npm - @tstdl/base - Versions diffs - 0.93.182 → 0.93.183 - Mend

@tstdl/base 0.93.182 → 0.93.183

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (353) hide show

package/api/server/api-request-token.provider.js +1 -1
package/api/server/gateway.js +6 -1
package/authentication/authentication.api.d.ts +13 -40
package/authentication/authentication.api.js +5 -14
package/authentication/client/authentication.service.d.ts +6 -14
package/authentication/client/authentication.service.js +22 -4
package/authentication/client/module.d.ts +1 -1
package/authentication/client/module.js +4 -4
package/authentication/models/index.d.ts +1 -0
package/authentication/models/index.js +1 -0
package/authentication/models/totp-results.model.d.ts +11 -0
package/authentication/models/totp-results.model.js +37 -0
package/authentication/server/authentication.api-controller.d.ts +3 -3
package/authentication/server/authentication.api-controller.js +31 -4
package/authentication/server/authentication.service.d.ts +5 -14
package/authentication/server/authentication.service.js +6 -4
package/core.d.ts +0 -5
package/core.js +0 -8
package/document-management/api/document-management.api.d.ts +2 -2
package/document-management/service-models/document.service-model.d.ts +1 -1
package/examples/config.d.ts +25 -0
package/examples/config.js +26 -0
package/notification/server/module.d.ts +1 -1
package/notification/server/module.js +1 -1
package/package.json +5 -5
package/signals/api.d.ts +5 -1
package/signals/api.js +3 -1
package/signals/implementation/api.d.ts +13 -5
package/signals/implementation/api.js +7 -1
package/signals/implementation/asserts.d.ts +2 -2
package/signals/implementation/asserts.js +3 -3
package/signals/implementation/computed.d.ts +7 -34
package/signals/implementation/computed.js +14 -83
package/signals/implementation/configure.js +6 -2
package/signals/implementation/effect.d.ts +65 -46
package/signals/implementation/effect.js +97 -62
package/signals/implementation/index.d.ts +2 -4
package/signals/implementation/index.js +2 -4
package/signals/implementation/linked_signal.d.ts +36 -0
package/signals/implementation/linked_signal.js +34 -0
package/signals/implementation/primitive/computed.d.ts +55 -0
package/signals/implementation/primitive/computed.js +107 -0
package/signals/implementation/primitive/effect.d.ts +26 -0
package/signals/implementation/primitive/effect.js +31 -0
package/signals/implementation/{equality.d.ts → primitive/equality.d.ts} +1 -1
package/signals/implementation/{equality.js → primitive/equality.js} +1 -1
package/signals/implementation/primitive/errors.d.ts +10 -0
package/signals/implementation/{errors.js → primitive/errors.js} +3 -4
package/signals/implementation/primitive/formatter.d.ts +19 -0
package/signals/implementation/primitive/formatter.js +136 -0
package/signals/implementation/{graph.d.ts → primitive/graph.d.ts} +68 -36
package/signals/implementation/primitive/graph.js +386 -0
package/signals/implementation/primitive/linked_signal.d.ts +46 -0
package/signals/implementation/primitive/linked_signal.js +110 -0
package/signals/implementation/primitive/signal.d.ts +31 -0
package/signals/implementation/primitive/signal.js +80 -0
package/signals/implementation/primitive/untracked.d.ts +12 -0
package/signals/implementation/primitive/untracked.js +23 -0
package/signals/implementation/{watch.d.ts → primitive/watch.d.ts} +1 -2
package/signals/implementation/{watch.js → primitive/watch.js} +22 -16
package/signals/implementation/resource/api.d.ts +275 -0
package/signals/implementation/resource/api.js +26 -0
package/signals/implementation/resource/debounce.d.ts +13 -0
package/signals/implementation/resource/debounce.js +113 -0
package/signals/implementation/resource/from_snapshots.d.ts +16 -0
package/signals/implementation/resource/from_snapshots.js +44 -0
package/signals/implementation/resource/index.d.ts +11 -0
package/signals/implementation/resource/index.js +11 -0
package/signals/implementation/resource/resource.d.ts +110 -0
package/signals/implementation/resource/resource.js +402 -0
package/signals/implementation/root_effect_scheduler.d.ts +50 -0
package/signals/implementation/root_effect_scheduler.js +66 -0
package/signals/implementation/signal.d.ts +42 -18
package/signals/implementation/signal.js +29 -49
package/signals/implementation/to-observable.d.ts +12 -5
package/signals/implementation/to-observable.js +12 -2
package/signals/implementation/to-signal.d.ts +9 -18
package/signals/implementation/to-signal.js +46 -13
package/signals/implementation/untracked.d.ts +1 -1
package/signals/implementation/untracked.js +3 -11
package/signals/operators/debounce.d.ts +8 -0
package/signals/operators/debounce.js +19 -0
package/signals/operators/derive-async.js +43 -15
package/signals/operators/index.d.ts +2 -0
package/signals/operators/index.js +2 -0
package/signals/operators/throttle.d.ts +8 -0
package/signals/operators/throttle.js +31 -0
package/ai/genkit/tests/multi-region.test.d.ts +0 -2
package/ai/genkit/tests/multi-region.test.js +0 -179
package/ai/genkit/tests/token-limit-fallback.test.d.ts +0 -2
