@fuzdev/fuz_app 0.64.0 → 0.65.0

package/dist/testing/data_exposure.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAgB7B,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAgB9D;;;;;GAKG;AACH,eAAO,MAAM,kCAAkC,GAAI,QAAQ,OAAO,KAAG,GAAG,CAAC,MAAM,CAuB9E,CAAC;AAIF;;GAEG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,UAAU,EACnB,mBAAkB,aAAa,CAAC,MAAM,CAA6B,KACjE,IAWF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wCAAwC,GACpD,SAAS,UAAU,EACnB,oBAAmB,aAAa,CAAC,MAAM,CAA8B,KACnE,IAcF,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACvC,4DAA4D;IAC5D,KAAK,EAAE,MAAM,cAAc,CAAC;IAC5B,wCAAwC;IACxC,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,4CAA4C;IAC5C,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,2FAA2F;IAC3F,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,iGAAiG;IACjG,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAmC/E,CAAC"}
+{"version":3,"file":"data_exposure.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/data_exposure.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAqB7B,OAAO,KAAK,EAAC,UAAU,EAAC,MAAM,oBAAoB,CAAC;AAYnD,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAc,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,gCAAgC,CAAC;AAIlE;;;;;GAKG;AACH,eAAO,MAAM,kCAAkC,GAAI,QAAQ,OAAO,KAAG,GAAG,CAAC,MAAM,CAuB9E,CAAC;AAIF;;GAEG;AACH,eAAO,MAAM,yCAAyC,GACrD,SAAS,UAAU,EACnB,mBAAkB,aAAa,CAAC,MAAM,CAA6B,KACjE,IAWF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,wCAAwC,GACpD,SAAS,UAAU,EACnB,oBAAmB,aAAa,CAAC,MAAM,CAA8B,KACnE,IAcF,CAAC;AAIF,kDAAkD;AAClD,MAAM,WAAW,uBAAuB;IACvC,kEAAkE;IAClE,UAAU,EAAE,SAAS,CAAC;IACtB;;;;OAIG;IACH,cAAc,EAAE,aAAa,CAAC;IAC9B,uCAAuC;IACvC,YAAY,EAAE,mBAAmB,CAAC;IAClC,2FAA2F;IAC3F,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACzC,iGAAiG;IACjG,iBAAiB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC1C,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CAC5B;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IAiM/E,CAAC"}

