@fuzdev/fuz_app 0.64.0 → 0.66.0

package/dist/testing/integration_helpers.d.ts

@@ -2,7 +2,7 @@ import './assert_dev_env.js';
 import type { RouteSpec, RouteMethod } from '../http/route_spec.js';
 import type { Keyring } from '../auth/keyring.js';
 import { type SessionOptions } from '../auth/session_cookie.js';
-import type { TestApp, TestAccount } from './app_server.js';
+import type { TestAccount } from './app_server.js';
 /**
  * Find a route spec matching the given method and path.
  *
@@ -24,8 +24,8 @@ export type RestAuthRouteSuffix = (typeof rest_auth_route_suffixes)[number];
  *
  * Decouples tests from consumer route prefix (`/api/account/login`,
  * `/api/auth/login`, etc.). `suffix` must be one of
- * `rest_auth_route_suffixes` — throws otherwise so a post-migration RPC
- * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
+ * `rest_auth_route_suffixes` — throws otherwise so an RPC-only method
+ * path (e.g. `/sessions/revoke-all`) fails loudly at the call site
  * instead of silently returning `undefined`.
  *
  * @throws Error if `suffix` is not in `rest_auth_route_suffixes`.
@@ -89,6 +89,16 @@ export declare const collect_json_keys_recursive: (value: unknown) => Set<string
  * @param context - description for error messages
  */
 export declare const assert_no_sensitive_fields_in_json: (body: unknown, blocklist: ReadonlyArray<string>, context: string) => void;
+/**
+ * Header-builder triple shared by `TestApp` (in-process) and `TestFixture`
+ * (cross-backend fixture protocol). Both satisfy this shape structurally —
+ * `pick_auth_headers` accepts either without a cast.
+ */
+export interface KeeperHeaderProvider {
+    create_session_headers: (extra?: Record<string, string>) => Record<string, string>;
+    create_bearer_headers: (extra?: Record<string, string>) => Record<string, string>;
+    create_daemon_token_headers: (extra?: Record<string, string>) => Record<string, string>;
+}
 /**
  * Pick request headers matching a route spec's auth requirement.
  *
@@ -96,8 +106,8 @@ export declare const assert_no_sensitive_fields_in_json: (body: unknown, blockli
  * - `none` — origin headers only
  * - `authenticated` — the authed account's session cookie
  * - `role: admin` — the admin account's session cookie
- * - `role: <other>` — the test app's bootstrapped keeper session
- * - `keeper` — the test app's daemon token
+ * - `role: <other>` — the keeper provider's session
+ * - `keeper` — the keeper provider's daemon token
  */
-export declare const pick_auth_headers: (spec: RouteSpec, test_app: TestApp, authed_account: TestAccount, admin_account: TestAccount) => Record<string, string>;
+export declare const pick_auth_headers: (spec: RouteSpec, keeper: KeeperHeaderProvider, authed_account: TestAccount, admin_account: TestAccount) => Record<string, string>;
 //# sourceMappingURL=integration_helpers.d.ts.map

package/dist/testing/integration_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAGlE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,OAAO,EAAE,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAE1D;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAgCF;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GAAI,MAAM,OAAO,EAAE,SAAS,MAAM,KAAG,IAoB7E,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,UAAU,OAAO,EACjB,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAevB,CAAC"}
+{"version":3,"file":"integration_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/integration_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAU7B,OAAO,KAAK,EAAC,SAAS,EAAE,WAAW,EAAC,MAAM,uBAAuB,CAAC;AAGlE,OAAO,KAAK,EAAC,OAAO,EAAC,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAA8B,KAAK,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE3F,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,iBAAiB,CAAC;AAEjD;;;;;;GAMG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,MAAM,EACd,MAAM,MAAM,KACV,SAAS,GAAG,SAad,CAAC;AAEF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,iFAO3B,CAAC;AACX,MAAM,MAAM,mBAAmB,GAAG,CAAC,OAAO,wBAAwB,CAAC,CAAC,MAAM,CAAC,CAAC;AAE5E;;;;;;;;;;GAUG;AACH,eAAO,MAAM,eAAe,GAC3B,OAAO,KAAK,CAAC,SAAS,CAAC,EACvB,QAAQ,mBAAmB,EAC3B,QAAQ,WAAW,KACjB,SAAS,GAAG,SAOd,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GACxC,aAAa,KAAK,CAAC,SAAS,CAAC,EAC7B,QAAQ,MAAM,EACd,MAAM,MAAM,EACZ,UAAU,QAAQ,KAChB,OAAO,CAAC,IAAI,CAmDd,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,0BAA0B,GACtC,SAAS,OAAO,EAChB,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,OAAO,CAAC,MAAM,CAGhB,CAAC;AAgCF;;;;;;;GAOG;AACH,eAAO,MAAM,2BAA2B,GAAI,MAAM,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAG,KAAK,CAAC,MAAM,CAQvF,CAAC;AAEF;;;;;;;;;GASG;AACH,eAAO,MAAM,4BAA4B,GAAI,MAAM,OAAO,EAAE,SAAS,MAAM,KAAG,IAoB7E,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,oCAAoC,GAChD,UAAU,QAAQ,EAClB,MAAM;IAAC,WAAW,EAAE,MAAM,CAAA;CAAC,KACzB,IAUF,CAAC;AAIF,oEAAoE;AACpE,eAAO,MAAM,yBAAyB,EAAE,aAAa,CAAC,MAAM,CAAmC,CAAC;AAEhG,0EAA0E;AAC1E,eAAO,MAAM,0BAA0B,EAAE,aAAa,CAAC,MAAM,CAAgC,CAAC;AAE9F;;;;GAIG;AACH,eAAO,MAAM,2BAA2B,GAAI,OAAO,OAAO,KAAG,GAAG,CAAC,MAAM,CAetE,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,kCAAkC,GAC9C,MAAM,OAAO,EACb,WAAW,aAAa,CAAC,MAAM,CAAC,EAChC,SAAS,MAAM,KACb,IAKF,CAAC;AAEF;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACpC,sBAAsB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACnF,qBAAqB,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAClF,2BAA2B,EAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACxF;AAED;;;;;;;;;GASG;AACH,eAAO,MAAM,iBAAiB,GAC7B,MAAM,SAAS,EACf,QAAQ,oBAAoB,EAC5B,gBAAgB,WAAW,EAC3B,eAAe,WAAW,KACxB,MAAM,CAAC,MAAM,EAAE,MAAM,CAevB,CAAC"}

