@fuzdev/fuz_app 0.64.0 → 0.66.0

package/dist/testing/stubs.js

@@ -17,7 +17,6 @@ import { create_app_surface_spec, } from '../http/surface.js';
 import { AUDIT_LOG_SSE_MAX_PER_SCOPE } from '../realtime/sse_auth_guard.js';
 import { SubscriberRegistry } from '../realtime/subscriber_registry.js';
 import { BaseServerEnv } from '../server/env.js';
-/* eslint-disable @typescript-eslint/require-await */
 /**
  * Create a Proxy that throws descriptive errors on any property access or method call.
  *
@@ -102,10 +101,10 @@ const stub_db = create_noop_stub('stub_db');
  * `create_test_app` already does this on the test backend.
  */
 export const create_test_audit_emitter = () => ({
-    emit: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
-    emit_role_grant_target: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
-    emit_pool: async () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
-    notify: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    emit: () => { },
+    emit_role_grant_target: () => { },
+    emit_pool: async () => { },
+    notify: () => { },
     on_event_chain: Object.freeze([]),
 });
 /**
@@ -123,9 +122,9 @@ export const create_stub_audit_sse = () => {
         max_per_scope: AUDIT_LOG_SSE_MAX_PER_SCOPE,
     });
     return {
-        subscribe: () => () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+        subscribe: () => () => { },
         log: new Logger('test:audit_sse', { level: 'off' }),
-        on_audit_event: () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+        on_audit_event: () => { },
         registry,
     };
 };
@@ -146,7 +145,7 @@ export const stub_app_deps = {
 export const create_stub_app_deps = () => ({
     stat: async () => null,
     read_text_file: async () => '',
-    delete_file: async (_path) => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+    delete_file: async (_path) => { },
     keyring: create_noop_stub('keyring'),
     password: create_noop_stub('password'),
     db: stub_db,
@@ -193,7 +192,7 @@ export const create_stub_app_server_context = (session_options) => {
             db_type: 'pglite-memory',
             db_name: 'test',
             migration_results: [],
-            close: async () => { }, // eslint-disable-line @typescript-eslint/no-empty-function
+            close: async () => { },
         },
         bootstrap_status: { available: false, token_path: null },
         session_options,
@@ -207,7 +206,14 @@ export const create_stub_app_server_context = (session_options) => {
     };
 };
 /**
- * Create an `AppSurfaceSpec` for attack surface testing.
+ * Create an `AppSurfaceSpec` for the standard testing suites.
+ *
+ * Used by both in-process and cross-process tests as the schema source —
+ * the cross-process-ness lives in the transport + per-test fixture, not
+ * here. The on-disk `*_attack_surface.json` snapshot is observability
+ * (gen-time drift detection via `assert_surface_matches_snapshot`); the
+ * suites consume the spec object this function returns, not the JSON
+ * file.
  *
  * Mirrors `create_app_server`'s route assembly: consumer routes +
  * factory-managed bootstrap routes + surface generation. If
@@ -215,18 +221,11 @@ export const create_stub_app_server_context = (session_options) => {
  * to stay in sync (single source of truth for all consumers).
  *
  * @param options - surface spec options
- * @returns the surface spec for snapshot and adversarial testing
+ * @returns the surface spec for the standard suites
  */
 export const create_test_app_surface_spec = (options) => {
     const ctx = create_stub_app_server_context(options.session_options);
     const consumer_routes = options.create_route_specs(ctx);
-    // Mirror create_app_server's factory-managed route assembly
-    const bootstrap_routes = create_bootstrap_route_specs(ctx.deps, {
-        session_options: options.session_options,
-        bootstrap_status: { available: false, token_path: null },
-        ip_rate_limiter: null,
-    });
-    const prefix = options.bootstrap_route_prefix ?? '/api/account';
     // Auto-mount rpc endpoints (mirrors create_app_server) so consumer
     // `create_route_specs` does not need to call `create_rpc_endpoint`.
     const resolved_rpc_endpoints = typeof options.rpc_endpoints === 'function'
@@ -240,11 +239,22 @@ export const create_test_app_surface_spec = (options) => {
     // Resolve ws endpoints (mirrors create_app_server). Surface-only —
     // no `register_ws_endpoint` call here, so no `upgradeWebSocket` needed.
     const resolved_ws_endpoints = typeof options.ws_endpoints === 'function' ? options.ws_endpoints(ctx) : options.ws_endpoints;
-    const route_specs = [
-        ...consumer_routes,
-        ...rpc_route_specs,
-        ...prefix_route_specs(prefix, bootstrap_routes),
-    ];
+    // Bootstrap routes mirror `create_app_server`: mounted for `surface_only`
+    // and `live` modes; omitted for `disabled` / undefined. Surface generation
+    // uses an `available: false` placeholder regardless of mode — the handler
+    // short-circuits to 403 ALREADY_BOOTSTRAPPED, which is what surface tests
+    // assert on. Live token_path is passed through for shape symmetry only.
+    const bootstrap_route_specs = options.bootstrap && options.bootstrap.mode !== 'disabled'
+        ? prefix_route_specs(options.bootstrap.route_prefix ?? '/api/account', create_bootstrap_route_specs(ctx.deps, {
+            session_options: options.session_options,
+            bootstrap_status: {
+                available: false,
+                token_path: options.bootstrap.mode === 'live' ? options.bootstrap.token_path : null,
+            },
+            ip_rate_limiter: null,
+        }))
+        : [];
+    const route_specs = [...consumer_routes, ...rpc_route_specs, ...bootstrap_route_specs];
     let middleware_specs = create_stub_api_middleware();
     if (options.transform_middleware) {
         middleware_specs = options.transform_middleware(middleware_specs);