package/dist/testing/data_exposure.js

@@ -8,15 +8,16 @@ import './assert_dev_env.js';
  * - Cross-privilege: verifies admin routes return 403 for non-admin users,
  *   and non-admin responses exclude admin-only fields
  *
+ * Cadence: per-describe `setup_test()` call (see `round_trip.ts` module
+ * docstring). The runtime body manages its own request ordering (auth-free
+ * → cross-privilege → 2xx) to avoid session-invalidation contamination
+ * between assertions, so per-test fixture re-creation isn't needed.
+ *
  * @module
  */
-import { describe, test, beforeAll, afterAll, assert } from 'vitest';
+import { describe, test, beforeAll, assert } from 'vitest';
 import { ROLE_ADMIN } from '../auth/role_schema.js';
-import { create_test_app } from './app_server.js';
-import { create_pglite_factory } from './db.js';
 import { resolve_valid_path, generate_valid_body } from './schema_generators.js';
-import { run_migrations } from '../db/migrate.js';
-import { auth_migration_ns } from '../auth/migrations.js';
 import { is_null_schema, is_strict_object_schema } from '../http/schema_helpers.js';
 import { is_keeper_auth, is_public_auth } from '../http/auth_shape.js';
 import { sensitive_field_blocklist, admin_only_field_blocklist, assert_no_sensitive_fields_in_json, pick_auth_headers, } from './integration_helpers.js';
@@ -92,9 +93,15 @@ export const assert_non_admin_schemas_no_admin_fields = (surface, admin_only_fie
  *    contain no sensitive fields
  */
 export const describe_data_exposure_tests = (options) => {
-    const { build, sensitive_fields = sensitive_field_blocklist, admin_only_fields = admin_only_field_blocklist, } = options;
+    if (options.surface_source.kind !== 'inline') {
+        throw new Error("describe_data_exposure_tests requires surface_source.kind === 'inline' — " +
+            'the cross-process snapshot variant lands with the spawned-backend transport');
+    }
+    const { surface, route_specs } = options.surface_source.spec;
+    const { sensitive_fields = sensitive_field_blocklist, admin_only_fields = admin_only_field_blocklist, } = options;
+    const skip_set = new Set(options.skip_routes);
+    void options.capabilities;
     describe('data exposure — schema-level', () => {
-        const { surface } = build();
         test('no sensitive fields in any output schema', () => {
             assert_output_schemas_no_sensitive_fields(surface, sensitive_fields);
         });
@@ -114,151 +121,125 @@ export const describe_data_exposure_tests = (options) => {
             }
         });
     });
-    describe_data_exposure_runtime_tests(options);
-};
-// --- Runtime tests ---
-const describe_data_exposure_runtime_tests = (options) => {
-    const { sensitive_fields = sensitive_field_blocklist, admin_only_fields = admin_only_field_blocklist, } = options;
-    const skip_set = new Set(options.skip_routes);
-    const init_schema = async (db) => {
-        await run_migrations(db, [auth_migration_ns]);
-    };
-    const factories = options.db_factories ?? [create_pglite_factory(init_schema)];
-    for (const factory of factories) {
-        const describe_fn = factory.skip ? describe.skip : describe;
-        describe_fn(`data exposure — runtime (${factory.name})`, () => {
-            let test_app;
-            let authed_account;
-            let admin_account;
-            let db;
-            beforeAll(async () => {
-                db = await factory.create();
-                test_app = await create_test_app({
-                    session_options: options.session_options,
-                    create_route_specs: options.create_route_specs,
-                    db,
-                    app_options: options.app_options,
-                });
-                authed_account = await test_app.create_account({
-                    username: 'exposure_authed',
-                    roles: [],
-                });
-                admin_account = await test_app.create_account({
-                    username: 'exposure_admin',
-                    roles: [ROLE_ADMIN],
-                });
+    describe('data exposure — runtime', () => {
+        let fixture;
+        let authed_account;
+        let admin_account;
+        beforeAll(async () => {
+            fixture = await options.setup_test();
+            authed_account = await fixture.create_account({
+                username: 'exposure_authed',
+                roles: [],
             });
-            afterAll(async () => {
-                await test_app.cleanup();
-                await factory.close(db);
+            admin_account = await fixture.create_account({
+                username: 'exposure_admin',
+                roles: [ROLE_ADMIN],
             });
-            // Tests that don't fire authenticated requests run first — they don't
-            // invalidate sessions and are independent of test order.
-            test('unauthenticated error responses contain no sensitive fields', async () => {
-                const protected_specs = test_app.route_specs.filter((s) => !is_public_auth(s.auth));
-                for (const spec of protected_specs) {
-                    const route_key = `${spec.method} ${spec.path}`;
-                    if (skip_set.has(route_key))
-                        continue;
-                    const url = resolve_valid_path(spec.path, spec.params);
-                    const res = await test_app.app.request(url, {
-                        method: spec.method,
-                        headers: { host: 'localhost', origin: 'http://localhost:5173' },
-                    });
-                    if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
-                        await res.body?.cancel();
-                        continue;
-                    }
-                    let error_body;
-                    try {
-                        error_body = await res.clone().json();
-                    }
-                    catch {
-                        continue;
-                    }
-                    assert_no_sensitive_fields_in_json(error_body, sensitive_fields, `unauthenticated ${route_key} (${res.status})`);
+        });
+        // Tests that don't fire authenticated requests run first — they don't
+        // invalidate sessions and are independent of test order.
+        test('unauthenticated error responses contain no sensitive fields', async () => {
+            const protected_specs = route_specs.filter((s) => !is_public_auth(s.auth));
+            for (const spec of protected_specs) {
+                const route_key = `${spec.method} ${spec.path}`;
+                if (skip_set.has(route_key))
+                    continue;
+                const url = resolve_valid_path(spec.path, spec.params);
+                const res = await fixture.transport(url, {
+                    method: spec.method,
+                    headers: { host: 'localhost', origin: 'http://localhost:5173' },
+                });
+                if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
+                    await res.body?.cancel();
+                    continue;
                 }
-            });
-            // Cross-privilege test runs before 2xx tests — admin routes reject
-            // without calling handlers, so sessions stay intact.
-            test('admin routes return 403 for non-admin user', async () => {
-                const admin_specs = test_app.route_specs.filter((s) => s.auth.roles?.includes('admin') ?? false);
-                for (const spec of admin_specs) {
-                    const route_key = `${spec.method} ${spec.path}`;
-                    if (skip_set.has(route_key))
-                        continue;
-                    const url = resolve_valid_path(spec.path, spec.params);
-                    const headers = authed_account.create_session_headers();
-                    const res = await test_app.app.request(url, {
-                        method: spec.method,
-                        headers,
-                    });
-                    assert.strictEqual(res.status, 403, `${route_key} should return 403 for non-admin user`);
