npm - @tellescope/sdk - Versions diffs - 1.252.0 → 1.252.1 - Mend

@tellescope/sdk 1.252.0 → 1.252.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/lib/cjs/tests/api_tests/calendar_canvas_coding_clear.test.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { Session } from "../../sdk";
+export declare const calendar_canvas_coding_clear_tests: ({ sdk }: {
+    sdk: Session;
+    sdkNonAdmin: Session;
+}) => Promise<void>;
+//# sourceMappingURL=calendar_canvas_coding_clear.test.d.ts.map

package/lib/cjs/tests/api_tests/calendar_canvas_coding_clear.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"calendar_canvas_coding_clear.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/calendar_canvas_coding_clear.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAgBnC,eAAO,MAAM,kCAAkC;SAC5B,OAAO;iBAAe,OAAO;mBA2C/C,CAAA"}

package/lib/cjs/tests/api_tests/calendar_canvas_coding_clear.test.js ADDED Viewed

@@ -0,0 +1,139 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.calendar_canvas_coding_clear_tests = void 0;
+require('source-map-support').install();
+var sdk_1 = require("../../sdk");
+var testing_1 = require("@tellescope/testing");
+var setup_1 = require("../setup");
+var host = process.env.API_URL || 'http://localhost:8080';
+// Reproduces CU-86e1q4e51: clearing Canvas codings (sending an all-empty-string
+// coding object with replaceObjectFields) on a template/event that previously had
+// them saved must succeed. Pre-fix the backend rejected '' with a 400
+// ("Expecting non-empty string") because the fields used canvasCodingValidator.
+var POPULATED_CODING = { system: 'http://snomed.info/sct', code: '12345', display: 'Example Coding' };
+var EMPTY_CODING = { system: '', code: '', display: '' };
+var calendar_canvas_coding_clear_tests = function (_a) {
+    var sdk = _a.sdk;
+    return __awaiter(void 0, void 0, void 0, function () {
+        var template, event, _b, _c;
+        return __generator(this, function (_d) {
+            switch (_d.label) {
+                case 0:
+                    (0, testing_1.log_header)("Calendar Canvas Coding Clear Tests");
+                    return [4 /*yield*/, sdk.api.calendar_event_templates.createOne({
+                            title: 'Canvas Coding Clear Template',
+                            durationInMinutes: 30,
+                            canvasCoding: POPULATED_CODING,
+                            canvasReasonCoding: POPULATED_CODING,
+                        })];
+                case 1:
+                    template = _d.sent();
+                    return [4 /*yield*/, sdk.api.calendar_events.createOne({
+                            title: 'Canvas Coding Clear Event',
+                            durationInMinutes: 30,
+                            startTimeInMS: Date.now(),
+                            canvasCoding: POPULATED_CODING,
+                            canvasReasonCoding: POPULATED_CODING,
+                        })];
+                case 2:
+                    event = _d.sent();
+                    _d.label = 3;
+                case 3:
+                    _d.trys.push([3, , 6, 13]);
+                    return [4 /*yield*/, (0, testing_1.async_test)('Clearing Canvas codings on a calendar_event_template saves successfully', function () { return sdk.api.calendar_event_templates.updateOne(template.id, { canvasCoding: EMPTY_CODING, canvasReasonCoding: EMPTY_CODING }, { replaceObjectFields: true }); }, { onResult: function (t) { var _a, _b; return !((_a = t.canvasCoding) === null || _a === void 0 ? void 0 : _a.code) && !((_b = t.canvasReasonCoding) === null || _b === void 0 ? void 0 : _b.code); } })];
+                case 4:
+                    _d.sent();
+                    return [4 /*yield*/, (0, testing_1.async_test)('Clearing Canvas codings on a calendar_event saves successfully', function () { return sdk.api.calendar_events.updateOne(event.id, { canvasCoding: EMPTY_CODING, canvasReasonCoding: EMPTY_CODING }, { replaceObjectFields: true }); }, { onResult: function (e) { var _a, _b; return !((_a = e.canvasCoding) === null || _a === void 0 ? void 0 : _a.code) && !((_b = e.canvasReasonCoding) === null || _b === void 0 ? void 0 : _b.code); } })];
+                case 5:
+                    _d.sent();
+                    return [3 /*break*/, 13];
+                case 6:
+                    _d.trys.push([6, 8, , 9]);
+                    return [4 /*yield*/, sdk.api.calendar_event_templates.deleteOne(template.id)];
+                case 7:
+                    _d.sent();
+                    return [3 /*break*/, 9];
+                case 8:
+                    _b = _d.sent();
+                    return [3 /*break*/, 9];
+                case 9:
+                    _d.trys.push([9, 11, , 12]);
+                    return [4 /*yield*/, sdk.api.calendar_events.deleteOne(event.id)];
+                case 10:
+                    _d.sent();
+                    return [3 /*break*/, 12];
+                case 11:
+                    _c = _d.sent();
+                    return [3 /*break*/, 12];
+                case 12: return [7 /*endfinally*/];
+                case 13: return [2 /*return*/];
+            }
+        });
+    });
+};
+exports.calendar_canvas_coding_clear_tests = calendar_canvas_coding_clear_tests;
+// Allow running this test file independently
+if (require.main === module) {
+    console.log("\uD83C\uDF10 Using API URL: ".concat(host));
+    var sdk_2 = new sdk_1.Session({ host: host });
+    var sdkNonAdmin_1 = new sdk_1.Session({ host: host });
+    var runTests = function () { return __awaiter(void 0, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, (0, setup_1.setup_tests)(sdk_2, sdkNonAdmin_1)];
+                case 1:
+                    _a.sent();
+                    return [4 /*yield*/, (0, exports.calendar_canvas_coding_clear_tests)({ sdk: sdk_2, sdkNonAdmin: sdkNonAdmin_1 })];
+                case 2:
+                    _a.sent();
+                    return [2 /*return*/];
+            }
+        });
+    }); };
+    runTests()
+        .then(function () {
+        console.log("✅ Calendar canvas coding clear test suite completed successfully");
+        process.exit(0);
+    })
+        .catch(function (error) {
+        console.error("❌ Calendar canvas coding clear test suite failed:", error);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=calendar_canvas_coding_clear.test.js.map

