@fuzdev/fuz_app 0.64.0 → 0.66.0

package/dist/testing/app_server.d.ts

@@ -19,7 +19,7 @@ import type { Db, DbType } from '../db/db.js';
 import type { PasswordHashDeps } from '../auth/password.js';
 import { type SessionOptions } from '../auth/session_cookie.js';
 import { type AppBackend, type AuditFactory } from '../server/app_backend.js';
-import { type AppServerOptions, type AppServerContext } from '../server/app_server.js';
+import { type AppServerOptions, type AppServerContext, type BootstrapServerOptions, type BootstrapLiveOptions } from '../server/app_server.js';
 import type { AppSurface, AppSurfaceSpec } from '../http/surface.js';
 import type { RouteSpec } from '../http/route_spec.js';
 import type { RpcEndpointsSuiteOption } from './rpc_helpers.js';
@@ -33,9 +33,27 @@ export declare const stub_password_deps: PasswordHashDeps;
 /** 64-hex-char test cookie secret — deterministic, never used in production. */
 export declare const TEST_COOKIE_SECRET: string;
 /**
- * Options for `bootstrap_test_account`.
+ * Default password for bootstrapped test accounts. Shared between the
+ * in-process keeper bootstrap (`bootstrap_test_keeper`,
+ * `create_test_account_with_credentials`, `create_test_app_server`,
+ * `TestApp.create_account`) and the cross-process bootstrap
+ * (`cross_backend/setup.ts`). The two paths MUST agree — when they
+ * diverged during the 3d cross-process lift, ~20 login tests 401'd
+ * silently against the cross-process backend because the per-test
+ * fixture minted accounts under a different default than the
+ * integration suite's hardcoded login bodies expected. Consumers
+ * hardcoding the literal string in test bodies should import this
+ * constant instead so a future divergence becomes a typecheck miss
+ * rather than a runtime password mismatch.
  */
-export interface BootstrapTestAccountOptions {
+export declare const DEFAULT_TEST_PASSWORD = "test-password-123";
+/**
+ * Options for `bootstrap_test_keeper` and `create_test_account_with_credentials`.
+ *
+ * Same shape for both — the data inserted is identical; the only behavioral
+ * difference is the lock flip on the keeper path.
+ */
+export interface CreateTestAccountWithCredentialsOptions {
     db: Db;
     keyring: Keyring;
     session_options: SessionOptions<string>;
@@ -44,17 +62,48 @@ export interface BootstrapTestAccountOptions {
     password_value?: string;
     roles?: Array<string>;
 }
+/** Alias for the keeper-flavored call site. Same shape. */
+export type BootstrapTestKeeperOptions = CreateTestAccountWithCredentialsOptions;
 /**
- * Bootstrap a test account with credentials.
+ * Create a test account with credentials. Use for additional accounts
+ * minted alongside the keeper (e.g. `TestApp.create_account` for
+ * cross-account / multi-user tests). Does NOT flip `bootstrap_lock` —
+ * non-keeper accounts should not appear to the system as bootstrap
+ * having happened.
  *
  * Creates an account with actor, grants roles, creates an API token,
- * creates a session, and signs a session cookie. Shared by
- * `create_test_app_server` and `TestApp.create_account`.
+ * creates a session, and signs a session cookie.
  *
  * @mutates the underlying `options.db` — inserts rows into `account`, `actor`,
  *   `role_grant` (one per role), `api_token`, and `auth_session`.
  */
-export declare const bootstrap_test_account: (options: BootstrapTestAccountOptions) => Promise<{
+export declare const create_test_account_with_credentials: (options: CreateTestAccountWithCredentialsOptions) => Promise<{
+    account: {
+        id: Uuid;
+        username: string;
+    };
+    actor: {
+        id: Uuid;
+    };
+    api_token: string;
+    session_cookie: string;
+}>;
+/**
+ * Bootstrap the test-DB keeper. Direct-query shortcut for the default
+ * `create_test_app` path — bootstrap is not what most tests exercise, so
+ * we skip the real `bootstrap_account` flow (no audit row, no
+ * `on_bootstrap` callback). Tests that need the full success-path flow
+ * use `create_test_app_for_bootstrap` instead.
+ *
+ * Flips `bootstrap_lock.bootstrapped = true` so the post-insert DB state
+ * matches a real bootstrap completion — production code can trust the
+ * lock as the single signal without a belt-and-suspenders
+ * `query_account_has_any` defense.
+ *
+ * @mutates the underlying `options.db` — inserts the account/actor/roles/
+ *   API token/session_cookie rows AND flips `bootstrap_lock.bootstrapped`.