package/ai/genkit/tests/token-limit-fallback.test.js +0 -209
package/ai/prompts/tests/prompt-builder.test.d.ts +0 -1
package/ai/prompts/tests/prompt-builder.test.js +0 -22
package/ai/tests/instructions-formatter.test.d.ts +0 -1
package/ai/tests/instructions-formatter.test.js +0 -116
package/ai/tests/steering.test.d.ts +0 -1
package/ai/tests/steering.test.js +0 -37
package/api/client/tests/api-client.test.d.ts +0 -1
package/api/client/tests/api-client.test.js +0 -194
package/api/server/tests/csrf.middleware.test.d.ts +0 -1
package/api/server/tests/csrf.middleware.test.js +0 -91
package/authentication/tests/authentication-password-requirements.validator.test.d.ts +0 -1
package/authentication/tests/authentication-password-requirements.validator.test.js +0 -29
package/authentication/tests/authentication.api-controller.test.d.ts +0 -1
package/authentication/tests/authentication.api-controller.test.js +0 -156
package/authentication/tests/authentication.api-request-token.provider.test.d.ts +0 -1
package/authentication/tests/authentication.api-request-token.provider.test.js +0 -48
package/authentication/tests/authentication.client-error-handling.test.d.ts +0 -1
package/authentication/tests/authentication.client-error-handling.test.js +0 -123
package/authentication/tests/authentication.client-middleware.test.d.ts +0 -1
package/authentication/tests/authentication.client-middleware.test.js +0 -118
package/authentication/tests/authentication.client-service-methods.test.d.ts +0 -1
package/authentication/tests/authentication.client-service-methods.test.js +0 -177
package/authentication/tests/authentication.client-service-refresh.test.d.ts +0 -1
package/authentication/tests/authentication.client-service-refresh.test.js +0 -153
package/authentication/tests/authentication.client-service.test.d.ts +0 -1
package/authentication/tests/authentication.client-service.test.js +0 -76
package/authentication/tests/authentication.refresh-busy-loop.test.d.ts +0 -1
package/authentication/tests/authentication.refresh-busy-loop.test.js +0 -84
package/authentication/tests/authentication.service.test.d.ts +0 -1
package/authentication/tests/authentication.service.test.js +0 -167
package/authentication/tests/authentication.test-ancillary-service.d.ts +0 -9
package/authentication/tests/authentication.test-ancillary-service.js +0 -27
package/authentication/tests/brute-force-protection.test.d.ts +0 -1
package/authentication/tests/brute-force-protection.test.js +0 -211
package/authentication/tests/helper.test.d.ts +0 -1
package/authentication/tests/helper.test.js +0 -122
package/authentication/tests/password-requirements.error.test.d.ts +0 -1
package/authentication/tests/password-requirements.error.test.js +0 -14
package/authentication/tests/remember.api.test.d.ts +0 -1
package/authentication/tests/remember.api.test.js +0 -117
package/authentication/tests/remember.service.test.d.ts +0 -1
package/authentication/tests/remember.service.test.js +0 -83
package/authentication/tests/subject.service.test.d.ts +0 -1
package/authentication/tests/subject.service.test.js +0 -140
package/authentication/tests/suspended-subject.test.d.ts +0 -1
package/authentication/tests/suspended-subject.test.js +0 -120
package/authentication/tests/totp.enrollment.test.d.ts +0 -1
package/authentication/tests/totp.enrollment.test.js +0 -123
package/authentication/tests/totp.login.test.d.ts +0 -1
package/authentication/tests/totp.login.test.js +0 -213
package/authentication/tests/totp.recovery-codes.test.d.ts +0 -1
package/authentication/tests/totp.recovery-codes.test.js +0 -97
package/authentication/tests/totp.status.test.d.ts +0 -1
package/authentication/tests/totp.status.test.js +0 -72
package/cancellation/tests/coverage.test.d.ts +0 -1
package/cancellation/tests/coverage.test.js +0 -49
package/cancellation/tests/leak.test.d.ts +0 -1
package/cancellation/tests/leak.test.js +0 -35
package/cancellation/tests/token.test.d.ts +0 -1
package/cancellation/tests/token.test.js +0 -136
package/circuit-breaker/tests/circuit-breaker.test.d.ts +0 -1
package/circuit-breaker/tests/circuit-breaker.test.js +0 -116
package/cryptography/tests/cryptography.test.d.ts +0 -1
package/cryptography/tests/cryptography.test.js +0 -175
package/cryptography/tests/jwt.test.d.ts +0 -1
package/cryptography/tests/jwt.test.js +0 -54
package/cryptography/tests/modern.test.d.ts +0 -1
package/cryptography/tests/modern.test.js +0 -105
package/cryptography/tests/module.test.d.ts +0 -1
package/cryptography/tests/module.test.js +0 -100
package/cryptography/tests/totp.test.d.ts +0 -1
package/cryptography/tests/totp.test.js +0 -108
package/document-management/tests/ai-config-hierarchy.test.d.ts +0 -1
package/document-management/tests/ai-config-hierarchy.test.js +0 -59
package/document-management/tests/ai-config-integration.test.d.ts +0 -1
package/document-management/tests/ai-config-integration.test.js +0 -125
package/document-management/tests/ai-config-merge.test.d.ts +0 -1
package/document-management/tests/ai-config-merge.test.js +0 -46
package/document-management/tests/document-management-ai-overrides.test.d.ts +0 -1
