@tellescope/sdk 1.251.0 → 1.252.0

package/src/tests/api_tests/security/F-0001-data-sync-redaction-bypass.test.ts

@@ -0,0 +1,236 @@
+require('source-map-support').install();
+
+import { Session } from "../../../sdk"
+import {
+  async_test,
+  log_header,
+  wait,
+} from "@tellescope/testing"
+import { setup_tests } from "../../setup"
+import { PROVIDER_PERMISSIONS } from "@tellescope/constants"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+const [nonAdminEmail, nonAdminPassword] = [process.env.NON_ADMIN_EMAIL, process.env.NON_ADMIN_PASSWORD]
+
+const FULL_ACCESS = { create: 'All' as const, read: 'All' as const, update: 'All' as const, delete: 'All' as const }
+
+// Schema fields tagged `redactions: ['all']` that must never appear in
+// `/v1/data-sync` results. See packages/public/schema/src/schema.ts.
+const REDACTABLE_FIELDS_BY_MODEL: Record<string, string[]> = {
+  users:    ['hashedPass', 'hashedInviteCode'],
+  endusers: ['hashedPassword'],
+}
+
+type Violation = { modelName: string, recordId: string, leakedField: string }
+
+const collectViolations = (results: { modelName: string, recordId: string, data: string }[]): Violation[] => {
+  const violations: Violation[] = []
+  for (const record of results) {
+    if (!record.data || record.data === 'deleted') continue
+    const fields = REDACTABLE_FIELDS_BY_MODEL[record.modelName]
+    if (!fields) continue
+    let parsed: any
+    try { parsed = JSON.parse(record.data) } catch { continue }
+    for (const f of fields) {
+      if (f in parsed && parsed[f] !== undefined && parsed[f] !== null && parsed[f] !== '') {
+        violations.push({ modelName: record.modelName, recordId: record.recordId, leakedField: f })
+      }
+    }
+  }
+  return violations
+}
+
+/**
+ * Regression test for F-0001 (security-audit/findings/F-0001-data-sync-bypasses-applyRedactions.md).
+ *
+ * The /v1/data-sync handler must apply the central applyRedactions() pipeline to
+ * every non-deleted record. The original bug: redactions were gated behind
+ *   `if (session.fieldRedactions && session.fieldRedactions[record.modelName])`
+ * which meant any session without role-based field redactions (including all
+ * admins) received raw records — leaking schema-level `redactions: ['all']`
+ * fields (hashedPass, hashedPassword, hashedInviteCode).
+ *
+ * This test:
+ *   1. Configures a non-admin user with broad read access on users + endusers
+ *      and NO fieldRedactions — the realistic "regular user with read access"
+ *      condition that triggers the bypass.
+ *   2. Creates an enduser with a password to populate the sync stream.
+ *   3. Calls /v1/data-sync as the non-admin.
+ *   4. Asserts no returned record contains hashedPass / hashedPassword /
+ *      hashedInviteCode.
+ *
+ * Pre-fix: assertion fails with leaked records.
+ * Post-fix: assertion passes.
+ */
+export const data_sync_redaction_bypass_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("F-0001: /v1/data-sync field-redaction bypass regression")
+
+  const roleName = `f0001-data-sync-bypass-${Date.now()}`
+  let testEnduserId: string | undefined
+  let rbapId: string | undefined
+  const originalRoles = sdkNonAdmin.userInfo.roles
+
+  try {
+    // 1. Create a role with broad read access but NO fieldRedactions.
+    //    This is the realistic "regular user with read access" condition
+    //    that triggers the bypass in the pre-fix handler.
+    const rbap = await sdk.api.role_based_access_permissions.createOne({
+      role: roleName,
+      permissions: {
+        ...PROVIDER_PERMISSIONS,
+        users: FULL_ACCESS,
+        endusers: FULL_ACCESS,
+      },
+      // intentionally NO fieldRedactions — this is the exploit condition.
+    })
+    rbapId = rbap.id
+
+    // 2. Assign role to the non-admin user and re-authenticate so the new
+    //    session reflects the role's permissions.
+    await sdk.api.users.updateOne(
+      sdkNonAdmin.userInfo.id,
+      { roles: [roleName] },
+      { replaceObjectFields: true },
+    )
+    await wait(undefined, 1500)
+    await sdkNonAdmin.authenticate(nonAdminEmail!, nonAdminPassword!)
