CAClC;AAED,gEAAgE;AAChE,MAAM,WAAW,kBAAmB,SAAQ,qBAAqB;IAChE,+EAA+E;IAC/E,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;IAC9C,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,mGAAmG;IACnG,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,0FAA0F;IAC1F,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;CAChD;AAID,2DAA2D;AAC3D,MAAM,WAAW,eAAe;IAC/B,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACxC,eAAe,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1C,oBAAoB,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC/C,0BAA0B,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;CACrD;AAKD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,wBAAwB,GAAI,IAAI,qBAAqB,KAAG,eAoBpE,CAAC;AAEF,4DAA4D;AAC5D,eAAO,MAAM,cAAc,cAAc,CAAC;AAE1C;;;;;;;;;GASG;AACH,eAAO,MAAM,2BAA2B,GACvC,IAAI,qBAAqB,EACzB,kBAAiB,WAAW,GAAG,IAAW,KACxC;IAAC,GAAG,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CA6CpC,CAAC;AAIF;;;;;;;;GAQG;AACH,eAAO,MAAM,0BAA0B,GACtC,YAAY,MAAM,EAClB,OAAO,KAAK,CAAC,kBAAkB,CAAC,EAChC,kBAAiB,WAAW,GAAG,IAAW,KACxC,IAkEF,CAAC;AAIF,yEAAyE;AACzE,eAAO,MAAM,oBAAoB,cAAc,CAAC;AAEhD,sDAAsD;AACtD,MAAM,WAAW,0BAA0B;IAC1C,iDAAiD;IACjD,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChC,oFAAoF;IACpF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,aAAa,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC;IACpD,oDAAoD;IACpD,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;CACrC;AAED,yDAAyD;AACzD,MAAM,WAAW,sBAAsB;IACtC,GAAG,EAAE,IAAI,CAAC;IACV,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACxC,eAAe,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1C,oBAAoB,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC/C,0BAA0B,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;CACrD;AAED;;;;;;;;;;GAUG;AACH,eAAO,MAAM,gCAAgC,GAC5C,UAAU,0BAA0B,KAClC,sBAiDF,CAAC"}
+{"version":3,"file":"middleware.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;GAQG;AAEH,OAAO,EAAC,EAAE,EAAyB,MAAM,QAAQ,CAAC;AAClD,OAAO,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAC1B,OAAO,KAAK,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAU3B,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAsB,KAAK,cAAc,EAAC,MAAM,4BAA4B,CAAC;AAqBpF,gEAAgE;AAChE,MAAM,WAAW,qBAAqB;IACrC,wBAAwB;IACxB,IAAI,EAAE,MAAM,CAAC;IACb,uBAAuB;IACvB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,oEAAoE;IACpE,WAAW,CAAC,EAAE,cAAc,CAAC;IAC7B,iDAAiD;IACjD,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,4CAA4C;IAC5C,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC,+CAA+C;IAC/C,2BAA2B,CAAC,EAAE,OAAO,CAAC;IACtC,2DAA2D;IAC3D,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAC9B,gFAAgF;IAChF,eAAe,EAAE,MAAM,GAAG,MAAM,CAAC;IACjC,oDAAoD;IACpD,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,+GAA+G;IAC/G,qBAAqB,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC;CAClC;AAED,gEAAgE;AAChE,MAAM,WAAW,kBAAmB,SAAQ,qBAAqB;IAChE,+EAA+E;IAC/E,oBAAoB,EAAE,QAAQ,GAAG,YAAY,CAAC;IAC9C,oGAAoG;IACpG,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B,mGAAmG;IACnG,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,0FAA0F;IAC1F,wBAAwB,CAAC,EAAE,OAAO,CAAC;IACnC,uEAAuE;IACvE,YAAY,CAAC,EAAE,CAAC,KAAK,EAAE,eAAe,KAAK,IAAI,CAAC;CAChD;AAID,2DAA2D;AAC3D,MAAM,WAAW,eAAe;IAC/B,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACxC,eAAe,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1C,oBAAoB,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC/C,0BAA0B,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;CACrD;AAKD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,wBAAwB,GAAI,IAAI,qBAAqB,KAAG,eAoBpE,CAAC;AAEF,4DAA4D;AAC5D,eAAO,MAAM,cAAc,cAAc,CAAC;AAE1C;;;;;GAKG;AACH,eAAO,MAAM,2BAA2B,GACvC,IAAI,qBAAqB,EACzB,kBAAiB,WAAW,GAAG,IAAW,KACxC;IAAC,GAAG,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CA6CpC,CAAC;AAIF;;;;GAIG;AACH,eAAO,MAAM,0BAA0B,GACtC,YAAY,MAAM,EAClB,OAAO,KAAK,CAAC,kBAAkB,CAAC,EAChC,kBAAiB,WAAW,GAAG,IAAW,KACxC,IAkEF,CAAC;AAIF,yEAAyE;AACzE,eAAO,MAAM,oBAAoB,cAAc,CAAC;AAEhD,sDAAsD;AACtD,MAAM,WAAW,0BAA0B;IAC1C,iDAAiD;IACjD,eAAe,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAChC,oFAAoF;IACpF,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,6DAA6D;IAC7D,aAAa,CAAC,EAAE,MAAM,GAAG,CAAC,MAAM,MAAM,GAAG,SAAS,CAAC,CAAC;IACpD,oDAAoD;IACpD,eAAe,CAAC,EAAE,WAAW,GAAG,IAAI,CAAC;CACrC;AAED,yDAAyD;AACzD,MAAM,WAAW,sBAAsB;IACtC,GAAG,EAAE,IAAI,CAAC;IACV,aAAa,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IACxC,eAAe,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC1C,oBAAoB,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;IAC/C,0BAA0B,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC;CACrD;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,gCAAgC,GAC5C,UAAU,0BAA0B,KAClC,sBAiDF,CAAC"}