package/document-management/tests/document-management-ai-overrides.test.js +0 -63
package/document-management/tests/document-management-core.test.d.ts +0 -1
package/document-management/tests/document-management-core.test.js +0 -157
package/document-management/tests/document-management.api.test.d.ts +0 -1
package/document-management/tests/document-management.api.test.js +0 -101
package/document-management/tests/document-statistics.service.test.d.ts +0 -1
package/document-management/tests/document-statistics.service.test.js +0 -498
package/document-management/tests/document-validation-ai-overrides.test.d.ts +0 -1
package/document-management/tests/document-validation-ai-overrides.test.js +0 -87
package/document-management/tests/document.service.test.d.ts +0 -1
package/document-management/tests/document.service.test.js +0 -143
package/document-management/tests/enum-helpers.test.d.ts +0 -1
package/document-management/tests/enum-helpers.test.js +0 -452
package/document-management/tests/helper.d.ts +0 -24
package/document-management/tests/helper.js +0 -39
package/errors/tests/format.test.d.ts +0 -1
package/errors/tests/format.test.js +0 -84
package/http/tests/server-timing.test.d.ts +0 -1
package/http/tests/server-timing.test.js +0 -42
package/injector/tests/advanced.test.d.ts +0 -1
package/injector/tests/advanced.test.js +0 -116
package/injector/tests/async-init.test.d.ts +0 -1
package/injector/tests/async-init.test.js +0 -77
package/injector/tests/basic.test.d.ts +0 -1
package/injector/tests/basic.test.js +0 -114
package/injector/tests/hierarchical.test.d.ts +0 -1
package/injector/tests/hierarchical.test.js +0 -59
package/injector/tests/leak.test.d.ts +0 -1
package/injector/tests/leak.test.js +0 -45
package/injector/tests/lifecycles.test.d.ts +0 -1
package/injector/tests/lifecycles.test.js +0 -109
package/logger/tests/pretty-print.test.d.ts +0 -1
package/logger/tests/pretty-print.test.js +0 -60
package/notification/tests/notification-api.test.d.ts +0 -1
package/notification/tests/notification-api.test.js +0 -124
package/notification/tests/notification-client.test.d.ts +0 -1
package/notification/tests/notification-client.test.js +0 -101
package/notification/tests/notification-flow.test.d.ts +0 -1
package/notification/tests/notification-flow.test.js +0 -296
package/notification/tests/notification-sse.service.test.d.ts +0 -1
package/notification/tests/notification-sse.service.test.js +0 -43
package/notification/tests/notification-type.service.test.d.ts +0 -1
package/notification/tests/notification-type.service.test.js +0 -41
package/object-storage/s3/tests/s3.object-storage.integration.test.d.ts +0 -1
package/object-storage/s3/tests/s3.object-storage.integration.test.js +0 -303
package/orm/tests/build-jsonb.test.d.ts +0 -1
package/orm/tests/build-jsonb.test.js +0 -39
package/orm/tests/data-types.test.d.ts +0 -1
package/orm/tests/data-types.test.js +0 -39
package/orm/tests/database-extension.test.d.ts +0 -1
package/orm/tests/database-extension.test.js +0 -63
package/orm/tests/database-migration.test.d.ts +0 -1
package/orm/tests/database-migration.test.js +0 -83
package/orm/tests/decorators.test.d.ts +0 -1
package/orm/tests/decorators.test.js +0 -77
package/orm/tests/encryption.test.d.ts +0 -1
package/orm/tests/encryption.test.js +0 -31
package/orm/tests/query-complex.test.d.ts +0 -1
package/orm/tests/query-complex.test.js +0 -172
package/orm/tests/query-converter-complex.test.d.ts +0 -1
package/orm/tests/query-converter-complex.test.js +0 -131
package/orm/tests/query-converter.test.d.ts +0 -1
package/orm/tests/query-converter.test.js +0 -123
package/orm/tests/repository-advanced.test.d.ts +0 -1
package/orm/tests/repository-advanced.test.js +0 -189
package/orm/tests/repository-attributes.test.d.ts +0 -1
package/orm/tests/repository-attributes.test.js +0 -83
package/orm/tests/repository-compound-primary-key.test.d.ts +0 -2
package/orm/tests/repository-compound-primary-key.test.js +0 -226
package/orm/tests/repository-comprehensive.test.d.ts +0 -1
package/orm/tests/repository-comprehensive.test.js +0 -162
package/orm/tests/repository-coverage.test.d.ts +0 -2
package/orm/tests/repository-coverage.test.js +0 -242
package/orm/tests/repository-cti-complex.test.d.ts +0 -1
package/orm/tests/repository-cti-complex.test.js +0 -151
package/orm/tests/repository-cti-embedded.test.d.ts +0 -1
package/orm/tests/repository-cti-embedded.test.js +0 -178
package/orm/tests/repository-cti-extensive.test.d.ts +0 -2
package/orm/tests/repository-cti-extensive.test.js +0 -279
package/orm/tests/repository-cti-mapping.test.d.ts +0 -2
package/orm/tests/repository-cti-mapping.test.js +0 -108
package/orm/tests/repository-cti-search.test.d.ts +0 -1
package/orm/tests/repository-cti-search.test.js +0 -141
package/orm/tests/repository-cti-soft-delete.test.d.ts +0 -2
package/orm/tests/repository-cti-soft-delete.test.js +0 -103
package/orm/tests/repository-cti-transactions.test.d.ts +0 -1
package/orm/tests/repository-cti-transactions.test.js +0 -112
package/orm/tests/repository-cti-upsert-many.test.d.ts +0 -2
