@peers-app/peers-sdk 0.18.4 → 0.18.6

package/dist/data/package-version-resolver.test.js

@@ -0,0 +1,335 @@
+"use strict";
+/**
+ * Regression tests for device-local package version resolution.
+ *
+ * Several cases document known gaps from the device-local package versions review.
+ * They are expected to fail until the resolver honors group-level pinned, legacy
+ * deviceVersionTag, and pinned devices are not overridden before resolve.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+const SQLiteDB = require("better-sqlite3");
+const user_context_1 = require("../context/user-context");
+const user_context_singleton_1 = require("../context/user-context-singleton");
+const utils_1 = require("../utils");
+const assistants_1 = require("./assistants");
+const sql_data_source_1 = require("./orm/sql.data-source");
+const package_version_resolver_1 = require("./package-version-resolver");
+const package_versions_1 = require("./package-versions");
+const packages_1 = require("./packages");
+const persistent_vars_1 = require("./persistent-vars");
+const workflows_1 = require("./workflows");
+class DBHarness {
+    _db = null;
+    get db() {
+        if (!this._db) {
+            this._db = new SQLiteDB(":memory:");
+            this._db.pragma("journal_mode = WAL");
+        }
+        return this._db;
+    }
+    async get(sql, params = []) {
+        return this.db.prepare(sql).get(params);
+    }
+    async all(sql, params = []) {
+        return this.db.prepare(sql).all(params);
+    }
+    async exec(sql, params = []) {
+        const result = this.db.prepare(sql).run(params);
+        return { changes: result.changes };
+    }
+    async close() {
+        this._db?.close();
+        this._db = null;
+    }
+}
+const testUserId = (0, utils_1.newid)();
+const testGroupId = (0, utils_1.newid)();
+let userContext;
+let db;
+function groupDc() {
+    const dc = userContext.getDataContext(testGroupId);
+    dc.setAsDefault();
+    return dc;
+}
+function makePV(packageId, overrides = {}) {
+    return {
+        packageVersionId: (0, utils_1.newid)(),
+        packageId,
+        version: "1.0.0",
+        versionTag: "stable",
+        packageVersionHash: "hash",
+        packageBundleFileId: (0, utils_1.newid)(),
+        packageBundleFileHash: "bundlehash",
+        signature: "",
+        createdBy: testUserId,
+        createdAt: new Date().toISOString(),
+        ...overrides,
+    };
+}
+function makePkg(overrides = {}) {
+    return {
+        packageId: (0, utils_1.newid)(),
+        name: "test-package",
+        description: "test",
+        createdBy: testUserId,
+        signature: "",
+        ...overrides,
+    };
+}
+beforeAll(async () => {
+    db = new DBHarness();
+    const dataSourceFactory = (metaData, schema) => new sql_data_source_1.SQLDataSource(db, metaData, schema);
+    userContext = new user_context_1.UserContext(testUserId, dataSourceFactory, true);
+    await userContext.loadingPromise;
+    userContext.deviceId((0, utils_1.newid)());
+    (0, user_context_singleton_1.setUserContext)(userContext);
+    packages_1.PackagesTable.isPassthrough = true;
+    package_versions_1.PackageVersionsTable.isPassthrough = true;
+});
+afterAll(async () => {
+    packages_1.PackagesTable.isPassthrough = false;
+    package_versions_1.PackageVersionsTable.isPassthrough = false;
+    userContext?.dispose();
+    await db?.close();
+});
+afterEach(() => {
+    jest.restoreAllMocks();
+});
+describe("resolveDevicePackageVersion — known gaps (expected to fail until fixed)", () => {
+    it("does not auto-upgrade when IPackage.versionFollowRange is pinned (no device prefs)", async () => {
+        const dc = groupDc();
+        const packageId = (0, utils_1.newid)();
+        const stableV1 = makePV(packageId, { version: "1.0.0", versionTag: "stable" });
+        const stableV2 = makePV(packageId, { version: "2.0.0", versionTag: "stable" });
+        await (0, package_versions_1.PackageVersions)(dc).save(stableV1);
+        await (0, package_versions_1.PackageVersions)(dc).save(stableV2);
+        const pkg = makePkg({
+            packageId,
+            activePackageVersionId: stableV1.packageVersionId,
+            versionFollowRange: "pinned",
+        });
+        await (0, packages_1.Packages)(dc).save(pkg);
+        const loadedPvIds = [];