package/dist/testing/middleware.js

@@ -41,7 +41,6 @@ const STUB_DEPS = { db: {} };
  * `query_account_by_id`, `query_actor_by_account`, and `query_permit_find_active_for_actor`
  * so each test case controls return values independently.
  *
- * @param tc - the test config providing mock return values
  * @returns mocks bundle with spy references
  * @mutates module-level `vi.mock` registrations for `api_token_queries`,
  *   `account_queries`, and `permit_queries` — each call resets and re-binds
@@ -73,10 +72,6 @@ export const TEST_CLIENT_IP = '127.0.0.1';
  *
  * The route handler at `/api/test` returns the resolved context in the response body,
  * enabling assertions on `REQUEST_CONTEXT_KEY` and `CREDENTIAL_TYPE_KEY`.
- *
- * @param tc - the test config providing mock behavior
- * @param ip_rate_limiter - optional rate limiter (null to disable)
- * @returns the app and mocks bundle
  */
 export const create_bearer_auth_test_app = (tc, ip_rate_limiter = null) => {
     const mocks = create_bearer_auth_mocks(tc);
@@ -118,10 +113,6 @@ export const create_bearer_auth_test_app = (tc, ip_rate_limiter = null) => {
  * Run a table of bearer auth middleware test cases.
  *
  * Generates one `test()` per case inside a `describe()` block.
- *
- * @param suite_name - the describe block name
- * @param cases - the test case table
- * @param ip_rate_limiter - optional rate limiter shared across cases
  */
 export const describe_bearer_auth_cases = (suite_name, cases, ip_rate_limiter = null) => {
     describe(suite_name, () => {
@@ -177,7 +168,6 @@ export const TEST_MIDDLEWARE_PATH = '/api/test';
  * All DB queries return undefined (no real database needed).
  * The echo route at `TEST_MIDDLEWARE_PATH` returns `{ok, client_ip, has_context}`.
  *
- * @param options - middleware stack configuration
  * @returns the app and mock spies (reconfigure via `mockImplementation` for valid-token paths)
  * @mutates module-level `vi.mock` registrations for the four bearer-auth query
  *   modules — each call resets the spies before wiring the stack.