package/orm/tests/repository-cti-upsert-many.test.js +0 -115
package/orm/tests/repository-cti.test.d.ts +0 -2
package/orm/tests/repository-cti.test.js +0 -390
package/orm/tests/repository-edge-cases.test.d.ts +0 -1
package/orm/tests/repository-edge-cases.test.js +0 -178
package/orm/tests/repository-expiration.test.d.ts +0 -2
package/orm/tests/repository-expiration.test.js +0 -140
package/orm/tests/repository-extra-coverage.test.d.ts +0 -2
package/orm/tests/repository-extra-coverage.test.js +0 -402
package/orm/tests/repository-mapping.test.d.ts +0 -2
package/orm/tests/repository-mapping.test.js +0 -65
package/orm/tests/repository-regression.test.d.ts +0 -1
package/orm/tests/repository-regression.test.js +0 -288
package/orm/tests/repository-search-coverage.test.d.ts +0 -1
package/orm/tests/repository-search-coverage.test.js +0 -107
package/orm/tests/repository-search.test.d.ts +0 -1
package/orm/tests/repository-search.test.js +0 -105
package/orm/tests/repository-soft-delete.test.d.ts +0 -1
package/orm/tests/repository-soft-delete.test.js +0 -118
package/orm/tests/repository-transactions-nested.test.d.ts +0 -1
package/orm/tests/repository-transactions-nested.test.js +0 -178
package/orm/tests/repository-types.test.d.ts +0 -1
package/orm/tests/repository-types.test.js +0 -184
package/orm/tests/repository-undelete.test.d.ts +0 -2
package/orm/tests/repository-undelete.test.js +0 -201
package/orm/tests/schema-converter.test.d.ts +0 -1
package/orm/tests/schema-converter.test.js +0 -82
package/orm/tests/schema-generation.test.d.ts +0 -2
package/orm/tests/schema-generation.test.js +0 -174
package/orm/tests/sql-helpers.test.d.ts +0 -1
package/orm/tests/sql-helpers.test.js +0 -67
package/orm/tests/transaction-safety.test.d.ts +0 -1
package/orm/tests/transaction-safety.test.js +0 -81
package/orm/tests/transactional.test.d.ts +0 -1
package/orm/tests/transactional.test.js +0 -215
package/orm/tests/utils.test.d.ts +0 -1
package/orm/tests/utils.test.js +0 -70
package/pdf/tests/utils.test.d.ts +0 -1
package/pdf/tests/utils.test.js +0 -187
package/process/tests/spawn.test.d.ts +0 -1
package/process/tests/spawn.test.js +0 -182
package/rate-limit/tests/postgres-rate-limiter.test.d.ts +0 -1
package/rate-limit/tests/postgres-rate-limiter.test.js +0 -84
package/renderer/tests/renderer.test.d.ts +0 -1
package/renderer/tests/renderer.test.js +0 -88
package/rpc/tests/rpc.integration.test.d.ts +0 -1
package/rpc/tests/rpc.integration.test.js +0 -615
package/signals/implementation/errors.d.ts +0 -2
package/signals/implementation/graph.js +0 -312
package/signals/implementation/writable-signal.d.ts +0 -48
package/signals/implementation/writable-signal.js +0 -32
package/task-queue/tests/coverage-branch.test.d.ts +0 -1
package/task-queue/tests/coverage-branch.test.js +0 -395
package/task-queue/tests/coverage-enhancement.test.d.ts +0 -1
package/task-queue/tests/coverage-enhancement.test.js +0 -150
package/task-queue/tests/dag.test.d.ts +0 -1
package/task-queue/tests/dag.test.js +0 -188
package/task-queue/tests/dependencies.test.d.ts +0 -1
package/task-queue/tests/dependencies.test.js +0 -296
package/task-queue/tests/enqueue-batch.test.d.ts +0 -1
package/task-queue/tests/enqueue-batch.test.js +0 -125
package/task-queue/tests/enqueue-item.test.d.ts +0 -1
package/task-queue/tests/enqueue-item.test.js +0 -12
package/task-queue/tests/fan-out-spawning.test.d.ts +0 -1
package/task-queue/tests/fan-out-spawning.test.js +0 -94
package/task-queue/tests/idempotent-replacement.test.d.ts +0 -1
package/task-queue/tests/idempotent-replacement.test.js +0 -114
package/task-queue/tests/missing-idempotent-tasks.test.d.ts +0 -1
package/task-queue/tests/missing-idempotent-tasks.test.js +0 -39
package/task-queue/tests/optimization-edge-cases.test.d.ts +0 -1
package/task-queue/tests/optimization-edge-cases.test.js +0 -124
package/task-queue/tests/queue-generic.test.d.ts +0 -1
package/task-queue/tests/queue-generic.test.js +0 -8
package/task-queue/tests/queue.test.d.ts +0 -1
package/task-queue/tests/queue.test.js +0 -756
package/task-queue/tests/shutdown.test.d.ts +0 -1
package/task-queue/tests/shutdown.test.js +0 -41
package/task-queue/tests/task-context.test.d.ts +0 -1
package/task-queue/tests/task-context.test.js +0 -7
package/task-queue/tests/task-union.test.d.ts +0 -1
package/task-queue/tests/task-union.test.js +0 -18
package/task-queue/tests/transactions.test.d.ts +0 -1
package/task-queue/tests/transactions.test.js +0 -47
package/task-queue/tests/typing.test.d.ts +0 -1
package/task-queue/tests/typing.test.js +0 -9
package/task-queue/tests/worker.test.d.ts +0 -1
package/task-queue/tests/worker.test.js +0 -258
package/task-queue/tests/zombie-parent.test.d.ts +0 -1
package/task-queue/tests/zombie-parent.test.js +0 -45
package/task-queue/tests/zombie-recovery.test.d.ts +0 -1
package/task-queue/tests/zombie-recovery.test.js +0 -51
package/utils/tests/backoff.test.d.ts +0 -1
package/utils/tests/backoff.test.js +0 -41
package/utils/tests/retry-with-backoff.test.d.ts +0 -1
package/utils/tests/retry-with-backoff.test.js +0 -49