+
+    // 3. Create a test enduser and set a password — this populates
+    //    `hashedPassword` on the enduser record and writes a data_sync_records
+    //    row for it.
+    const testEnduser = await sdk.api.endusers.createOne({
+      fname: 'F0001Target',
+      lname: 'Patient',
+      email: `f0001-target-${Date.now()}@example.com`,
+    })
+    testEnduserId = testEnduser.id
+    await sdk.api.endusers.set_password({ id: testEnduser.id, password: 'F0001TestPassword!123' })
+
+    // The non-admin user's own `hashedPass` is set from login and refreshed
+    // on every write to their user record (e.g., the role-assignment update
+    // above). No extra setup needed for users.hashedPass to be in the stream.
+
+    await wait(undefined, 500)
+
+    // 4. As the non-admin, call /v1/data-sync from epoch zero to capture all
+    //    sync records the role can see.
+    const sync = await sdkNonAdmin.sync({ from: new Date(0) })
+
+    // 5. Walk every record. Fail if any contains a `redactions: ['all']` field.
+    const violations = collectViolations(sync.results)
+
+    // Belt-and-suspenders: at least one user record SHOULD be in the stream
+    // (the non-admin's own record). If the stream is empty, the assertion below
+    // would pass vacuously — guard against that.
+    const userRecordsInStream = sync.results.filter(r => r.modelName === 'users').length
+    await async_test(
+      "F-0001 guard: /v1/data-sync sync stream contains at least one user record",
+      async () => ({ userRecords: userRecordsInStream, totalRecords: sync.results.length }),
+      { onResult: r => r.userRecords >= 1 },
+    )
+
+    await async_test(
+      "F-0001: /v1/data-sync must NOT return hashedPass / hashedPassword / hashedInviteCode (see security-audit/findings/F-0001)",
+      async () => ({
+        violationCount: violations.length,
+        violations: violations.slice(0, 10),
+        affectedModels: Array.from(new Set(violations.map(v => v.modelName))),
+        affectedFields: Array.from(new Set(violations.map(v => v.leakedField))),
+      }),
+      { onResult: r => r.violationCount === 0 },
+    )
+
+    // ========================================================================
+    // Additional coverage for applyRedactions code paths reachable via /v1/data-sync.
+    // Each of these is a distinct branch in applyRedactions (routing.ts:1165-1238)
+    // and could regress independently of the F-0001 fix.
+    // ========================================================================
+
+    // Case A: schema-level `redactions: ['all']` must apply to ADMIN sessions too.
+    // Admins have no session.fieldRedactions, but `redactions: ['all']` is universal.
+    // Pre-fix: admin saw hashedPass via data-sync because applyRedactions was skipped entirely.
+    // Post-fix: applyRedactions always runs and `redactions: ['all']` strips for everyone.
+    const adminSync = await sdk.sync({ from: new Date(0) })
+    const adminViolations = collectViolations(adminSync.results)
+    await async_test(
+      "F-0001 coverage A: admin /v1/data-sync also strips redactions:['all'] fields (hashedPass etc.)",
+      async () => ({
+        violationCount: adminViolations.length,
+        violations: adminViolations.slice(0, 10),
+      }),
+      { onResult: r => r.violationCount === 0 },
+    )
+
+    // Case B: `linkedAccountAccess` on users must be stripped when the caller is NOT
+    // the record's owner. This is a separate branch in applyRedactions (routing.ts:1220-1225)
+    // and protects against cross-user enumeration of who-requested-access-to-whom.
+    // The non-admin user reads other user records via data-sync; if any of those
+    // records have linkedAccountAccess set, it must be stripped on read.