-                    let error_body;
-                    try {
-                        error_body = await res.clone().json();
-                    }
-                    catch {
-                        continue;
-                    }
-                    assert_no_sensitive_fields_in_json(error_body, sensitive_fields, `${route_key} 403`);
+                let error_body;
+                try {
+                    error_body = await res.clone().json();
                 }
-            });
-            // 2xx tests run last — handlers like logout and session-revoke-all
-            // invalidate sessions as a side effect. Sort GET before POST so
-            // data-returning routes are checked before destructive routes fire.
-            test('all 2xx responses pass field blocklists', async () => {
-                // sort GET before mutations to check data-returning routes
-                // before destructive routes (logout, revoke-all) invalidate sessions
-                const sorted_specs = [...test_app.route_specs].sort((a, b) => {
-                    if (a.method === 'GET' && b.method !== 'GET')
-                        return -1;
-                    if (a.method !== 'GET' && b.method === 'GET')
-                        return 1;
-                    return 0;
+                catch {
+                    continue;
+                }
+                assert_no_sensitive_fields_in_json(error_body, sensitive_fields, `unauthenticated ${route_key} (${res.status})`);
+            }
+        });
+        // Cross-privilege test runs before 2xx tests — admin routes reject
+        // without calling handlers, so sessions stay intact.
+        test('admin routes return 403 for non-admin user', async () => {
+            const admin_specs = route_specs.filter((s) => s.auth.roles?.includes('admin') ?? false);
+            for (const spec of admin_specs) {
+                const route_key = `${spec.method} ${spec.path}`;
+                if (skip_set.has(route_key))
+                    continue;
+                const url = resolve_valid_path(spec.path, spec.params);
+                const headers = authed_account.create_session_headers();
+                const res = await fixture.transport(url, {
+                    method: spec.method,
+                    headers,
                 });
-                for (const spec of sorted_specs) {
-                    const route_key = `${spec.method} ${spec.path}`;
-                    if (skip_set.has(route_key))
-                        continue;
-                    // keeper auth (daemon token) is strictly more privileged than admin
-                    const is_elevated = is_keeper_auth(spec.auth) || (spec.auth.roles?.includes('admin') ?? false);
-                    const url = resolve_valid_path(spec.path, spec.params);
-                    const body = generate_valid_body(spec.input);
-                    const headers = pick_auth_headers(spec, test_app, authed_account, admin_account);
-                    const request_init = {
-                        method: spec.method,
-                        headers: {
-                            ...headers,
-                            ...(body ? { 'content-type': 'application/json' } : {}),
-                        },
-                        ...(body ? { body: JSON.stringify(body) } : {}),
-                    };
-                    const res = await test_app.app.request(url, request_init);
-                    if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
-                        await res.body?.cancel();
-                        continue;
-                    }
-                    if (!res.ok)
-                        continue;
-                    let response_body;
-                    try {
-                        response_body = await res.clone().json();
-                    }
-                    catch {
-                        continue;
-                    }
-                    assert_no_sensitive_fields_in_json(response_body, sensitive_fields, `${route_key} (${res.status})`);
-                    // Admin-only field check applies to non-elevated routes with strict
-                    // output schemas. Loose schemas (e.g. surface route returning JSON
-                    // Schema representations) may contain admin field names as metadata.
-                    if (!is_elevated &&
-                        !is_null_schema(spec.output) &&
-                        is_strict_object_schema(spec.output)) {
-                        assert_no_sensitive_fields_in_json(response_body, admin_only_fields, `non-admin ${route_key} (${res.status})`);
-                    }
+                assert.strictEqual(res.status, 403, `${route_key} should return 403 for non-admin user`);
+                let error_body;
+                try {
+                    error_body = await res.clone().json();
+                }
+                catch {
+                    continue;
                 }
+                assert_no_sensitive_fields_in_json(error_body, sensitive_fields, `${route_key} 403`);
+            }
+        });
+        // 2xx tests run last — handlers like logout and session-revoke-all
+        // invalidate sessions as a side effect. Sort GET before POST so
+        // data-returning routes are checked before destructive routes fire.
+        test('all 2xx responses pass field blocklists', async () => {
+            // sort GET before mutations to check data-returning routes
+            // before destructive routes (logout, revoke-all) invalidate sessions
+            const sorted_specs = [...route_specs].sort((a, b) => {
+                if (a.method === 'GET' && b.method !== 'GET')
+                    return -1;
+                if (a.method !== 'GET' && b.method === 'GET')
+                    return 1;
+                return 0;
             });
+            for (const spec of sorted_specs) {
+                const route_key = `${spec.method} ${spec.path}`;
+                if (skip_set.has(route_key))
+                    continue;
+                // keeper auth (daemon token) is strictly more privileged than admin
+                const is_elevated = is_keeper_auth(spec.auth) || (spec.auth.roles?.includes('admin') ?? false);
+                const url = resolve_valid_path(spec.path, spec.params);
+                const body = generate_valid_body(spec.input);
+                const headers = pick_auth_headers(spec, fixture, authed_account, admin_account);
+                const request_init = {
+                    method: spec.method,
+                    headers: {
+                        ...headers,
+                        ...(body ? { 'content-type': 'application/json' } : {}),
+                    },
+                    ...(body ? { body: JSON.stringify(body) } : {}),
+                };
+                const res = await fixture.transport(url, request_init);
+                if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
+                    await res.body?.cancel();
+                    continue;
+                }
+                if (!res.ok)
+                    continue;
+                let response_body;
+                try {
+                    response_body = await res.clone().json();
+                }
+                catch {
+                    continue;
+                }
+                assert_no_sensitive_fields_in_json(response_body, sensitive_fields, `${route_key} (${res.status})`);
+                // Admin-only field check applies to non-elevated routes with strict
+                // output schemas. Loose schemas (e.g. surface route returning JSON
+                // Schema representations) may contain admin field names as metadata.
+                if (!is_elevated && !is_null_schema(spec.output) && is_strict_object_schema(spec.output)) {
+                    assert_no_sensitive_fields_in_json(response_body, admin_only_fields, `non-admin ${route_key} (${res.status})`);
+                }
+            }
         });
-    }
+    });
 };

