@xcitedbs/client 0.3.3 → 0.3.4

package/dist/client.test.js

@@ -315,6 +315,51 @@ const types_js_1 = require("./types.js");
         }));
         strict_1.default.equal(h.get('X-Test-Auth'), 'preserve');
     });
+    (0, node_test_1.it)('forwards bootstrap.triggers and surfaces triggers_created on the client', async () => {
+        const captured = { value: null };
+        const orig = globalThis.fetch;
+        globalThis.fetch = node_test_1.mock.fn(async (_input, init) => {
+            captured.value = { body: JSON.parse(String(init?.body ?? '{}')) };
+            return new Response(JSON.stringify({
+                session_token: 'tok-trig',
+                expires_at: Date.now() + 60000,
+                session_ttl_seconds: 60,
+                bootstrap: {
+                    user_isolation_applied: false,
+                    developer_bypass_applied: false,
+                    policies_created: [],
+                    triggers_created: ['t-write-meta'],
+                },
+            }), { status: 201 });
+        });
+        try {
+            const client = await client_js_1.XCiteDBClient.createTestSession({
+                baseUrl: 'http://127.0.0.1:9',
+                apiKey: 'k',
+                bootstrap: {
+                    triggers: [
+                        {
+                            trigger_id: 't-write-meta',
+                            trigger: {
+                                event: 'meta_changed',
+                                match: { identifiers: [{ match_start: '/' }] },
+                                action: { unquery: { x: '$count' }, target_identifier: '/_audit', meta_path: 'n', mode: 'set' },
+                            },
+                        },
+                    ],
+                },
+            });
+            const body = captured.value.body;
+            const boot = body.bootstrap;
+            const triggers = boot.triggers;
+            strict_1.default.equal(triggers.length, 1);
+            strict_1.default.equal(triggers[0].trigger_id, 't-write-meta');
+            strict_1.default.deepEqual(client.lastTestSessionBootstrap?.triggers_created, ['t-write-meta']);
+        }
+        finally {
+            globalThis.fetch = orig;
+        }
+    });
 });
 (0, node_test_1.describe)('enableUserIsolation', () => {
     (0, node_test_1.it)('with explicit config, configures prefixing without any HTTP call', async () => {

package/dist/types.d.ts

@@ -720,12 +720,24 @@ export interface TestSessionBootstrap {
         policy_id: string;
         policy: SecurityPolicy;
     }>;
+    /**
+     * Per-test trigger set. Installed into the synthetic test tenant only — the project's
+     * global trigger registry is untouched. Each entry is `{ trigger_id, trigger }`; the
+     * `trigger` shape matches `upsertTrigger`. Validation errors abort the bootstrap with
+     * `400 bootstrap_trigger_invalid`; storage failures abort with `500 bootstrap_trigger_failed`.
+     */
+    triggers?: Array<{
+        trigger_id: string;
+        trigger: TriggerDefinition;
+    }>;
 }
 /** `bootstrap` summary returned by the server after a bootstrapped test session is created. */
 export interface TestSessionBootstrapSummary {
     user_isolation_applied?: boolean;
     developer_bypass_applied?: boolean;
     policies_created?: string[];
+    /** IDs of triggers installed by the bootstrap (in input order). */
+    triggers_created?: string[];
 }
 /** One row from `GET /api/v1/test/sessions` (management; no `X-Test-Session` on that route). */
 export interface TestSessionInfo {
@@ -749,7 +761,7 @@ export interface CreateTestSessionOptions {
      * When true, creates an overlay test session: writable ephemeral LMDB with production project data as read-only base.
      */
     overlay?: boolean;
-    /** Optional server-side bootstrap (user isolation, developer_bypass, policies). */
+    /** Optional server-side bootstrap (user isolation, developer_bypass, policies, triggers). */
     bootstrap?: TestSessionBootstrap;
     /**
      * Test-session auth fidelity mode (`X-Test-Auth` header on the returned client).

package/llms.txt

@@ -138,11 +138,23 @@ SDKs surface these fields on typed errors (e.g. `XCiteDBForbiddenError.policyId`
   "bootstrap": {
     "user_isolation": { "enabled": true, "namespace_pattern": "/spaces/${user.id}" },
     "developer_bypass": true,
-    "policies": []
+    "policies": [],
+    "triggers": [
+      {
+        "trigger_id": "audit-writes",
+        "trigger": {
+          "event": "meta_changed",
+          "match": { "identifiers": [{ "match_start": "/" }] },
+          "action": { "unquery": { "n": "$count" }, "target_identifier": "/_audit", "meta_path": "n", "mode": "set" }
+        }
+      }
+    ]
   }
 }
 ```
 
+`bootstrap.triggers` installs per-test triggers into the synthetic test tenant only — the project's global trigger registry (`/_xcitedb/triggers`) is never touched. Each entry is `{ trigger_id, trigger }` (same shape as `upsertTrigger`); validation errors abort with `400 bootstrap_trigger_invalid`. The summary echoes back `triggers_created: string[]`.
+
 If you skip the bootstrap, an app-user JWT cannot read or write `/spaces/<userId>/...` — even paths the user "owns" — and you will see 403 with reason `tenant_security_unconfigured`.
 
 **SDK one-liners for bootstrap:** **JS:** `XCiteDBClient.createTestSession({ baseUrl, apiKey, testRequireAuth: true, bootstrap: { user_isolation: { enabled: true, namespace_pattern: '/spaces/${user.id}' }, developer_bypass: true } })`. **Python:** `async with XCiteDBClient.test_session(base_url, api_key=sk, test_require_auth=True, bootstrap={...}) as c:`. **C++:** set `options.test_session_bootstrap = nlohmann::json::parse(R"(...)");` then `XCiteDBClient::create_test_session(options)`.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@xcitedbs/client",
-  "version": "0.3.3",
+  "version": "0.3.4",
   "description": "XCiteDB BaaS client SDK",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",