package/lib/cjs/tests/api_tests/calendar_canvas_coding_clear.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"calendar_canvas_coding_clear.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/calendar_canvas_coding_clear.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,iCAAmC;AACnC,+CAG4B;AAC5B,kCAAsC;AAEtC,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAgC,CAAA;AAEpE,gFAAgF;AAChF,kFAAkF;AAClF,sEAAsE;AACtE,gFAAgF;AAChF,IAAM,gBAAgB,GAAG,EAAE,MAAM,EAAE,wBAAwB,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAA;AACvG,IAAM,YAAY,GAAG,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,OAAO,EAAE,EAAE,EAAE,CAAA;AAEnD,IAAM,kCAAkC,GAAG,UAChD,EAAgD;QAA9C,GAAG,SAAA;;;;;;oBAEL,IAAA,oBAAU,EAAC,oCAAoC,CAAC,CAAA;oBAE/B,qBAAM,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,SAAS,CAAC;4BAChE,KAAK,EAAE,8BAA8B;4BACrC,iBAAiB,EAAE,EAAE;4BACrB,YAAY,EAAE,gBAAgB;4BAC9B,kBAAkB,EAAE,gBAAgB;yBAC9B,CAAC,EAAA;;oBALH,QAAQ,GAAG,SAKR;oBAEK,qBAAM,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC;4BACpD,KAAK,EAAE,2BAA2B;4BAClC,iBAAiB,EAAE,EAAE;4BACrB,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;4BACzB,YAAY,EAAE,gBAAgB;4BAC9B,kBAAkB,EAAE,gBAAgB;yBAC9B,CAAC,EAAA;;oBANH,KAAK,GAAG,SAML;;;;oBAGP,qBAAM,IAAA,oBAAU,EACd,yEAAyE,EACzE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,SAAS,CAC9C,QAAQ,CAAC,EAAE,EACX,EAAE,YAAY,EAAE,YAAY,EAAE,kBAAkB,EAAE,YAAY,EAAS,EACvE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAC9B,EAJK,CAIL,EACD,EAAE,QAAQ,EAAE,UAAA,CAAC,gBAAI,OAAA,CAAC,CAAA,MAAA,CAAC,CAAC,YAAY,0CAAE,IAAI,CAAA,IAAI,CAAC,CAAA,MAAA,CAAC,CAAC,kBAAkB,0CAAE,IAAI,CAAA,CAAA,EAAA,EAAE,CACxE,EAAA;;oBARD,SAQC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,gEAAgE,EAChE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CACrC,KAAK,CAAC,EAAE,EACR,EAAE,YAAY,EAAE,YAAY,EAAE,kBAAkB,EAAE,YAAY,EAAS,EACvE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAC9B,EAJK,CAIL,EACD,EAAE,QAAQ,EAAE,UAAA,CAAC,gBAAI,OAAA,CAAC,CAAA,MAAA,CAAC,CAAC,YAAY,0CAAE,IAAI,CAAA,IAAI,CAAC,CAAA,MAAA,CAAC,CAAC,kBAAkB,0CAAE,IAAI,CAAA,CAAA,EAAA,EAAE,CACxE,EAAA;;oBARD,SAQC,CAAA;;;;oBAEK,qBAAM,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,SAAS,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAA;;oBAA7D,SAA6D,CAAA;;;;;;;oBAC7D,qBAAM,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC,EAAA;;oBAAjD,SAAiD,CAAA;;;;;;;;;;CAE1D,CAAA;AA5CY,QAAA,kCAAkC,sCA4C9C;AAED,6CAA6C;AAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,sCAAqB,IAAI,CAAE,CAAC,CAAA;IACxC,IAAM,KAAG,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,IAAA,mBAAW,EAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,IAAA,0CAAkC,EAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAA9D,SAA8D,CAAA;;;;SAC/D,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,kEAAkE,CAAC,CAAA;QAC/E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,mDAAmD,EAAE,KAAK,CAAC,CAAA;QACzE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}

package/lib/cjs/tests/api_tests/integrations_redacted.test.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"integrations_redacted.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/integrations_redacted.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAiBnC,eAAO,MAAM,2BAA2B;SAAwC,OAAO;iBAAe,OAAO;~~mBA4M5G~~,CAAA"}
1	+ {"version":3,"file":"integrations_redacted.test.d.ts","sourceRoot":"","sources":["../../../../src/tests/api_tests/integrations_redacted.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAiBnC,eAAO,MAAM,2BAA2B;SAAwC,OAAO;iBAAe,OAAO;mBAoN5G,CAAA"}

package/lib/cjs/tests/api_tests/integrations_redacted.test.js CHANGED Viewed

@@ -63,7 +63,7 @@ var integrations_redacted_tests = function (_a) {
                     sensitiveIntegrationId = '';
                     _b.label = 1;
                 case 1:
-                    _b.trys.push([1, , 26, 35]);
+                    _b.trys.push([1, , 27, 36]);
                     return [4 /*yield*/, sdk.api.integrations.createOne({
                             title: 'Test Redacted Integration',
                             authentication: { type: 'oauth2', info: { access_token: 'test-access-token', refresh_token: 'test-refresh-token', scope: '', token_type: 'Bearer', expiry_date: new Date().getTime() } },
@@ -206,38 +206,48 @@ var integrations_redacted_tests = function (_a) {
                     return [4 /*yield*/, (0, testing_1.async_test)("load_redacted still returns non-sensitive fields", function () { return sdk.api.integrations.load_redacted({}); }, { onResult: function (r) {
                                 var found = r.integrations.find(function (i) { return i.id === sensitiveIntegrationId; });
                                 return !!found && found.emailDisabled === true && found.title === 'Test All Sensitive Fields';
-                            } })];
+                            } })
+                        // F-0049: connect_stripe must reject caller-supplied accountId (Stripe-account-spoofing defense).
+                        // Stripe Connect is deprecated in Tellescope; accountId was a test shortcut, kept rejected to preserve SDK shape.
+                    ];
                 case 25:
                     _b.sent();
-                    return [3 /*break*/, 35];
+                    // F-0049: connect_stripe must reject caller-supplied accountId (Stripe-account-spoofing defense).
+                    // Stripe Connect is deprecated in Tellescope; accountId was a test shortcut, kept rejected to preserve SDK shape.
+                    return [4 /*yield*/, (0, testing_1.async_test)("connect_stripe rejects caller-supplied accountId", function () { return sdk.api.integrations.connect_stripe({ countryCode: 'US', accountId: 'acct_someoneElsesAccount' }); }, { shouldError: true, onError: function (e) { return /accountId is not supported/i.test((e === null || e === void 0 ? void 0 : e.message) || (e === null || e === void 0 ? void 0 : e.toString()) || ''); } })];
                 case 26:
-                    if (!integrationId) return [3 /*break*/, 30];
-                    _b.label = 27;
+                    // F-0049: connect_stripe must reject caller-supplied accountId (Stripe-account-spoofing defense).
+                    // Stripe Connect is deprecated in Tellescope; accountId was a test shortcut, kept rejected to preserve SDK shape.
+                    _b.sent();
+                    return [3 /*break*/, 36];
                 case 27:
-                    _b.trys.push([27, 29, , 30]);
-                    return [4 /*yield*/, sdk.api.integrations.deleteOne(integrationId)];
+                    if (!integrationId) return [3 /*break*/, 31];
+                    _b.label = 28;
                 case 28:
-                    _b.sent();
-                    return [3 /*break*/, 30];
+                    _b.trys.push([28, 30, , 31]);
+                    return [4 /*yield*/, sdk.api.integrations.deleteOne(integrationId)];
                 case 29:
+                    _b.sent();
+                    return [3 /*break*/, 31];
+                case 30:
                     error_1 = _b.sent();
                     console.error('Cleanup error:', error_1);
-                    return [3 /*break*/, 30];
-                case 30:
-                    if (!sensitiveIntegrationId) return [3 /*break*/, 34];
-                    _b.label = 31;
+                    return [3 /*break*/, 31];
                 case 31:
-                    _b.trys.push([31, 33, , 34]);
-                    return [4 /*yield*/, sdk.api.integrations.deleteOne(sensitiveIntegrationId)];
+                    if (!sensitiveIntegrationId) return [3 /*break*/, 35];
+                    _b.label = 32;
                 case 32:
-                    _b.sent();
-                    return [3 /*break*/, 34];
+                    _b.trys.push([32, 34, , 35]);
+                    return [4 /*yield*/, sdk.api.integrations.deleteOne(sensitiveIntegrationId)];
                 case 33:
+                    _b.sent();
+                    return [3 /*break*/, 35];
+                case 34:
                     error_2 = _b.sent();
                     console.error('Cleanup error (sensitive integration):', error_2);
-                    return [3 /*break*/, 34];
-                case 34: return [7 /*endfinally*/];
-                case 35: return [2 /*return*/];
+                    return [3 /*break*/, 35];
+                case 35: return [7 /*endfinally*/];
+                case 36: return [2 /*return*/];
             }
         });
     });