package/dist/testing/integration_helpers.js

@@ -51,8 +51,8 @@ export const rest_auth_route_suffixes = [
  *
  * Decouples tests from consumer route prefix (`/api/account/login`,
  * `/api/auth/login`, etc.). `suffix` must be one of
- * `rest_auth_route_suffixes` — throws otherwise so a post-migration RPC
- * method name (e.g. `/sessions/revoke-all`) fails loudly at the call site
+ * `rest_auth_route_suffixes` — throws otherwise so an RPC-only method
+ * path (e.g. `/sessions/revoke-all`) fails loudly at the call site
  * instead of silently returning `undefined`.
  *
  * @throws Error if `suffix` is not in `rest_auth_route_suffixes`.
@@ -251,22 +251,22 @@ export const assert_no_sensitive_fields_in_json = (body, blocklist, context) =>
  * - `none` — origin headers only
  * - `authenticated` — the authed account's session cookie
  * - `role: admin` — the admin account's session cookie
- * - `role: <other>` — the test app's bootstrapped keeper session
- * - `keeper` — the test app's daemon token
+ * - `role: <other>` — the keeper provider's session
+ * - `keeper` — the keeper provider's daemon token
  */
-export const pick_auth_headers = (spec, test_app, authed_account, admin_account) => {
+export const pick_auth_headers = (spec, keeper, authed_account, admin_account) => {
     const { auth } = spec;
     if (is_public_auth(auth)) {
         return { host: 'localhost', origin: 'http://localhost:5173' };
     }
     if (auth.credential_types?.includes('daemon_token')) {
-        return test_app.create_daemon_token_headers();
+        return keeper.create_daemon_token_headers();
     }
     if (auth.roles?.length) {
         if (auth.roles.includes(ROLE_ADMIN)) {
             return admin_account.create_session_headers();
         }
-        return test_app.create_session_headers();
+        return keeper.create_session_headers();
     }
     return authed_account.create_session_headers();
 };

package/dist/testing/mock_fs.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"mock_fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/mock_fs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,MAAM;IACtB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/D,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;CAC/C;AAED;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,gBAAe,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAAG,MAuB3E,CAAC"}
+{"version":3,"file":"mock_fs.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/mock_fs.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,MAAM;IACtB,SAAS,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IAC/D,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/E,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,GAAG,SAAS,CAAC;CAC/C;AAED;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,gBAAe,MAAM,CAAC,MAAM,EAAE,MAAM,CAAM,KAAG,MAsB3E,CAAC"}

package/dist/testing/mock_fs.js

@@ -13,7 +13,6 @@
 export const create_mock_fs = (initial_files = {}) => {
     const files = { ...initial_files };
     return {
-        // eslint-disable-next-line @typescript-eslint/require-await
         read_file: async (path, _encoding) => {
             if (!(path in files)) {
                 const error = new Error(`ENOENT: no such file or directory, open '${path}'`);
@@ -26,7 +25,6 @@ export const create_mock_fs = (initial_files = {}) => {
             }
             return file_content;
         },
-        // eslint-disable-next-line @typescript-eslint/require-await
         write_file: async (path, content, _encoding) => {
             files[path] = content;
         },

package/dist/testing/rate_limiting.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAAkB,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAK1B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA8P/E,CAAC"}
+{"version":3,"file":"rate_limiting.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rate_limiting.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA0B7B,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAC9D,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AAIrD,OAAO,EAAkB,KAAK,eAAe,EAAC,MAAM,iBAAiB,CAAC;AACtE,OAAO,EAIN,KAAK,SAAS,EACd,MAAM,SAAS,CAAC;AAEjB,OAAO,EAIN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAK1B;;GAEG;AACH,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B;;OAEG;IACH,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC;;;OAGG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;;;;;;;;;OAYG;IACH,aAAa,EAAE,uBAAuB,CAAC;CACvC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,eAAO,MAAM,4BAA4B,GAAI,SAAS,uBAAuB,KAAG,IA8P/E,CAAC"}