package/dist/testing/db_entities.d.ts

@@ -1,5 +1,5 @@
 import './assert_dev_env.js';
-import type { Account, Actor } from '../auth/account_schema.js';
+import type { Account, Actor, CreateRoleGrantInput, RoleGrant } from '../auth/account_schema.js';
 import type { Db } from '../db/db.js';
 /** The `{account, actor}` row pair returned by `create_test_account_with_actor`. */
 export interface TestAccountWithActor {
@@ -19,4 +19,14 @@ export declare const create_test_account_with_actor: (db: Db, options: {
     username: string;
     password_hash?: string;
 }) => Promise<TestAccountWithActor>;
+/**
+ * Materialize a role_grant directly via `query_create_role_grant`, bypassing
+ * the production offer/accept consent flow. Use only when the test focuses on
+ * revoke or isolation semantics rather than the consent path itself — the
+ * schema permits null `source_offer_id` for exactly this case
+ * (`account_schema.ts`). For tests that exercise the production grant flow,
+ * drive `role_grant_offer_create_action_spec` + `role_grant_offer_accept_action_spec`
+ * over RPC instead.
+ */
+export declare const create_test_role_grant_direct: (db: Db, input: CreateRoleGrantInput) => Promise<RoleGrant>;
 //# sourceMappingURL=db_entities.d.ts.map