package/lib/cjs/tests/api_tests/integrations_redacted.test.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"integrations_redacted.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/integrations_redacted.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,iCAAmC;AACnC,+CAG4B;AAC5B,kCAAsC;AACtC,mDAAoE;AAEpE,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAgC,CAAA;AAEpE,IAAM,oBAAoB,GAAG,UAAC,WAAgB;IAC5C,KAAoB,UAA4B,EAA5B,iCAAA,wCAA4B,EAA5B,0CAA4B,EAA5B,IAA4B,EAAE;QAA7C,IAAM,KAAK,qCAAA;QACd,IAAI,KAAK,IAAI,WAAW;YAAE,OAAO,KAAK,CAAA;KACvC;IACD,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAEM,IAAM,2BAA2B,GAAG,UAAO,EAA6D;QAA3D,GAAG,SAAA,EAAE,WAAW,iBAAA;;;;;;oBAClE,IAAA,oBAAU,EAAC,uCAAuC,CAAC,CAAA;oBAE/C,aAAa,GAAG,EAAE,CAAA;oBAClB,sBAAsB,GAAG,EAAE,CAAA;;;;oBAIb,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC;4BACnD,KAAK,EAAE,2BAA2B;4BAClC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,oBAAoB,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,EAAE;4BACxL,cAAc,EAAE,sBAAsB;4BACtC,aAAa,EAAE,KAAK;yBACrB,CAAC,EAAA;;oBALI,OAAO,GAAG,SAKd;oBACF,aAAa,GAAG,OAAO,CAAC,EAAE,CAAA;oBAE1B,yFAAyF;oBACzF,qBAAM,IAAA,oBAAU,EACd,wDAAwD,EACxD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,CAAA;gCACrE,OAAO,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC9F,CAAC,EAAC,CACH;wBAED,8EAA8E;sBAF7E;;oBARD,yFAAyF;oBACzF,SAOC,CAAA;oBAED,8EAA8E;oBAC9E,qBAAM,IAAA,oBAAU,EACd,oFAAoF,EACpF,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAA9C,CAA8C,EACpD,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,CAAA;gCACrE,OAAO,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC9F,CAAC,EAAC,CACH;wBAED,oGAAoG;sBAFnG;;oBARD,8EAA8E;oBAC9E,SAOC,CAAA;oBAED,oGAAoG;oBACpG,qBAAM,IAAA,oBAAU,EACd,uEAAuE,EACvE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAA1C,CAA0C,EAChD,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,IAAI,gBAAgB,IAAI,CAAC,IAAI,gBAAgB,IAAI,CAAC,EAArD,CAAqD,EAAE,CACzE,EAAA;;oBALD,oGAAoG;oBACpG,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iEAAiE,EACjE,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAAlD,CAAkD,EACxD,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,yEAAyE,EACzE,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,KAAK,SAAS,EAA5E,CAA4E,EAAE,CAChG;wBAED,4DAA4D;sBAF3D;;oBAJD,SAIC,CAAA;oBAED,4DAA4D;oBAC5D,qBAAM,IAAA,oBAAU,EACd,wDAAwD,EACxD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC,EAA7F,CAA6F,EACnG,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,aAAa,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;4BACvG,CAAC,EAAC,CACH;wBAED,wDAAwD;sBAFvD;;oBAPD,4DAA4D;oBAC5D,SAMC,CAAA;oBAED,wDAAwD;oBACxD,qBAAM,IAAA,oBAAU,EACd,4DAA4D,EAC5D,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,CAAC,EAA9G,CAA8G,EACpH,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,sBAAsB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;4BAChH,CAAC,EAAC,CACH;wBAED,2CAA2C;sBAF1C;;oBAPD,wDAAwD;oBACxD,SAMC,CAAA;oBAED,2CAA2C;oBAC3C,qBAAM,IAAA,oBAAU,EACd,+CAA+C,EAC/C,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAS,EAAE,CAAC,EAAxJ,CAAwJ,EAC9J,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,2CAA2C;oBAC3C,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,+CAA+C,EAC/C,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAjH,CAAiH,EACvH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iDAAiD,EACjD,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAnH,CAAmH,EACzH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,mEAAmE;sBAFlE;;oBAJD,SAIC,CAAA;oBAED,mEAAmE;oBACnE,qBAAM,IAAA,oBAAU,EACd,yEAAyE,EACzE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,6BAA6B,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAxH,CAAwH,EAC9H,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,mEAAmE;oBACnE,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iEAAiE,EACjE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAhH,CAAgH,EACtH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,gDAAgD;sBAF/C;;oBAJD,SAIC,CAAA;oBAED,gDAAgD;oBAChD,qBAAM,IAAA,oBAAU,EACd,6CAA6C,EAC7C,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,gDAAgD;oBAChD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,gDAAgD,EAChD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,eAAe,EAAE,QAAQ,EAAS,EAAE,CAAC,EAA1G,CAA0G,EAChH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,4CAA4C;sBAF3C;;oBAJD,SAIC,CAAA;oBAED,4CAA4C;oBAC5C,qBAAM,IAAA,oBAAU,EACd,yDAAyD,EACzD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAhG,CAAgG,EACtG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,4CAA4C;oBAC5C,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,+DAA+D,EAC/D,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAtG,CAAsG,EAC5G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,8CAA8C,EAC9C,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,+DAA+D;sBAF9D;;oBAJD,SAIC,CAAA;oBAED,+DAA+D;oBAC/D,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,uBAAuB,EAAE,IAAI,EAAE,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,uBAAuB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,EAAxG,CAAwG,EAAE,CAC5H,EAAA;;oBALD,+DAA+D;oBAC/D,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,mDAAmD,EACnD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,EAAE,CAAC,EAAnG,CAAmG,EACzG,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,mBAAmB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,EAApG,CAAoG,EAAE,CACxH;wBAED,qDAAqD;wBACrD,gGAAgG;wBAChG,oGAAoG;sBAJnG;;oBAJD,SAIC,CAAA;oBAK4B,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC;4BAChE,KAAK,EAAE,2BAA2B;4BAClC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,qBAAqB,EAAE,aAAa,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,EAAE;4BAC5L,cAAc,EAAE,0BAA0B;4BAC1C,aAAa,EAAE,IAAI;yBACpB,CAAC,EAAA;;oBALI,oBAAoB,GAAG,SAK3B;oBACF,sBAAsB,GAAG,oBAAoB,CAAC,EAAE,CAAA;oBAEhD,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAA;4BAChD,CAAC,EAAC,CACH,EAAA;;oBAPD,SAOC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAA;4BAChD,CAAC,EAAC,CACH,EAAA;;oBAPD,SAOC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,kDAAkD,EAClD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC/F,CAAC,EAAC,CACH,EAAA;;oBAPD,SAOC,CAAA;;;yBAGG,aAAa,EAAb,yBAAa;;;;oBAEb,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC,EAAA;;oBAAnD,SAAmD,CAAA;;;;oBAEnD,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,OAAK,CAAC,CAAA;;;yBAGtC,sBAAsB,EAAtB,yBAAsB;;;;oBAEtB,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,sBAAsB,CAAC,EAAA;;oBAA5D,SAA4D,CAAA;;;;oBAE5D,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,OAAK,CAAC,CAAA;;;;;;;CAIrE,CAAA;AA5MY,QAAA,2BAA2B,+BA4MvC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,yBAAkB,IAAI,CAAE,CAAC,CAAA;IACrC,IAAM,KAAG,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,IAAA,mBAAW,EAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,IAAA,mCAA2B,EAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAAvD,SAAuD,CAAA;;;;SACxD,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;QACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAA;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}