+        jest.spyOn(dc.packageLoader, "loadPackage").mockImplementation(async (_pkg, opts) => {
+            if (opts?.packageVersionId)
+                loadedPvIds.push(opts.packageVersionId);
+            return { packageId };
+        });
+        const result = await (0, package_version_resolver_1.resolveDevicePackageVersion)(pkg, dc, { force: true });
+        expect(result.upgraded).toBe(false);
+        expect(loadedPvIds).toContain(stableV1.packageVersionId);
+        expect(loadedPvIds).not.toContain(stableV2.packageVersionId);
+    });
+    it("pinned device keeps stable PV after activePackageVersionId is overwritten to dev (updatePackageBundle sequence)", async () => {
+        const dc = groupDc();
+        const packageId = (0, utils_1.newid)();
+        const stablePv = makePV(packageId, { version: "1.0.0", versionTag: "stable" });
+        const devPv = makePV(packageId, { version: "1.0.1", versionTag: "dev" });
+        await (0, package_versions_1.PackageVersions)(dc).save(stablePv);
+        await (0, package_versions_1.PackageVersions)(dc).save(devPv);
+        const pkg = makePkg({
+            packageId,
+            activePackageVersionId: stablePv.packageVersionId,
+        });
+        await (0, packages_1.Packages)(dc).save(pkg);
+        await (0, package_version_resolver_1.updatePackagePrefs)(packageId, { pinned: true, activePackageVersionId: stablePv.packageVersionId }, dc);
+        // Mirrors updatePackageBundle: unconditionally merges dev active id before resolve
+        await (0, package_version_resolver_1.updatePackagePrefs)(packageId, { activePackageVersionId: devPv.packageVersionId }, dc);
+        const loadedPvIds = [];
+        jest.spyOn(dc.packageLoader, "loadPackage").mockImplementation(async (_pkg, opts) => {
+            if (opts?.packageVersionId)
+                loadedPvIds.push(opts.packageVersionId);
+            return { packageId };
+        });
+        await (0, package_version_resolver_1.resolveDevicePackageVersion)(pkg, dc, { force: true });
+        expect(loadedPvIds[loadedPvIds.length - 1]).toBe(stablePv.packageVersionId);
+    });
+    it("honors legacy deviceVersionTag pvar when choosing beta auto-upgrade", async () => {
+        const dc = groupDc();
+        const packageId = (0, utils_1.newid)();
+        const stablePv = makePV(packageId, { version: "1.0.0", versionTag: "stable" });
+        const betaPv = makePV(packageId, { version: "2.0.0", versionTag: "beta" });
+        await (0, package_versions_1.PackageVersions)(dc).save(stablePv);
+        await (0, package_versions_1.PackageVersions)(dc).save(betaPv);
+        const legacyVarName = `deviceVersionTag_${dc.dataContextId}`;
+        await (0, persistent_vars_1.PersistentVars)(userContext.userDataContext).save({
+            persistentVarId: (0, utils_1.deterministicPvarId)(legacyVarName),
+            name: legacyVarName,
+            scope: "groupDevice",
+            value: { value: "beta" },
+        });
+        const pkg = makePkg({
+            packageId,
+            activePackageVersionId: stablePv.packageVersionId,
+            versionFollowRange: "latest",
+        });
+        await (0, packages_1.Packages)(dc).save(pkg);
+        const loadedPvIds = [];
+        jest.spyOn(dc.packageLoader, "loadPackage").mockImplementation(async (_pkg, opts) => {
+            if (opts?.packageVersionId)
+                loadedPvIds.push(opts.packageVersionId);
+            return { packageId };
+        });
+        const result = await (0, package_version_resolver_1.resolveDevicePackageVersion)(pkg, dc, { force: true });
+        expect(result.upgraded).toBe(true);
+        expect(loadedPvIds).toContain(betaPv.packageVersionId);
+    });
+});
+describe("resolveDevicePackageVersion — expected behavior (control)", () => {
+    it("does not auto-activate dev when device has no prefs and group default is stable", async () => {
+        const dc = groupDc();
+        const packageId = (0, utils_1.newid)();
+        const stablePv = makePV(packageId, { version: "1.0.0", versionTag: "stable" });
+        const devPv = makePV(packageId, { version: "9.9.9", versionTag: "dev" });
+        await (0, package_versions_1.PackageVersions)(dc).save(stablePv);
+        await (0, package_versions_1.PackageVersions)(dc).save(devPv);
+        const pkg = makePkg({
+            packageId,