+    const otherUsersInStream = sync.results.filter(
+      r => r.modelName === 'users' && r.recordId !== sdkNonAdmin.userInfo.id
+    )
+    const linkedAccountLeaks: { recordId: string }[] = []
+    for (const record of otherUsersInStream) {
+      if (!record.data || record.data === 'deleted') continue
+      try {
+        const parsed = JSON.parse(record.data)
+        if ('linkedAccountAccess' in parsed && parsed.linkedAccountAccess !== undefined) {
+          linkedAccountLeaks.push({ recordId: record.recordId })
+        }
+      } catch {}
+    }
+    await async_test(
+      "F-0001 coverage B: /v1/data-sync strips linkedAccountAccess from other users' records",
+      async () => ({
+        otherUserRecords: otherUsersInStream.length,
+        leakCount: linkedAccountLeaks.length,
+        leaks: linkedAccountLeaks.slice(0, 5),
+      }),
+      { onResult: r => r.leakCount === 0 },
+    )
+  } finally {
+    // Cleanup: restore non-admin's original roles, delete role and test enduser.
+    try {
+      await sdk.api.users.updateOne(
+        sdkNonAdmin.userInfo.id,
+        { roles: originalRoles ?? [] },
+        { replaceObjectFields: true },
+      )
+    } catch {}
+    if (rbapId) {
+      try { await sdk.api.role_based_access_permissions.deleteOne(rbapId) } catch {}
+    }
+    if (testEnduserId) {
+      try { await sdk.api.endusers.deleteOne(testEnduserId) } catch {}
+    }
+    // Re-authenticate the non-admin to drop the exploit role from their JWT
+    // before subsequent tests run.
+    // Role restore above re-triggers deauthenticate_user; wait > 1s so the freshly minted
+    // token's (second-floored) iat lands after the deauth timestamp and isn't permanently
+    // rejected by is_logged_in's iat-slack check. Matches the in-test re-auth above.
+    await wait(undefined, 1500)
+    try { await sdkNonAdmin.authenticate(nonAdminEmail!, nonAdminPassword!) } catch {}
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await data_sync_redaction_bypass_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ F-0001 data-sync redaction-bypass test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ F-0001 data-sync redaction-bypass test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/api_tests/security/F-0005-ai-conversations-rbac.test.ts

@@ -0,0 +1,154 @@
+require('source-map-support').install();
+
+import { ObjectId } from 'bson'
+import { Session } from "../../../sdk"
+import {
+  async_test,
+  log_header,
+  wait,
+} from "@tellescope/testing"
+import { setup_tests } from "../../setup"
+import { PROVIDER_PERMISSIONS } from "@tellescope/constants"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+const [nonAdminEmail, nonAdminPassword] = [process.env.NON_ADMIN_EMAIL, process.env.NON_ADMIN_PASSWORD]
+
+/**
+ * Regression test for F-0005 (security-audit/findings/F-0005-ai-conversations-bypass-rbac.md).
+ *
+ * Both `ai_conversations.send_message` and `ai_conversations.generate_ai_decision` are
+ * registered with `noAccessPermissions: true` ([api.ts:22699, 22721](packages/private/api/api/v1/api.ts)).
+ * Their only access gate is `if (req.session.type === 'enduser') throw 403`. They must ALSO
+ * check `session.access?.ai_conversations?.<action>` (and `session.access?.endusers?.read`
+ * for generate_ai_decision) — the standard pattern used 16 lines earlier in the same file
+ * at api.ts:22680 for the background_errors handler.
+ *
+ * This test:
+ *   1. Creates a role with explicit NO_ACCESS for ai_conversations (and endusers).
+ *   2. Assigns the role to the non-admin user.
+ *   3. Calls each endpoint as the non-admin.
+ *   4. Asserts each endpoint returns a 403-equivalent error (not 200).
+ *
+ * Pre-fix:
+ *   - send_message: 200 (or some downstream error from Bedrock) — NOT 403. Test fails.
+ *   - generate_ai_decision: 200 with `{}` (handler responds early before access check). Test fails.
+ *
+ * Post-fix: both endpoints throw 403 before any work happens. Test passes.
+ */
+export const ai_conversations_rbac_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("F-0005: ai_conversations RBAC bypass regression")
+
+  const roleName = `f0005-ai-conversations-no-access-${Date.now()}`
+  let rbapId: string | undefined
+  const originalRoles = sdkNonAdmin.userInfo.roles
+
+  try {
+    // 1. Create a role that explicitly denies ai_conversations access AND endusers access.
+    //    This is the realistic configuration the bypass affects: a tenant operator
+    //    deliberately restricts a role from reading AI conversations / enduser PHI.
