@fuzdev/fuz_app 0.64.0 → 0.66.0

package/dist/testing/cross_backend/bootstrap_backend.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap_backend.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/bootstrap_backend.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAE9B;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AAEH,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAIvD,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,YAAY,CAAC;AAE1D;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,iBAAiB,GAC7B,QAAQ,aAAa,KACnB,OAAO,CAAC,yBAAyB,CAgBnC,CAAC"}

package/dist/testing/cross_backend/bootstrap_backend.js

@@ -0,0 +1,34 @@
+import '../assert_dev_env.js';
+import { spawn_backend } from './spawn_backend.js';
+import { bootstrap } from '../transports/bootstrap.js';
+import { create_fetch_transport } from '../transports/fetch_transport.js';
+/**
+ * Spawn the test binary described by `config`, bootstrap a keeper, and
+ * return the enriched handle.
+ *
+ * The keeper transport is constructed against `config.base_url` with no
+ * initial cookies; `bootstrap()` populates its jar with the session
+ * cookie returned by `POST {config.bootstrap_path}`. Subsequent calls
+ * against `bootstrapped.keeper_transport` are authenticated as keeper.
+ *
+ * Mirrors the composition `default_cross_process_setup`'s caller would
+ * otherwise hand-roll in every consumer's `globalSetup`.
+ */
+export const bootstrap_backend = async (config) => {
+    const handle = await spawn_backend(config);
+    try {
+        const keeper_transport = create_fetch_transport({ base_url: config.base_url });
+        const keeper = await bootstrap({ transport: keeper_transport, config });
+        return {
+            ...handle,
+            keeper_transport,
+            keeper_account: keeper.account,
+            keeper_actor: keeper.actor,
+            keeper_cookies: keeper.cookies,
+        };
+    }
+    catch (err) {
+        await handle.teardown();
+        throw err;
+    }
+};

package/dist/testing/cross_backend/build_test_backend_paths.d.ts

@@ -0,0 +1,24 @@
+import '../assert_dev_env.js';
+/**
+ * Generic per-backend paths every cross-process test binary needs.
+ * Consumers extend this with their own domain paths.
+ *
+ * - `root` — the per-backend subtree under `os.tmpdir()`. Compose
+ *   consumer-specific paths under here.
+ * - `bootstrap_token_path` — `FUZ_BOOTSTRAP_TOKEN_PATH`; harness writes
+ *   the bootstrap token here before spawn.
+ * - `daemon_token_path` — where `init_daemon_token` (Rust) and the TS
+ *   server's daemon-token writer land the token (under `{root}/run/`).
+ */
+export interface TestBackendPaths {
+    readonly root: string;
+    readonly bootstrap_token_path: string;
+    readonly daemon_token_path: string;
+}
+/**
+ * Build the generic path layout for a cross-process test backend.
+ * `prefix` is typically the `BackendConfig.name` (e.g. `'deno'`,
+ * `'rust'`, `'spine_stub'`).
+ */
+export declare const build_test_backend_paths: (prefix: string) => TestBackendPaths;
+//# sourceMappingURL=build_test_backend_paths.d.ts.map

package/dist/testing/cross_backend/build_test_backend_paths.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"build_test_backend_paths.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/build_test_backend_paths.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAqB9B;;;;;;;;;;GAUG;AACH,MAAM,WAAW,gBAAgB;IAChC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,oBAAoB,EAAE,MAAM,CAAC;IACtC,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;CACnC;AAED;;;;GAIG;AACH,eAAO,MAAM,wBAAwB,GAAI,QAAQ,MAAM,KAAG,gBASzD,CAAC"}