+ */
+export declare const bootstrap_test_keeper: (options: BootstrapTestKeeperOptions) => Promise<{
     account: {
         id: Uuid;
         username: string;
@@ -101,7 +150,7 @@ export interface TestAppServerOptions {
     password?: PasswordHashDeps;
     /** Username for the bootstrapped account. Default: `'keeper'`. */
     username?: string;
-    /** Password for the bootstrapped account. Default: `'test-password-123'`. */
+    /** Password for the bootstrapped account. Default: `DEFAULT_TEST_PASSWORD`. */
     password_value?: string;
     /** Roles to grant. Default: `[ROLE_KEEPER]`. */
     roles?: Array<string>;
@@ -122,26 +171,6 @@ export interface TestAppServerOptions {
      */
     audit_factory?: AuditFactory;
 }
-/**
- * Create an app server with a bootstrapped account for testing.
- *
- * Sets up:
- * - Auth tables (via cached PGlite factory, or reuses existing `db`)
- * - A keeper account with hashed password
- * - Role role_grants for each role in `options.roles`
- * - An API token for Bearer auth
- * - A session with a signed cookie value
- *
- * Uses `stub_password_deps` by default — deterministic hashing that works
- * correctly for login/logout tests without Argon2 overhead.
- *
- * @param options - session options and optional overrides
- * @returns a `TestAppServer` ready for HTTP testing
- * @mutates the underlying database — when `db` is supplied, resets singleton
- *   state (`bootstrap_lock.bootstrapped`, `app_settings.open_signup`) before
- *   bootstrapping; in either branch inserts an account, actor, role role_grants,
- *   API token, and session row.
- */
 export declare const create_test_app_server: (options: TestAppServerOptions) => Promise<TestAppServer>;
 /**
  * Configuration for `create_test_app`.
@@ -159,23 +188,35 @@ export interface CreateTestAppOptions extends TestAppServerOptions {
      */
     rpc_endpoints?: RpcEndpointsSuiteOption;
     /**
-     * Optional overrides for `AppServerOptions`. The four fields
-     * `create_test_app` manages are excluded: `backend`, `session_options`,
-     * `create_route_specs`, and `rpc_endpoints` (see top-level slot above).
+     * Bootstrap config — symmetric with `AppServerOptions.bootstrap`. Same
+     * single-source-of-truth precedent as `rpc_endpoints`: setup-time surface
+     * generation and runtime dispatch both read this slot, so the equivalent
+     * field under `app_options` is `Omit`'d. Discriminated union over
+     * `{mode: 'disabled' | 'surface_only' | 'live'}`. Omit (or pass
+     * `{mode: 'disabled'}`) for the default — no bootstrap route mounted.
+     *
+     * For tests that exercise the bootstrap success path against a real
+     * token + empty DB, use `create_test_app_for_bootstrap` instead — it
+     * skips the keeper pre-creation that blocks the success branch.
+     */
+    bootstrap?: BootstrapServerOptions;
+    /**
+     * Optional overrides for `AppServerOptions`. Excludes fields
+     * `create_test_app` manages directly: `backend`, `session_options`,
+     * `create_route_specs`, `rpc_endpoints`, `bootstrap` (top-level slots
+     * above).
      */
     app_options?: SuiteAppOptions;
 }
 /**
  * `app_options` shape accepted by `create_test_app` and the DB-backed suite
- * helpers (`describe_standard_integration_tests`,
- * `describe_audit_completeness_tests`, etc.). Excludes the four fields the
- * helpers manage directly — `backend` / `session_options` /
- * `create_route_specs` are constructed by the helper itself; `rpc_endpoints`
- * lives on the top-level option (hard-failed by `require_rpc_endpoint_path`
- * in the suites) so setup-time path lookup and runtime dispatch read from
- * one source of truth.
+ * helpers. Excludes fields the helpers manage directly — `backend` /
+ * `session_options` / `create_route_specs` are constructed by the helper
+ * itself; `rpc_endpoints` and `bootstrap` live on top-level options so
+ * setup-time surface lookup and runtime dispatch read from one source of
+ * truth.
  */
-export type SuiteAppOptions = Partial<Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs' | 'rpc_endpoints'>>;
+export type SuiteAppOptions = Partial<Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs' | 'rpc_endpoints' | 'bootstrap'>>;
 /**
  * A bootstrapped test account with credentials.
  */
@@ -234,4 +275,65 @@ export interface TestApp {
  * @returns a `TestApp` ready for HTTP testing
  */
 export declare const create_test_app: (options: CreateTestAppOptions) => Promise<TestApp>;
+/**
+ * Configuration for `create_test_app_for_bootstrap`. Like
+ * `CreateTestAppOptions` but the keeper-related fields drop (no
+ * pre-bootstrap keeper) and `bootstrap` is required + narrowed to
+ * `live` mode (the helper exists specifically to drive the success
+ * path).