package/dist/testing/rate_limiting.js

@@ -9,6 +9,15 @@ import './assert_dev_env.js';
  * Consumers call `describe_rate_limiting_tests` with their route factory and
  * session config — rate limit enforcement tests come for free.
  *
+ * Each test body constructs its own `TestApp` with a per-test rate limiter
+ * override in `app_options`, so this suite reads its inputs directly from
+ * the options bag instead of going through the per-test fixture protocol —
+ * the single-fixture model can't carry three different rate-limiter
+ * configurations. Consumers pass `default_in_process_suite_options(...)`
+ * anyway for shape uniformity with the other Tier 1 suites; the extra
+ * `{setup_test, surface_source, capabilities}` fields from the helper
+ * spread are ignored by TS and the suite body alike.
+ *
  * @module
  */
 import { describe, test, assert } from 'vitest';

package/dist/testing/role_grant_helpers.d.ts

@@ -0,0 +1,31 @@
+import './assert_dev_env.js';
+import type { Uuid } from '@fuzdev/fuz_util/id.js';
+import type { TestAccount, TestApp } from './app_server.js';
+import type { TestFixture } from './cross_backend/setup.js';
+import { type RpcCallArgs } from './rpc_helpers.js';
+export interface RoleGrantOfferAndAcceptArgs {
+    app: RpcCallArgs['app'];
+    rpc_path: string;
+    /**
+     * Account doing the granting. `TestApp` / `TestAccount` cover the
+     * in-process shape; `TestFixture` covers the cross-backend fixture
+     * protocol. All three carry `account.id` + `create_session_headers`.
+     */
+    grantor: TestApp | TestAccount | TestFixture;
+    recipient: TestAccount;
+    role: string;
+}
+/**
+ * Drive the full consent flow (grantor offer → recipient accept) over the
+ * production RPC surface and return the materialized role_grant id.
+ *
+ * `grantor` and `recipient` carry both the account id (for `to_account_id`
+ * derivation) and the `create_session_headers` factory (for cookie-threaded
+ * auth) — closing that loop on a single object per party rules out
+ * caller-side header/account mismatch.
+ */
+export declare const role_grant_offer_and_accept: (args: RoleGrantOfferAndAcceptArgs) => Promise<{
+    offer_id: Uuid;
+    role_grant_id: Uuid;
+}>;
+//# sourceMappingURL=role_grant_helpers.d.ts.map

package/dist/testing/role_grant_helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"role_grant_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/role_grant_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAiB7B,OAAO,KAAK,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAMjD,OAAO,KAAK,EAAC,WAAW,EAAE,OAAO,EAAC,MAAM,iBAAiB,CAAC;AAC1D,OAAO,KAAK,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AAC1D,OAAO,EAAoB,KAAK,WAAW,EAAC,MAAM,kBAAkB,CAAC;AAErE,MAAM,WAAW,2BAA2B;IAC3C,GAAG,EAAE,WAAW,CAAC,KAAK,CAAC,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,OAAO,EAAE,OAAO,GAAG,WAAW,GAAG,WAAW,CAAC;IAC7C,SAAS,EAAE,WAAW,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;CACb;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,2BAA2B,GACvC,MAAM,2BAA2B,KAC/B,OAAO,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAC;IAAC,aAAa,EAAE,IAAI,CAAA;CAAC,CAyB/C,CAAC"}

package/dist/testing/role_grant_helpers.js

@@ -0,0 +1,46 @@
+import './assert_dev_env.js';
+/**
+ * RPC-flow helpers for role_grant lifecycle in tests.
+ *
+ * Sibling to `db_entities.ts`'s `create_test_role_grant_direct` — that one
+ * seeds a role_grant directly via `query_create_role_grant` (bypassing the
+ * consent flow) for tests that focus on revoke or isolation semantics. This
+ * file ships the RPC-driven complement: `role_grant_offer_and_accept`
+ * exercises the same `role_grant_offer_create` + `role_grant_offer_accept`
+ * specs the admin UI consumes, so consumer tests pick up post-commit
+ * fan-out (audit, SSE broadcasts, `_supersede` notifications) end-to-end.
+ *
+ * @module
+ */
+import { assert } from 'vitest';
+import { role_grant_offer_accept_action_spec, role_grant_offer_create_action_spec, } from '../auth/role_grant_offer_action_specs.js';
+import { rpc_call_for_spec } from './rpc_helpers.js';
+/**
+ * Drive the full consent flow (grantor offer → recipient accept) over the
+ * production RPC surface and return the materialized role_grant id.
+ *
+ * `grantor` and `recipient` carry both the account id (for `to_account_id`
+ * derivation) and the `create_session_headers` factory (for cookie-threaded
+ * auth) — closing that loop on a single object per party rules out
+ * caller-side header/account mismatch.
+ */
+export const role_grant_offer_and_accept = async (args) => {
+    const create_res = await rpc_call_for_spec({
+        app: args.app,
+        path: args.rpc_path,
+        spec: role_grant_offer_create_action_spec,
+        params: { to_account_id: args.recipient.account.id, role: args.role },
+        headers: args.grantor.create_session_headers(),
+    });
+    assert.ok(create_res.ok, `role_grant_offer_create failed: ${create_res.ok ? '' : JSON.stringify(create_res.error)}`);
+    const { offer } = create_res.result;
+    const accept_res = await rpc_call_for_spec({
+        app: args.app,
+        path: args.rpc_path,
+        spec: role_grant_offer_accept_action_spec,
+        params: { offer_id: offer.id },
+        headers: args.recipient.create_session_headers(),
+    });
+    assert.ok(accept_res.ok, `role_grant_offer_accept failed: ${accept_res.ok ? '' : JSON.stringify(accept_res.error)}`);
+    return { offer_id: offer.id, role_grant_id: accept_res.result.role_grant_id };
+};