package/dist/testing/cross_backend/build_test_backend_paths.js

@@ -0,0 +1,33 @@
+import '../assert_dev_env.js';
+/**
+ * Per-backend filesystem layout under `os.tmpdir()` for cross-process
+ * tests.
+ *
+ * Isolation matters because vitest projects can run in parallel — a
+ * shared `root` would mix daemon tokens across concurrently-running
+ * backends. Each backend gets its own subtree via the `prefix` arg
+ * (typically the `BackendConfig.name`).
+ *
+ * Consumers compose: take the generic paths from
+ * `build_test_backend_paths(name)`, add domain-specific dirs (e.g.
+ * `zzz_dir`, `scoped_dir`) under the returned `root`.
+ *
+ * @module
+ */
+import { tmpdir } from 'node:os';
+import { join } from 'node:path';
+/**
+ * Build the generic path layout for a cross-process test backend.
+ * `prefix` is typically the `BackendConfig.name` (e.g. `'deno'`,
+ * `'rust'`, `'spine_stub'`).
+ */
+export const build_test_backend_paths = (prefix) => {
+    const root = join(tmpdir(), prefix);
+    return {
+        root,
+        bootstrap_token_path: join(root, 'bootstrap_token'),
+        // `init_daemon_token` (Rust) and the TS server's daemon-token
+        // writer both land the token at `{root}/run/daemon_token`.
+        daemon_token_path: join(root, 'run', 'daemon_token'),
+    };
+};

package/dist/testing/cross_backend/capabilities.d.ts

@@ -0,0 +1,65 @@
+import '../assert_dev_env.js';
+/**
+ * Optional behaviors a backend may support. Each flag's TSDoc names the
+ * tests that gate on it; add a new flag here before referencing it from
+ * a suite body, and document the gating tests inline.
+ */
+export interface BackendCapabilities {
+    /**
+     * Bearer token auth (`Authorization: Bearer <token>`) is wired through
+     * the backend's middleware stack. Gates the bearer-token cases in
+     * `describe_standard_integration_tests` and `describe_rate_limiting_tests`.
+     */
+    readonly bearer_auth: boolean;
+    /**
+     * Trusted-proxy XFF parsing is wired (`X-Forwarded-For` etc.). Gates
+     * the proxy-resolution cases in `describe_standard_integration_tests`
+     * and the future cross-process proxy integration suite.
+     */
+    readonly trusted_proxy: boolean;
+    /**
+     * Per-account login rate limiting is wired. Gates the per-account
+     * rate-limit cases in `describe_rate_limiting_tests`.
+     */
+    readonly login_rate_limit: boolean;
+    /**
+     * WebSocket transport is reachable end-to-end. Gates the cross-process
+     * WS round-trip suite; the in-process `describe_ws_round_trip_tests`
+     * runs against `register_action_ws` directly and ignores this flag.
+     */
+    readonly ws: boolean;
+    /**
+     * SSE transport is reachable end-to-end. Gates the cross-process SSE
+     * suite (`describe_cross_process_sse_tests` — connect, audit data frame,
+     * close-on-revoke); in-process SSE uses the `on_audit_event` hook and
+     * ignores this flag.
+     */
+    readonly sse: boolean;
+    /**
+     * Test has direct access to backend-internal state (keyring for
+     * signing cookies, DB pool for FK-structural raw queries). Always
+     * `true` for in-process Hono via `default_in_process_setup`; always
+     * `false` cross-process. Gates the 3 keyring reads in
+     * `describe_standard_integration_tests` (expired-cookie generation)
+     * and the FK-structural raw query in `describe_audit_completeness_tests`.
+     */
+    readonly in_process_only: boolean;
+}
+/**
+ * Capability declarations for the in-process Hono transport. Every flag
+ * is `true` because in-process testing exercises the full backend with
+ * no missing optional behaviors. Cross-process consumers
+ * declare each flag explicitly per backend.
+ */
+export declare const in_process_capabilities: BackendCapabilities;
+/**
+ * Conditional `test()` wrapper — registers a vitest case only when
+ * `cond` is true; otherwise registers it as `.skip` so the run still
+ * surfaces the gated coverage in the report.
+ *
+ * Thin wrapper around vitest's `test.skipIf(!cond)` with the argument
+ * order flipped to match the more readable `test_if(capabilities.bearer_auth, ...)`
+ * call pattern.
+ */
+export declare const test_if: (cond: boolean, name: string, fn: () => void | Promise<void>) => void;
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/testing/cross_backend/capabilities.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capabilities.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/capabilities.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAmB9B;;;;GAIG;AACH,MAAM,WAAW,mBAAmB;IACnC;;;;OAIG;IACH,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B;;;;OAIG;IACH,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC;;;;OAIG;IACH,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,EAAE,OAAO,CAAC;IACtB;;;;;;;OAOG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CAClC;AAED;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,mBAOpC,CAAC;AAEH;;;;;;;;GAQG;AACH,eAAO,MAAM,OAAO,GAAI,MAAM,OAAO,EAAE,MAAM,MAAM,EAAE,IAAI,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAG,IAMrF,CAAC"}