1	+ {"version":3,"file":"integrations_redacted.test.js","sourceRoot":"","sources":["../../../../src/tests/api_tests/integrations_redacted.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,iCAAmC;AACnC,+CAG4B;AAC5B,kCAAsC;AACtC,mDAAoE;AAEpE,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAgC,CAAA;AAEpE,IAAM,oBAAoB,GAAG,UAAC,WAAgB;IAC5C,KAAoB,UAA4B,EAA5B,iCAAA,wCAA4B,EAA5B,0CAA4B,EAA5B,IAA4B,EAAE;QAA7C,IAAM,KAAK,qCAAA;QACd,IAAI,KAAK,IAAI,WAAW;YAAE,OAAO,KAAK,CAAA;KACvC;IACD,OAAO,IAAI,CAAA;AACb,CAAC,CAAA;AAEM,IAAM,2BAA2B,GAAG,UAAO,EAA6D;QAA3D,GAAG,SAAA,EAAE,WAAW,iBAAA;;;;;;oBAClE,IAAA,oBAAU,EAAC,uCAAuC,CAAC,CAAA;oBAE/C,aAAa,GAAG,EAAE,CAAA;oBAClB,sBAAsB,GAAG,EAAE,CAAA;;;;oBAIb,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC;4BACnD,KAAK,EAAE,2BAA2B;4BAClC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,mBAAmB,EAAE,aAAa,EAAE,oBAAoB,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,EAAE;4BACxL,cAAc,EAAE,sBAAsB;4BACtC,aAAa,EAAE,KAAK;yBACrB,CAAC,EAAA;;oBALI,OAAO,GAAG,SAKd;oBACF,aAAa,GAAG,OAAO,CAAC,EAAE,CAAA;oBAE1B,yFAAyF;oBACzF,qBAAM,IAAA,oBAAU,EACd,wDAAwD,EACxD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,CAAA;gCACrE,OAAO,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC9F,CAAC,EAAC,CACH;wBAED,8EAA8E;sBAF7E;;oBARD,yFAAyF;oBACzF,SAOC,CAAA;oBAED,8EAA8E;oBAC9E,qBAAM,IAAA,oBAAU,EACd,oFAAoF,EACpF,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAA9C,CAA8C,EACpD,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,CAAA;gCACrE,OAAO,CAAC,CAAC,KAAK,IAAI,oBAAoB,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC9F,CAAC,EAAC,CACH;wBAED,oGAAoG;sBAFnG;;oBARD,8EAA8E;oBAC9E,SAOC,CAAA;oBAED,oGAAoG;oBACpG,qBAAM,IAAA,oBAAU,EACd,uEAAuE,EACvE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAA1C,CAA0C,EAChD,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,IAAI,gBAAgB,IAAI,CAAC,IAAI,gBAAgB,IAAI,CAAC,EAArD,CAAqD,EAAE,CACzE,EAAA;;oBALD,oGAAoG;oBACpG,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iEAAiE,EACjE,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,aAAa,CAAC,EAAlD,CAAkD,EACxD,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,yEAAyE,EACzE,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,aAAa,EAAtB,CAAsB,CAAC,KAAK,SAAS,EAA5E,CAA4E,EAAE,CAChG;wBAED,4DAA4D;sBAF3D;;oBAJD,SAIC,CAAA;oBAED,4DAA4D;oBAC5D,qBAAM,IAAA,oBAAU,EACd,wDAAwD,EACxD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,CAAC,EAA7F,CAA6F,EACnG,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,aAAa,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;4BACvG,CAAC,EAAC,CACH;wBAED,wDAAwD;sBAFvD;;oBAPD,4DAA4D;oBAC5D,SAMC,CAAA;oBAED,wDAAwD;oBACxD,qBAAM,IAAA,oBAAU,EACd,4DAA4D,EAC5D,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,sBAAsB,EAAE,IAAI,EAAE,EAAE,CAAC,EAA9G,CAA8G,EACpH,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,OAAO,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,sBAAsB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,CAAA;4BAChH,CAAC,EAAC,CACH;wBAED,2CAA2C;sBAF1C;;oBAPD,wDAAwD;oBACxD,SAMC,CAAA;oBAED,2CAA2C;oBAC3C,qBAAM,IAAA,oBAAU,EACd,+CAA+C,EAC/C,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAS,EAAE,CAAC,EAAxJ,CAAwJ,EAC9J,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,2CAA2C;oBAC3C,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,+CAA+C,EAC/C,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAjH,CAAiH,EACvH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iDAAiD,EACjD,cAAM,OAAA,WAAW,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,gBAAgB,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAnH,CAAmH,EACzH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,mEAAmE;sBAFlE;;oBAJD,SAIC,CAAA;oBAED,mEAAmE;oBACnE,qBAAM,IAAA,oBAAU,EACd,yEAAyE,EACzE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,6BAA6B,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAxH,CAAwH,EAC9H,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,mEAAmE;oBACnE,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,iEAAiE,EACjE,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,qBAAqB,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAhH,CAAgH,EACtH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,gDAAgD;sBAF/C;;oBAJD,SAIC,CAAA;oBAED,gDAAgD;oBAChD,qBAAM,IAAA,oBAAU,EACd,6CAA6C,EAC7C,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,gDAAgD;oBAChD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,gDAAgD,EAChD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,eAAe,EAAE,QAAQ,EAAS,EAAE,CAAC,EAA1G,CAA0G,EAChH,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,4CAA4C;sBAF3C;;oBAJD,SAIC,CAAA;oBAED,4CAA4C;oBAC5C,qBAAM,IAAA,oBAAU,EACd,yDAAyD,EACzD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAhG,CAAgG,EACtG,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBALD,4CAA4C;oBAC5C,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,+DAA+D,EAC/D,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,WAAW,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAtG,CAAsG,EAC5G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C,EAAA;;oBAJD,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,8CAA8C,EAC9C,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAS,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,cAAM,OAAA,IAAI,EAAJ,CAAI,EAAE,CAC3C;wBAED,+DAA+D;sBAF9D;;oBAJD,SAIC,CAAA;oBAED,+DAA+D;oBAC/D,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,uBAAuB,EAAE,IAAI,EAAE,EAAE,CAAC,EAAvG,CAAuG,EAC7G,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,uBAAuB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,EAAxG,CAAwG,EAAE,CAC5H,EAAA;;oBALD,+DAA+D;oBAC/D,SAIC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,mDAAmD,EACnD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,aAAa,EAAE,OAAO,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,EAAE,CAAC,EAAnG,CAAmG,EACzG,EAAE,QAAQ,EAAE,UAAA,CAAC,IAAI,OAAA,CAAC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,mBAAmB,KAAK,IAAI,IAAI,oBAAoB,CAAC,CAAC,CAAC,WAAW,CAAC,EAApG,CAAoG,EAAE,CACxH;wBAED,qDAAqD;wBACrD,gGAAgG;wBAChG,oGAAoG;sBAJnG;;oBAJD,SAIC,CAAA;oBAK4B,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC;4BAChE,KAAK,EAAE,2BAA2B;4BAClC,cAAc,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,qBAAqB,EAAE,aAAa,EAAE,sBAAsB,EAAE,KAAK,EAAE,EAAE,EAAE,UAAU,EAAE,QAAQ,EAAE,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,EAAE;4BAC5L,cAAc,EAAE,0BAA0B;4BAC1C,aAAa,EAAE,IAAI;yBACpB,CAAC,EAAA;;oBALI,oBAAoB,GAAG,SAK3B;oBACF,sBAAsB,GAAG,oBAAoB,CAAC,EAAE,CAAA;oBAEhD,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAA;4BAChD,CAAC,EAAC,CACH,EAAA;;oBAPD,SAOC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,uDAAuD,EACvD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,gBAAgB,IAAI,KAAK,CAAC,CAAA;4BAChD,CAAC,EAAC,CACH,EAAA;;oBAPD,SAOC,CAAA;oBAED,qBAAM,IAAA,oBAAU,EACd,kDAAkD,EAClD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,EAAE,CAAC,EAAtC,CAAsC,EAC5C,EAAE,QAAQ,EAAE,UAAA,CAAC;gCACX,IAAM,KAAK,GAAG,CAAC,CAAC,YAAY,CAAC,IAAI,CAAC,UAAC,CAAM,IAAK,OAAA,CAAC,CAAC,EAAE,KAAK,sBAAsB,EAA/B,CAA+B,CAAC,CAAA;gCAC9E,OAAO,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,aAAa,KAAK,IAAI,IAAI,KAAK,CAAC,KAAK,KAAK,2BAA2B,CAAA;4BAC/F,CAAC,EAAC,CACH;wBAED,kGAAkG;wBAClG,kHAAkH;sBAHjH;;oBAPD,SAOC,CAAA;oBAED,kGAAkG;oBAClG,kHAAkH;oBAClH,qBAAM,IAAA,oBAAU,EACd,kDAAkD,EAClD,cAAM,OAAA,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,cAAc,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,SAAS,EAAE,0BAA0B,EAAS,CAAC,EAAxG,CAAwG,EAC9G,EAAE,WAAW,EAAE,IAAI,EAAE,OAAO,EAAE,UAAC,CAAM,IAAK,OAAA,6BAA6B,CAAC,IAAI,CAAC,CAAA,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,OAAO,MAAI,CAAC,aAAD,CAAC,uBAAD,CAAC,CAAE,QAAQ,EAAE,CAAA,IAAI,EAAE,CAAC,EAArE,CAAqE,EAAE,CAClH,EAAA;;oBAND,kGAAkG;oBAClG,kHAAkH;oBAClH,SAIC,CAAA;;;yBAGG,aAAa,EAAb,yBAAa;;;;oBAEb,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,aAAa,CAAC,EAAA;;oBAAnD,SAAmD,CAAA;;;;oBAEnD,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,OAAK,CAAC,CAAA;;;yBAGtC,sBAAsB,EAAtB,yBAAsB;;;;oBAEtB,qBAAM,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,SAAS,CAAC,sBAAsB,CAAC,EAAA;;oBAA5D,SAA4D,CAAA;;;;oBAE5D,OAAO,CAAC,KAAK,CAAC,wCAAwC,EAAE,OAAK,CAAC,CAAA;;;;;;;CAIrE,CAAA;AApNY,QAAA,2BAA2B,+BAoNvC;AAED,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,yBAAkB,IAAI,CAAE,CAAC,CAAA;IACrC,IAAM,KAAG,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,IAAA,mBAAW,EAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,IAAA,mCAA2B,EAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAAvD,SAAuD,CAAA;;;;SACxD,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAA;QACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAA;QAChE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}