package/dist/testing/round_trip.d.ts

@@ -1,18 +1,23 @@
 import './assert_dev_env.js';
-import type { RouteSpec } from '../http/route_spec.js';
-import type { AppServerContext, AppServerOptions } from '../server/app_server.js';
-import type { SessionOptions } from '../auth/session_cookie.js';
-import { type DbFactory } from './db.js';
+import type { BackendCapabilities } from './cross_backend/capabilities.js';
+import type { SetupTest } from './cross_backend/setup.js';
+import type { AppSurfaceSpec } from '../http/surface.js';
 /** Options for `describe_round_trip_validation`. */
 export interface RoundTripTestOptions {
-    /** Session config for cookie-based auth. */
-    session_options: SessionOptions<string>;
-    /** Route spec factory — same one used in production. */
-    create_route_specs: (ctx: AppServerContext) => Array<RouteSpec>;
-    /** Optional overrides for `AppServerOptions`. */
-    app_options?: Partial<Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs'>>;
-    /** Database factories to run tests against. Default: pglite only. */
-    db_factories?: Array<DbFactory>;
+    /**
+     * Per-test fixture-producing function. `describe_round_trip_validation`
+     * invokes this once in `beforeAll` (per-describe cadence — see module
+     * docstring) to share a single bootstrapped keeper + accounts across
+     * every route case.
+     */
+    setup_test: SetupTest;
+    /**
+     * App surface (with route specs) for route iteration. Constructed in
+     * TS by the consumer; same shape for in-process and cross-process tests.
+     */
+    surface_source: AppSurfaceSpec;
+    /** Backend capability declarations — see `cross_backend/capabilities.ts`. */
+    capabilities: BackendCapabilities;
     /** Routes to skip, in `'METHOD /path'` format. */
     skip_routes?: Array<string>;
     /** Override generated bodies for specific routes (`'METHOD /path'` → body). */
@@ -25,11 +30,10 @@ export interface RoundTripTestOptions {
  * 1. Resolve URL with valid params
  * 2. Generate a valid request body (or use override)
  * 3. Pick auth headers matching the route's auth requirement
- * 4. Fire the request and validate the response against declared schemas
+ * 4. Fire the request through `fixture.transport` and validate the response
  *
- * SSE routes are skipped (Content-Type `text/event-stream`).
- * Routes returning non-2xx with valid input are still validated against
- * their declared error schemas.
+ * SSE routes are skipped by Content-Type sniff. Routes returning non-2xx
+ * with valid input are still validated against their declared error schemas.
  */
 export declare const describe_round_trip_validation: (options: RoundTripTestOptions) => void;
 //# sourceMappingURL=round_trip.d.ts.map

package/dist/testing/round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAc7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAE,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAChF,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAQ9D,oDAAoD;AACpD,MAAM,WAAW,oBAAoB;IACpC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE,iDAAiD;IACjD,WAAW,CAAC,EAAE,OAAO,CACpB,IAAI,CAAC,gBAAgB,EAAE,SAAS,GAAG,iBAAiB,GAAG,oBAAoB,CAAC,CAC5E,CAAC;IACF,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,+EAA+E;IAC/E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,8BAA8B,GAAI,SAAS,oBAAoB,KAAG,IA6F9E,CAAC"}
+{"version":3,"file":"round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AA0B7B,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAc,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,oBAAoB,CAAC;AAEvD,oDAAoD;AACpD,MAAM,WAAW,oBAAoB;IACpC;;;;;OAKG;IACH,UAAU,EAAE,SAAS,CAAC;IACtB;;;OAGG;IACH,cAAc,EAAE,cAAc,CAAC;IAC/B,6EAA6E;IAC7E,YAAY,EAAE,mBAAmB,CAAC;IAClC,kDAAkD;IAClD,WAAW,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC5B,+EAA+E;IAC/E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AAED;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,8BAA8B,GAAI,SAAS,oBAAoB,KAAG,IA6D9E,CAAC"}