+            activePackageVersionId: stablePv.packageVersionId,
+            versionFollowRange: "latest",
+        });
+        await (0, packages_1.Packages)(dc).save(pkg);
+        const pvar = (0, package_version_resolver_1.packagePrefsVar)(packageId, dc);
+        await pvar.loadingPromise;
+        expect(pvar()).toEqual({});
+        const loadedPvIds = [];
+        jest.spyOn(dc.packageLoader, "loadPackage").mockImplementation(async (_pkg, opts) => {
+            if (opts?.packageVersionId)
+                loadedPvIds.push(opts.packageVersionId);
+            return { packageId };
+        });
+        const result = await (0, package_version_resolver_1.resolveDevicePackageVersion)(pkg, dc, { force: true });
+        expect(result.upgraded).toBe(false);
+        expect(loadedPvIds).toContain(stablePv.packageVersionId);
+        expect(loadedPvIds).not.toContain(devPv.packageVersionId);
+    });
+    it("installs assistants and workflows into the data context on auto-upgrade", async () => {
+        const dc = groupDc();
+        const packageId = (0, utils_1.newid)();
+        const stablePv = makePV(packageId, { version: "1.0.0", versionTag: "stable" });
+        const stableV2 = makePV(packageId, { version: "2.0.0", versionTag: "stable" });
+        await (0, package_versions_1.PackageVersions)(dc).save(stablePv);
+        await (0, package_versions_1.PackageVersions)(dc).save(stableV2);
+        const pkg = makePkg({
+            packageId,
+            activePackageVersionId: stablePv.packageVersionId,
+            versionFollowRange: "latest",
+        });
+        await (0, packages_1.Packages)(dc).save(pkg);
+        // Explicitly set followTags so the legacy-pvar migration from earlier tests
+        // doesn't interfere (it would write "beta" followTags otherwise).
+        await (0, package_version_resolver_1.updatePackagePrefs)(packageId, { followTags: "stable" }, dc);
+        const testAssistantId = (0, utils_1.newid)();
+        const testWorkflowId = (0, utils_1.newid)();
+        const testAssistant = {
+            assistantId: testAssistantId,
+            name: "Upgrade Test Assistant",
+            packageId,
+            createdAt: new Date(),
+            assistantRunnerToolId: "000peers0tool00000runner1",
+            assistantRunnerConfig: {},
+            toolsToInclude: "",
+            toolInclusionStrategy: "Linked",
+        };
+        const testWorkflow = {
+            workflowId: testWorkflowId,
+            name: "Upgrade Test Workflow",
+            description: "test",
+            defaultAssistantId: testAssistantId,
+            createdBy: testUserId,
+            createdAt: new Date(),
+            updatedAt: new Date(),
+            instructions: [],
+            packageId,
+        };
+        jest.spyOn(dc.packageLoader, "loadPackage").mockResolvedValue({
+            packageId,
+            assistants: [testAssistant],
+            workflows: [testWorkflow],
+        });
+        const result = await (0, package_version_resolver_1.resolveDevicePackageVersion)(pkg, dc, { force: true });
+        expect(result.upgraded).toBe(true);
+        expect(result.pv?.packageVersionId).toBe(stableV2.packageVersionId);
+        const savedAssistant = await (0, assistants_1.Assistants)(dc).get(testAssistantId);
+        expect(savedAssistant).toBeDefined();
+        expect(savedAssistant?.name).toBe("Upgrade Test Assistant");
+        const savedWorkflow = await (0, workflows_1.Workflows)(dc).get(testWorkflowId);
+        expect(savedWorkflow).toBeDefined();
+        expect(savedWorkflow?.name).toBe("Upgrade Test Workflow");
+    });
+});
+describe("getEffectivePackagePrefs", () => {
+    it("uses group defaults when device prefs are absent", () => {
+        const pkg = makePkg({
+            activePackageVersionId: "pv-group",
+            followVersionTags: "stable,beta",
+            versionFollowRange: "minor",
+        });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, undefined)).toEqual({
+            activePackageVersionId: "pv-group",
+            isPinned: false,
+            followRange: "minor",
+            followTags: "stable,beta",
+        });
+    });
+    it("honors group-level pinned when there are no device prefs", () => {
+        const pkg = makePkg({
+            activePackageVersionId: "pv-pin",