+ */
+export interface CreateTestAppForBootstrapOptions {
+    session_options: SessionOptions<string>;
+    create_route_specs: (context: AppServerContext) => Array<RouteSpec>;
+    rpc_endpoints?: RpcEndpointsSuiteOption;
+    app_options?: SuiteAppOptions;
+    /** Live bootstrap config — the test drives `POST /bootstrap` against this. */
+    bootstrap: BootstrapLiveOptions;
+    /**
+     * Token contents the stub fs returns when reading `bootstrap.token_path`.
+     * The test posts a body containing this same value as `token` to satisfy
+     * the timing-safe equality check inside `bootstrap_account`.
+     */
+    bootstrap_token: string;
+    db?: Db;
+    db_type?: DbType;
+    password?: PasswordHashDeps;
+    audit_factory?: AuditFactory;
+}
+/**
+ * A fully assembled test app in the pre-bootstrap state — empty DB,
+ * `bootstrap_lock.bootstrapped = false`, no keeper account. Test drives
+ * `POST /bootstrap` itself.
+ */
+export interface TestAppForBootstrap {
+    app: Hono;
+    backend: AppBackend;
+    surface_spec: AppSurfaceSpec;
+    surface: AppSurface;
+    route_specs: Array<RouteSpec>;
+    /** Build host/origin request headers for the anonymous bootstrap POST. */
+    create_request_headers: (extra?: Record<string, string>) => Record<string, string>;
+    /** Release test resources (no-op when DB is injected or factory-cached). */
+    cleanup: () => Promise<void>;
+}
+/**
+ * Create a test app in the pre-bootstrap state for exercising the
+ * bootstrap success path end-to-end.
+ *
+ * Skips the keeper pre-creation `create_test_app` does by default —
+ * `bootstrap_lock.bootstrapped` stays at `false` and the DB has no
+ * accounts. The fs stubs return `options.bootstrap_token` when the
+ * bootstrap handler reads `bootstrap.token_path`, so a `POST /bootstrap`
+ * with `{token: bootstrap_token, username, password}` reaches the
+ * success branch.
+ *
+ * Pair with `describe_bootstrap_success_tests` for the consumer-runnable
+ * suite that drives the full happy path + adjacent assertions on
+ * observable state (account exists, audit row emitted, on_bootstrap
+ * callback fired).
+ *
+ * @param options - bootstrap config + factory inputs
+ * @returns a `TestAppForBootstrap` ready for the test to drive bootstrap
+ */
+export declare const create_test_app_for_bootstrap: (options: CreateTestAppForBootstrapOptions) => Promise<TestAppForBootstrap>;
 //# sourceMappingURL=app_server.d.ts.map

package/dist/testing/app_server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,EAAwB,KAAK,UAAU,EAAE,KAAK,YAAY,EAAC,MAAM,0BAA0B,CAAC;AACnG,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAI9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AASjD;;GAEG;AACH,MAAM,WAAW,2BAA2B;IAC3C,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,2BAA2B,KAClC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,6EAA6E;IAC7E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;;;;;;;;;OAcG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;CAC7B;AAKD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,eAAO,MAAM,sBAAsB,GAClC,SAAS,oBAAoB,KAC3B,OAAO,CAAC,aAAa,CAyFvB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IACjE,yEAAyE;IACzE,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC;;;;OAIG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;;;;;;;;GASG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,CACpC,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,eAAe,CAAC,CAC9F,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,8DAA8D;IAC9D,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,kEAAkE;IAClE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,gEAAgE;IAChE,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,iEAAiE;IACjE,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxF,qDAAqD;IACrD,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACtB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,oBAAoB,KAAG,OAAO,CAAC,OAAO,CAmGpF,CAAC"}
+{"version":3,"file":"app_server.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/app_server.