package/dist/testing/testing_rate_limiter.d.ts

@@ -0,0 +1,59 @@
+import './assert_dev_env.js';
+/**
+ * Test-only `RateLimiter` subclass with bucket tracking + reset_all.
+ *
+ * Production code never instantiates this; test binaries swap it in for
+ * production `RateLimiter` so `_testing_reset` can clear every bucket
+ * between cases. Mirrors the `TestingArgon2idHasher` pattern from the
+ * Rust spine — same call surface as the production class, plus test-only
+ * knobs (`reset_all`, `tracked_keys`).
+ *
+ * Constructor + every overridden method preserve production semantics
+ * by delegating to `super.*` after tracking; `reset_all` walks the
+ * tracked-keys set and calls `super.reset` per entry. Tests that depend
+ * on burst behavior get identical results between production and test
+ * instantiations.
+ *
+ * Usage in a test binary:
+ *
+ * ```ts
+ * import {TestingRateLimiter} from '@fuzdev/fuz_app/testing/testing_rate_limiter.js';
+ *
+ * const limiter = new TestingRateLimiter(default_login_ip_rate_limit);
+ * await create_app_server({backend, ip_rate_limiter: limiter, ...});
+ *
+ * // Inside the `_testing_reset` handler's `reset_state`:
+ * limiter.reset_all();
+ * ```
+ *
+ * @module
+ */
+import { RateLimiter, type RateLimitResult } from '../rate_limiter.js';
+/**
+ * `RateLimiter` plus bucket tracking. Every `check`/`record` call adds
+ * its key to `#seen_keys`; `reset` removes it; `reset_all` clears every
+ * tracked bucket. Drop-in replacement anywhere a `RateLimiter` is
+ * expected — the type is nominally compatible via subclassing.
+ */
+export declare class TestingRateLimiter extends RateLimiter {
+    #private;
+    check(key: string, now?: number): RateLimitResult;
+    record(key: string, now?: number): RateLimitResult;
+    reset(key: string): void;
+    /**
+     * Clear every bucket this limiter has been asked about. Idempotent;
+     * safe to call before any check/record activity. Designed to be invoked
+     * from a `_testing_reset` handler's `reset_state` callback so the test
+     * binary's rate-limit buckets don't leak across test cases.
+     */
+    reset_all(): void;
+    /**
+     * Snapshot of every bucket key this limiter has observed via
+     * `check`/`record`. Doesn't reflect post-cleanup pruning — keys that
+     * `cleanup()` removed remain in `tracked_keys` until `reset`/`reset_all`
+     * runs (or the limiter is disposed). Useful for assertions like
+     * "limiter saw exactly N IPs" in tests.
+     */
+    get tracked_keys(): ReadonlySet<string>;
+}
+//# sourceMappingURL=testing_rate_limiter.d.ts.map