+            versionFollowRange: "pinned",
+        });
+        const eff = (0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, undefined);
+        expect(eff.isPinned).toBe(true);
+        expect(eff.activePackageVersionId).toBe("pv-pin");
+    });
+    it("prefers device active id over group default", () => {
+        const pkg = makePkg({ activePackageVersionId: "pv-group" });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, {
+            activePackageVersionId: "pv-device",
+        })).toMatchObject({
+            activePackageVersionId: "pv-device",
+            isPinned: false,
+        });
+    });
+    it("device pinned overrides group not pinned", () => {
+        const pkg = makePkg({
+            activePackageVersionId: "pv1",
+            versionFollowRange: "latest",
+        });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, { pinned: true }).isPinned).toBe(true);
+    });
+    it("empty device prefs falls back to group pinned (matches groupDeviceVar default)", () => {
+        const pkg = makePkg({
+            activePackageVersionId: "pv1",
+            versionFollowRange: "pinned",
+        });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, {}).isPinned).toBe(true);
+    });
+    it("device explicitly unpinned overrides group pinned", () => {
+        const pkg = makePkg({
+            activePackageVersionId: "pv1",
+            versionFollowRange: "pinned",
+        });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, { pinned: false }).isPinned).toBe(false);
+    });
+    it("device followRange overrides group default", () => {
+        const pkg = makePkg({ versionFollowRange: "latest" });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, { followRange: "patch" }).followRange).toBe("patch");
+    });
+    it("device followTags overrides group default", () => {
+        const pkg = makePkg({ followVersionTags: "stable" });
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, { followTags: "*" }).followTags).toBe("*");
+    });
+    it("falls back to 'latest' followRange when group has no setting", () => {
+        const pkg = makePkg({});
+        expect((0, package_version_resolver_1.getEffectivePackagePrefs)(pkg, undefined).followRange).toBe("latest");
+    });
+});
+describe("packagePrefsVar", () => {
+    it("returns the same observable instance for repeated calls with the same args", () => {
+        const dc = groupDc();
+        const id = (0, utils_1.newid)();
+        const a = (0, package_version_resolver_1.packagePrefsVar)(id, dc);
+        const b = (0, package_version_resolver_1.packagePrefsVar)(id, dc);
+        expect(a).toBe(b);
+    });
+});

package/dist/data/package-versions.d.ts

@@ -53,12 +53,12 @@ declare const schema: z.ZodObject<{
     version: string;
     signature: string;
     packageId: string;
+    createdBy: string;
+    createdAt: string;
     packageVersionId: string;
     packageVersionHash: string;
     packageBundleFileId: string;
     packageBundleFileHash: string;
-    createdBy: string;
-    createdAt: string;
     history?: {
         at: string;
         action: string;
@@ -80,12 +80,12 @@ declare const schema: z.ZodObject<{
     version: string;
     signature: string;
     packageId: string;
+    createdBy: string;
+    createdAt: string;
     packageVersionId: string;
     packageVersionHash: string;
     packageBundleFileId: string;
     packageBundleFileHash: string;
-    createdBy: string;
-    createdAt: string;
     history?: {
         at: string;
         action: string;
@@ -120,10 +120,17 @@ export declare function PackageVersions(dataContext?: DataContext): PackageVersi
  * content only — `versionTag` is intentionally excluded so the same code
  * produces the same hash regardless of its promotion level (dev/beta/stable).
  *
- * @deprecated The `versionTag` parameter is accepted for backward compatibility
- * but ignored. It will be removed in a future release.
+ * @param version - Semver version string.
+ * @param _versionTag - **Deprecated.** Accepted for backward compatibility
+ *   but ignored. Will be removed in a future release.
+ * @param packageBundleFileHash - Hash of the main package bundle.
+ * @param routesBundleFileHash - Hash of the routes bundle, if any.
+ * @param uiBundleFileHash - Hash of the UI bundle, if any.
+ * @returns A content-addressable hash string.