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,MAAM,CAAC;AAG/B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAGjD,OAAO,EAA2B,KAAK,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAE1E,OAAO,KAAK,EAAC,EAAE,EAAE,MAAM,EAAC,MAAM,aAAa,CAAC;AAC5C,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,qBAAqB,CAAC;AAU1D,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG3F,OAAO,EAAwB,KAAK,UAAU,EAAE,KAAK,YAAY,EAAC,MAAM,0BAA0B,CAAC;AACnG,OAAO,EAEN,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,sBAAsB,EAC3B,KAAK,oBAAoB,EACzB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAC,UAAU,EAAE,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACnE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAOrD,OAAO,KAAK,EAAC,uBAAuB,EAAC,MAAM,kBAAkB,CAAC;AAE9D;;;;;GAKG;AACH,eAAO,MAAM,kBAAkB,EAAE,gBAIhC,CAAC;AAEF,gFAAgF;AAChF,eAAO,MAAM,kBAAkB,QAAiB,CAAC;AAEjD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,qBAAqB,sBAAsB,CAAC;AASzD;;;;;GAKG;AACH,MAAM,WAAW,uCAAuC;IACvD,EAAE,EAAE,EAAE,CAAC;IACP,OAAO,EAAE,OAAO,CAAC;IACjB,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;CACtB;AAED,2DAA2D;AAC3D,MAAM,MAAM,0BAA0B,GAAG,uCAAuC,CAAC;AAEjF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,oCAAoC,GAChD,SAAS,uCAAuC,KAC9C,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAyCA,CAAC;AAEF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,qBAAqB,GACjC,SAAS,0BAA0B,KACjC,OAAO,CAAC;IACV,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,cAAc,EAAE,MAAM,CAAC;CACvB,CAQA,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,aAAc,SAAQ,UAAU;IAChD,gCAAgC;IAChC,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,uCAAuC;IACvC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,mDAAmD;IACnD,cAAc,EAAE,MAAM,CAAC;IACvB,+FAA+F;IAC/F,OAAO,EAAE,OAAO,CAAC;IACjB,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACpC,mDAAmD;IACnD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kGAAkG;IAClG,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,0FAA0F;IAC1F,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,yHAAyH;IACzH,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,+EAA+E;IAC/E,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,gDAAgD;IAChD,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IACtB;;;;;;;;;;;;;;OAcG;IACH,aAAa,CAAC,EAAE,YAAY,CAAC;CAC7B;AA4HD,eAAO,MAAM,sBAAsB,GAClC,SAAS,oBAAoB,KAC3B,OAAO,CAAC,aAAa,CA2BvB,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,oBAAqB,SAAQ,oBAAoB;IACjE,yEAAyE;IACzE,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE;;;;;;;OAOG;IACH,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC;;;;;;;;;;;OAWG;IACH,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC;;;;;OAKG;IACH,WAAW,CAAC,EAAE,eAAe,CAAC;CAC9B;AAED;;;;;;;GAOG;AACH,MAAM,MAAM,eAAe,GAAG,OAAO,CACpC,IAAI,CACH,gBAAgB,EAChB,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,GAAG,eAAe,GAAG,WAAW,CACpF,CACD,CAAC;AAEF;;GAEG;AACH,MAAM,WAAW,WAAW;IAC3B,OAAO,EAAE;QAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACtC,KAAK,EAAE;QAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IAClB,mCAAmC;IACnC,cAAc,EAAE,MAAM,CAAC;IACvB,qCAAqC;IACrC,SAAS,EAAE,MAAM,CAAC;IAClB,gEAAgE;IAChE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,8DAA8D;IAC9D,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClF;AAED;;GAEG;AACH,MAAM,WAAW,OAAO;IACvB,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,aAAa,CAAC;IACvB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,kEAAkE;IAClE,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,gEAAgE;IAChE,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,iEAAiE;IACjE,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACxF,qDAAqD;IACrD,cAAc,EAAE,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;QAClB,cAAc,CAAC,EAAE,MAAM,CAAC;QACxB,KAAK,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;KACtB,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3B,8DAA8D;IAC9D,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,eAAe,GAAU,SAAS,oBAAoB,KAAG,OAAO,CAAC,OAAO,CAoGpF,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,WAAW,gCAAgC;IAChD,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,kBAAkB,EAAE,CAAC,OAAO,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IACpE,aAAa,CAAC,EAAE,uBAAuB,CAAC;IACxC,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,8EAA8E;IAC9E,SAAS,EAAE,oBAAoB,CAAC;IAChC;;;;OAIG;IACH,eAAe,EAAE,MAAM,CAAC;IACxB,EAAE,CAAC,EAAE,EAAE,CAAC;IACR,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,QAAQ,CAAC,EAAE,gBAAgB,CAAC;IAC5B,aAAa,CAAC,EAAE,YAAY,CAAC;CAC7B;AAED;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IACnC,GAAG,EAAE,IAAI,CAAC;IACV,OAAO,EAAE,UAAU,CAAC;IACpB,YAAY,EAAE,cAAc,CAAC;IAC7B,OAAO,EAAE,UAAU,CAAC;IACpB,WAAW,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAC9B,0EAA0E;IAC1E,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,4EAA4E;IAC5E,OAAO,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC7B;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,6BAA6B,GACzC,SAAS,gCAAgC,KACvC,OAAO,CAAC,mBAAmB,CAuE7B,CAAC"}

package/dist/testing/app_server.js

@@ -15,7 +15,6 @@ import { default_audit_factory } from '../server/app_backend.js';
 import { create_app_server, } from '../server/app_server.js';
 import { generate_daemon_token, DAEMON_TOKEN_HEADER, } from '../auth/daemon_token.js';
 import { create_pglite_factory } from './db.js';
-/* eslint-disable @typescript-eslint/require-await */
 /**
  * Fast password stub for tests that don't exercise login/password flows.