package/dist/testing/round_trip.js

@@ -2,21 +2,24 @@ import './assert_dev_env.js';
 /**
  * Schema-driven round-trip validation test suite.
  *
- * For every route spec, generates a valid request (auth, params, body)
- * and validates the response against declared output or error schemas.
- * DB-backed via `create_test_app` — exercises the full middleware stack.
+ * For every route spec in the supplied `surface_source`, generates a
+ * valid request (auth, params, body) and validates the response against
+ * declared output or error schemas. DB-backed via the suite's
+ * `setup_test` fixture-producing callback.
+ *
+ * Cadence: per-describe `setup_test()` call. Each test in the suite
+ * fires one HTTP request against a shared fixture — no test mutates
+ * state in a way that contaminates the next, so the per-test cost of
+ * re-bootstrapping isn't justified here. Suites with state-isolation
+ * requirements (integration, admin_integration, audit_completeness)
+ * call `setup_test()` per test.
  *
  * @module
  */
-import { describe, test, beforeAll, afterAll } from 'vitest';
+import { describe, test, beforeAll } from 'vitest';
 import { ROLE_ADMIN } from '../auth/role_schema.js';
-import { create_test_app } from './app_server.js';
-import { create_pglite_factory } from './db.js';
 import { assert_response_matches_spec, pick_auth_headers } from './integration_helpers.js';
 import { resolve_valid_path, generate_valid_body } from './schema_generators.js';
-import { run_migrations } from '../db/migrate.js';
-import { auth_migration_ns } from '../auth/migrations.js';
-import { create_stub_app_server_context } from './stubs.js';
 /**
  * Run schema-driven round-trip validation tests.
  *
@@ -24,88 +27,60 @@ import { create_stub_app_server_context } from './stubs.js';
  * 1. Resolve URL with valid params
  * 2. Generate a valid request body (or use override)
  * 3. Pick auth headers matching the route's auth requirement
- * 4. Fire the request and validate the response against declared schemas
+ * 4. Fire the request through `fixture.transport` and validate the response
  *
- * SSE routes are skipped (Content-Type `text/event-stream`).
- * Routes returning non-2xx with valid input are still validated against
- * their declared error schemas.
+ * SSE routes are skipped by Content-Type sniff. Routes returning non-2xx
+ * with valid input are still validated against their declared error schemas.
  */
 export const describe_round_trip_validation = (options) => {
+    const describe_time_specs = options.surface_source.route_specs;
     const skip_set = new Set(options.skip_routes);
-    const init_schema = async (db) => {
-        await run_migrations(db, [auth_migration_ns]);
-    };
-    const factories = options.db_factories ?? [create_pglite_factory(init_schema)];
-    // Pre-compute route specs at describe time so test.each can register one
-    // test per route. Mirrors create_test_app's route set (consumer routes
-    // only — bootstrap routes are not added unless `bootstrap` is configured
-    // on AppServerOptions, which create_test_app doesn't do).
-    const stub_ctx = create_stub_app_server_context(options.session_options);
-    const describe_time_specs = options.create_route_specs(stub_ctx);
-    for (const factory of factories) {
-        const describe_fn = factory.skip ? describe.skip : describe;
-        describe_fn(`round-trip validation (${factory.name})`, () => {
-            let test_app;
-            let authed_account;
-            let admin_account;
-            let db;
-            beforeAll(async () => {
-                db = await factory.create();
-                test_app = await create_test_app({
-                    session_options: options.session_options,
-                    create_route_specs: options.create_route_specs,
-                    db,
-                    app_options: options.app_options,
-                });
-                // Create accounts at each auth level
-                authed_account = await test_app.create_account({
-                    username: 'round_trip_authed',
-                    roles: [],
-                });
-                admin_account = await test_app.create_account({
-                    username: 'round_trip_admin',
-                    roles: [ROLE_ADMIN],
-                });
-            });
-            afterAll(async () => {
-                await test_app.cleanup();
-                await factory.close(db);
+    // `capabilities` is currently unused by this suite (no in-process-only
+    // reads, no transport-gated cases) but stays on the options for
+    // uniformity with the other Tier 1 suites.
+    void options.capabilities;
+    describe('round-trip validation', () => {
+        let fixture;
+        let authed_account;
+        let admin_account;
+        beforeAll(async () => {
+            fixture = await options.setup_test();
+            authed_account = await fixture.create_account({
+                username: 'round_trip_authed',
+                roles: [],
             });
-            test.each(describe_time_specs)('$method $path produces schema-valid response', async (spec) => {
-                const route_key = `${spec.method} ${spec.path}`;
-                if (skip_set.has(route_key))
-                    return;
-                // Resolve URL with valid param values
-                const url = resolve_valid_path(spec.path, spec.params);
-                // Generate or override request body
-                const override = options.input_overrides?.get(route_key);
-                const body = override ?? generate_valid_body(spec.input);
-                // Pick auth headers based on route auth requirement
-                const headers = pick_auth_headers(spec, test_app, authed_account, admin_account);
-                // Fire request
-                const request_init = {
-                    method: spec.method,
-                    headers: {
-                        ...headers,
-                        ...(body ? { 'content-type': 'application/json' } : {}),
-                    },
-                    ...(body ? { body: JSON.stringify(body) } : {}),
-                };
-                const res = await test_app.app.request(url, request_init);
-                // Skip SSE responses — streaming bodies can't be parsed as JSON
-                if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
-                    await res.body?.cancel();
-                    return;
-                }
-                // Validate response against declared schemas
-                try {
-                    await assert_response_matches_spec(test_app.route_specs, spec.method, url, res);
-                }
-                catch (e) {
-                    // Re-throw with route context for easier debugging
-                    throw new Error(`Round-trip validation failed for ${route_key} (status ${res.status}): ${e.message}`);
-                }
+            admin_account = await fixture.create_account({
+                username: 'round_trip_admin',
+                roles: [ROLE_ADMIN],
             });
         });
-    }
+        test.each(describe_time_specs)('$method $path produces schema-valid response', async (spec) => {
+            const route_key = `${spec.method} ${spec.path}`;
+            if (skip_set.has(route_key))
+                return;
+            const url = resolve_valid_path(spec.path, spec.params);
+            const override = options.input_overrides?.get(route_key);
+            const body = override ?? generate_valid_body(spec.input);
+            const headers = pick_auth_headers(spec, fixture, authed_account, admin_account);
+            const request_init = {
+                method: spec.method,
+                headers: {
+                    ...headers,
+                    ...(body ? { 'content-type': 'application/json' } : {}),
+                },
+                ...(body ? { body: JSON.stringify(body) } : {}),
+            };
+            const res = await fixture.transport(url, request_init);
+            if (res.headers.get('Content-Type')?.includes('text/event-stream')) {
+                await res.body?.cancel();
+                return;
+            }
+            try {
+                await assert_response_matches_spec(describe_time_specs, spec.method, url, res);
+            }
+            catch (e) {
+                throw new Error(`Round-trip validation failed for ${route_key} (status ${res.status}): ${e.message}`);
+            }
+        });
+    });
 };