package/dist/testing/mock_fs.d.ts

@@ -14,8 +14,6 @@ export interface MockFs {
  *
  * `read_file` throws an `ENOENT`-tagged error for missing paths so callers
  * can exercise the same "file doesn't exist" code path as `node:fs`.
- *
- * @param initial_files - starting contents keyed by absolute path
  */
 export declare const create_mock_fs: (initial_files?: Record<string, string>) => MockFs;
 //# sourceMappingURL=mock_fs.d.ts.map

package/dist/testing/mock_fs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mock_fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/mock_fs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,MAAM;IACtB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/D,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;CAC/C;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,cAAc,GAAI,gBAAe,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAAG,MAuB3E,CAAC"}
+{"version":3,"file":"mock_fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/mock_fs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,MAAM;IACtB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/D,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;CAC/C;AAED;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,gBAAe,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAAG,MAuB3E,CAAC"}

package/dist/testing/mock_fs.js

@@ -9,8 +9,6 @@
  *
  * `read_file` throws an `ENOENT`-tagged error for missing paths so callers
  * can exercise the same "file doesn't exist" code path as `node:fs`.
- *
- * @param initial_files - starting contents keyed by absolute path
  */
 export const create_mock_fs = (initial_files = {}) => {
     const files = { ...initial_files };

package/dist/testing/rate_limiting.d.ts

@@ -53,7 +53,6 @@ export interface RateLimitingTestOptions {
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   bearer-auth rate-limit test probes via the `account_verify` RPC action,
  *   so the suite hard-fails via `require_rpc_endpoint_path`.

package/dist/testing/rate_limiting.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAAkB,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAK1B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA8P/E,CAAC"}
+{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAAkB,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAK1B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA8P/E,CAAC"}

package/dist/testing/rate_limiting.js

@@ -35,7 +35,6 @@ import { account_verify_action_spec } from '../auth/account_action_specs.js';
  * Each test group asserts that required routes exist, failing with a descriptive
  * message if the consumer's route specs are misconfigured.
  *
- * @param options - session config and route factory
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   bearer-auth rate-limit test probes via the `account_verify` RPC action,
  *   so the suite hard-fails via `require_rpc_endpoint_path`.

package/dist/testing/round_trip.d.ts

@@ -30,8 +30,6 @@ export interface RoundTripTestOptions {
  * SSE routes are skipped (Content-Type `text/event-stream`).
  * Routes returning non-2xx with valid input are still validated against
  * their declared error schemas.
- *
- * @param options - round-trip test configuration
  */
 export declare const describe_round_trip_validation: (options: RoundTripTestOptions) => void;
 //# sourceMappingURL=round_trip.d.ts.map

package/dist/testing/round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAc7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAQ9D,oDAAoD;AACpD,MAAM,WAAW,oBAAoB;IACpC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,+EAA+E;IAC/E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,8BAA8B,GAAI,SAAS,oBAAoB,KAAG,IA6F9E,CAAC"}
+{"version":3,"file":"round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAc7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAQ9D,oDAAoD;AACpD,MAAM,WAAW,oBAAoB;IACpC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,+EAA+E;IAC/E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,8BAA8B,GAAI,SAAS,oBAAoB,KAAG,IA6F9E,CAAC"}

package/dist/testing/round_trip.js

@@ -29,8 +29,6 @@ import { create_stub_app_server_context } from './stubs.js';
  * SSE routes are skipped (Content-Type `text/event-stream`).
  * Routes returning non-2xx with valid input are still validated against
  * their declared error schemas.
- *
- * @param options - round-trip test configuration
  */
 export const describe_round_trip_validation = (options) => {
     const skip_set = new Set(options.skip_routes);