  */
-export declare function computePackageVersionHash(version: string, _versionTag: string, packageBundleFileHash: string, routesBundleFileHash?: string, uiBundleFileHash?: string): string;
+export declare function computePackageVersionHash(version: string, 
+/** @deprecated Ignored — will be removed in a future release. */
+_versionTag: string, packageBundleFileHash: string, routesBundleFileHash?: string, uiBundleFileHash?: string): string;
 export declare function isVersionInRange(activeVersion: string, incomingVersion: string, range: "pinned" | "patch" | "minor" | "latest"): boolean;
 /**
  * Returns true if incomingVersion is strictly newer than activeVersion (semver comparison).

package/dist/data/package-versions.js

@@ -113,14 +113,7 @@ let PackageVersionsTable = (() => {
                 // users can do whatever they want to package versions in their personal space
                 return super.save(packageVersion, opts);
             }
-            try {
-                await (0, package_version_permissions_1.verifyPackageVersionSignature)(packageVersion, this.groupId);
-            }
-            catch (err) {
-                throw new Error("Package version verification failed.  Did you mean to call `signAndSave`?", {
-                    cause: err,
-                });
-            }
+            await (0, package_version_permissions_1.verifyPackageVersionSignature)(packageVersion, this.groupId);
             return super.save(packageVersion, opts);
         }
         async signAndSave(packageVersion, opts) {
@@ -128,7 +121,7 @@ let PackageVersionsTable = (() => {
                 throw new Error("Package version signing is not enabled. Call PackageVersionsTable.enablePackageVersionSigning(fn) to enable it.");
             }
             packageVersion = await PackageVersionsTable.addSignatureToPackageVersion(packageVersion);
-            return super.save(packageVersion, opts);
+            return this.save(packageVersion, opts);
         }
         static addSignatureToPackageVersion = undefined;
         static enablePackageVersionSigning(fn) {
@@ -150,10 +143,17 @@ function PackageVersions(dataContext) {
  * content only — `versionTag` is intentionally excluded so the same code
  * produces the same hash regardless of its promotion level (dev/beta/stable).
  *
- * @deprecated The `versionTag` parameter is accepted for backward compatibility
- * but ignored. It will be removed in a future release.
+ * @param version - Semver version string.
+ * @param _versionTag - **Deprecated.** Accepted for backward compatibility
+ *   but ignored. Will be removed in a future release.
+ * @param packageBundleFileHash - Hash of the main package bundle.
+ * @param routesBundleFileHash - Hash of the routes bundle, if any.
+ * @param uiBundleFileHash - Hash of the UI bundle, if any.
+ * @returns A content-addressable hash string.
  */
-function computePackageVersionHash(version, _versionTag, packageBundleFileHash, routesBundleFileHash, uiBundleFileHash) {
+function computePackageVersionHash(version, 
+/** @deprecated Ignored — will be removed in a future release. */
+_versionTag, packageBundleFileHash, routesBundleFileHash, uiBundleFileHash) {
     return (0, keys_1.hashValue)([version, packageBundleFileHash, routesBundleFileHash ?? "", uiBundleFileHash ?? ""].join(":"));
 }
 function isVersionInRange(activeVersion, incomingVersion, range) {

package/dist/data/package-versions.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/data/package-versions.test.js

@@ -0,0 +1,227 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const SQLiteDB = require("better-sqlite3");
+const user_context_1 = require("../context/user-context");
+const user_context_singleton_1 = require("../context/user-context-singleton");
+const keys_1 = require("../keys");
+const utils_1 = require("../utils");
+const group_member_roles_1 = require("./group-member-roles");
+const group_members_1 = require("./group-members");
+const groups_1 = require("./groups");
+const sql_data_source_1 = require("./orm/sql.data-source");
+const package_versions_1 = require("./package-versions");
+const users_1 = require("./users");
+// ---------------------------------------------------------------------------
+// In-memory SQLite harness (same pattern as sql.data-source.test.ts)
+// ---------------------------------------------------------------------------
+class DBHarness {
+    _db = null;
+    get db() {
+        if (!this._db) {
+            this._db = new SQLiteDB(":memory:");
+            this._db.pragma("journal_mode = WAL");
+        }
+        return this._db;
+    }
+    async get(sql, params = []) {
+        return this.db.prepare(sql).get(params);
+    }
+    async all(sql, params = []) {
+        return this.db.prepare(sql).all(params);
+    }
+    async exec(sql, params = []) {
+        const result = this.db.prepare(sql).run(params);
+        return { changes: result.changes };
+    }
+    async close() {
+        this._db?.close();
+        this._db = null;
+    }
+}
+// ---------------------------------------------------------------------------
+// Test fixtures
+// ---------------------------------------------------------------------------
+const writerKeys = (0, keys_1.newKeys)();
+const adminKeys = (0, keys_1.newKeys)();
+const testGroupId = (0, utils_1.newid)();
+const writerUserId = (0, utils_1.newid)();
+const adminUserId = (0, utils_1.newid)();
+function makePV(overrides = {}) {
+    return {
+        packageVersionId: (0, utils_1.newid)(),
+        packageId: (0, utils_1.newid)(),
+        version: "1.0.0",
+        versionTag: "dev",
+        packageVersionHash: "testhash",
+        packageBundleFileId: (0, utils_1.newid)(),
+        packageBundleFileHash: "bundlehash",
+        signature: "",
+        createdBy: writerUserId,
+        createdAt: new Date().toISOString(),
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// Setup: create a real ephemeral UserContext with Users + GroupMembers seeded
+// so that getUserRoleFromPublicKey resolves Writer vs Admin from real data.