package/api/server/tests/csrf.middleware.test.js DELETED Viewed

@@ -1,91 +0,0 @@
-import { ForbiddenError } from '../../../errors/index.js';
-import { HttpHeaders } from '../../../http/http-headers.js';
-import { HttpServerResponse } from '../../../http/server/index.js';
-import { toArray } from '../../../utils/array/array.js';
-import { describe, expect, it, vi } from 'vitest';
-import { csrfMiddleware } from '../middlewares/csrf.middleware.js';
-describe('csrfMiddleware', () => {
-    const middleware = csrfMiddleware();
-    it('should allow safe methods (GET, HEAD, OPTIONS, TRACE)', async () => {
-        const safeMethods = ['GET', 'HEAD', 'OPTIONS', 'TRACE'];
-        for (const method of safeMethods) {
-            const context = {
-                request: { method, headers: new HttpHeaders() },
-                response: new HttpServerResponse(),
-            };
-            const next = vi.fn();
-            await middleware(context, next);
-            expect(next).toHaveBeenCalled();
-        }
-    });
-    it('should allow mutating methods (POST, PUT, DELETE, PATCH) without headers (non-browser client)', async () => {
-        const mutatingMethods = ['POST', 'PUT', 'DELETE', 'PATCH'];
-        for (const method of mutatingMethods) {
-            const context = {
-                request: { method, headers: new HttpHeaders() },
-                response: new HttpServerResponse(),
-            };
-            const next = vi.fn();
-            await middleware(context, next);
-            expect(next).toHaveBeenCalled();
-        }
-    });
-    it('should allow same-origin requests via Sec-Fetch-Site', async () => {
-        const headers = new HttpHeaders();
-        headers.set('Sec-Fetch-Site', 'same-origin');
-        const context = {
-            request: { method: 'POST', headers },
-            response: new HttpServerResponse(),
-        };
-        const next = vi.fn();
-        await middleware(context, next);
-        expect(next).toHaveBeenCalled();
-    });
-    it('should allow user-initiated requests via Sec-Fetch-Site (none) when enabled', async () => {
-        const middlewareWithNone = csrfMiddleware({ allowFetchSiteNone: true });
-        const headers = new HttpHeaders();
-        headers.set('Sec-Fetch-Site', 'none');
-        const context = {
-            request: { method: 'POST', headers },
-            response: new HttpServerResponse(),
-        };
-        const next = vi.fn();
-        await middlewareWithNone(context, next);
-        expect(next).toHaveBeenCalled();
-    });
-    it('should reject cross-site requests via Sec-Fetch-Site', async () => {
-        const headers = new HttpHeaders();
-        headers.set('Sec-Fetch-Site', 'cross-site');
-        const context = {
-            request: { method: 'POST', headers },
-            response: new HttpServerResponse(),
-        };
-        const next = vi.fn();
-        await expect(middleware(context, next)).rejects.toThrow(ForbiddenError);
-        expect(next).not.toHaveBeenCalled();
-    });
-    it('should allow same-origin requests via Origin fallback', async () => {
-        const headers = new HttpHeaders();
-        headers.set('Origin', 'http://localhost:8080');
-        headers.set('Host', 'localhost:8080');
-        const context = {
-            request: { method: 'POST', headers },
-            response: new HttpServerResponse(),
-        };
-        const next = vi.fn();
-        await middleware(context, next);
-        expect(next).toHaveBeenCalled();
-    });
-    it('should include Vary: Sec-Fetch-Site, Origin for mutating methods', async () => {
-        const context = {
-            request: { method: 'POST', headers: new HttpHeaders() },
-            response: new HttpServerResponse(),
-        };
-        const next = vi.fn();
-        await middleware(context, next);
-        const vary = context.response.headers.tryGet('Vary');
-        const varyArray = toArray(vary).flatMap((v) => v.split(',').map((s) => s.trim()));
-        expect(varyArray).toContain('Sec-Fetch-Site');
-        expect(varyArray).toContain('Origin');
-    });
-});

package/authentication/tests/authentication-password-requirements.validator.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/authentication/tests/authentication-password-requirements.validator.test.js DELETED Viewed

@@ -1,29 +0,0 @@
-import { describe, expect, it } from 'vitest';
-import { PasswordRequirementsError } from '../errors/password-requirements.error.js';
-import { DefaultAuthenticationPasswordRequirementsValidator } from '../server/authentication-password-requirements.validator.js';
-describe('DefaultAuthenticationPasswordRequirementsValidator', () => {
-    const validator = new DefaultAuthenticationPasswordRequirementsValidator();
-    it('should return success when password is strong and not pwned', async () => {
-        // A very long random string is unlikely to be pwned and will be strong
-        const result = await validator.testPasswordRequirements('Very-Strong-And-Long-Password-2026!@#$%^&*()');
-        expect(result.success).toBe(true);
-    });
-    it('should return failure when password is pwned', async () => {
-        // "password" is definitely pwned
-        const result = await validator.testPasswordRequirements('password');
-        expect(result.success).toBe(false);
-        expect(result.reason).toContain('exposed in data breach');
-    });
-    it('should return failure when password is too weak', async () => {
-        // "abc" is too weak (and likely pwned)
-        const result = await validator.testPasswordRequirements('abc');
-        expect(result.success).toBe(false);
-        expect(result.reason).toBeDefined();
-    });
-    it('should throw PasswordRequirementsError on validation failure', async () => {
-        await expect(validator.validatePasswordRequirements('abc')).rejects.toThrow(PasswordRequirementsError);
-    });
-    it('should not throw on validation success', async () => {
-        await expect(validator.validatePasswordRequirements('Very-Strong-And-Long-Password-2026!@#$%^&*()')).resolves.not.toThrow();
-    });
-});

package/authentication/tests/authentication.api-controller.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/authentication/tests/authentication.api-controller.test.js DELETED Viewed