package/dist/testing/testing_rate_limiter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"testing_rate_limiter.d.ts","sourceRoot":"../src/lib/","sources":["../../src/lib/testing/testing_rate_limiter.ts"],"names":[],"mappings":"AAAA,OAAO,qBAAqB,CAAC;AAE7B;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAC,WAAW,EAAE,KAAK,eAAe,EAAC,MAAM,oBAAoB,CAAC;AAErE;;;;;GAKG;AACH,qBAAa,kBAAmB,SAAQ,WAAW;;IAGzC,KAAK,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,eAAe;IAKjD,MAAM,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,eAAe;IAKlD,KAAK,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAKjC;;;;;OAKG;IACH,SAAS,IAAI,IAAI;IAOjB;;;;;;OAMG;IACH,IAAI,YAAY,IAAI,WAAW,CAAC,MAAM,CAAC,CAEtC;CACD"}

package/dist/testing/testing_rate_limiter.js

@@ -0,0 +1,74 @@
+import './assert_dev_env.js';
+/**
+ * Test-only `RateLimiter` subclass with bucket tracking + reset_all.
+ *
+ * Production code never instantiates this; test binaries swap it in for
+ * production `RateLimiter` so `_testing_reset` can clear every bucket
+ * between cases. Mirrors the `TestingArgon2idHasher` pattern from the
+ * Rust spine — same call surface as the production class, plus test-only
+ * knobs (`reset_all`, `tracked_keys`).
+ *
+ * Constructor + every overridden method preserve production semantics
+ * by delegating to `super.*` after tracking; `reset_all` walks the
+ * tracked-keys set and calls `super.reset` per entry. Tests that depend
+ * on burst behavior get identical results between production and test
+ * instantiations.
+ *
+ * Usage in a test binary:
+ *
+ * ```ts
+ * import {TestingRateLimiter} from '@fuzdev/fuz_app/testing/testing_rate_limiter.js';
+ *
+ * const limiter = new TestingRateLimiter(default_login_ip_rate_limit);
+ * await create_app_server({backend, ip_rate_limiter: limiter, ...});
+ *
+ * // Inside the `_testing_reset` handler's `reset_state`:
+ * limiter.reset_all();
+ * ```
+ *
+ * @module
+ */
+import { RateLimiter } from '../rate_limiter.js';
+/**
+ * `RateLimiter` plus bucket tracking. Every `check`/`record` call adds
+ * its key to `#seen_keys`; `reset` removes it; `reset_all` clears every
+ * tracked bucket. Drop-in replacement anywhere a `RateLimiter` is
+ * expected — the type is nominally compatible via subclassing.
+ */
+export class TestingRateLimiter extends RateLimiter {
+    #seen_keys = new Set();
+    check(key, now) {
+        this.#seen_keys.add(key);
+        return super.check(key, now);
+    }
+    record(key, now) {
+        this.#seen_keys.add(key);
+        return super.record(key, now);
+    }
+    reset(key) {
+        this.#seen_keys.delete(key);
+        super.reset(key);
+    }
+    /**
+     * Clear every bucket this limiter has been asked about. Idempotent;
+     * safe to call before any check/record activity. Designed to be invoked
+     * from a `_testing_reset` handler's `reset_state` callback so the test
+     * binary's rate-limit buckets don't leak across test cases.
+     */
+    reset_all() {
+        for (const key of this.#seen_keys) {
+            super.reset(key);
+        }
+        this.#seen_keys.clear();
+    }
+    /**
+     * Snapshot of every bucket key this limiter has observed via
+     * `check`/`record`. Doesn't reflect post-cleanup pruning — keys that
+     * `cleanup()` removed remain in `tracked_keys` until `reset`/`reset_all`
+     * runs (or the limiter is disposed). Useful for assertions like
+     * "limiter saw exactly N IPs" in tests.
+     */
+    get tracked_keys() {
+        return this.#seen_keys;
+    }
+}