package/dist/testing/cross_backend/capabilities.js

@@ -0,0 +1,47 @@
+import '../assert_dev_env.js';
+/**
+ * Capability vocabulary for cross-backend integration testing.
+ *
+ * Backends declare which optional behaviors they support; suite bodies
+ * call `test_if(capabilities.X, ...)` to skip cases the backend doesn't
+ * implement. No `if (config.name === 'rust')` branches anywhere — name-
+ * checking is a code smell that says capability vocabulary is missing.
+ *
+ * In-process Hono via `default_in_process_setup` declares every
+ * capability `true` (see `in_process_capabilities`). Cross-process
+ * backends opt in per-flag on their `BackendConfig`.
+ *
+ * @module
+ */
+import { test } from 'vitest';
+/**
+ * Capability declarations for the in-process Hono transport. Every flag
+ * is `true` because in-process testing exercises the full backend with
+ * no missing optional behaviors. Cross-process consumers
+ * declare each flag explicitly per backend.
+ */
+export const in_process_capabilities = Object.freeze({
+    bearer_auth: true,
+    trusted_proxy: true,
+    login_rate_limit: true,
+    ws: true,
+    sse: true,
+    in_process_only: true,
+});
+/**
+ * Conditional `test()` wrapper — registers a vitest case only when
+ * `cond` is true; otherwise registers it as `.skip` so the run still
+ * surfaces the gated coverage in the report.
+ *
+ * Thin wrapper around vitest's `test.skipIf(!cond)` with the argument
+ * order flipped to match the more readable `test_if(capabilities.bearer_auth, ...)`
+ * call pattern.
+ */
+export const test_if = (cond, name, fn) => {
+    if (cond) {
+        test(name, fn);
+    }
+    else {
+        test.skip(name, fn);
+    }
+};