package/dist/testing/rpc_attack_surface.d.ts

@@ -16,8 +16,6 @@ export interface RpcAttackSurfaceOptions {
  * 3. Adversarial params — schema-invalid params per method
  *
  * Skips silently when `surface.rpc_endpoints` is empty.
- *
- * @param options - the test configuration
  */
 export declare const describe_rpc_attack_surface_tests: (options: RpcAttackSurfaceOptions) => void;
 //# sourceMappingURL=rpc_attack_surface.d.ts.map

package/dist/testing/rpc_attack_surface.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc_attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAA6C,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAoBnG,uDAAuD;AACvD,MAAM,WAAW,uBAAuB;IACvC,+FAA+F;IAC/F,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAodD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,uBAAuB,KAAG,IAOpF,CAAC"}
+{"version":3,"file":"rpc_attack_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_attack_surface.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAA6C,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAoBnG,uDAAuD;AACvD,MAAM,WAAW,uBAAuB;IACvC,+FAA+F;IAC/F,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,yDAAyD;IACzD,KAAK,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACrB;AAodD;;;;;;;;;GASG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,uBAAuB,KAAG,IAOpF,CAAC"}

package/dist/testing/rpc_attack_surface.js

@@ -383,8 +383,6 @@ const format_auth = (auth) => {
  * 3. Adversarial params — schema-invalid params per method
  *
  * Skips silently when `surface.rpc_endpoints` is empty.
- *
- * @param options - the test configuration
  */
 export const describe_rpc_attack_surface_tests = (options) => {
     const { surface } = options.build();

package/dist/testing/rpc_helpers.d.ts

@@ -42,7 +42,6 @@ export declare const resolve_rpc_endpoints_for_setup: (rpc_endpoints: RpcEndpoin
 /**
  * Create a `RequestInit` for a JSON-RPC POST request.
  *
- * @param method - JSON-RPC method name
  * @param params - params (omit for parameterless methods; `null` is also
  *                stripped for ergonomic call sites — JSON-RPC 2.0 §4.2
  *                forbids `"params": null` on the wire, and `create_rpc_endpoint`
@@ -51,17 +50,14 @@ export declare const resolve_rpc_endpoints_for_setup: (rpc_endpoints: RpcEndpoin
  *                envelope (e.g. asserting envelope-level rejection) should
  *                build the body inline rather than route through this helper.
  * @param id - request id (default `'test'`)
- * @returns a `RequestInit` with the JSON-RPC envelope as body
  */
 export declare const create_rpc_post_init: (method: string, params?: unknown, id?: string | number) => RequestInit;
 /**
  * Build a GET URL with JSON-RPC query parameters.
  *
  * @param endpoint_path - the RPC endpoint path (e.g., `/api/rpc`)
- * @param method - JSON-RPC method name
  * @param params - params (omit for parameterless methods)
  * @param id - request id (default `'test'`)
- * @returns the full URL with query string
  */
 export declare const create_rpc_get_url: (endpoint_path: string, method: string, params?: unknown, id?: string | number) => string;
 /**
@@ -70,7 +66,6 @@ export declare const create_rpc_get_url: (endpoint_path: string, method: string,
  * Validates the structure matches `JsonrpcErrorResponse` and optionally
  * checks the error code.
  *
- * @param body - parsed response body
  * @param expected_code - optional error code to assert
  */
 export declare const assert_jsonrpc_error_response: (body: unknown, expected_code?: JsonrpcErrorCode) => void;
@@ -81,7 +76,6 @@ export declare const assert_jsonrpc_error_response: (body: unknown, expected_cod
  * is provided, also validates the `result` field against the declared
  * output schema — matching the REST round-trip's `assert_response_matches_spec`.
  *
- * @param body - parsed response body
  * @param output_schema - optional Zod schema to validate the `result` field against
  */
 export declare const assert_jsonrpc_success_response: (body: unknown, output_schema?: z.ZodType) => void;