package/dist/testing/transports/bootstrap.d.ts

@@ -0,0 +1,52 @@
+import '../assert_dev_env.js';
+import { Uuid } from '@fuzdev/fuz_util/id.js';
+import type { BackendConfig } from '../cross_backend/backend_config.js';
+import type { FetchTransport } from './fetch_transport.js';
+/** Input for `bootstrap()`. */
+export interface BootstrapOptions {
+    /**
+     * The cookie-threading HTTP transport pointed at the binary. After
+     * `bootstrap()` resolves, the transport carries the keeper session
+     * cookie — every later call against it is authenticated as keeper.
+     */
+    readonly transport: FetchTransport;
+    /**
+     * Backend config — used for `bootstrap_path` plus the
+     * `bootstrap.username` / `bootstrap.password` / `bootstrap.token`
+     * credentials. The runner already wrote `bootstrap.token` to
+     * `bootstrap.token_path` before spawning, so the binary picks the
+     * token up at startup.
+     */
+    readonly config: BackendConfig;
+}
+/** The keeper credentials captured from `POST /api/account/bootstrap`. */
+export interface BootstrapResult {
+    /**
+     * Same transport that came in, now carrying the keeper session
+     * cookie in its jar. Returned for call-site clarity (callers don't
+     * have to remember the mutation happens in place).
+     */
+    readonly transport: FetchTransport;
+    /** Account JSON returned by `POST /bootstrap`. */
+    readonly account: {
+        readonly id: Uuid;
+        readonly username: string;
+    };
+    /** Actor JSON returned by `POST /bootstrap`. */
+    readonly actor: {
+        readonly id: Uuid;
+    };
+    /** Raw `Set-Cookie` values for threading into a WS transport. */
+    readonly cookies: ReadonlyArray<string>;
+}
+/**
+ * Fire `POST {config.bootstrap_path}` and capture the keeper session.
+ *
+ * @throws Error when the binary refuses bootstrap (non-2xx response) or
+ *   the body fails to parse as the expected `{account, actor}` envelope.
+ *   The error carries the status + raw body so a mistyped token /
+ *   username collision / boot-time DB drift surfaces with enough
+ *   context to debug.
+ */
+export declare const bootstrap: (options: BootstrapOptions) => Promise<BootstrapResult>;
+//# sourceMappingURL=bootstrap.d.ts.map

package/dist/testing/transports/bootstrap.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bootstrap.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/transports/bootstrap.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAuB9B,OAAO,EAAC,IAAI,EAAC,MAAM,wBAAwB,CAAC;AAE5C,OAAO,KAAK,EAAC,aAAa,EAAC,MAAM,oCAAoC,CAAC;AACtE,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,sBAAsB,CAAC;AAezD,+BAA+B;AAC/B,MAAM,WAAW,gBAAgB;IAChC;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,cAAc,CAAC;IACnC;;;;;;OAMG;IACH,QAAQ,CAAC,MAAM,EAAE,aAAa,CAAC;CAC/B;AAED,0EAA0E;AAC1E,MAAM,WAAW,eAAe;IAC/B;;;;OAIG;IACH,QAAQ,CAAC,SAAS,EAAE,cAAc,CAAC;IACnC,kDAAkD;IAClD,QAAQ,CAAC,OAAO,EAAE;QAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAC;QAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAA;KAAC,CAAC;IACjE,gDAAgD;IAChD,QAAQ,CAAC,KAAK,EAAE;QAAC,QAAQ,CAAC,EAAE,EAAE,IAAI,CAAA;KAAC,CAAC;IACpC,iEAAiE;IACjE,QAAQ,CAAC,OAAO,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CACxC;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,SAAS,GAAU,SAAS,gBAAgB,KAAG,OAAO,CAAC,eAAe,CA4BlF,CAAC"}