package/dist/testing/db_entities.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"db_entities.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db_entities.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAoB7B,OAAO,KAAK,EAAC,OAAO,EAAE,KAAK,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,oFAAoF;AACpF,MAAM,WAAW,oBAAoB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,GAC1C,IAAI,EAAE,EACN,SAAS;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAC,KACjD,OAAO,CAAC,oBAAoB,CAI7B,CAAC"}
+{"version":3,"file":"db_entities.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/db_entities.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,OAAO,EAAE,KAAK,EAAE,oBAAoB,EAAE,SAAS,EAAC,MAAM,2BAA2B,CAAC;AAC/F,OAAO,KAAK,EAAC,EAAE,EAAC,MAAM,aAAa,CAAC;AAEpC,oFAAoF;AACpF,MAAM,WAAW,oBAAoB;IACpC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,EAAE,KAAK,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,8BAA8B,GAC1C,IAAI,EAAE,EACN,SAAS;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,aAAa,CAAC,EAAE,MAAM,CAAA;CAAC,KACjD,OAAO,CAAC,oBAAoB,CAI7B,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,6BAA6B,GACzC,IAAI,EAAE,EACN,OAAO,oBAAoB,KACzB,OAAO,CAAC,SAAS,CAAyC,CAAC"}

package/dist/testing/db_entities.js

@@ -10,12 +10,14 @@ import './assert_dev_env.js';
  * wrapper in every file.
  *
  * For full-fledged test accounts that also need an API token + signed
- * session cookie + role_grants, use `bootstrap_test_account` from
+ * session cookie + role_grants, use `bootstrap_test_keeper` (keeper) or
+ * `create_test_account_with_credentials` (additional accounts) from
  * `app_server.ts` instead.
  *
  * @module
  */
 import { query_create_account_with_actor } from '../auth/account_queries.js';
+import { query_create_role_grant } from '../auth/role_grant_queries.js';
 /**
  * Create an `account` + `actor` row pair in the database for tests.
  *
@@ -26,3 +28,13 @@ import { query_create_account_with_actor } from '../auth/account_queries.js';
  * test suite.
  */
 export const create_test_account_with_actor = async (db, options) => query_create_account_with_actor({ db }, { username: options.username, password_hash: options.password_hash ?? 'hash' });
+/**
+ * Materialize a role_grant directly via `query_create_role_grant`, bypassing
+ * the production offer/accept consent flow. Use only when the test focuses on
+ * revoke or isolation semantics rather than the consent path itself — the
+ * schema permits null `source_offer_id` for exactly this case
+ * (`account_schema.ts`). For tests that exercise the production grant flow,
+ * drive `role_grant_offer_create_action_spec` + `role_grant_offer_accept_action_spec`
+ * over RPC instead.
+ */
+export const create_test_role_grant_direct = async (db, input) => query_create_role_grant({ db }, input);