package/dist/testing/rpc_helpers.d.ts

@@ -104,12 +104,18 @@ export type RpcCallResult = {
         data?: unknown;
     };
 };
+/**
+ * App shape accepted by `rpc_call`. Either a Hono-like object with a
+ * `.request(input, init)` method (in-process `TestApp.app` directly) or a
+ * bare `RpcTestTransport` callable (cross-process `fixture.transport`).
+ */
+export type RpcCallApp = {
+    request: (input: string, init: RequestInit) => Promise<Response> | Response;
+} | RpcTestTransport;
 /** Arguments for `rpc_call`. */
 export interface RpcCallArgs {
-    /** Hono-like app (anything with a `request(url, init)` method). */
-    app: {
-        request: (input: string, init: RequestInit) => Promise<Response> | Response;
-    };
+    /** Hono-like app or bare `RpcTestTransport` callable. */
+    app: RpcCallApp;
     /** RPC endpoint path, e.g. `'/api/rpc'`. */
     path: string;
     /** JSON-RPC method name. */

package/dist/testing/rpc_helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AACxD,OAAO,KAAK,EAAC,qBAAqB,EAAE,mBAAmB,EAAE,eAAe,EAAC,MAAM,oBAAoB,CAAC;AACpG,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D;;;;;;;;;GASG;AACH,MAAM,MAAM,uBAAuB,GAChC,KAAK,CAAC,eAAe,CAAC,GACtB,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;AAEvD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,+BAA+B,GAC3C,eAAe,uBAAuB,EACtC,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,KAAK,CAAC,eAAe,CAuBvB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,WAQF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,GAC9B,eAAe,MAAM,EACrB,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,MAMF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,OAAO,EACb,gBAAgB,gBAAgB,KAC9B,IAUF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,+BAA+B,GAAI,MAAM,OAAO,EAAE,gBAAgB,CAAC,CAAC,OAAO,KAAG,IAW1F,CAAC;AAIF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAErF,2DAA2D;AAC3D,eAAO,MAAM,cAAc,GACzB,KAAK;IACL,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;CAC5E,KAAG,gBAEmB,CAAC;AAEzB,yEAAyE;AACzE,MAAM,MAAM,aAAa,GACtB;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAC3C;IACA,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAC;CACtD,CAAC;AAEL,gCAAgC;AAChC,MAAM,WAAW,WAAW;IAC3B,mEAAmE;IACnE,GAAG,EAAE;QAAC,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAA;KAAC,CAAC;IACnF,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,wCAAwC;IACxC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,mFAAmF;IACnF,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IACtB;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAcD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,QAAQ,GAAU,MAAM,WAAW,KAAG,OAAO,CAAC,aAAa,CA0DvE,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,KAChD,OAAO,CAAC,aAAa,CAAuD,CAAC;AAEhF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAAC,KAAK,SAAS,yBAAyB,IACrE;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;CAAC,GAC5D;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAA;CAAC,CAAC;AAEvF,mFAAmF;AACnF,MAAM,MAAM,kBAAkB,CAAC,KAAK,SAAS,yBAAyB,IAAI,IAAI,CAC7E,WAAW,EACX,QAAQ,GAAG,QAAQ,CACnB,GAAG;IACH,2GAA2G;IAC3G,IAAI,EAAE,KAAK,CAAC;IACZ,0CAA0C;IAC1C,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,GAAU,KAAK,SAAS,yBAAyB,EAC9E,MAAM,kBAAkB,CAAC,KAAK,CAAC,KAC7B,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAarC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,cAAc,GAAU,CAAC,EACrC,MAAM,WAAW,EACjB,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KACzB,OAAO,CAAC,CAAC,CAcX,CAAC;AAIF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,eAAe,CAAC,EAC7C,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,SAAS,CAAA;CAAC,GAAG,SAOtC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,qBAAqB,CAAC,EACnD,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,mBAAmB,CAAA;CAAC,GAAG,SAOrD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GACrC,eAAe,aAAa,CAAC,eAAe,CAAC,KAC3C,MAYF,CAAC"}