package/dist/testing/transports/bootstrap.js

@@ -0,0 +1,70 @@
+import '../assert_dev_env.js';
+/**
+ * Stateless cross-process bootstrap.
+ *
+ * POSTs `{bootstrap_path}` against the running test binary with the
+ * preconfigured token + username + password, parses the
+ * `BootstrapOutput` envelope, captures the session `Set-Cookie` onto
+ * the supplied `FetchTransport` (which carries it on every subsequent
+ * call), and returns the keeper credentials.
+ *
+ * Fires exactly once per backend lifetime — `spawn_backend` calls it
+ * inside vitest's `globalSetup`. Per-test fixtures re-use the captured
+ * keeper credentials; fresh per-test accounts come from
+ * `fixture.create_account()` (signup+login through production RPC),
+ * not re-bootstrap. The hybrid reset model in `default_cross_process_setup`
+ * depends on this — re-bootstrap would race the bootstrap lock and
+ * in-memory caches.
+ *
+ * @module
+ */
+import { z } from 'zod';
+import { Uuid } from '@fuzdev/fuz_util/id.js';
+/**
+ * The `BootstrapOutput` envelope shape the cross-process bootstrap call
+ * cares about. Looser than the full `BootstrapOutput` Zod schema in
+ * `auth/bootstrap_account.ts` — that schema is the canonical wire shape
+ * on the server side, and this one is a structural subset the runner
+ * uses to extract the keeper identity. Kept local so cross-process
+ * testing doesn't pull the full auth-domain schema into its dep graph.
+ */
+const BootstrapResponse = z.object({
+    account: z.object({ id: Uuid, username: z.string() }),
+    actor: z.object({ id: Uuid }),
+});
+/**
+ * Fire `POST {config.bootstrap_path}` and capture the keeper session.
+ *
+ * @throws Error when the binary refuses bootstrap (non-2xx response) or
+ *   the body fails to parse as the expected `{account, actor}` envelope.
+ *   The error carries the status + raw body so a mistyped token /
+ *   username collision / boot-time DB drift surfaces with enough
+ *   context to debug.
+ */
+export const bootstrap = async (options) => {
+    const { transport, config } = options;
+    const response = await transport(config.bootstrap_path, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            token: config.bootstrap.token,
+            username: config.bootstrap.username,
+            password: config.bootstrap.password,
+        }),
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => '<unreadable>');
+        throw new Error(`bootstrap(${config.name}) failed: status=${response.status} body=${body}`);
+    }
+    const raw = await response.json();
+    const parsed = BootstrapResponse.safeParse(raw);
+    if (!parsed.success) {
+        throw new Error(`bootstrap(${config.name}) returned unexpected body: ${JSON.stringify(raw)} (${parsed.error.message})`);
+    }
+    return {
+        transport,
+        account: parsed.data.account,
+        actor: parsed.data.actor,
+        cookies: transport.cookies(),
+    };
+};

package/dist/testing/transports/fetch_transport.d.ts

@@ -0,0 +1,81 @@
+import '../assert_dev_env.js';
+/**
+ * Cookie-threading HTTP transport for cross-process tests.
+ *
+ * Wraps the global `fetch` against a base URL, carries cookies across
+ * requests in a `Map`-backed jar so the session cookie set on bootstrap
+ * is re-sent on every subsequent call. Satisfies the `RpcTestTransport`
+ * shape `Hono.request` already does — so every suite body that takes
+ * `transport: RpcTestTransport` works against a cross-process binary
+ * unchanged.
+ *
+ * The `Origin` header is threaded onto every request because the
+ * backend's allowlist (`{ZZZ,ZAP,FUZ}_ALLOWED_ORIGINS`) rejects mutations
+ * without an `Origin`. Cross-process tests run with
+ * `ALLOWED_ORIGINS=http://localhost:*`, so defaulting `origin` to the
+ * configured `base_url` is safe.
+ *
+ * The cookie jar is intentionally simple — it does not honour `Domain`,
+ * `Path`, `Expires`, or `SameSite` attributes. Cross-process tests
+ * always hit a single host:port, so name-keyed last-write-wins matches
+ * the behaviour real browsers exhibit against the same surface.
+ *
+ * @module
+ */
+import type { RpcTestTransport } from '../rpc_helpers.js';
+/** Construction options for `create_fetch_transport`. */
+export interface FetchTransportOptions {
+    /** Base URL the binary is reachable at — e.g. `http://localhost:8788`. */
+    readonly base_url: string;
+    /**
+     * Initial cookie values to seed the jar. Pass the `Set-Cookie` values
+     * captured from a prior `bootstrap()` call to keep the keeper session
+     * across a transport-recreation boundary. Each entry is a full
+     * `Set-Cookie` value (the same string `Headers.getSetCookie()` returns).
+     */
+    readonly initial_cookies?: ReadonlyArray<string>;
+    /**
+     * Origin header threaded onto every request when the caller hasn't set
+     * one. Defaults to `base_url`; backends running with
+     * `ALLOWED_ORIGINS=http://localhost:*` accept `http://localhost:<port>`
+     * matching the spawned binary.
+     *
+     * Pass `null` to disable the default — useful for bearer-only probes
+     * that must not look like browser-context requests (the auth middleware
+     * silently discards bearer credentials when `Origin`/`Referer` is
+     * present). Callers can still set `Origin` per-call via `init.headers`.
+     */
+    readonly origin?: string | null;
+}
+/**
+ * The transport shape: callable as `RpcTestTransport` plus a `cookies()`
+ * accessor that returns the current jar state. The accessor exists so
+ * `ws_transport` can thread the session cookie onto the WS upgrade
+ * without an HTTP round trip.
+ */
+export interface FetchTransport extends RpcTestTransport {
+    /**
+     * Snapshot of every cookie currently in the jar, formatted as full
+     * `Set-Cookie` values (`name=value`). Used by `ws_transport` to
+     * compose the `Cookie` header on the upgrade request.
+     */
+    readonly cookies: () => ReadonlyArray<string>;
+}
+/**
+ * Build a cookie-threading transport pinned to `options.base_url`. The
+ * returned function carries a private `Map<name, cookie-head>` jar that
+ * updates on every response's `Set-Cookie` and re-sends on every
+ * subsequent request.
+ *
+ * Request rewriting:
+ *
+ * - Absolute URLs (`http://other.example/...`) pass through verbatim —
+ *   handy for cross-origin negative tests that target a deliberately
+ *   different host.
+ * - Relative URLs are resolved against `base_url`.
+ * - `Origin` is set to `options.origin ?? base_url` unless the caller
+ *   already provided one.
+ * - `Cookie` is set from the jar unless the caller already provided one.
+ */
+export declare const create_fetch_transport: (options: FetchTransportOptions) => FetchTransport;
+//# sourceMappingURL=fetch_transport.d.ts.map