package/lib/cjs/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import { Session } from "../../../sdk";
+/**
+ * Tenant-boundary guard for cascade_role_rename (relates to security-audit finding F-0053,
+ * which was investigated and closed as a FALSE POSITIVE — see that file for the code trace).
+ *
+ * The `cascade_role_rename` side-effect handler
+ * ([event_handlers_v2/role_based_access_permissions.ts](packages/private/api/api/v1/event_handlers_v2/role_based_access_permissions.ts))
+ * runs when a `role_based_access_permissions` doc's `role` field changes. It finds every user
+ * with the old role name (via `DBUnrestricted.users`) and rewrites their `roles` array, then
+ * deauthenticates them. F-0053 hypothesized this query was globally cross-tenant. It is NOT:
+ * `DBUnrestricted` bypasses per-user/per-role RBAC but is STILL scoped to the acting session's
+ * `businessId` (see `modifyFilterForAccessConstraint` injecting `{ businessId }` at
+ * database.ts:1761-1763, reached via the `unrestricted: true` branch at database.ts:2137-2144).
+ *
+ * This test locks that boundary in place so a future refactor of `DBUnrestricted` semantics
+ * can't silently turn the cascade into a cross-tenant write:
+ *   1. Tenant A creates a role `ROLE_OLD` and assigns it to a Tenant A user (positive control).
+ *   2. Tenant B (separate businessId) has a user whose roles include the SAME `ROLE_OLD`.
+ *   3. Tenant A renames the role `ROLE_OLD` -> `ROLE_NEW`.
+ *   4. Assert the Tenant B user's roles are UNCHANGED (still `[ROLE_OLD]`)  <-- guards the tenant boundary.
+ *   5. Assert the Tenant A user's roles ARE renamed to `[ROLE_NEW]`         <-- same-tenant cascade works.
+ *
+ * Expected on current (correct) code: BOTH assertions pass. A regression that drops the
+ * `businessId` scoping would flip assertion #4 to red (Tenant B user becomes `[ROLE_NEW]`).
+ *
+ * A collision-proof unique role name (timestamped) is used so the test never touches real roles.
+ */
+export declare const cascade_role_rename_cross_tenant_tests: ({ sdk }: {
+    sdk: Session;
+    sdkNonAdmin: Session;
+}) => Promise<void>;
+//# sourceMappingURL=F-0053-cascade-role-rename-cross-tenant.test.d.ts.map

