@fuzdev/fuz_app 0.59.0 → 0.60.0

package/dist/testing/schema_generators.js

@@ -158,8 +158,29 @@ export const generate_valid_value = (field, field_schema) => {
             return 1;
         case 'boolean':
             return true;
-        case 'array':
-            return [];
+        case 'array': {
+            let min_items = 0;
+            try {
+                const json = z.toJSONSchema(field_schema);
+                if (typeof json.minItems === 'number')
+                    min_items = json.minItems;
+            }
+            catch {
+                // no constraint
+            }
+            if (min_items === 0)
+                return [];
+            const def = zod_unwrap_def(field_schema);
+            const element_schema = def.element;
+            if (!element_schema)
+                return [];
+            const element_field = {
+                ...field,
+                base_type: zod_get_base_type(element_schema),
+            };
+            const item = generate_valid_value(element_field, element_schema);
+            return Array.from({ length: min_items }, () => item);
+        }
         case 'object': {
             // Recursively generate valid nested objects
             const nested_schema = zod_unwrap_to_object(field_schema);

package/dist/testing/sse_round_trip.js

@@ -21,7 +21,7 @@ import { create_pglite_factory } from './db.js';
 import { find_route_spec, pick_auth_headers } from './integration_helpers.js';
 import { rpc_call, require_rpc_endpoint_path, resolve_rpc_endpoints_for_setup, } from './rpc_helpers.js';
 import { run_migrations } from '../db/migrate.js';
-import { AUTH_MIGRATION_NS } from '../auth/migrations.js';
+import { auth_migration_ns } from '../auth/migrations.js';
 import { account_session_revoke_all_action_spec } from '../auth/account_action_specs.js';
 /**
  * Read one complete SSE frame (up to `\n\n`) from a stream reader.
@@ -138,7 +138,7 @@ export const describe_sse_route_tests = (options) => {
     const rpc_endpoints_for_setup = resolve_rpc_endpoints_for_setup(options.rpc_endpoints, options.session_options);
     const rpc_path = require_rpc_endpoint_path(rpc_endpoints_for_setup);
     const init_schema = async (db) => {
-        await run_migrations(db, [AUTH_MIGRATION_NS]);
+        await run_migrations(db, [auth_migration_ns]);
     };
     const factories = options.db_factories ?? [create_pglite_factory(init_schema)];
     for (const factory of factories) {

package/dist/testing/surface_invariants.d.ts

@@ -178,13 +178,13 @@ export interface ErrorSchemaTightnessOptions {
  * them here instead of forcing every consumer to hand-maintain the entry.
  *
  * Paths assume the standard `/api/account` + `/api/db` prefixes used by every
- * fuz_app consumer. Merged into `DEFAULT_ERROR_SCHEMA_TIGHTNESS.allowlist` so
+ * fuz_app consumer. Merged into `default_error_schema_tightness.allowlist` so
  * consumers calling `assert_error_schema_tightness` directly inherit the
  * exemptions; the standard attack-surface suite also prepends these entries
  * underneath any consumer-supplied allowlist so project-specific entries are
  * additive.
  */
-export declare const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST: ReadonlyArray<string>;
+export declare const fuz_app_stock_route_tightness_allowlist: ReadonlyArray<string>;
 /**
  * Baseline error schema tightness applied by
  * `describe_standard_attack_surface_tests` when no config is passed.
@@ -192,13 +192,13 @@ export declare const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST: ReadonlyArray<stri
  * Uses `min_specificity: 'enum'` (the assertion default) with `ignore_statuses`
  * for middleware-derived status codes that are commonly generic (auth middleware
  * produces multiple error codes at 401/403, and 429 comes from rate limiters),
- * and `allowlist` seeded with `FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST` so
+ * and `allowlist` seeded with `fuz_app_stock_route_tightness_allowlist` so
  * fuz_app-shipped routes with heterogeneous generic schemas don't force every
  * consumer to hand-maintain an identical allowlist. Consumers can pass a
  * narrower config with project-specific `allowlist` entries, or pass `null`
  * to skip the assertion entirely.
  */
-export declare const DEFAULT_ERROR_SCHEMA_TIGHTNESS: ErrorSchemaTightnessOptions;
+export declare const default_error_schema_tightness: ErrorSchemaTightnessOptions;
 /**
  * Assert that all error schemas meet a minimum specificity threshold.
  *

package/dist/testing/surface_invariants.js

@@ -467,13 +467,13 @@ const SPECIFICITY_ORDER = {
  * them here instead of forcing every consumer to hand-maintain the entry.
  *
  * Paths assume the standard `/api/account` + `/api/db` prefixes used by every
- * fuz_app consumer. Merged into `DEFAULT_ERROR_SCHEMA_TIGHTNESS.allowlist` so
+ * fuz_app consumer. Merged into `default_error_schema_tightness.allowlist` so
  * consumers calling `assert_error_schema_tightness` directly inherit the
  * exemptions; the standard attack-surface suite also prepends these entries
  * underneath any consumer-supplied allowlist so project-specific entries are
  * additive.
  */
-export const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST = [];
+export const fuz_app_stock_route_tightness_allowlist = [];
 /**
  * Baseline error schema tightness applied by
  * `describe_standard_attack_surface_tests` when no config is passed.
@@ -481,15 +481,15 @@ export const FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST = [];
  * Uses `min_specificity: 'enum'` (the assertion default) with `ignore_statuses`
  * for middleware-derived status codes that are commonly generic (auth middleware
  * produces multiple error codes at 401/403, and 429 comes from rate limiters),
- * and `allowlist` seeded with `FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST` so
+ * and `allowlist` seeded with `fuz_app_stock_route_tightness_allowlist` so
  * fuz_app-shipped routes with heterogeneous generic schemas don't force every
  * consumer to hand-maintain an identical allowlist. Consumers can pass a
  * narrower config with project-specific `allowlist` entries, or pass `null`
  * to skip the assertion entirely.
  */
-export const DEFAULT_ERROR_SCHEMA_TIGHTNESS = {
+export const default_error_schema_tightness = {
     ignore_statuses: [401, 403, 429],
-    allowlist: [...FUZ_APP_STOCK_ROUTE_TIGHTNESS_ALLOWLIST],
+    allowlist: [...fuz_app_stock_route_tightness_allowlist],
 };
 /**
  * Assert that all error schemas meet a minimum specificity threshold.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fuzdev/fuz_app",
-  "version": "0.59.0",
+  "version": "0.60.0",
   "description": "fullstack app library",
   "glyph": "🗝",
   "logo": "logo.svg",