+    const rbap = await sdk.api.role_based_access_permissions.createOne({
+      role: roleName,
+      permissions: {
+        ...PROVIDER_PERMISSIONS,
+        ai_conversations: { create: null, read: null, update: null, delete: null },
+        endusers:         { create: null, read: null, update: null, delete: null },
+      },
+    })
+    rbapId = rbap.id
+
+    // 2. Assign the role to the non-admin user and re-authenticate so the new
+    //    session reflects the role's denied permissions.
+    await sdk.api.users.updateOne(
+      sdkNonAdmin.userInfo.id,
+      { roles: [roleName] },
+      { replaceObjectFields: true },
+    )
+    await wait(undefined, 1500)
+    await sdkNonAdmin.authenticate(nonAdminEmail!, nonAdminPassword!)
+
+    // 3a. send_message must throw 403 (or equivalent access error). Pre-fix: succeeds (or
+    //     fails downstream in Bedrock without 403). Post-fix: throws before any work.
+    await async_test(
+      "F-0005: ai_conversations.send_message must throw 403 when role denies ai_conversations",
+      () => sdkNonAdmin.api.ai_conversations.send_message({
+        message: 'F-0005 regression test',
+        type: 'Test',
+      } as any),
+      {
+        shouldError: true,
+        onError: (e: any) => {
+          // Accept any 4xx access-denial response — handler may use 403 (recommended)
+          // or 400 with "access" / "permission" in the message.
+          const msg = (e?.message ?? '').toLowerCase()
+          const status = e?.status ?? e?.code
+          return status === 403 || status === 401
+            || msg.includes('access') || msg.includes('permission') || msg.includes('forbidden')
+        },
+      },
+    )
+
+    // 3b. generate_ai_decision must throw 403 BEFORE the early res.json({}) response.
+    //     Pre-fix: handler responds 200 with {} immediately and processes in background.
+    //     Post-fix: handler throws 403 before res.json({}).
+    await async_test(
+      "F-0005: ai_conversations.generate_ai_decision must throw 403 when role denies endusers/ai_conversations",
+      () => sdkNonAdmin.api.ai_conversations.generate_ai_decision({
+        enduserId: new ObjectId().toHexString(),        // fake id — access check should fire first
+        automationStepId: new ObjectId().toHexString(),  // fake id — access check should fire first
+        outcomes: ['yes', 'no'],
+        prompt: 'F-0005 regression test',
+        sources: [{ type: 'SMS', limit: 1 }],            // non-empty so the validator passes; access check then fires
+      } as any),
+      {
+        shouldError: true,
+        onError: (e: any) => {
+          const msg = (e?.message ?? '').toLowerCase()
+          const status = e?.status ?? e?.code
+          return status === 403 || status === 401
+            || msg.includes('access') || msg.includes('permission') || msg.includes('forbidden')
+        },
+      },
+    )
+  } finally {
+    // Cleanup: restore original roles, delete the test role.
+    try {
+      await sdk.api.users.updateOne(
+        sdkNonAdmin.userInfo.id,
+        { roles: originalRoles ?? [] },
+        { replaceObjectFields: true },
+      )
+    } catch {}
+    if (rbapId) {
+      try { await sdk.api.role_based_access_permissions.deleteOne(rbapId) } catch {}
+    }
+    // Re-authenticate the non-admin to drop the no-access role from their JWT
+    // before subsequent tests run.
+    // Role restore above re-triggers deauthenticate_user; wait > 1s so the freshly minted
+    // token's (second-floored) iat lands after the deauth timestamp and isn't permanently
+    // rejected by is_logged_in's iat-slack check. Matches the in-test re-auth above.