package/lib/cjs/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"F-0053-cascade-role-rename-cross-tenant.test.d.ts","sourceRoot":"","sources":["../../../../../src/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAetC;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,eAAO,MAAM,sCAAsC;SAA2B,OAAO;iBAAe,OAAO;mBA+F1G,CAAA"}

package/lib/cjs/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.js ADDED Viewed

@@ -0,0 +1,237 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cascade_role_rename_cross_tenant_tests = void 0;
+require('source-map-support').install();
+var sdk_1 = require("../../../sdk");
+var testing_1 = require("@tellescope/testing");
+var setup_1 = require("../../setup");
+var constants_1 = require("@tellescope/constants");
+var host = process.env.API_URL || 'http://localhost:8080';
+// Separate tenant (different businessId), reusing the same hardcoded apiKey that
+// multi_tenant_tests relies on in tests.ts.
+var OTHER_TENANT_API_KEY = "ba745e25162bb95a795c5fa1af70df188d93c4d3aac9c48b34a5c8c9dd7b80f7";
+/**
+ * Tenant-boundary guard for cascade_role_rename (relates to security-audit finding F-0053,
+ * which was investigated and closed as a FALSE POSITIVE — see that file for the code trace).
+ *
+ * The `cascade_role_rename` side-effect handler
+ * ([event_handlers_v2/role_based_access_permissions.ts](packages/private/api/api/v1/event_handlers_v2/role_based_access_permissions.ts))
+ * runs when a `role_based_access_permissions` doc's `role` field changes. It finds every user
+ * with the old role name (via `DBUnrestricted.users`) and rewrites their `roles` array, then
+ * deauthenticates them. F-0053 hypothesized this query was globally cross-tenant. It is NOT:
+ * `DBUnrestricted` bypasses per-user/per-role RBAC but is STILL scoped to the acting session's
+ * `businessId` (see `modifyFilterForAccessConstraint` injecting `{ businessId }` at
+ * database.ts:1761-1763, reached via the `unrestricted: true` branch at database.ts:2137-2144).
+ *
+ * This test locks that boundary in place so a future refactor of `DBUnrestricted` semantics
+ * can't silently turn the cascade into a cross-tenant write:
+ *   1. Tenant A creates a role `ROLE_OLD` and assigns it to a Tenant A user (positive control).
+ *   2. Tenant B (separate businessId) has a user whose roles include the SAME `ROLE_OLD`.
+ *   3. Tenant A renames the role `ROLE_OLD` -> `ROLE_NEW`.
+ *   4. Assert the Tenant B user's roles are UNCHANGED (still `[ROLE_OLD]`)  <-- guards the tenant boundary.
+ *   5. Assert the Tenant A user's roles ARE renamed to `[ROLE_NEW]`         <-- same-tenant cascade works.
+ *
+ * Expected on current (correct) code: BOTH assertions pass. A regression that drops the
+ * `businessId` scoping would flip assertion #4 to red (Tenant B user becomes `[ROLE_NEW]`).
+ *
+ * A collision-proof unique role name (timestamped) is used so the test never touches real roles.
+ */
+var cascade_role_rename_cross_tenant_tests = function (_a) {
+    var sdk = _a.sdk;
+    return __awaiter(void 0, void 0, void 0, function () {
+        var stamp, ROLE_OLD, ROLE_NEW, sdkOther, rbapId, controlUserId, victimUserId, tenantABusinessId, rbap, controlUser, victimUser, victimBefore, controlBefore, victimAfter, controlAfter, _b, _c, _d;
+        return __generator(this, function (_e) {
+            switch (_e.label) {
+                case 0:
+                    (0, testing_1.log_header)("F-0053: cascade role rename cross-tenant regression");
+                    stamp = Date.now();
+                    ROLE_OLD = "XTenantRename_".concat(stamp);
+                    ROLE_NEW = "".concat(ROLE_OLD, "_renamed");
+                    sdkOther = new sdk_1.Session({ host: host, apiKey: OTHER_TENANT_API_KEY });
+                    _e.label = 1;
+                case 1:
+                    _e.trys.push([1, , 13, 26]);
+                    tenantABusinessId = sdk.userInfo.businessId;
+                    return [4 /*yield*/, sdk.api.role_based_access_permissions.createOne({
+                            role: ROLE_OLD,
+                            permissions: __assign({}, constants_1.PROVIDER_PERMISSIONS),
+                        })];
+                case 2:
+                    rbap = _e.sent();
+                    rbapId = rbap.id;
+                    return [4 /*yield*/, sdk.api.users.createOne({
+                            email: "f0053-control-".concat(stamp, "@example.com"),
+                            notificationEmailsDisabled: true,
+                        })];
+                case 3:
+                    controlUser = _e.sent();
+                    controlUserId = controlUser.id;
+                    return [4 /*yield*/, sdk.api.users.updateOne(controlUserId, { roles: [ROLE_OLD] }, { replaceObjectFields: true })
+                        // 3. Tenant B: create a throwaway victim user holding the SAME ROLE_OLD.
+                    ];
+                case 4:
+                    _e.sent();
+                    return [4 /*yield*/, sdkOther.api.users.createOne({
+                            email: "f0053-victim-".concat(stamp, "@example.com"),
+                            notificationEmailsDisabled: true,
+                        })];
+                case 5:
+                    victimUser = _e.sent();
+                    victimUserId = victimUser.id;
+                    return [4 /*yield*/, sdkOther.api.users.updateOne(victimUserId, { roles: [ROLE_OLD] }, { replaceObjectFields: true })
+                        // 4. Setup sanity: tenants are distinct and both users actually hold ROLE_OLD before the rename.
+                        //    (Distinguishes a setup failure from the security assertion below.)
+                    ];
+                case 6:
+                    _e.sent();
+                    // 4. Setup sanity: tenants are distinct and both users actually hold ROLE_OLD before the rename.
+                    //    (Distinguishes a setup failure from the security assertion below.)
+                    (0, testing_1.assert)(victimUser.businessId !== tenantABusinessId, "Victim user shares businessId with Tenant A (".concat(victimUser.businessId, ") \u2014 not a cross-tenant scenario"), 'F-0053 setup: tenants are distinct');
+                    return [4 /*yield*/, sdkOther.api.users.getOne(victimUserId)];
+                case 7:
+                    victimBefore = _e.sent();
+                    return [4 /*yield*/, sdk.api.users.getOne(controlUserId)];
+                case 8:
+                    controlBefore = _e.sent();
+                    (0, testing_1.assert)(JSON.stringify(victimBefore.roles) === JSON.stringify([ROLE_OLD])
+                        && JSON.stringify(controlBefore.roles) === JSON.stringify([ROLE_OLD]), "Setup failed: expected both users to hold [".concat(ROLE_OLD, "] (victim=").concat(JSON.stringify(victimBefore.roles), ", control=").concat(JSON.stringify(controlBefore.roles), ")"), 'F-0053 setup: both users hold ROLE_OLD');
+                    // 5. Tenant A renames the role. This triggers cascade_role_rename.
+                    return [4 /*yield*/, sdk.api.role_based_access_permissions.updateOne(rbapId, { role: ROLE_NEW })];
+                case 9:
+                    // 5. Tenant A renames the role. This triggers cascade_role_rename.
+                    _e.sent();
+                    return [4 /*yield*/, (0, testing_1.wait)(undefined, 1500)
+                        // 6. SECURITY ASSERTION — the Tenant B victim must be untouched by Tenant A's rename.
+                    ]; // let the side effect run
+                case 10:
+                    _e.sent(); // let the side effect run
+                    return [4 /*yield*/, sdkOther.api.users.getOne(victimUserId)];
+                case 11:
+                    victimAfter = _e.sent();
+                    (0, testing_1.assert)(JSON.stringify(victimAfter.roles) === JSON.stringify([ROLE_OLD]), "CROSS-TENANT LEAK: Tenant B victim roles changed to ".concat(JSON.stringify(victimAfter.roles), " ")
+                        + "after Tenant A renamed its role. Expected [".concat(ROLE_OLD, "]."), 'F-0053: Tenant B user roles unaffected by other-tenant role rename');
+                    return [4 /*yield*/, sdk.api.users.getOne(controlUserId)];
+                case 12:
+                    controlAfter = _e.sent();
+                    (0, testing_1.assert)(JSON.stringify(controlAfter.roles) === JSON.stringify([ROLE_NEW]), "Same-tenant cascade broken: Tenant A control roles are ".concat(JSON.stringify(controlAfter.roles), ", ")
+                        + "expected [".concat(ROLE_NEW, "]."), 'F-0053: Tenant A user roles renamed by same-tenant cascade');
+                    return [3 /*break*/, 26];
+                case 13:
+                    if (!victimUserId) return [3 /*break*/, 17];
+                    _e.label = 14;
+                case 14:
+                    _e.trys.push([14, 16, , 17]);
+                    return [4 /*yield*/, sdkOther.api.users.deleteOne(victimUserId)];
+                case 15:
+                    _e.sent();
+                    return [3 /*break*/, 17];
+                case 16:
+                    _b = _e.sent();
+                    return [3 /*break*/, 17];
+                case 17:
+                    if (!controlUserId) return [3 /*break*/, 21];
+                    _e.label = 18;
+                case 18:
+                    _e.trys.push([18, 20, , 21]);
+                    return [4 /*yield*/, sdk.api.users.deleteOne(controlUserId)];
+                case 19:
+                    _e.sent();
+                    return [3 /*break*/, 21];
+                case 20:
+                    _c = _e.sent();
+                    return [3 /*break*/, 21];
+                case 21:
+                    if (!rbapId) return [3 /*break*/, 25];
+                    _e.label = 22;
+                case 22:
+                    _e.trys.push([22, 24, , 25]);
+                    return [4 /*yield*/, sdk.api.role_based_access_permissions.deleteOne(rbapId)];
+                case 23:
+                    _e.sent();
+                    return [3 /*break*/, 25];
+                case 24:
+                    _d = _e.sent();
+                    return [3 /*break*/, 25];
+                case 25: return [7 /*endfinally*/];
+                case 26: return [2 /*return*/];
+            }
+        });
+    });
+};
+exports.cascade_role_rename_cross_tenant_tests = cascade_role_rename_cross_tenant_tests;
+// Allow running this test file independently
+if (require.main === module) {
+    console.log("\uD83C\uDF10 Using API URL: ".concat(host));
+    var sdk_2 = new sdk_1.Session({ host: host });
+    var sdkNonAdmin_1 = new sdk_1.Session({ host: host });
+    var runTests = function () { return __awaiter(void 0, void 0, void 0, function () {
+        return __generator(this, function (_a) {
+            switch (_a.label) {
+                case 0: return [4 /*yield*/, (0, setup_1.setup_tests)(sdk_2, sdkNonAdmin_1)];
+                case 1:
+                    _a.sent();
+                    return [4 /*yield*/, (0, exports.cascade_role_rename_cross_tenant_tests)({ sdk: sdk_2, sdkNonAdmin: sdkNonAdmin_1 })];
+                case 2:
+                    _a.sent();
+                    return [2 /*return*/];
+            }
+        });
+    }); };
+    runTests()
+        .then(function () {
+        console.log("✅ F-0053 cascade role rename cross-tenant test suite completed successfully");
+        process.exit(0);
+    })
+        .catch(function (error) {
+        console.error("❌ F-0053 cascade role rename cross-tenant test suite failed:", error);
+        process.exit(1);
+    });
+}
+//# sourceMappingURL=F-0053-cascade-role-rename-cross-tenant.test.js.map