  *
@@ -29,6 +28,21 @@ export const stub_password_deps = {
 };
 /** 64-hex-char test cookie secret — deterministic, never used in production. */
 export const TEST_COOKIE_SECRET = 'a'.repeat(64);
+/**
+ * Default password for bootstrapped test accounts. Shared between the
+ * in-process keeper bootstrap (`bootstrap_test_keeper`,
+ * `create_test_account_with_credentials`, `create_test_app_server`,
+ * `TestApp.create_account`) and the cross-process bootstrap
+ * (`cross_backend/setup.ts`). The two paths MUST agree — when they
+ * diverged during the 3d cross-process lift, ~20 login tests 401'd
+ * silently against the cross-process backend because the per-test
+ * fixture minted accounts under a different default than the
+ * integration suite's hardcoded login bodies expected. Consumers
+ * hardcoding the literal string in test bodies should import this
+ * constant instead so a future divergence becomes a typecheck miss
+ * rather than a runtime password mismatch.
+ */
+export const DEFAULT_TEST_PASSWORD = 'test-password-123';
 // Module-level PGlite factory for create_test_app_server when no db is provided.
 // Shares the WASM instance cache from test_db.ts, avoiding redundant cold starts
 // within the same vitest worker thread. Schema is reset on each create() call.
@@ -36,17 +50,20 @@ const fallback_pglite_factory = create_pglite_factory(async (db) => {
     await run_migrations(db, [auth_migration_ns]);
 });
 /**
- * Bootstrap a test account with credentials.
+ * Create a test account with credentials. Use for additional accounts
+ * minted alongside the keeper (e.g. `TestApp.create_account` for
+ * cross-account / multi-user tests). Does NOT flip `bootstrap_lock` —
+ * non-keeper accounts should not appear to the system as bootstrap
+ * having happened.
  *
  * Creates an account with actor, grants roles, creates an API token,
- * creates a session, and signs a session cookie. Shared by
- * `create_test_app_server` and `TestApp.create_account`.
+ * creates a session, and signs a session cookie.
  *
  * @mutates the underlying `options.db` — inserts rows into `account`, `actor`,
  *   `role_grant` (one per role), `api_token`, and `auth_session`.
  */
-export const bootstrap_test_account = async (options) => {
-    const { db, keyring, session_options, password, username = 'keeper', password_value = 'test-password-123', roles = [], } = options;
+export const create_test_account_with_credentials = async (options) => {
+    const { db, keyring, session_options, password, username = 'keeper', password_value = DEFAULT_TEST_PASSWORD, roles = [], } = options;
     const deps = { db };
     const password_hash = await password.hash_password(password_value);
     const { account, actor } = await query_create_account_with_actor(deps, {
@@ -73,54 +90,63 @@ export const bootstrap_test_account = async (options) => {
         session_cookie,
     };
 };
-/** Silent logger for tests — suppresses all output. */
-const test_log = new Logger('test', { level: 'off' });
 /**
- * Create an app server with a bootstrapped account for testing.
+ * Bootstrap the test-DB keeper. Direct-query shortcut for the default
+ * `create_test_app` path — bootstrap is not what most tests exercise, so
+ * we skip the real `bootstrap_account` flow (no audit row, no
+ * `on_bootstrap` callback). Tests that need the full success-path flow
+ * use `create_test_app_for_bootstrap` instead.
  *
- * Sets up:
- * - Auth tables (via cached PGlite factory, or reuses existing `db`)
- * - A keeper account with hashed password
- * - Role role_grants for each role in `options.roles`
- * - An API token for Bearer auth
- * - A session with a signed cookie value
+ * Flips `bootstrap_lock.bootstrapped = true` so the post-insert DB state
+ * matches a real bootstrap completion — production code can trust the
+ * lock as the single signal without a belt-and-suspenders
+ * `query_account_has_any` defense.
  *
- * Uses `stub_password_deps` by default — deterministic hashing that works
- * correctly for login/logout tests without Argon2 overhead.