+{"version":3,"file":"rpc_helpers.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_helpers.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAa7B,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,OAAO,EAIN,KAAK,gBAAgB,EACrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,KAAK,EAAC,yBAAyB,EAAC,MAAM,2BAA2B,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,0BAA0B,CAAC;AACxD,OAAO,KAAK,EAAC,qBAAqB,EAAE,mBAAmB,EAAE,eAAe,EAAC,MAAM,oBAAoB,CAAC;AACpG,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAG9D;;;;;;;;;GASG;AACH,MAAM,MAAM,uBAAuB,GAChC,KAAK,CAAC,eAAe,CAAC,GACtB,CAAC,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;AAEvD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,eAAO,MAAM,+BAA+B,GAC3C,eAAe,uBAAuB,EACtC,iBAAiB,cAAc,CAAC,MAAM,CAAC,KACrC,KAAK,CAAC,eAAe,CAuBvB,CAAC;AAEF;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,oBAAoB,GAChC,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,WAQF,CAAC;AAEF;;;;;;GAMG;AACH,eAAO,MAAM,kBAAkB,GAC9B,eAAe,MAAM,EACrB,QAAQ,MAAM,EACd,SAAS,OAAO,EAChB,KAAI,MAAM,GAAG,MAAe,KAC1B,MAMF,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,6BAA6B,GACzC,MAAM,OAAO,EACb,gBAAgB,gBAAgB,KAC9B,IAUF,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,+BAA+B,GAAI,MAAM,OAAO,EAAE,gBAAgB,CAAC,CAAC,OAAO,KAAG,IAW1F,CAAC;AAIF;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;AAErF,2DAA2D;AAC3D,eAAO,MAAM,cAAc,GACzB,KAAK;IACL,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;CAC5E,KAAG,gBAEmB,CAAC;AAEzB,yEAAyE;AACzE,MAAM,MAAM,aAAa,GACtB;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,OAAO,CAAA;CAAC,GAC3C;IACA,EAAE,EAAE,KAAK,CAAC;IACV,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAC;CACtD,CAAC;AAEL;;;;GAIG;AACH,MAAM,MAAM,UAAU,GACnB;IAAC,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,WAAW,KAAK,OAAO,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAA;CAAC,GAC7E,gBAAgB,CAAC;AAEpB,gCAAgC;AAChC,MAAM,WAAW,WAAW;IAC3B,yDAAyD;IACzD,GAAG,EAAE,UAAU,CAAC;IAChB,4CAA4C;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,4BAA4B;IAC5B,MAAM,EAAE,MAAM,CAAC;IACf;;;;;OAKG;IACH,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gFAAgF;IAChF,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,wCAAwC;IACxC,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IACrB,mFAAmF;IACnF,IAAI,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;IACtB;;;;;OAKG;IACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;CAClC;AAcD;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,QAAQ,GAAU,MAAM,WAAW,KAAG,OAAO,CAAC,aAAa,CA0DvE,CAAC;AAEF;;;;;;;GAOG;AACH,eAAO,MAAM,oBAAoB,GAChC,MAAM,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,KAChD,OAAO,CAAC,aAAa,CAAuD,CAAC;AAEhF;;;;;GAKG;AACH,MAAM,MAAM,oBAAoB,CAAC,KAAK,SAAS,yBAAyB,IACrE;IAAC,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAA;CAAC,GAC5D;IAAC,EAAE,EAAE,KAAK,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,OAAO,CAAA;KAAC,CAAA;CAAC,CAAC;AAEvF,mFAAmF;AACnF,MAAM,MAAM,kBAAkB,CAAC,KAAK,SAAS,yBAAyB,IAAI,IAAI,CAC7E,WAAW,EACX,QAAQ,GAAG,QAAQ,CACnB,GAAG;IACH,2GAA2G;IAC3G,IAAI,EAAE,KAAK,CAAC;IACZ,0CAA0C;IAC1C,MAAM,EAAE,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;CAChC,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,iBAAiB,GAAU,KAAK,SAAS,yBAAyB,EAC9E,MAAM,kBAAkB,CAAC,KAAK,CAAC,KAC7B,OAAO,CAAC,oBAAoB,CAAC,KAAK,CAAC,CAarC,CAAC;AAEF;;;;;;;;GAQG;AACH,eAAO,MAAM,cAAc,GAAU,CAAC,EACrC,MAAM,WAAW,EACjB,eAAe,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KACzB,OAAO,CAAC,CAAC,CAcX,CAAC;AAIF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,eAAe,CAAC,EAC7C,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,SAAS,CAAA;CAAC,GAAG,SAOtC,CAAC;AAEF;;;;GAIG;AACH,eAAO,MAAM,eAAe,GAC3B,eAAe,aAAa,CAAC,qBAAqB,CAAC,EACnD,QAAQ,MAAM,KACZ;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,mBAAmB,CAAA;CAAC,GAAG,SAOrD,CAAC;AAEF;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,yBAAyB,GACrC,eAAe,aAAa,CAAC,eAAe,CAAC,KAC3C,MAYF,CAAC"}

package/dist/testing/rpc_helpers.js

@@ -172,7 +172,7 @@ export const rpc_call = async (args) => {
             body: post.body,
         };
     }
-    const res = await app.request(url, init);
+    const res = await (typeof app === 'function' ? app(url, init) : app.request(url, init));
     const status = res.status;
     const body = await res.json();
     const success = JsonrpcResponse.safeParse(body);