package/dist/testing/cross_backend/default_backend_configs.d.ts

@@ -0,0 +1,122 @@
+import '../assert_dev_env.js';
+/**
+ * Family-shared `BackendConfig` builders for cross-process test backends.
+ *
+ * Two consumer-facing factories — {@link make_default_ts_backend_config}
+ * and {@link make_default_rust_backend_config} — own the common shape
+ * for the JS-runtime (Deno/Node on V8) and Rust families respectively.
+ * Per-backend factories in consumer projects compose a small
+ * declaration against one of these and add consumer-specific env vars
+ * via `extra_env`.
+ *
+ * Defaults baked in by family:
+ *
+ * - **TS** — `'memory://'` PGlite, 30s startup window, capabilities
+ *   without trusted_proxy/login_rate_limit. The TS canonical path
+ *   leaves these limiters null in test mode.
+ * - **Rust** — caller-supplied real Postgres URL (PGlite isn't reachable
+ *   from `tokio-postgres`), 120s startup window (cargo first-build cost),
+ *   capabilities including trusted_proxy + login_rate_limit + the
+ *   `FUZ_TESTING_RESET_DB_ON_STARTUP=true` self-wipe gate.
+ *
+ * Both builders default `port_env_var` to `'PORT'`. Consumers whose
+ * binary reads a different name (e.g. zzz's `ZZZ_PORT`) override.
+ *
+ * Common across both families: `/api/rpc`, `/api/ws`, `/health`,
+ * `/api/account/bootstrap`, `cookie_name: 'fuz_session'`, the standard
+ * bootstrap block keyed off `default_test_*` constants. Builders call
+ * `build_test_backend_paths(name)` internally when the optional `paths`
+ * is omitted.
+ *
+ * @module
+ */
+import type { BackendBootstrapConfig, BackendConfig } from './backend_config.js';
+import type { BackendCapabilities } from './capabilities.js';
+import { type TestBackendPaths } from './build_test_backend_paths.js';
+/**
+ * Capabilities shared by TS-family backends — same canonical
+ * implementation, same feature set. No trusted-proxy phase (the test
+ * binary doesn't enable proxy parsing) and no per-account login rate
+ * limit (the TS canonical path leaves the limiter null in test mode).
+ */
+export declare const ts_default_capabilities: BackendCapabilities;
+/**
+ * Capabilities for the Rust family. Adds `trusted_proxy: true` (the
+ * Rust spine's client-IP middleware is always wired; the env-gate just
+ * controls whether XFF is consulted vs the TCP peer IP) and
+ * `login_rate_limit: true` (env-gated bucket on `/login` + `/password`).
+ */
+export declare const rust_default_capabilities: BackendCapabilities;
+export interface MakeDefaultTsBackendConfigOptions {
+    /** Diagnostic label; also used as the tmpdir prefix when `paths` is omitted. */
+    readonly name: string;
+    /** TCP port the binary listens on. */
+    readonly port: number;
+    /** argv passed to the spawn (first entry is the binary). */
+    readonly start_command: ReadonlyArray<string>;
+    /** Defaults to `'memory://'` (in-memory PGlite). */
+    readonly database_url?: string;
+    /** Merged on top of the generic env baseline; later keys win. */
+    readonly extra_env?: Readonly<Record<string, string>>;
+    /** Defaults to `ts_default_capabilities`. */
+    readonly capabilities?: BackendCapabilities;
+    /** Pre-computed paths; defaults to `build_test_backend_paths(name)`. */
+    readonly paths?: TestBackendPaths;
+    /** Override individual bootstrap fields (username/password/token). */
+    readonly bootstrap_overrides?: Partial<BackendBootstrapConfig>;
+    /**
+     * Env-var name the binary reads for its port. Defaults to `'PORT'`.
+     * Consumers whose binary reads a different name (e.g. `'ZZZ_PORT'`)
+     * override.
+     */
+    readonly port_env_var?: string;
+}
+/**
+ * Shared builder for TS-family backends (Deno + Node). Owns the common
+ * env baseline (NODE_ENV, HOST, PORT, in-memory PGlite, cookie keys,
+ * bootstrap token path) so per-backend factories only declare what
+ * genuinely differs.
+ */
+export declare const make_default_ts_backend_config: (opts: MakeDefaultTsBackendConfigOptions) => BackendConfig;
+export interface MakeDefaultRustBackendConfigOptions {
+    /** Diagnostic label; also used as the tmpdir prefix when `paths` is omitted. */
+    readonly name: string;
+    /** TCP port the binary listens on. */
+    readonly port: number;
+    /** argv passed to the spawn (first entry is the binary). */
+    readonly start_command: ReadonlyArray<string>;
+    /**
+     * Required — Rust needs real Postgres (PGlite isn't reachable from
+     * `tokio-postgres`). Consumers typically supply
+     * `'postgres://localhost/{repo}_test_{name}'`.
+     */
+    readonly database_url: string;
+    /** Merged on top of the generic env baseline; later keys win. */
+    readonly extra_env?: Readonly<Record<string, string>>;
+    /** Defaults to `rust_default_capabilities`. */
+    readonly capabilities?: BackendCapabilities;
+    /** Pre-computed paths; defaults to `build_test_backend_paths(name)`. */
+    readonly paths?: TestBackendPaths;
+    /** Override individual bootstrap fields (username/password/token). */
+    readonly bootstrap_overrides?: Partial<BackendBootstrapConfig>;
+    /**
+     * Env-var name the binary reads for its port. Defaults to `'PORT'`.
+     * Consumers whose binary reads a different name (e.g. `'ZZZ_PORT'`)
+     * override.
+     */
+    readonly port_env_var?: string;
+    /**
+     * Initial value for `RUST_LOG`. Defaults to `'info'`. Consumers pass
+     * their binary-specific module filter
+     * (e.g. `'info,zzz_server=info,testing_zzz_server=info'`).
+     */
+    readonly rust_log?: string;
+}
+/**
+ * Shared builder for Rust-family backends. Owns the common env baseline
+ * (RUST_LOG, HOST, port, real Postgres, cookie keys, bootstrap token
+ * path, the `FUZ_TESTING_RESET_DB_ON_STARTUP=true` self-wipe gate) plus
+ * the 120s startup window for cargo's first-run build cost.
+ */
+export declare const make_default_rust_backend_config: (opts: MakeDefaultRustBackendConfigOptions) => BackendConfig;
+//# sourceMappingURL=default_backend_configs.d.ts.map