+ * @mutates the underlying `options.db` — inserts the account/actor/roles/
+ *   API token/session_cookie rows AND flips `bootstrap_lock.bootstrapped`.
+ */
+export const bootstrap_test_keeper = async (options) => {
+    const result = await create_test_account_with_credentials(options);
+    // Lock flip — mirrors production `bootstrap_account` so test/prod write
+    // semantics stay in parity.
+    await options.db.query('UPDATE bootstrap_lock SET bootstrapped = true WHERE id = 1 AND bootstrapped = false');
+    return result;
+};
+/** Silent logger for tests — suppresses all output. */
+const test_log = new Logger('test', { level: 'off' });
+const default_test_fs_stubs = {
+    stat: async () => null,
+    read_text_file: async () => '',
+    delete_file: async () => { },
+};
+/**
+ * Shared backend-assembly path for `create_test_app_server` and
+ * `create_test_app_for_bootstrap`. Returns the raw `AppBackend` + the
+ * keyring used to sign session cookies; callers wrap with their own
+ * concerns (keeper pre-creation vs. pre-bootstrap state).
  *
- * @param options - session options and optional overrides
- * @returns a `TestAppServer` ready for HTTP testing
- * @mutates the underlying database — when `db` is supplied, resets singleton
- *   state (`bootstrap_lock.bootstrapped`, `app_settings.open_signup`) before
- *   bootstrapping; in either branch inserts an account, actor, role role_grants,
- *   API token, and session row.
+ * Resets `app_settings` singleton row for caller-supplied DBs so prior
+ * tests don't leak `open_signup`. Does NOT reset `bootstrap_lock` —
+ * callers own that policy (`create_test_app_server` lets
+ * `bootstrap_test_keeper` flip it; `create_test_app_for_bootstrap`
+ * resets it to false before this runs).
  */
-export const create_test_app_server = async (options) => {
-    const { session_options, db: existing_db, db_type = 'pglite-memory', password = stub_password_deps, username = 'keeper', password_value = 'test-password-123', roles = [ROLE_KEEPER], audit_factory = default_audit_factory, } = options;
-    // Keyring from test secret
+const _build_test_backend = async (options) => {
+    const { db: existing_db, db_type = 'pglite-memory', password = stub_password_deps, audit_factory = default_audit_factory, fs_stubs = default_test_fs_stubs, } = options;
     const keyring_result = create_validated_keyring(TEST_COOKIE_SECRET);
     if (!keyring_result.ok) {
         throw new Error(`Test keyring failed: ${keyring_result.errors.join(', ')}`);
     }
-    const fs_stubs = {
-        stat: async () => null,
-        read_text_file: async () => '',
-        delete_file: async (_path) => { }, // eslint-disable-line @typescript-eslint/no-empty-function
-    };
     let backend;
     if (existing_db) {
-        // Reset singleton config rows that may retain state from a previous test.
-        // Harmless for fresh pglite (these are already at defaults).
-        await existing_db.query('UPDATE bootstrap_lock SET bootstrapped = false WHERE bootstrapped = true');
+        // Reset singleton config row from a previous test (harmless on fresh pglite).
         await existing_db.query('UPDATE app_settings SET open_signup = false, updated_at = NULL, updated_by = NULL WHERE open_signup = true OR updated_at IS NOT NULL');
-        // Use the caller's database — tables already created by the factory's init_schema.
-        // Caller owns the DB lifecycle — close is a no-op.