@@ -1,156 +0,0 @@
-import { afterAll, beforeAll, beforeEach, describe, expect, test, vi } from 'vitest';
-import { Auditor } from '../../audit/index.js';
-import { AuthenticationClientService } from '../../authentication/client/index.js';
-import { AuthenticationAncillaryService, AuthenticationService as AuthenticationServerService } from '../../authentication/server/index.js';
-import { HttpClientOptions } from '../../http/client/index.js';
-import { HttpServer } from '../../http/server/index.js';
-import { runInInjectionContext } from '../../injector/index.js';
-import { clearTenantData, setupIntegrationTest } from '../../testing/index.js';
-import { currentTimestampSeconds } from '../../utils/date-time.js';
-import { SubjectService } from '../server/subject.service.js';
-import { DefaultAuthenticationAncillaryService } from './authentication.test-ancillary-service.js';
-describe('AuthenticationApiController Integration', () => {
-    let injector;
-    let database;
-    let service;
-    let serverService;
-    let subjectService;
-    let server;
-    const schema = 'authentication';
-    const tenantId = crypto.randomUUID();
-    beforeAll(async () => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        ({ injector, database } = await setupIntegrationTest({
-            modules: { authentication: true, audit: true, keyValueStore: true, signals: true, api: true, webServer: true },
-            authentication: {
-                ancillaryService: DefaultAuthenticationAncillaryService,
-            },
-        }));
-        await runInInjectionContext(injector, async () => {
-            server = injector.resolve(HttpServer);
-            const httpClientOptions = injector.resolve(HttpClientOptions);
-            httpClientOptions.baseUrl = `http://localhost:${server.port}`;
-            serverService = await injector.resolveAsync(AuthenticationServerService);
-            subjectService = await injector.resolveAsync(SubjectService);
-            service = await injector.resolveAsync(AuthenticationClientService);
-            service.initialize();
-        });
-    });
-    afterAll(async () => {
-        await server?.close(1000);
-        await injector?.dispose();
-    });
-    beforeEach(async () => {
-        globalThis.localStorage?.clear();
-        await clearTenantData(database, schema, ['used_totp_tokens', 'totp_recovery_code', 'totp', 'password', 'session', 'user', 'service_account', 'system_account', 'subject'], tenantId);
-    });
-    test('login should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'api-login@example.com', firstName: 'A', lastName: 'L' });
-            await serverService.setPassword(user, 'Strong-Password-2026!');
-            await service.login({ tenantId, subject: user.id }, 'Strong-Password-2026!');
-            expect(service.isLoggedIn()).toBe(true);
-            expect(service.subjectId()).toBe(user.id);
-        });
-    });
-    test('login should work even if an expired token is present in the Authorization header', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'expired-token-login@example.com', firstName: 'E', lastName: 'L' });
-            await serverService.setPassword(user, 'Strong-Password-2026!');
-            // Create an expired token
-            const now = currentTimestampSeconds();
-            const expiredTokenResult = await serverService.createToken({
-                subject: user,
-                sessionId: crypto.randomUUID(),
-                impersonator: undefined,
-                additionalTokenPayload: {},
-                refreshTokenExpiration: now - 3600,
-                expiration: now - 3600, // Expired 1 hour ago
-                issuedAt: now - 7200,
-                timestamp: (now - 7200) * 1000,
-            });
-            // Inject the expired token into the client service
-            service.updateRawTokens(`Bearer ${expiredTokenResult.token}`);
-            // Now try to login
-            await service.login({ tenantId, subject: user.id }, 'Strong-Password-2026!');
-            expect(service.isLoggedIn()).toBe(true);
-            expect(service.subjectId()).toBe(user.id);
-        });
-    });
-    test('checkPassword should work via API client', async () => {
-        const result = await service.checkPassword('abc');
-        expect(result.strength).toBeLessThan(2);
-    });
-    test('refresh should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'api-refresh@example.com', firstName: 'A', lastName: 'L' });
-            await serverService.setPassword(user, 'Strong-Password-2026!');
-            await service.login({ tenantId, subject: user.id }, 'Strong-Password-2026!');
-            const initialToken = service.token()?.jti;
-            await service.refresh();
-            expect(service.token()?.jti).not.toBe(initialToken);
-        });
-    });
-    test('impersonation should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const admin = await subjectService.createUser({ tenantId, email: 'api-admin@example.com', firstName: 'A', lastName: 'D' });
-            const user = await subjectService.createUser({ tenantId, email: 'api-user@example.com', firstName: 'U', lastName: 'S' });
-            await serverService.setPassword(admin, 'Admin-Pass-123!');
-            expect(await subjectService.exists(tenantId, admin.id)).toBe(true);
-            expect(await subjectService.exists(tenantId, user.id)).toBe(true);
-            await service.login({ tenantId, subject: admin.id }, 'Admin-Pass-123!');
-            await service.impersonate(user.id);
-            expect(service.subjectId()).toBe(user.id);
-            expect(service.token()?.impersonator).toBe(admin.id);
-            await service.unimpersonate();
-            expect(service.subjectId()).toBe(admin.id);
-        });
-    });
-    test('password reset should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'api-reset@example.com', firstName: 'A', lastName: 'L' });
-            const ancillaryService = await injector.resolveAsync(AuthenticationAncillaryService);
-            await service.initPasswordReset({ tenantId, subject: user.id }, undefined);
-            await vi.waitFor(() => expect(ancillaryService.lastResetData).toBeDefined(), { timeout: 5000, interval: 50 });
-            await service.resetPassword(ancillaryService.lastResetData.token, 'New-API-Pass-123!');
-            await service.login({ tenantId, subject: user.id }, 'New-API-Pass-123!');
-            expect(service.isLoggedIn()).toBe(true);
-        });
-    });
-    test('listSessions and invalidateAllOtherSessions should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'api-sessions@example.com', firstName: 'S', lastName: 'E' });
-            await serverService.setPassword(user, 'Strong-Password-2026!');
-            // Create two sessions
-            const auditor = injector.resolve(Auditor);
-            await serverService.login({ tenantId, subject: user.id }, 'Strong-Password-2026!', undefined, auditor);
-            await service.login({ tenantId, subject: user.id }, 'Strong-Password-2026!');
-            const sessions = await service.listSessions();
-            expect(sessions.length).toBe(2);
-            expect(sessions[0]).toHaveProperty('id');
-            expect(sessions[0]).toHaveProperty('begin');
-            expect(sessions[0]).toHaveProperty('end');
-            await service.invalidateAllOtherSessions();
-            const updatedSessions = await service.listSessions();
-            // Only the current session should remain
-            expect(updatedSessions.length).toBe(1);
-            expect(updatedSessions[0].id).toBe(service.sessionId());
-        });
-    });
-    test('changePassword should work via API client', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'api-change-secret@example.com', firstName: 'C', lastName: 'S' });
-            await serverService.setPassword(user, 'Old-Strong-Password-2026!');
-            await service.login({ tenantId, subject: user.id }, 'Old-Strong-Password-2026!');
-            await service.changePassword('Old-Strong-Password-2026!', 'New-Strong-Password-2026!');
-            const authResult = await serverService.authenticateWithPassword({ tenantId, subject: user.id }, 'New-Strong-Password-2026!');
-            expect(authResult.success).toBe(true);
-        });
-    });
-});

package/authentication/tests/authentication.api-request-token.provider.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/authentication/tests/authentication.api-request-token.provider.test.js DELETED Viewed