+    await wait(undefined, 1500)
+    try { await sdkNonAdmin.authenticate(nonAdminEmail!, nonAdminPassword!) } catch {}
+  }
+}
+
+// Allow running this test file independently
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await ai_conversations_rbac_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ F-0005 ai_conversations RBAC test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ F-0005 ai_conversations RBAC test suite failed:", error)
+      process.exit(1)
+    })
+}

package/src/tests/api_tests/security/F-0007-invite-user-enumeration.test.ts

@@ -0,0 +1,198 @@
+require('source-map-support').install();
+
+import axios from "axios"
+import { Session } from "../../../sdk"
+import {
+  async_test,
+  log_header,
+  wait,
+} from "@tellescope/testing"
+import { setup_tests } from "../../setup"
+
+const host = process.env.API_URL || 'http://localhost:8080' as const
+
+const CROSS_ORG_API_KEY = process.env.CROSS_ORG_API_KEY
+const CROSS_ORG_TARGET_BUSINESS_ID = process.env.CROSS_ORG_TARGET_BUSINESS_ID
+
+const post = async (path: string, body: any, headers: Record<string, string> = {}) => {
+  try {
+    const res = await axios.post(`${host}${path}`, body, {
+      validateStatus: () => true,
+      headers,
+    })
+    return { status: res.status, data: res.data }
+  } catch (err: any) {
+    return { status: err?.response?.status, data: err?.response?.data }
+  }
+}
+
+/**
+ * Regression test for F-0007 (security-audit/findings/F-0007-invite-user-cross-tenant-email-enumeration.md).
+ *
+ * `users.invite_user` previously used `buildAllQueries({ unrestricted: true, organizationIds: [] }).users.findOne({ email })`
+ * to enforce platform-wide email uniqueness and threw the distinctive `"A user with this email already exists"`
+ * error on duplicate — regardless of which tenant the existing user was in. Any authenticated user could
+ * therefore probe whether email X is registered to any tenant on the platform.
+ *
+ * **Tests only the negative case** — never drives a successful invite (which would create a real user
+ * record and send a real transactional email). All assertions use either:
+ *   - An email that already exists in the test tenant (the admin's own email), so each call short-circuits
+ *     at the same-tenant duplicate check or rate-limit check before any invite work happens, OR
+ *   - The cross-org infrastructure (CROSS_ORG_API_KEY env var) targeting an email that exists in a different
+ *     tenant — verifies the post-fix response does NOT distinguish "exists elsewhere" from a generic outcome.
+ *
+ * Assertions:
+ *   1. Rate-limit defense-in-depth: rapid same-tenant duplicate requests trip 429 within ~12 attempts.
+ *   2. Same-tenant duplicate: returns the same `"already exists"` error pre/post-fix (this branch is
+ *      unchanged by the fix; asserted for regression-safety).
+ *   3. Cross-tenant duplicate (env-gated): post-fix response shape does NOT contain the `"already exists"`
+ *      string and matches the silent-no-op shape `{ created: { id: ... } }`. Skipped when CROSS_ORG_*
+ *      env vars are not set, mirroring cross_org_api_key.test.ts convention.
+ */
+export const invite_user_enumeration_tests = async ({ sdk, sdkNonAdmin } : { sdk: Session, sdkNonAdmin: Session }) => {
+  log_header("F-0007: users.invite_user cross-tenant enumeration regression")
+
+  // Reset state so prior tests' rate-limit accounting doesn't leak in.
+  await sdk.reset_db()
+
+  const organizationId = sdk.userInfo.organizationIds?.[0] ?? sdk.userInfo.businessId
+  // Use the test admin's own email — guaranteed to exist in the test tenant, so every invite
+  // request short-circuits at the same-tenant duplicate check (or earlier at the rate-limit
+  // check). No real users get created, no emails get sent.
+  const sameTenantExistingEmail = process.env.TEST_EMAIL!
+
+  // ====================================================================
+  // Assertion 1: rate-limit defense-in-depth
+  // Fire 15 requests with the admin's own email. Post-fix: rate limit
+  // fires before the same-tenant duplicate check on call 11+. Pre-fix:
+  // every call returns 400 "already exists" forever.
+  // ====================================================================
+  let rateLimitedAt = -1
+  for (let i = 0; i < 15; i++) {
+    const r = await post(
+      '/v1/invite-user-to-organization',
+      {
+        email: sameTenantExistingEmail,
+        fname: 'F0007', lname: 'RateLimit',
+        organizationId,
+      },
+      { Authorization: `Bearer ${sdk.authToken}` },
+    )
+    if (r.status === 429) {
+      rateLimitedAt = i
+      break
+    }
+  }
+
+  await async_test(
+    "F-0007: invite_user rate-limits within ~12 rapid requests (defense-in-depth; no invites sent)",
+    async () => ({ rateLimitedAt }),
+    { onResult: r => r.rateLimitedAt >= 0 && r.rateLimitedAt <= 12 },
+  )
+
+  // ====================================================================
+  // Assertion 2: same-tenant duplicate returns the descriptive error
+  // (unchanged by the fix; regression guard so a future change to the
+  // duplicate-detection path doesn't accidentally suppress same-tenant
+  // errors that operators rely on).