         const audit = audit_factory({ db: existing_db, log: test_log });
         backend = {
             db_type,
             db_name: 'test',
-            migration_results: [], // migrations ran in the factory's init_schema, results not captured
-            close: async () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+            migration_results: [], // migrations ran in the factory's init_schema
+            close: async () => { },
             deps: {
                 keyring: keyring_result.keyring,
                 password,
@@ -141,7 +167,7 @@ export const create_test_app_server = async (options) => {
             db_type: 'pglite-memory',
             db_name: '(memory)',
             migration_results: [],
-            close: async () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+            close: async () => { },
             deps: {
                 keyring: keyring_result.keyring,
                 password,
@@ -152,9 +178,14 @@ export const create_test_app_server = async (options) => {
             },
         };
     }
-    const bootstrapped = await bootstrap_test_account({
+    return { backend, keyring: keyring_result.keyring };
+};
+export const create_test_app_server = async (options) => {
+    const { session_options, password = stub_password_deps, username = 'keeper', password_value = DEFAULT_TEST_PASSWORD, roles = [ROLE_KEEPER], } = options;
+    const { backend, keyring } = await _build_test_backend(options);
+    const bootstrapped = await bootstrap_test_keeper({
         db: backend.deps.db,
-        keyring: keyring_result.keyring,
+        keyring,
         session_options,
         password,
         username,
@@ -164,7 +195,7 @@ export const create_test_app_server = async (options) => {
     return {
         ...backend,
         ...bootstrapped,
-        keyring: keyring_result.keyring,
+        keyring,
         cleanup: () => backend.close(),
     };
 };
@@ -205,6 +236,7 @@ export const create_test_app = async (options) => {
         await_pending_effects: true,
         daemon_token_state,
         rpc_endpoints: options.rpc_endpoints,
+        bootstrap: options.bootstrap,
         ...options.app_options,
         create_route_specs: options.create_route_specs,
     });
@@ -230,13 +262,13 @@ export const create_test_app = async (options) => {
     let account_counter = 0;
     const create_account = async (account_options) => {
         account_counter++;
-        const bootstrapped = await bootstrap_test_account({
+        const bootstrapped = await create_test_account_with_credentials({
             db: test_server.deps.db,
             keyring: test_server.keyring,
             session_options: options.session_options,
             password,
             username: account_options?.username ?? `test_user_${account_counter}`,
-            password_value: account_options?.password_value ?? 'test-password-123',
+            password_value: account_options?.password_value ?? DEFAULT_TEST_PASSWORD,
             roles: account_options?.roles ?? [],
         });
         return {
@@ -267,3 +299,84 @@ export const create_test_app = async (options) => {
         cleanup: () => test_server.cleanup(),
     };
 };
+/**
+ * Create a test app in the pre-bootstrap state for exercising the
+ * bootstrap success path end-to-end.
+ *
+ * Skips the keeper pre-creation `create_test_app` does by default —
+ * `bootstrap_lock.bootstrapped` stays at `false` and the DB has no
+ * accounts. The fs stubs return `options.bootstrap_token` when the
+ * bootstrap handler reads `bootstrap.token_path`, so a `POST /bootstrap`
+ * with `{token: bootstrap_token, username, password}` reaches the
+ * success branch.
+ *
+ * Pair with `describe_bootstrap_success_tests` for the consumer-runnable
+ * suite that drives the full happy path + adjacent assertions on
+ * observable state (account exists, audit row emitted, on_bootstrap
+ * callback fired).
+ *
+ * @param options - bootstrap config + factory inputs
+ * @returns a `TestAppForBootstrap` ready for the test to drive bootstrap
+ */
+export const create_test_app_for_bootstrap = async (options) => {
+    const { session_options, bootstrap, bootstrap_token } = options;
+    // Caller-supplied DB may carry lock state from a prior test — reset to false
+    // before `_build_test_backend` runs (which doesn't touch the lock itself).
+    // Fresh pglite already starts at false (factory init).
+    if (options.db) {
+        await options.db.query('UPDATE bootstrap_lock SET bootstrapped = false WHERE bootstrapped = true');
+    }
+    // Token-aware fs stubs: the bootstrap route's filesystem operations resolve
+    // against the configured token_path; everything else returns no-op defaults.
+    let token_file_deleted = false;
+    const fs_stubs = {
+        stat: async (path) => path === bootstrap.token_path && !token_file_deleted
+            ? { is_file: true, is_directory: false }
+            : null,
+        read_text_file: async (path) => path === bootstrap.token_path && !token_file_deleted ? bootstrap_token : '',
+        delete_file: async (path) => {
+            if (path === bootstrap.token_path)
+                token_file_deleted = true;
+        },
+    };
+    const { backend } = await _build_test_backend({ ...options, fs_stubs });
+    // Daemon token state isn't reachable pre-bootstrap (no keeper account)
+    // but the field is required by AppServerOptions; pass a placeholder.