package/dist/testing/transports/fetch_transport.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch_transport.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/transports/fetch_transport.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAE9B;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAEH,OAAO,KAAK,EAAC,gBAAgB,EAAC,MAAM,mBAAmB,CAAC;AAExD,yDAAyD;AACzD,MAAM,WAAW,qBAAqB;IACrC,0EAA0E;IAC1E,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B;;;;;OAKG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IACjD;;;;;;;;;;OAUG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAChC;AAED;;;;;GAKG;AACH,MAAM,WAAW,cAAe,SAAQ,gBAAgB;IACvD;;;;OAIG;IACH,QAAQ,CAAC,OAAO,EAAE,MAAM,aAAa,CAAC,MAAM,CAAC,CAAC;CAC9C;AAkBD;;;;;;;;;;;;;;;GAeG;AACH,eAAO,MAAM,sBAAsB,GAAI,SAAS,qBAAqB,KAAG,cAyCvE,CAAC"}

package/dist/testing/transports/fetch_transport.js

@@ -0,0 +1,74 @@
+import '../assert_dev_env.js';
+/**
+ * Parse the `name=value` head of a `Set-Cookie` value. Returns `null`
+ * for malformed inputs (missing `=`, empty name). Drops every attribute
+ * after the first `;` — the jar is name-keyed and the lifetime
+ * attributes (`Expires`, `Max-Age`, `Path`, `Domain`, `SameSite`)
+ * don't affect cross-process test plumbing.
+ */
+const parse_set_cookie = (value) => {
+    const head = value.split(';', 1)[0].trim();
+    const eq = head.indexOf('=');
+    if (eq <= 0)
+        return null;
+    const name = head.slice(0, eq).trim();
+    if (!name)
+        return null;
+    return { name, cookie: head };
+};
+/**
+ * Build a cookie-threading transport pinned to `options.base_url`. The
+ * returned function carries a private `Map<name, cookie-head>` jar that
+ * updates on every response's `Set-Cookie` and re-sends on every
+ * subsequent request.
+ *
+ * Request rewriting:
+ *
+ * - Absolute URLs (`http://other.example/...`) pass through verbatim —
+ *   handy for cross-origin negative tests that target a deliberately
+ *   different host.
+ * - Relative URLs are resolved against `base_url`.
+ * - `Origin` is set to `options.origin ?? base_url` unless the caller
+ *   already provided one.
+ * - `Cookie` is set from the jar unless the caller already provided one.
+ */
+export const create_fetch_transport = (options) => {
+    const { base_url, initial_cookies, origin } = options;
+    const jar = new Map();
+    if (initial_cookies) {
+        for (const raw of initial_cookies) {
+            const parsed = parse_set_cookie(raw);
+            if (parsed)
+                jar.set(parsed.name, parsed.cookie);
+        }
+    }
+    const default_origin = origin === null ? null : (origin ?? base_url);
+    const cookies = () => Array.from(jar.values());
+    const transport = (async (url, init) => {
+        const target = /^https?:\/\//i.test(url) ? url : `${base_url}${url}`;
+        const headers = new Headers(init.headers);
+        if (default_origin !== null && !headers.has('Origin')) {
+            headers.set('Origin', default_origin);
+        }
+        if (!headers.has('Cookie') && jar.size > 0) {
+            headers.set('Cookie', Array.from(jar.values()).join('; '));
+        }
+        const response = await fetch(target, { ...init, headers });
+        // `Headers.getSetCookie()` returns each `Set-Cookie` value as a
+        // separate string — the only way to read multiple cookies set in
+        // one response (Headers.get() collapses to a single comma-joined
+        // string). Node 19.7+ ships it; vitest's runtime supports it.
+        const set_cookies = response.headers.getSetCookie();
+        for (const raw of set_cookies) {
+            const parsed = parse_set_cookie(raw);
+            if (parsed)
+                jar.set(parsed.name, parsed.cookie);
+        }
+        return response;
+    });
+    // Attach the cookies() accessor onto the callable. Using a property
+    // definition keeps it non-enumerable-ish and avoids polluting `.bind`
+    // / `.call` reflection on the function.
+    Object.defineProperty(transport, 'cookies', { value: cookies, enumerable: false });
+    return transport;
+};