package/dist/testing/cross_backend/default_backend_configs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default_backend_configs.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/default_backend_configs.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAE9B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AAEH,OAAO,KAAK,EAAC,sBAAsB,EAAE,aAAa,EAAC,MAAM,qBAAqB,CAAC;AAC/E,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,mBAAmB,CAAC;AAC3D,OAAO,EAA2B,KAAK,gBAAgB,EAAC,MAAM,+BAA+B,CAAC;AAQ9F;;;;;GAKG;AACH,eAAO,MAAM,uBAAuB,EAAE,mBAOpC,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,yBAAyB,EAAE,mBAOtC,CAAC;AAeH,MAAM,WAAW,iCAAiC;IACjD,gFAAgF;IAChF,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC9C,oDAAoD;IACpD,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,6CAA6C;IAC7C,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,KAAK,CAAC,EAAE,gBAAgB,CAAC;IAClC,sEAAsE;IACtE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC/D;;;;OAIG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED;;;;;GAKG;AACH,eAAO,MAAM,8BAA8B,GAC1C,MAAM,iCAAiC,KACrC,aAmCF,CAAC;AAEF,MAAM,WAAW,mCAAmC;IACnD,gFAAgF;IAChF,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,sCAAsC;IACtC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,4DAA4D;IAC5D,QAAQ,CAAC,aAAa,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC9C;;;;OAIG;IACH,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,iEAAiE;IACjE,QAAQ,CAAC,SAAS,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IACtD,+CAA+C;IAC/C,QAAQ,CAAC,YAAY,CAAC,EAAE,mBAAmB,CAAC;IAC5C,wEAAwE;IACxE,QAAQ,CAAC,KAAK,CAAC,EAAE,gBAAgB,CAAC;IAClC,sEAAsE;IACtE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC,sBAAsB,CAAC,CAAC;IAC/D;;;;OAIG;IACH,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC3B;AAED;;;;;GAKG;AACH,eAAO,MAAM,gCAAgC,GAC5C,MAAM,mCAAmC,KACvC,aA2CF,CAAC"}