+  // ====================================================================
+  // Let rate limit decay so this single call isn't blocked.
+  await wait(undefined, 5000)
+  await sdk.reset_db()
+
+  const sameTenantRes = await post(
+    '/v1/invite-user-to-organization',
+    {
+      email: sameTenantExistingEmail,
+      fname: 'F0007', lname: 'SameTenant',
+      organizationId,
+    },
+    { Authorization: `Bearer ${sdk.authToken}` },
+  )
+
+  await async_test(
+    "F-0007: invite_user same-tenant duplicate returns 400 'already exists' (unchanged)",
+    async () => ({
+      status: sameTenantRes.status,
+      message: sameTenantRes.data?.message ?? '',
+    }),
+    { onResult: r => r.status === 400 && r.message.toLowerCase().includes('already exists') },
+  )
+
+  // ====================================================================
+  // Assertion 3: cross-tenant duplicate must NOT reveal existence
+  // Env-gated; skipped when cross-org infra not configured.
+  // ====================================================================
+  if (!(CROSS_ORG_API_KEY && CROSS_ORG_TARGET_BUSINESS_ID)) {
+    console.log("  [F-0007] Skipping cross-tenant silent no-op assertion — CROSS_ORG_* env vars not set")
+    return
+  }
+
+  // The target email is the admin's email in the home (test) tenant. We then attempt to invite
+  // that same email FROM a session belonging to the cross-org target tenant. Post-fix, the
+  // response should NOT contain "already exists" — it must be indistinguishable from a
+  // successful invite OR a generic non-revealing response. Pre-fix, the response is the
+  // distinctive "already exists" error revealing cross-tenant existence.
+  const sdkCrossOrg = new Session({
+    host,
+    apiKey: CROSS_ORG_API_KEY,
+    headers: { 'x-tellescope-organization': CROSS_ORG_TARGET_BUSINESS_ID },
+  })
+
+  // Resolve an organizationId in the target business. Falls back to the businessId itself.
+  let targetOrgId = CROSS_ORG_TARGET_BUSINESS_ID
+  try {
+    const orgs = await sdkCrossOrg.api.organizations.getSome({ limit: 1 })
+    if (orgs?.[0]?.id) targetOrgId = orgs[0].id
+  } catch {}
+
+  const crossRes = await post(
+    '/v1/invite-user-to-organization',
+    {
+      email: sameTenantExistingEmail,
+      fname: 'F0007', lname: 'CrossTenantProbe',
+      organizationId: targetOrgId,
+    },
+    {
+      Authorization: `API_KEY ${CROSS_ORG_API_KEY}`,
+      'x-tellescope-organization': CROSS_ORG_TARGET_BUSINESS_ID,
+    },
+  )
+
+  await async_test(
+    "F-0007: cross-tenant invite of existing email must NOT return 'already exists' (no enumeration)",
+    async () => ({
+      status: crossRes.status,
+      message: crossRes.data?.message ?? '',
+      hasCreatedShape: !!crossRes.data?.created?.id,
+    }),
+    {
+      onResult: r =>
+        // The response MUST NOT contain the "already exists" string regardless of status.
+        // Acceptable post-fix shapes: 200 with `{ created: { id: ... } }` (silent no-op), or
+        // 200 with a generic ack. Rate-limit 429 also OK if it slipped through to here.
+        !r.message.toLowerCase().includes('already exists'),
+    },
+  )
+}
+
+if (require.main === module) {
+  console.log(`🌐 Using API URL: ${host}`)
+  const sdk = new Session({ host })
+  const sdkNonAdmin = new Session({ host })
+
+  const runTests = async () => {
+    await setup_tests(sdk, sdkNonAdmin)
+    await invite_user_enumeration_tests({ sdk, sdkNonAdmin })
+  }
+
+  runTests()
+    .then(() => {
+      console.log("✅ F-0007 invite_user enumeration test suite completed successfully")
+      process.exit(0)
+    })
+    .catch((error) => {
+      console.error("❌ F-0007 invite_user enumeration test suite failed:", error)
+      process.exit(1)
+    })
+}