package/dist/testing/rpc_round_trip.d.ts

@@ -1,32 +1,35 @@
 import './assert_dev_env.js';
-import type { RouteSpec } from '../http/route_spec.js';
-import type { AppServerContext } from '../server/app_server.js';
-import type { SessionOptions } from '../auth/session_cookie.js';
-import { type SuiteAppOptions } from './app_server.js';
-import { type DbFactory } from './db.js';
+import type { AppSurfaceSpec } from '../http/surface.js';
 import { type RpcEndpointsSuiteOption } from './rpc_helpers.js';
+import type { BackendCapabilities } from './cross_backend/capabilities.js';
+import type { SetupTest } from './cross_backend/setup.js';
+import type { SessionOptions } from '../auth/session_cookie.js';
 /** Options for `describe_rpc_round_trip_tests`. */
 export interface RpcRoundTripTestOptions {
-    /** Session config for cookie-based auth. */
+    /** Per-test fixture-producing function (per-describe cadence). */
+    setup_test: SetupTest;
+    /**
+     * App surface (with route + RPC endpoint specs) for RPC endpoint
+     * enumeration. Constructed in TS by the consumer; same shape for
+     * in-process and cross-process tests.
+     */
+    surface_source: AppSurfaceSpec;
+    /** Backend capability declarations. */
+    capabilities: BackendCapabilities;
+    /**
+     * Session config — only needed to resolve factory-form `rpc_endpoints`
+     * against a stub `AppServerContext` at setup time (the actions' input
+     * schemas drive params generation; auth/dispatch run against the real
+     * backend through `fixture.transport`).
+     */
     session_options: SessionOptions<string>;
-    /** Route spec factory — same one used in production. */
-    create_route_specs: (ctx: AppServerContext) => Array<RouteSpec>;
     /**
-     * RPC endpoint specs — the source `RpcAction` arrays for params generation.
-     *
-     * Accepts either an array (eager) or a factory
-     * `(ctx: AppServerContext) => Array<RpcEndpointSpec>` — the factory form
-     * is required when action handlers must close over the per-test
-     * `ctx.app_settings` / `ctx.deps`. The factory must return the same
-     * endpoint `path` and `spec.method` list regardless of ctx — it is
-     * invoked once at setup (via a stub ctx) to enumerate methods and
-     * again per-test by `create_app_server` for live dispatch.
+     * RPC endpoint specs — eager array or factory. The factory must return
+     * the same endpoint `path` + `spec.method` list regardless of ctx
+     * (invoked once at setup with a stub ctx; the real per-test live
+     * dispatch goes through whatever the backend was started with).
      */
     rpc_endpoints: RpcEndpointsSuiteOption;
-    /** Optional overrides for `AppServerOptions`. */
-    app_options?: SuiteAppOptions;
-    /** Database factories to run tests against. Default: pglite only. */
-    db_factories?: Array<DbFactory>;
     /** Methods to skip, by name (e.g., `'zap_plan'`). */
     skip_methods?: Array<string>;
     /** Override generated params for specific methods (method name → params). */

package/dist/testing/rpc_round_trip.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rpc_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAe7B,OAAO,KAAK,EAAC,SAAS,EAAC,MAAM,uBAAuB,CAAC;AACrD,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,yBAAyB,CAAC;AAC9D,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE9D,OAAO,EAEN,KAAK,eAAe,EAGpB,MAAM,iBAAiB,CAAC;AACzB,OAAO,EAAwB,KAAK,SAAS,EAAC,MAAM,SAAS,CAAC;AAO9D,OAAO,EAMN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAE1B,mDAAmD;AACnD,MAAM,WAAW,uBAAuB;IACvC,4CAA4C;IAC5C,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC,wDAAwD;IACxD,kBAAkB,EAAE,CAAC,GAAG,EAAE,gBAAgB,KAAK,KAAK,CAAC,SAAS,CAAC,CAAC;IAChE;;;;;;;;;;OAUG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,iDAAiD;IACjD,WAAW,CAAC,EAAE,eAAe,CAAC;IAC9B,qEAAqE;IACrE,YAAY,CAAC,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC;IAChC,qDAAqD;IACrD,YAAY,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,6EAA6E;IAC7E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AA2BD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,6BAA6B,GAAI,SAAS,uBAAuB,KAAG,IA4IhF,CAAC"}
+{"version":3,"file":"rpc_round_trip.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/rpc_round_trip.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAwB7B,OAAO,KAAK,EAAC,cAAc,EAAsB,MAAM,oBAAoB,CAAC;AAE5E,OAAO,EAMN,KAAK,uBAAuB,EAC5B,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAC,mBAAmB,EAAC,MAAM,iCAAiC,CAAC;AACzE,OAAO,KAAK,EAAC,SAAS,EAAc,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,2BAA2B,CAAC;AAE9D,mDAAmD;AACnD,MAAM,WAAW,uBAAuB;IACvC,kEAAkE;IAClE,UAAU,EAAE,SAAS,CAAC;IACtB;;;;OAIG;IACH,cAAc,EAAE,cAAc,CAAC;IAC/B,uCAAuC;IACvC,YAAY,EAAE,mBAAmB,CAAC;IAClC;;;;;OAKG;IACH,eAAe,EAAE,cAAc,CAAC,MAAM,CAAC,CAAC;IACxC;;;;;OAKG;IACH,aAAa,EAAE,uBAAuB,CAAC;IACvC,qDAAqD;IACrD,YAAY,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAC7B,6EAA6E;IAC7E,eAAe,CAAC,EAAE,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;CACvD;AA6BD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,6BAA6B,GAAI,SAAS,uBAAuB,KAAG,IAkHhF,CAAC"}