+// ---------------------------------------------------------------------------
+let userContext;
+beforeAll(async () => {
+    const db = new DBHarness();
+    const dataSourceFactory = (metaData, schema) => {
+        return new sql_data_source_1.SQLDataSource(db, metaData, schema);
+    };
+    userContext = new user_context_1.UserContext(writerUserId, dataSourceFactory, true);
+    await userContext.loadingPromise;
+    userContext.deviceId((0, utils_1.newid)());
+    (0, user_context_singleton_1.setUserContext)(userContext);
+    const dc = userContext.userDataContext;
+    // Enable passthrough so seeding skips signature checks on Groups/GroupMembers/Users
+    groups_1.GroupsTable.isPassthrough = true;
+    group_members_1.GroupMembersTable.isPassthrough = true;
+    users_1.UsersTable.isPassthrough = true;
+    // Seed the writer user
+    const { Users } = await Promise.resolve().then(() => require("./users"));
+    const writerUser = {
+        userId: writerUserId,
+        name: "Writer User",
+        publicKey: writerKeys.publicKey,
+        publicBoxKey: "",
+        signature: "",
+    };
+    await Users(dc).save(writerUser);
+    // Seed the admin user
+    const adminUser = {
+        userId: adminUserId,
+        name: "Admin User",
+        publicKey: adminKeys.publicKey,
+        publicBoxKey: "",
+        signature: "",
+    };
+    await Users(dc).save(adminUser);
+    // Seed a group so the group lookup finds real data (not "group not found → Founder")
+    const { Groups } = await Promise.resolve().then(() => require("./groups"));
+    await Groups(dc).save({
+        groupId: testGroupId,
+        name: "Test Group",
+        description: "",
+        founderUserId: (0, utils_1.newid)(), // different from writer/admin so nobody is auto-Founder
+        signature: "",
+        publicKey: "",
+        publicBoxKey: "",
+    });
+    // Seed group memberships with real roles
+    const { GroupMembers } = await Promise.resolve().then(() => require("./group-members"));
+    const writerMembership = {
+        groupMemberId: (0, utils_1.newid)(),
+        groupId: testGroupId,
+        userId: writerUserId,
+        role: group_member_roles_1.GroupMemberRole.Writer,
+        signature: "",
+    };
+    await GroupMembers(dc).save(writerMembership);
+    const adminMembership = {
+        groupMemberId: (0, utils_1.newid)(),
+        groupId: testGroupId,
+        userId: adminUserId,
+        role: group_member_roles_1.GroupMemberRole.Admin,
+        signature: "",
+    };
+    await GroupMembers(dc).save(adminMembership);
+    // Disable passthrough so the real permission checks apply during tests
+    groups_1.GroupsTable.isPassthrough = false;
+    group_members_1.GroupMembersTable.isPassthrough = false;
+    users_1.UsersTable.isPassthrough = false;
+    // Enable real signing
+    package_versions_1.PackageVersionsTable.enablePackageVersionSigning((pv) => (0, keys_1.addSignatureToObject)(pv, activeSecretKey));
+});
+let activeSecretKey = writerKeys.secretKey;
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+describe("PackageVersionsTable.signAndSave — promotion permission enforcement", () => {
+    // These tests exercise the real signAndSave → save → verifyPackageVersionSignature
+    // chain against a real in-memory database with real group membership data.