package/dist/testing/integration.d.ts

@@ -1,25 +1,34 @@
 import './assert_dev_env.js';
 import type { SessionOptions } from '../auth/session_cookie.js';
-import type { AppServerContext } from '../server/app_server.js';
-import type { RouteSpec } from '../http/route_spec.js';
-import { type SuiteAppOptions } from './app_server.js';
-import { type DbFactory } from './db.js';
 import { type RpcEndpointsSuiteOption } from './rpc_helpers.js';
+import type { BackendCapabilities } from './cross_backend/capabilities.js';
+import type { SetupTest } from './cross_backend/setup.js';
+import type { SurfaceSource } from './transports/surface_source.js';
 /**
  * Configuration for `describe_standard_integration_tests`.
  */
 export interface StandardIntegrationTestOptions {
-    /** Session config for cookie-based auth. */
-    session_options: SessionOptions<string>;
-    /** Route spec factory — same one used in production. */
-    create_route_specs: (ctx: AppServerContext) => Array<RouteSpec>;
-    /** Optional overrides for `AppServerOptions`. */
-    app_options?: SuiteAppOptions;
     /**
-     * Database factories to run tests against. Default: pglite only.
-     * Pass consumer factories (e.g. `[pglite_factory, pg_factory]`) to also test against PostgreSQL.
+     * Per-test fixture-producing function. The integration suite calls
+     * this in every `test()` body — auth_integration_truncate_tables
+     * clears `account`, so each test re-bootstraps the keeper.
+     */
+    setup_test: SetupTest;
+    /**
+     * Source of the app surface for route iteration and error-coverage
+     * scoping. Currently requires `kind: 'inline'` — the cross-process
+     * snapshot variant lands alongside the spawned-backend transport plumbing.
+     */
+    surface_source: SurfaceSource;
+    /** Backend capability declarations — companion to `fixture.in_process` narrowing. */
+    capabilities: BackendCapabilities;
+    /**
+     * Session config — needed to resolve factory-form `rpc_endpoints`
+     * against a stub `AppServerContext` at setup time and to read
+     * `cookie_name` for manual cookie composition in the origin-verify
+     * cases.
      */
-    db_factories?: Array<DbFactory>;
+    session_options: SessionOptions<string>;
     /**
      * RPC endpoint specs — required. This suite dispatches
      * `account_verify`, `account_session_*`, and `account_token_*` via
@@ -28,16 +37,21 @@ export interface StandardIntegrationTestOptions {
      * `require_rpc_endpoint_path` on setup so consumer projects see a
      * clear setup error instead of confusing test failures.
      *
-     * Accepts either an array (eager) or a factory
-     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
-     * is required when action handlers must close over the per-test
-     * `ctx.app_settings` / `ctx.deps` (e.g. the canonical
-     * `create_standard_rpc_actions(ctx.deps, {app_settings: ctx.app_settings})`
-     * pattern). The factory must return the same endpoint `path` regardless
-     * of ctx — it is invoked once at setup with a stub ctx for path lookup
-     * and again per-test by `create_app_server` for live dispatch.
+     * Accepts either an array (eager) or a factory — see `rpc_helpers.ts`
+     * for the union semantics. The factory must return the same endpoint
+     * `path` regardless of ctx — invoked once at setup with a stub ctx
+     * for path lookup; the running backend handles live dispatch.
      */
     rpc_endpoints: RpcEndpointsSuiteOption;
+    /**
+     * Minimum error-coverage ratio to enforce on the scoped REST surface
+     * (login / logout / password / signup + the shared RPC endpoint).
+     * Default `DEFAULT_INTEGRATION_ERROR_COVERAGE` (0.2). Set to `0` to
+     * skip the assertion entirely — useful for consumers with minimal
+     * route sets whose declared error codes outpace the suite's
+     * denial-path drivers.
+     */
+    error_coverage_min?: number;
 }
 /**
  * Standard integration test suite for fuz_app auth routes.

package/dist/testing/integration.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAErD,OAAO,EAA6C,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACjG,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAOjB,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAsB1B;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;;OAGG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;;;;;;;;;;;;;;OAgBG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAoBD;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IA87CF,CAAC"}
+{"version":3,"file":"integration.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAsB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAO9D,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAkB1B,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AACxD,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,gCAAgC,CAAC;AAElE;;GAEG;AACH,MAAM,WAAW,8BAA8B;IAC9C;;;;OAIG;IACH,UAAU,EAAE,SAAS,CAAC;IACtB;;;;OAIG;IACH,cAAc,EAAE,aAAa,CAAC;IAC9B,qFAAqF;IACrF,YAAY,EAAE,mBAAmB,CAAC;IAClC;;;;;OAKG;IACH,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,mCAAmC,GAC/C,SAAS,8BAA8B,KACrC,IAy3CF,CAAC"}