package/dist/testing/cross_backend/default_backend_configs.js

@@ -0,0 +1,111 @@
+import '../assert_dev_env.js';
+import { build_test_backend_paths } from './build_test_backend_paths.js';
+import { default_test_bootstrap_token, default_test_cookie_keys, default_test_keeper_password, default_test_keeper_username, } from './default_secrets.js';
+/**
+ * Capabilities shared by TS-family backends — same canonical
+ * implementation, same feature set. No trusted-proxy phase (the test
+ * binary doesn't enable proxy parsing) and no per-account login rate
+ * limit (the TS canonical path leaves the limiter null in test mode).
+ */
+export const ts_default_capabilities = Object.freeze({
+    bearer_auth: true,
+    trusted_proxy: false,
+    login_rate_limit: false,
+    ws: true,
+    sse: false,
+    in_process_only: false,
+});
+/**
+ * Capabilities for the Rust family. Adds `trusted_proxy: true` (the
+ * Rust spine's client-IP middleware is always wired; the env-gate just
+ * controls whether XFF is consulted vs the TCP peer IP) and
+ * `login_rate_limit: true` (env-gated bucket on `/login` + `/password`).
+ */
+export const rust_default_capabilities = Object.freeze({
+    bearer_auth: true,
+    trusted_proxy: true,
+    login_rate_limit: true,
+    ws: true,
+    sse: false,
+    in_process_only: false,
+});
+/** Bootstrap block built from the default secrets + supplied paths. */
+const build_default_bootstrap = (paths, overrides) => ({
+    token_path: paths.bootstrap_token_path,
+    token: default_test_bootstrap_token,
+    username: default_test_keeper_username,
+    password: default_test_keeper_password,
+    daemon_token_path: paths.daemon_token_path,
+    ...overrides,
+});
+/**
+ * Shared builder for TS-family backends (Deno + Node). Owns the common
+ * env baseline (NODE_ENV, HOST, PORT, in-memory PGlite, cookie keys,
+ * bootstrap token path) so per-backend factories only declare what
+ * genuinely differs.
+ */
+export const make_default_ts_backend_config = (opts) => {
+    const { name, port, start_command, database_url = 'memory://', extra_env, capabilities = ts_default_capabilities, paths = build_test_backend_paths(name), bootstrap_overrides, port_env_var = 'PORT', } = opts;
+    return {
+        name,
+        start_command,
+        base_url: `http://localhost:${port}`,
+        rpc_path: '/api/rpc',
+        ws_path: '/api/ws',
+        health_path: '/health',
+        bootstrap_path: '/api/account/bootstrap',
+        cookie_name: 'fuz_session',
+        startup_timeout_ms: 30_000,
+        env: {
+            NODE_ENV: 'development',
+            HOST: 'localhost',
+            [port_env_var]: String(port),
+            DATABASE_URL: database_url,
+            SECRET_FUZ_COOKIE_KEYS: default_test_cookie_keys,
+            FUZ_ALLOWED_ORIGINS: 'http://localhost:*',
+            FUZ_BOOTSTRAP_TOKEN_PATH: paths.bootstrap_token_path,
+            ...extra_env,
+        },
+        bootstrap: build_default_bootstrap(paths, bootstrap_overrides),
+        capabilities,
+    };
+};
+/**
+ * Shared builder for Rust-family backends. Owns the common env baseline
+ * (RUST_LOG, HOST, port, real Postgres, cookie keys, bootstrap token
+ * path, the `FUZ_TESTING_RESET_DB_ON_STARTUP=true` self-wipe gate) plus
+ * the 120s startup window for cargo's first-run build cost.
+ */
+export const make_default_rust_backend_config = (opts) => {
+    const { name, port, start_command, database_url, extra_env, capabilities = rust_default_capabilities, paths = build_test_backend_paths(name), bootstrap_overrides, port_env_var = 'PORT', rust_log = 'info', } = opts;
+    return {
+        name,
+        start_command,
+        base_url: `http://localhost:${port}`,
+        rpc_path: '/api/rpc',
+        ws_path: '/api/ws',
+        health_path: '/health',
+        bootstrap_path: '/api/account/bootstrap',
+        cookie_name: 'fuz_session',
+        startup_timeout_ms: 120_000,
+        env: {
+            RUST_LOG: rust_log,
+            HOST: 'localhost',
+            [port_env_var]: String(port),
+            DATABASE_URL: database_url,
+            SECRET_FUZ_COOKIE_KEYS: default_test_cookie_keys,
+            FUZ_ALLOWED_ORIGINS: 'http://localhost:*',
+            FUZ_BOOTSTRAP_TOKEN_PATH: paths.bootstrap_token_path,
+            // Self-wipe the auth-namespace schema before migrations on every
+            // boot. Read by `fuz_testing::reset_db_on_startup_if_env_set`,
+            // which the consumer's test binary invokes from its
+            // `pre_migration_hook` between pool creation and
+            // `fuz_db::run_migrations`. The `_testing_reset` RPC action
+            // (per-test reset) is orthogonal.
+            FUZ_TESTING_RESET_DB_ON_STARTUP: 'true',
+            ...extra_env,
+        },
+        bootstrap: build_default_bootstrap(paths, bootstrap_overrides),
+        capabilities,
+    };
+};

package/dist/testing/cross_backend/default_secrets.d.ts

@@ -0,0 +1,40 @@
+import '../assert_dev_env.js';
+/**
+ * Default test secrets for cross-process backend bootstrap.
+ *
+ * Every cross-backend consumer needs the same shape: a bootstrap token
+ * the harness writes to disk before spawn, a keeper username/password
+ * the harness POSTs to `/api/account/bootstrap`, and cookie keys the
+ * binary uses to construct its `Keyring`. The literals here are dev-only
+ * and protected by `assert_dev_env`; the binaries themselves throw on
+ * production load.
+ *
+ * Each constant is exported individually so consumers can override one
+ * without re-deriving the rest. Builders in `default_backend_configs.ts`
+ * thread these defaults into the `BackendConfig.bootstrap` block and the
+ * `SECRET_FUZ_COOKIE_KEYS` env entry; callers compose the
+ * `bootstrap_overrides` knob when they need a non-default keeper.
+ *
+ * @module
+ */
+/**
+ * Fixed bootstrap token written to each backend's `token_path` before
+ * spawn. The test binary reads + consumes this via its
+ * `*_BOOTSTRAP_TOKEN_PATH` env var; the harness POSTs the same token to
+ * `/api/account/bootstrap` to mint the keeper account. Any 32+ char
+ * string works — the binary just compares bytes, no entropy required
+ * for tests.
+ */
+export declare const default_test_bootstrap_token = "test_bootstrap_token_for_cross_be";
+/** Keeper username used by every cross-process test fixture. */
+export declare const default_test_keeper_username = "keeper";
+/** Keeper password used by every cross-process test fixture. */
+export declare const default_test_keeper_password = "password_test_keeper";
+/**
+ * Dev-only cookie keys (64+ chars). The test binary needs
+ * `SECRET_FUZ_COOKIE_KEYS` to construct its `Keyring`. Never used in
+ * production — the test binaries themselves throw on production load
+ * via `assert_dev_env`.
+ */
+export declare const default_test_cookie_keys = "dev_only_cookie_keys_for_cross_backend_tests_not_for_prod_use_xx";
+//# sourceMappingURL=default_secrets.d.ts.map