@@ -1,48 +0,0 @@
-import { afterAll, beforeAll, describe, expect, test } from 'vitest';
-import { AuthenticationApiRequestTokenProvider } from '../../authentication/server/authentication-api-request-token.provider.js';
-import { AuthenticationService } from '../../authentication/server/index.js';
-import { runInInjectionContext } from '../../injector/index.js';
-import { setupIntegrationTest } from '../../testing/index.js';
-import { SubjectService } from '../server/subject.service.js';
-describe('AuthenticationApiRequestTokenProvider', () => {
-    let injector;
-    let authenticationService;
-    let subjectService;
-    let tokenProvider;
-    const tenantId = crypto.randomUUID();
-    beforeAll(async () => {
-        ({ injector } = await setupIntegrationTest({ modules: { authentication: true, signals: true } }));
-        authenticationService = await injector.resolveAsync(AuthenticationService);
-        subjectService = await injector.resolveAsync(SubjectService);
-        tokenProvider = injector.resolve(AuthenticationApiRequestTokenProvider);
-    });
-    afterAll(async () => {
-        await injector?.dispose();
-    });
-    test('should extract and validate token', async () => {
-        await runInInjectionContext(injector, async () => {
-            const user = await subjectService.createUser({ tenantId, email: 'provider-test@example.com', firstName: 'P', lastName: 'T' });
-            const tokenResult = await authenticationService.getToken(user, undefined);
-            const request = {
-                headers: {
-                    tryGet: (name) => name == 'Authorization' ? `Bearer ${tokenResult.token}` : undefined,
-                },
-                cookies: {
-                    tryGet: () => undefined,
-                },
-            };
-            const data = { request };
-            const token = await tokenProvider.tryGetToken(data);
-            expect(token.payload.subject).toBe(user.id);
-        });
-    });
-    test('should return null if no token', async () => {
-        const request = {
-            headers: { tryGet: () => undefined },
-            cookies: { tryGet: () => undefined },
-        };
-        const data = { request };
-        const token = await tokenProvider.tryGetToken(data);
-        expect(token).toBeNull();
-    });
-});

package/authentication/tests/authentication.client-error-handling.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/authentication/tests/authentication.client-error-handling.test.js DELETED Viewed

@@ -1,123 +0,0 @@
-import { Subject } from 'rxjs';
-import { afterEach, beforeEach, describe, expect, test, vi } from 'vitest';
-import { AuthenticationClientService } from '../../authentication/client/authentication.service.js';
-import { AUTHENTICATION_API_CLIENT } from '../../authentication/client/tokens.js';
-import { CancellationSignal, CancellationToken } from '../../cancellation/token.js';
-import { BadRequestError } from '../../errors/bad-request.error.js';
-import { ForbiddenError } from '../../errors/forbidden.error.js';
-import { InvalidTokenError } from '../../errors/invalid-token.error.js';
-import { NotFoundError } from '../../errors/not-found.error.js';
-import { NotSupportedError } from '../../errors/not-supported.error.js';
-import { UnauthorizedError } from '../../errors/unauthorized.error.js';
-import { Injector } from '../../injector/index.js';
-import { Lock } from '../../lock/index.js';
-import { Logger } from '../../logger/index.js';
-import { MessageBus } from '../../message-bus/index.js';
-import { configureDefaultSignalsImplementation } from '../../signals/implementation/configure.js';
-import { currentTimestampSeconds } from '../../utils/date-time.js';
-import { timeout } from '../../utils/timing.js';
-describe('AuthenticationClientService Error Handling & Stuck States', () => {
-    let injector;
-    let service;
-    let mockApiClient;
-    let mockLock;
-    let mockMessageBus;
-    let mockLogger;
-    let disposeToken;
-    beforeEach(() => {
-        const storage = new Map();
-        globalThis.localStorage = {
-            getItem: vi.fn((key) => storage.get(key) ?? null),
-            setItem: vi.fn((key, value) => storage.set(key, value)),
-            removeItem: vi.fn((key) => storage.delete(key)),
-            clear: vi.fn(() => storage.clear()),
-        };
-        configureDefaultSignalsImplementation();
-        injector = new Injector('Test');
-        mockApiClient = {
-            login: vi.fn(),
-            refresh: vi.fn(),
-            timestamp: vi.fn().mockResolvedValue(currentTimestampSeconds()),
-            endSession: vi.fn().mockResolvedValue(undefined),
-        };
-        mockLock = {
-            tryUse: vi.fn(async (_timeout, callback) => {
-                const result = await callback({ lost: false });
-                return { success: true, result };
-            }),
-            use: vi.fn(async (_timeout, callback) => {
-                return await callback({ lost: false });
-            }),
-        };
-        mockMessageBus = {
-            publishAndForget: vi.fn(),
-            messages$: new Subject(),
-            dispose: vi.fn(),
-            allMessages$: new Subject(),
-        };
-        mockLogger = {
-            error: vi.fn(),
-            warn: vi.fn(),
-            info: vi.fn(),
-            debug: vi.fn(),
-        };
-        injector.register(AUTHENTICATION_API_CLIENT, { useValue: mockApiClient });
-        injector.register(Lock, { useValue: mockLock });
-        injector.register(MessageBus, { useValue: mockMessageBus });
-        injector.register(Logger, { useValue: mockLogger });
-        disposeToken = new CancellationToken();
-        injector.register(CancellationSignal, { useValue: disposeToken.signal });
-    });
-    afterEach(async () => {
-        disposeToken.set();
-        await injector.dispose();
-    });
-    function setupServiceWithToken(iatOffset = -10, expOffset = 5) {
-        const now = currentTimestampSeconds();
-        const initialToken = { iat: now + iatOffset, exp: now + expOffset, jti: 'initial' };
-        globalThis.localStorage.setItem('AuthenticationService:token', JSON.stringify(initialToken));
-        service = injector.resolve(AuthenticationClientService);
-    }
-    test('Corrupt Storage: should handle invalid JSON in storage gracefully', async () => {
-        // initialize with corrupt token
-        globalThis.localStorage.setItem('AuthenticationService:token', '{ invalid-json');
-        service = injector.resolve(AuthenticationClientService);
-        expect(service.token()).toBeUndefined();
-        expect(mockLogger.warn).toHaveBeenCalled(); // Should warn about parse error
-    });
-    test.each([
-        ['InvalidTokenError', new InvalidTokenError()],
-        ['NotFoundError', new NotFoundError('Session not found')],
-        ['ForbiddenError', new ForbiddenError()],
-        ['UnauthorizedError', new UnauthorizedError()],
-        ['NotSupportedError', new NotSupportedError()],
-        ['BadRequestError', new BadRequestError()],
-    ])('Unrecoverable Errors: should logout on %s during refresh', async (_, error) => {
-        setupServiceWithToken();
-        mockApiClient.refresh.mockRejectedValue(error);
-        // Wait for loop to pick up refresh
-        await timeout(20);
-        expect(mockApiClient.endSession).toHaveBeenCalled();
-        expect(service.token()).toBeUndefined();
-    });
-    test('Recoverable Errors: should NOT logout on generic Error during refresh', async () => {
-        setupServiceWithToken();
-        mockApiClient.refresh.mockRejectedValue(new Error('Network failure'));
-        await timeout(20);
-        // Should NOT have called endSession (logout)
-        expect(mockApiClient.endSession).not.toHaveBeenCalled();
-        // Token should still be present (retry logic handles it)
-        expect(service.token()).toBeDefined();
-        // Trigger immediate retry to finish test quickly
-        service.requestRefresh();
-        await timeout(20);
-    });
-    test('Logout Failure: should clear local token even if server logout fails', async () => {
-        setupServiceWithToken(-1000, 1000);
-        mockApiClient.endSession.mockRejectedValue(new Error('Network error during logout'));
-        await service.logout();
-        expect(mockApiClient.endSession).toHaveBeenCalled();
-        expect(service.token()).toBeUndefined();
-        expect(mockMessageBus.publishAndForget).toHaveBeenCalled(); // loggedOutBus
-    });
-});