package/dist/testing/transports/sse_frame_reader.d.ts

@@ -0,0 +1,41 @@
+import '../assert_dev_env.js';
+/**
+ * SSE frame reader over a `ReadableStreamDefaultReader<Uint8Array>`.
+ *
+ * Transport-agnostic core shared by the in-process SSE route suite
+ * (`testing/sse_round_trip.ts`, reading a Hono `Response.body`) and the
+ * cross-process `transports/sse_transport.ts` (reading a streaming `fetch`
+ * body): `\n\n`-delimited framing, a per-read timeout (so vitest can't hang
+ * on a stalled stream), and `wait_for_close` for server-initiated close
+ * detection (the auth-guard revocation seam).
+ *
+ * @module
+ */
+/** Default per-read / wait-for-close timeout. */
+export declare const SSE_FRAME_READ_TIMEOUT_MS = 2000;
+/** Frame-level reader returned by `create_sse_frame_reader`. */
+export interface SseFrameReader {
+    /**
+     * Read one complete SSE frame (up to the next `\n\n`), without the
+     * trailing terminator. Throws if the per-read timeout elapses or the
+     * stream ends before a frame arrives.
+     */
+    read_frame: (timeout_ms?: number) => Promise<string>;
+    /**
+     * Drain until the server closes the stream. Resolves `true` if the
+     * stream closes within `timeout_ms`, `false` on timeout.
+     */
+    wait_for_close: (timeout_ms?: number) => Promise<boolean>;
+    /** Cancel the underlying reader. Safe to call when already closed. */
+    cancel: () => Promise<void>;
+}
+/**
+ * Wrap a byte-stream reader in `\n\n`-delimited SSE frame parsing.
+ *
+ * Preserves bytes past a frame terminator in an internal buffer for the next
+ * `read_frame`. `read_frame` and `wait_for_close` both race each underlying
+ * read against `timeout_ms` so a misbehaving stream surfaces as a failure
+ * rather than a vitest hang.
+ */
+export declare const create_sse_frame_reader: (reader: ReadableStreamDefaultReader<Uint8Array>, default_timeout_ms?: number) => SseFrameReader;
+//# sourceMappingURL=sse_frame_reader.d.ts.map

package/dist/testing/transports/sse_frame_reader.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sse_frame_reader.d.ts","sourceRoot":"../src/lib/","sources":["../../../src/lib/testing/transports/sse_frame_reader.ts"],"names":[],"mappings":"AAAA,OAAO,sBAAsB,CAAC;AAE9B;;;;;;;;;;;GAWG;AAEH,iDAAiD;AACjD,eAAO,MAAM,yBAAyB,OAAO,CAAC;AAE9C,gEAAgE;AAChE,MAAM,WAAW,cAAc;IAC9B;;;;OAIG;IACH,UAAU,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD;;;OAGG;IACH,cAAc,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,KAAK,OAAO,CAAC,OAAO,CAAC,CAAC;IAC1D,sEAAsE;IACtE,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;CAC5B;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,uBAAuB,GACnC,QAAQ,2BAA2B,CAAC,UAAU,CAAC,EAC/C,2BAA8C,KAC5C,cA8DF,CAAC"}