package/dist/testing/cross_backend/default_secrets.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default_secrets.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/default_secrets.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAE9B;;;;;;;;;;;;;;;;;GAiBG;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,4BAA4B,sCAAsC,CAAC;AAEhF,gEAAgE;AAChE,eAAO,MAAM,4BAA4B,WAAW,CAAC;AAErD,gEAAgE;AAChE,eAAO,MAAM,4BAA4B,yBAAyB,CAAC;AAEnE;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,qEAC8B,CAAC"}

package/dist/testing/cross_backend/default_secrets.js

@@ -0,0 +1,39 @@
+import '../assert_dev_env.js';
+/**
+ * Default test secrets for cross-process backend bootstrap.
+ *
+ * Every cross-backend consumer needs the same shape: a bootstrap token
+ * the harness writes to disk before spawn, a keeper username/password
+ * the harness POSTs to `/api/account/bootstrap`, and cookie keys the
+ * binary uses to construct its `Keyring`. The literals here are dev-only
+ * and protected by `assert_dev_env`; the binaries themselves throw on
+ * production load.
+ *
+ * Each constant is exported individually so consumers can override one
+ * without re-deriving the rest. Builders in `default_backend_configs.ts`
+ * thread these defaults into the `BackendConfig.bootstrap` block and the
+ * `SECRET_FUZ_COOKIE_KEYS` env entry; callers compose the
+ * `bootstrap_overrides` knob when they need a non-default keeper.
+ *
+ * @module
+ */
+/**
+ * Fixed bootstrap token written to each backend's `token_path` before
+ * spawn. The test binary reads + consumes this via its
+ * `*_BOOTSTRAP_TOKEN_PATH` env var; the harness POSTs the same token to
+ * `/api/account/bootstrap` to mint the keeper account. Any 32+ char
+ * string works — the binary just compares bytes, no entropy required
+ * for tests.
+ */
+export const default_test_bootstrap_token = 'test_bootstrap_token_for_cross_be';
+/** Keeper username used by every cross-process test fixture. */
+export const default_test_keeper_username = 'keeper';
+/** Keeper password used by every cross-process test fixture. */
+export const default_test_keeper_password = 'password_test_keeper';
+/**
+ * Dev-only cookie keys (64+ chars). The test binary needs
+ * `SECRET_FUZ_COOKIE_KEYS` to construct its `Keyring`. Never used in
+ * production — the test binaries themselves throw on production load
+ * via `assert_dev_env`.
+ */
+export const default_test_cookie_keys = 'dev_only_cookie_keys_for_cross_backend_tests_not_for_prod_use_xx';