+    //
+    // THE BUG: signAndSave previously called super.save() which skipped the
+    // overridden save() and its verifyPackageVersionSignature check. A Writer
+    // could promote dev → beta/stable unchallenged.
+    //
+    // THE FIX: signAndSave now calls this.save(), so the permission check fires.
+    // Helper: get the PackageVersions table in the test group context
+    function pvTable() {
+        const dc = userContext.getDataContext(testGroupId);
+        return (0, package_versions_1.PackageVersions)(dc);
+    }
+    describe("Writer role", () => {
+        beforeEach(() => {
+            activeSecretKey = writerKeys.secretKey;
+        });
+        it("can signAndSave a dev version", async () => {
+            const pv = makePV({ versionTag: "dev" });
+            const saved = await pvTable().signAndSave(pv);
+            expect(saved.versionTag).toBe("dev");
+            expect(saved.signature).toBeTruthy();
+        });
+        it("is blocked from signAndSave with versionTag=beta", async () => {
+            const pv = makePV({ versionTag: "beta" });
+            // Before the fix: this would PASS (super.save skipped the check)
+            // After the fix: this correctly REJECTS
+            await expect(pvTable().signAndSave(pv)).rejects.toThrow("Only group admins can create or update beta/stable package versions");
+        });
+        it("is blocked from signAndSave with versionTag=stable", async () => {
+            const pv = makePV({ versionTag: "stable" });
+            await expect(pvTable().signAndSave(pv)).rejects.toThrow("Only group admins can create or update beta/stable package versions");
+        });
+        it("is blocked from promoting an existing dev version to beta", async () => {
+            const pv = makePV({ versionTag: "dev" });
+            const saved = await pvTable().signAndSave(pv);
+            const promoted = { ...saved, versionTag: "beta" };
+            await expect(pvTable().signAndSave(promoted)).rejects.toThrow("Only group admins can create or update beta/stable package versions");
+        });
+    });
+    describe("Admin role", () => {
+        beforeEach(() => {
+            activeSecretKey = adminKeys.secretKey;
+        });
+        it("can signAndSave a dev version", async () => {
+            const pv = makePV({ versionTag: "dev" });
+            const saved = await pvTable().signAndSave(pv);
+            expect(saved.versionTag).toBe("dev");
+        });
+        it("can signAndSave a beta version", async () => {
+            const pv = makePV({ versionTag: "beta" });
+            const saved = await pvTable().signAndSave(pv);
+            expect(saved.versionTag).toBe("beta");
+        });
+        it("can signAndSave a stable version", async () => {
+            const pv = makePV({ versionTag: "stable" });
+            const saved = await pvTable().signAndSave(pv);
+            expect(saved.versionTag).toBe("stable");
+        });
+        it("can promote an existing dev version to beta", async () => {
+            const pv = makePV({ versionTag: "dev" });
+            const saved = await pvTable().signAndSave(pv);
+            const promoted = { ...saved, versionTag: "beta" };
+            const result = await pvTable().signAndSave(promoted);
+            expect(result.versionTag).toBe("beta");
+        });
+        it("can promote an existing beta version to stable", async () => {
+            const pv = makePV({ versionTag: "beta" });
+            const saved = await pvTable().signAndSave(pv);
+            const promoted = { ...saved, versionTag: "stable" };
+            const result = await pvTable().signAndSave(promoted);
+            expect(result.versionTag).toBe("stable");
+        });
+    });
+    describe("personal space (no group)", () => {
+        it("allows Writer to signAndSave any tag without restriction", async () => {
+            activeSecretKey = writerKeys.secretKey;
+            const dc = userContext.userDataContext;
+            const table = (0, package_versions_1.PackageVersions)(dc);
+            const pv = makePV({ versionTag: "stable" });
+            const saved = await table.signAndSave(pv);
+            expect(saved.versionTag).toBe("stable");
+        });
+    });
+});

package/dist/data/packages.d.ts

@@ -9,6 +9,7 @@ declare const schema: z.ZodObject<{
     createdBy: z.ZodEffects<z.ZodString, string, string>;
     disabled: z.ZodOptional<z.ZodBoolean>;
     remoteRepo: z.ZodOptional<z.ZodString>;
+    /** @deprecated Read appNavs from the active IPackageVersion record instead. */
     appNavs: z.ZodOptional<z.ZodArray<z.ZodObject<{
         name: z.ZodString;
         displayName: z.ZodOptional<z.ZodString>;