package/lib/cjs/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"F-0053-cascade-role-rename-cross-tenant.test.js","sourceRoot":"","sources":["../../../../../src/tests/api_tests/security/F-0053-cascade-role-rename-cross-tenant.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,OAAO,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;AAExC,oCAAsC;AACtC,+CAI4B;AAC5B,qCAAyC;AACzC,mDAA4D;AAE5D,IAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,uBAAgC,CAAA;AAEpE,iFAAiF;AACjF,4CAA4C;AAC5C,IAAM,oBAAoB,GAAG,kEAAkE,CAAA;AAE/F;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACI,IAAM,sCAAsC,GAAG,UAAO,EAAgD;QAA9C,GAAG,SAAA;;;;;;oBAChE,IAAA,oBAAU,EAAC,qDAAqD,CAAC,CAAA;oBAE3D,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;oBAClB,QAAQ,GAAG,wBAAiB,KAAK,CAAE,CAAA;oBACnC,QAAQ,GAAG,UAAG,QAAQ,aAAU,CAAA;oBAIhC,QAAQ,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC,CAAA;;;;oBAY5D,iBAAiB,GAAG,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAA;oBAGpC,qBAAM,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC;4BACjE,IAAI,EAAE,QAAQ;4BACd,WAAW,eAAO,gCAAoB,CAAE;yBACzC,CAAC,EAAA;;oBAHI,IAAI,GAAG,SAGX;oBACF,MAAM,GAAG,IAAI,CAAC,EAAE,CAAA;oBAGI,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;4BAChD,KAAK,EAAE,wBAAiB,KAAK,iBAAc;4BAC3C,0BAA0B,EAAE,IAAI;yBAC1B,CAAC,EAAA;;oBAHH,WAAW,GAAG,SAGX;oBACT,aAAa,GAAG,WAAW,CAAC,EAAE,CAAA;oBAC9B,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC;wBAElG,yEAAyE;sBAFyB;;oBAAlG,SAAkG,CAAA;oBAG/E,qBAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC;4BACpD,KAAK,EAAE,uBAAgB,KAAK,iBAAc;4BAC1C,0BAA0B,EAAE,IAAI;yBAC1B,CAAC,EAAA;;oBAHH,UAAU,GAAG,SAGV;oBACT,YAAY,GAAG,UAAU,CAAC,EAAE,CAAA;oBAC5B,qBAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,mBAAmB,EAAE,IAAI,EAAE,CAAC;wBAEtG,iGAAiG;wBACjG,wEAAwE;sBAH8B;;oBAAtG,SAAsG,CAAA;oBAEtG,iGAAiG;oBACjG,wEAAwE;oBACxE,IAAA,gBAAM,EACJ,UAAU,CAAC,UAAU,KAAK,iBAAiB,EAC3C,uDAAgD,UAAU,CAAC,UAAU,yCAAiC,EACtG,oCAAoC,CACrC,CAAA;oBACoB,qBAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAA;;oBAA5D,YAAY,GAAG,SAA6C;oBAC5C,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,EAAA;;oBAAzD,aAAa,GAAG,SAAyC;oBAC/D,IAAA,gBAAM,EACJ,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC;2BAC5D,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EACvE,qDAA8C,QAAQ,uBAAa,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,uBAAa,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,KAAK,CAAC,MAAG,EACxJ,wCAAwC,CACzC,CAAA;oBAED,mEAAmE;oBACnE,qBAAM,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAA;;oBADjF,mEAAmE;oBACnE,SAAiF,CAAA;oBACjF,qBAAM,IAAA,cAAI,EAAC,SAAS,EAAE,IAAI,CAAC;wBAE3B,sFAAsF;sBAF3D,CAAC,0BAA0B;;oBAAtD,SAA2B,CAAA,CAAC,0BAA0B;oBAGlC,qBAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,YAAY,CAAC,EAAA;;oBAA3D,WAAW,GAAG,SAA6C;oBACjE,IAAA,gBAAM,EACJ,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EAChE,8DAAuD,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,MAAG;0BACvF,qDAA8C,QAAQ,OAAI,EAC9D,oEAAoE,CACrE,CAAA;oBAGoB,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,EAAA;;oBAAxD,YAAY,GAAG,SAAyC;oBAC9D,IAAA,gBAAM,EACJ,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EACjE,iEAA0D,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,KAAK,CAAC,OAAI;0BAC5F,oBAAa,QAAQ,OAAI,EAC7B,4DAA4D,CAC7D,CAAA;;;yBAGG,YAAY,EAAZ,yBAAY;;;;oBACR,qBAAM,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC,EAAA;;oBAAhD,SAAgD,CAAA;;;;;;yBAEpD,aAAa,EAAb,yBAAa;;;;oBACT,qBAAM,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,aAAa,CAAC,EAAA;;oBAA5C,SAA4C,CAAA;;;;;;yBAEhD,MAAM,EAAN,yBAAM;;;;oBACF,qBAAM,GAAG,CAAC,GAAG,CAAC,6BAA6B,CAAC,SAAS,CAAC,MAAM,CAAC,EAAA;;oBAA7D,SAA6D,CAAA;;;;;;;;;;CAGxE,CAAA;AA/FY,QAAA,sCAAsC,0CA+FlD;AAED,6CAA6C;AAC7C,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE;IAC3B,OAAO,CAAC,GAAG,CAAC,sCAAqB,IAAI,CAAE,CAAC,CAAA;IACxC,IAAM,KAAG,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IACjC,IAAM,aAAW,GAAG,IAAI,aAAO,CAAC,EAAE,IAAI,MAAA,EAAE,CAAC,CAAA;IAEzC,IAAM,QAAQ,GAAG;;;wBACf,qBAAM,IAAA,mBAAW,EAAC,KAAG,EAAE,aAAW,CAAC,EAAA;;oBAAnC,SAAmC,CAAA;oBACnC,qBAAM,IAAA,8CAAsC,EAAC,EAAE,GAAG,OAAA,EAAE,WAAW,eAAA,EAAE,CAAC,EAAA;;oBAAlE,SAAkE,CAAA;;;;SACnE,CAAA;IAED,QAAQ,EAAE;SACP,IAAI,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,6EAA6E,CAAC,CAAA;QAC1F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC;SACD,KAAK,CAAC,UAAC,KAAK;QACX,OAAO,CAAC,KAAK,CAAC,8DAA8D,EAAE,KAAK,CAAC,CAAA;QACpF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;CACL"}