package/dist/testing/cross_backend/default_spine_surface.d.ts

@@ -0,0 +1,64 @@
+import '../assert_dev_env.js';
+import { type RoleSchemaResult } from '../../auth/role_schema.js';
+import { type SessionOptions } from '../../auth/session_cookie.js';
+import { type RouteSpec } from '../../http/route_spec.js';
+import type { AppSurfaceSpec, RpcEndpointSpec } from '../../http/surface.js';
+import type { AppServerContext } from '../../server/app_server.js';
+/**
+ * Session config — cookie name matches the binary's issued session cookie
+ * (`fuz_session`) so cookie-attribute assertions + jar extraction line up.
+ */
+export declare const spine_session_options: SessionOptions<string>;
+/**
+ * Built-in roles only — the standard spine registers no app-defined role
+ * specs. When the spine grows additional grantable roles, thread their
+ * registry through `create_role_schema` here so the admin suite picks up
+ * grant-path coverage.
+ */
+export declare const spine_roles: RoleSchemaResult;
+/** RPC endpoint mount path — matches the binary's `/api/rpc`. */
+export declare const SPINE_RPC_PATH = "/api/rpc";
+/**
+ * Audit-log SSE stream path — `/api/admin` prefix + the
+ * `create_audit_log_route_specs` `/audit/stream` route. Matches the default
+ * `BackendConfig.sse_path` and the cross-process SSE suite's default. Only
+ * mounted by the TS spine binary (which wires `audit_log_sse`); the shared
+ * surface stub leaves `ctx.audit_sse` null so the snapshot stays SSE-free.
+ */
+export declare const SPINE_SSE_PATH = "/api/admin/audit/stream";
+/**
+ * Factory-form RPC endpoints so the `app_settings_update` handler closes
+ * over the per-test `ctx.app_settings`. `create_app_server` (in the binary)
+ * owns live dispatch; the surface builder invokes the factory once with a
+ * stub ctx for setup-time path/method lookup, so the handler closures are
+ * never called across the process boundary.
+ *
+ * Test binaries append their own `_testing_reset` action to this endpoint's
+ * `actions` (see `testing_reset_actions.ts`); it is intentionally excluded
+ * here so it stays off the declared surface (the harness calls it directly
+ * over the daemon-token channel).
+ */
+export declare const spine_rpc_endpoints: (ctx: AppServerContext) => Array<RpcEndpointSpec>;
+/**
+ * Account REST + signup route specs under `/api/account` (bootstrap
+ * auto-mounted by the surface builder / `create_app_server`), plus the
+ * audit-log SSE stream under `/api/admin` **only when `ctx.audit_sse` is
+ * set** (the TS spine binary passes `audit_log_sse: true`).
+ *
+ * The shared `create_spine_surface_spec()` builds its ctx with
+ * `audit_sse: null`, so the declared surface snapshot stays SSE-free and the
+ * Rust `spine_stub` cross test is unaffected — only the live TS binary mounts
+ * the stream at `SPINE_SSE_PATH`.
+ */
+export declare const create_spine_route_specs: (ctx: AppServerContext) => Array<RouteSpec>;
+/**
+ * The `AppSurfaceSpec` for the standard spine surface — the wire-shape
+ * source the cross-process round-trip + RPC-round-trip suites validate
+ * against. `bootstrap: {mode: 'surface_only'}` mounts
+ * `POST /api/account/bootstrap`'s shape to match the binary (which wires
+ * bootstrap for real); the harness's `globalSetup` already consumed the
+ * live bootstrap, so the cross-process round-trip validates the binary's
+ * 409 against the route's declared error schema.
+ */
+export declare const create_spine_surface_spec: () => AppSurfaceSpec;
+//# sourceMappingURL=default_spine_surface.d.ts.map

package/dist/testing/cross_backend/default_spine_surface.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"default_spine_surface.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/cross_backend/default_spine_surface.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AA6B9B,OAAO,EAAqB,KAAK,gBAAgB,EAAC,MAAM,2BAA2B,CAAC;AACpF,OAAO,EAAwB,KAAK,cAAc,EAAC,MAAM,8BAA8B,CAAC;AAGxF,OAAO,EAAqB,KAAK,SAAS,EAAC,MAAM,0BAA0B,CAAC;AAC5E,OAAO,KAAK,EAAC,cAAc,EAAE,eAAe,EAAC,MAAM,uBAAuB,CAAC;AAC3E,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,4BAA4B,CAAC;AAGjE;;;GAGG;AACH,eAAO,MAAM,qBAAqB,EAAE,cAAc,CAAC,MAAM,CAAwC,CAAC;AAElG;;;;;GAKG;AACH,eAAO,MAAM,WAAW,EAAE,gBAAyC,CAAC;AAEpE,iEAAiE;AACjE,eAAO,MAAM,cAAc,aAAa,CAAC;AAEzC;;;;;;GAMG;AACH,eAAO,MAAM,cAAc,4BAA4B,CAAC;AAExD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,mBAAmB,GAAI,KAAK,gBAAgB,KAAG,KAAK,CAAC,eAAe,CAQhF,CAAC;AAEF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,wBAAwB,GAAI,KAAK,gBAAgB,KAAG,KAAK,CAAC,SAAS,CAkB/E,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,yBAAyB,QAAO,cAM1C,CAAC"}