+    const daemon_token_state = {
+        current_token: generate_daemon_token(),
+        previous_token: null,
+        rotated_at: new Date(),
+        keeper_account_id: null,
+    };
+    const result = await create_app_server({
+        backend,
+        session_options,
+        allowed_origins: [/^http:\/\/localhost/],
+        proxy: { trusted_proxies: ['127.0.0.1'], get_connection_ip: () => '127.0.0.1' },
+        env_schema: z.object({}),
+        ip_rate_limiter: null,
+        login_account_rate_limiter: null,
+        signup_account_rate_limiter: null,
+        bearer_ip_rate_limiter: null,
+        await_pending_effects: true,
+        daemon_token_state,
+        rpc_endpoints: options.rpc_endpoints,
+        bootstrap,
+        ...options.app_options,
+        create_route_specs: options.create_route_specs,
+    });
+    const create_request_headers = (extra) => ({
+        host: 'localhost',
+        origin: 'http://localhost:5173',
+        ...extra,
+    });
+    return {
+        app: result.app,
+        backend,
+        surface_spec: result.surface_spec,
+        surface: result.surface_spec.surface,
+        route_specs: result.surface_spec.route_specs,
+        create_request_headers,
+        cleanup: () => backend.close(),
+    };
+};

package/dist/testing/audit_completeness.d.ts

@@ -1,42 +1,45 @@
 import './assert_dev_env.js';
 import type { SessionOptions } from '../auth/session_cookie.js';
-import type { AppServerContext } from '../server/app_server.js';
-import type { RouteSpec } from '../http/route_spec.js';
-import { type SuiteAppOptions } from './app_server.js';
-import { type DbFactory } from './db.js';
 import { type RpcEndpointsSuiteOption } from './rpc_helpers.js';
+import type { AppSurfaceSpec } from '../http/surface.js';
+import type { BackendCapabilities } from './cross_backend/capabilities.js';
+import type { SetupTest } from './cross_backend/setup.js';
 /**
  * Configuration for `describe_audit_completeness_tests`.
  */
 export interface AuditCompletenessTestOptions {
-    /** Session config for cookie-based auth. */
+    /**
+     * Per-test fixture-producing function. The audit suite calls this
+     * in every `test()` body — `auth_integration_truncate_tables` clears
+     * the audit log between tests, so each test re-bootstraps the
+     * keeper and the observer admin against a fresh table.
+     */
+    setup_test: SetupTest;
+    /**
+     * App surface (with route specs). Constructed in TS by the consumer;
+     * same shape for in-process and cross-process tests. The audit suite is
+     * Tier 2 today (stays in-process per the cross-backend-integration
+     * design), but takes the same surface shape as Tier 1 suites for
+     * options uniformity.
+     */
+    surface_source: AppSurfaceSpec;
+    /** Backend capability declarations. */
+    capabilities: BackendCapabilities;
+    /** Session config — needed for factory-form rpc_endpoints resolution. */
     session_options: SessionOptions<string>;
-    /** Route spec factory — same one used in production. */
-    create_route_specs: (ctx: AppServerContext) => Array<RouteSpec>;
     /**
-     * RPC endpoint specs — the source `RpcAction` arrays. Required; the
-     * admin role_grant flow is RPC-only and the suite hard-fails without it.
-     *
-     * Accepts either an array (eager) or a factory
-     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
-     * is required when action handlers must close over the per-test
-     * `ctx.app_settings` / `ctx.deps` (e.g. exercising `app_settings_update`).
-     * The factory must return the same endpoint `path` regardless of ctx —
-     * it is invoked once at setup with a stub ctx for path lookup and again
-     * per-test by `create_app_server` for live dispatch.
+     * RPC endpoint specs — required. The admin role_grant flow is RPC-only
+     * and the suite hard-fails without it.
      */
     rpc_endpoints: RpcEndpointsSuiteOption;
-    /** Optional overrides for `AppServerOptions`. */
-    app_options?: SuiteAppOptions;
-    /** Database factories to run tests against. Default: pglite only. */
-    db_factories?: Array<DbFactory>;
 }
 /**
  * Composable audit log completeness test suite.
  *
  * Verifies that every auth mutation route produces the correct audit log
  * event type. Exercises routes via HTTP requests against a real PGlite
- * database, then queries the `audit_log` table to verify events.
+ * database, then reads events back through the `audit_log_list` RPC
+ * (the production observation path the admin UI consumes).
  *
  * @throws Error at setup time when `options.rpc_endpoints` is empty — the
  *   mutation-audit tests drive role_grant flow, session/token revoke-all, and

package/dist/testing/audit_completeness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAkB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAGN,KAAK,eAAe,EAEpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAKjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAqB1B;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;;OAWG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;CAChC;AAyED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAihBzF,CAAC"}
+{"version":3,"file":"audit_completeness.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/audit_completeness.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA4B7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAS9D,OAAO,EAKN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAwB1B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAc,MAAM,0BAA0B,CAAC;AAErE;;GAEG;AACH,MAAM,WAAW,4BAA4B;IAC5C;;;;;OAKG;IACH,UAAU,EAAE,SAAS,CAAC;IACtB;;;;;;OAMG;IACH,cAAc,EAAE,cAAc,CAAC;IAC/B,uCAAuC;IACvC,YAAY,EAAE,mBAAmB,CAAC;IAClC,yEAAyE;IACzE,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC;;;OAGG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AA8FD;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,iCAAiC,GAAI,SAAS,4BAA4B,KAAG,IAuhBzF,CAAC"}