package/lib/cjs/tests/api_tests/security/F-0076-self-admin-role-assignment.test.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+import { Session } from "../../../sdk";
+/**
+ * Self-role privilege-escalation guard (relates to security-audit finding F-0076, which was
+ * investigated and closed as a FALSE POSITIVE — see that file for the full code trace).
+ *
+ * F-0076 hypothesized that a non-admin staff user could `PATCH /v1/users/{their-own-id}` with
+ * `{ roles: ['Admin'] }` and self-promote to Admin, because the FIRST `users` relationship
+ * constraint ("Only admin users can set the admin role",
+ * [schema.ts:3446](packages/public/schema/src/schema.ts#L3446)) has a self-exception
+ * (`if (_id === session.id) return`).
+ *
+ * That analysis missed the SECOND constraint, "Only admin users can update user roles"
+ * ([schema.ts:3486](packages/public/schema/src/schema.ts#L3486)), which has NO self-exception.
+ * Relationship constraints are AND-evaluated — `validateRelationshipConstraints`
+ * ([routing.ts:1240-1252](packages/private/api/api/modules/routing.ts#L1240)) loops the whole
+ * array and throws 400 on the FIRST evaluator that returns a string. So a non-admin self-update
+ * that includes `roles` passes constraint #1 (self-exception) but is rejected by constraint #2.
+ * The self-promotion is blocked.
+ *
+ * This test locks that boundary in place so a future refactor of the role constraints can't
+ * silently reintroduce the escalation. A dedicated throwaway non-admin user is used as the
+ * "attacker" (we never mutate the shared sdkNonAdmin's roles):
+ *   1. Admin creates a throwaway user and assigns it a non-admin role (`['Provider']`).
+ *   2. Authenticate AS that user via a freshly-minted auth token.
+ *   3. As the attacker, attempt four self-role mutations — ['Admin'], ['Provider','Admin'],
+ *      an arbitrary role, and [] — and assert EACH is blocked.       <-- the security assertions
+ *   4. Confirm (as admin) the attacker's roles are still ['Provider'] — nothing slipped through.
+ *   5. Positive control: admin CAN update the throwaway user's roles. <-- guards against an
+ *      over-restrictive regression that would block legitimate admin role management.
+ *
+ * Expected on current (correct) code: all assertions pass. A regression that made the self-update
+ * path role-writable by non-admins would flip the step-3/step-4 assertions to red.
+ */
+export declare const self_admin_role_assignment_tests: ({ sdk }: {
+    sdk: Session;
+    sdkNonAdmin: Session;
+}) => Promise<void>;
+//# sourceMappingURL=F-0076-self-admin-role-assignment.test.d.ts.map

package/lib/cjs/tests/api_tests/security/F-0076-self-admin-role-assignment.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"F-0076-self-admin-role-assignment.test.d.ts","sourceRoot":"","sources":["../../../../../src/tests/api_tests/security/F-0076-self-admin-role-assignment.test.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,cAAc,CAAA;AAUtC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,eAAO,MAAM,gCAAgC;SAA2B,OAAO;iBAAe,OAAO;mBAkGpG,CAAA"}