package/authentication/tests/authentication.client-middleware.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};

package/authentication/tests/authentication.client-middleware.test.js DELETED Viewed

@@ -1,118 +0,0 @@
-import { of } from 'rxjs';
-import { describe, expect, test, vi } from 'vitest';
-import { HttpClientRequest, HttpClientResponse, HttpError, HttpErrorReason } from '../../http/index.js';
-import { dontWaitForValidToken } from '../authentication.api.js';
-import { logoutOnUnauthorizedMiddleware, waitForAuthenticationMiddleware } from '../client/http-client.middleware.js';
-describe('waitForAuthenticationMiddleware', () => {
-    test('should wait for token and call next', async () => {
-        const authenticationServiceMock = {
-            token: vi.fn().mockReturnValue({ jti: 'test-token' }),
-            validToken$: of({ jti: 'test-token' }),
-            hasValidToken: true,
-        };
-        const middleware = waitForAuthenticationMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        request.context = {
-            endpoint: {
-                credentials: true,
-            },
-        };
-        const next = vi.fn().mockResolvedValue(undefined);
-        await middleware({ request }, next);
-        expect(next).toHaveBeenCalled();
-    });
-    test('should NOT wait if endpoint has dontWaitForValidToken', async () => {
-        const authenticationServiceMock = {
-            isLoggedIn: vi.fn().mockReturnValue(true),
-            hasValidToken: false,
-        };
-        const middleware = waitForAuthenticationMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        request.context = {
-            endpoint: {
-                credentials: true,
-                data: {
-                    [dontWaitForValidToken]: true,
-                },
-            },
-        };
-        const next = vi.fn().mockResolvedValue(undefined);
-        await middleware({ request }, next);
-        expect(next).toHaveBeenCalled();
-    });
-    test('should NOT wait if credentials is NOT true', async () => {
-        const authenticationServiceMock = {
-            isLoggedIn: vi.fn().mockReturnValue(true),
-            hasValidToken: false,
-        };
-        const middleware = waitForAuthenticationMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        request.context = {
-            endpoint: {
-                credentials: false,
-            },
-        };
-        const next = vi.fn().mockResolvedValue(undefined);
-        await middleware({ request }, next);
-        expect(next).toHaveBeenCalled();
-    });
-});
-describe('logoutOnUnauthorizedMiddleware', () => {
-    test('should call logout on 401 error', async () => {
-        const authenticationServiceMock = {
-            logout: vi.fn().mockResolvedValue(undefined),
-        };
-        const middleware = logoutOnUnauthorizedMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        const response = new HttpClientResponse({
-            request,
-            statusCode: 401,
-            statusMessage: 'Unauthorized',
-            headers: {},
-            body: undefined,
-            closeHandler: () => { }
-        });
-        const error = new HttpError(HttpErrorReason.StatusCode, request, { response });
-        const next = vi.fn().mockRejectedValue(error);
-        await expect(middleware({ request }, next)).rejects.toThrow(HttpError);
-        expect(authenticationServiceMock.logout).toHaveBeenCalled();
-    });
-    test('should NOT call logout on 401 error if endpoint has dontWaitForValidToken', async () => {
-        const authenticationServiceMock = {
-            logout: vi.fn().mockResolvedValue(undefined),
-        };
-        const middleware = logoutOnUnauthorizedMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        request.context = {
-            endpoint: {
-                resource: 'end-session',
-                data: {
-                    [dontWaitForValidToken]: true,
-                },
-            },
-        };
-        const response = new HttpClientResponse({
-            request,
-            statusCode: 401,
-            statusMessage: 'Unauthorized',
-            headers: {},
-            body: undefined,
-            closeHandler: () => { }
-        });
-        const error = new HttpError(HttpErrorReason.StatusCode, request, { response });
-        const next = vi.fn().mockRejectedValue(error);
-        await expect(middleware({ request }, next)).rejects.toThrow(HttpError);
-        expect(authenticationServiceMock.logout).not.toHaveBeenCalled();
-    });
-    test('should not call logout on other errors', async () => {
-        const authenticationServiceMock = {
-            logout: vi.fn().mockResolvedValue(undefined),
-        };
-        const middleware = logoutOnUnauthorizedMiddleware(authenticationServiceMock);
-        const request = new HttpClientRequest('http://localhost');
-        const error = new Error('Some other error');
-        const next = vi.fn().mockRejectedValue(error);
-        await expect(middleware({ request }, next)).rejects.toThrow('Some other error');
-        expect(authenticationServiceMock.logout).not.toHaveBeenCalled();
-    });
-});

package/authentication/tests/authentication.client-service-methods.test.d.ts DELETED Viewed

	@@ -1 +0,0 @@
1	- export {};