backend-manager 5.1.4 → 5.2.0

package/test/functions/admin/firestore-query.js

@@ -203,19 +203,5 @@ module.exports = {
       },
     },
 
-    // Test 10: Cleanup
-    {
-      name: 'cleanup',
-      async run({ firestore }) {
-        // Clean up test documents
-        try {
-          await firestore.delete(`${TEST_COLLECTION}/doc1`);
-          await firestore.delete(`${TEST_COLLECTION}/doc2`);
-          await firestore.delete(`${TEST_COLLECTION}/doc3`);
-        } catch (error) {
-          // Ignore cleanup errors
-        }
-      },
-    },
   ],
 };

package/test/functions/admin/firestore-read.js

@@ -125,20 +125,5 @@ module.exports = {
       },
     },
 
-    // Test 7: Cleanup
-    {
-      name: 'cleanup',
-      auth: 'admin',
-      timeout: 15000,
-
-      async run({ firestore }) {
-        // Clean up test document
-        try {
-          await firestore.delete(TEST_PATH);
-        } catch (error) {
-          // Ignore cleanup errors
-        }
-      },
-    },
   ],
 };

package/test/functions/admin/firestore-write.js

@@ -64,17 +64,6 @@ module.exports = {
 
         return { success: true };
       },
-
-      async cleanup({ firestore }) {
-        // Clean up test documents using direct Firestore access if available
-        if (firestore) {
-          try {
-            await firestore.delete(TEST_PATH);
-          } catch (error) {
-            // Ignore cleanup errors
-          }
-        }
-      },
     },
 
     // Test 2: Unauthenticated should fail

package/test/functions/general/add-marketing-contact.js

@@ -6,11 +6,13 @@
  * (requires SENDGRID_API_KEY and BEEHIIV_API_KEY env vars)
  */
 
-// Test email patterns - look like real emails but +bem suffix identifies them for cleanup
-// Names should be inferred by AI from the email local part
+// Test email patterns - look like real emails but +bem suffix identifies them for cleanup.
+// Fixed `acme.com` test domain — deterministic across brands. Avoids cross-brand
+// state contamination in SendGrid/Beehiiv when the same test runs under different brands.
+const TEST_DOMAIN = 'acme.com';
 const TEST_EMAILS = {
-  valid: (domain) => `rachel.greene+bem@${domain}`,  // Should infer: Rachel Greene
-  invalid: () => `test+bem@test.com`,                // Guaranteed to fail ZeroBounce (fake domain)
+  valid: () => `sarah.martinez+bem@${TEST_DOMAIN}`,         // Should infer: Sarah Martinez
+  invalid: () => `nonexistent.user+bem@${TEST_DOMAIN}`,     // No such mailbox — ZeroBounce should flag invalid
 };
 
 module.exports = {
@@ -23,8 +25,8 @@ module.exports = {
       auth: 'admin',
       timeout: 30000,
 
-      async run({ http, assert, config, state }) {
-        const testEmail = TEST_EMAILS.valid(config.domain);
+      async run({ http, assert, state }) {
+        const testEmail = TEST_EMAILS.valid();
         state.testEmail = testEmail;
 
         const response = await http.command('general:add-marketing-contact', {
@@ -135,9 +137,9 @@ module.exports = {
       auth: 'admin',
       timeout: 30000,
 
-      async run({ http, assert, config, state }) {
+      async run({ http, assert, state }) {
         // Use valid email without providing name - should infer "Rachel Greene"
-        const testEmail = TEST_EMAILS.valid(config.domain);
+        const testEmail = TEST_EMAILS.valid();
         state.testEmail = testEmail;
 
         const response = await http.command('general:add-marketing-contact', {
@@ -216,8 +218,8 @@ module.exports = {
         ? 'TEST_EXTENDED_MODE or ZEROBOUNCE_API_KEY not set'
         : false,
 
-      async run({ http, assert, config, state, skip }) {
-        const testEmail = TEST_EMAILS.valid(config.domain);
+      async run({ http, assert, state, skip }) {
+        const testEmail = TEST_EMAILS.valid();
         state.testEmail = testEmail;
 
         const response = await http.command('general:add-marketing-contact', {
@@ -299,10 +301,10 @@ module.exports = {
       auth: 'none',
       timeout: 15000,
 
-      async run({ http, assert, config }) {
+      async run({ http, assert }) {
         // Public request without reCAPTCHA should fail
         const response = await http.command('general:add-marketing-contact', {
-          email: TEST_EMAILS.valid(config.domain),
+          email: TEST_EMAILS.valid(),
           source: 'bem-test',
         });
 
@@ -318,9 +320,9 @@ module.exports = {
       timeout: 30000,
       skip: !process.env.TEST_EXTENDED_MODE ? 'TEST_EXTENDED_MODE not set' : false,
 
-      async run({ http, assert, config }) {
+      async run({ http, assert }) {
         // Clean up the rachel.greene+bem test contact from marketing providers
-        const testEmail = TEST_EMAILS.valid(config.domain);
+        const testEmail = TEST_EMAILS.valid();
 
         const response = await http.command('general:remove-marketing-contact', {
           email: testEmail,

package/test/helpers/email.js

@@ -64,7 +64,7 @@ module.exports = {
 
         assert.isSuccess(response, 'Should succeed with default template');
         assert.equal(response.data.status, 'sent', 'Status should be sent');
-        assert.equal(response.data.options.templateId, 'd-b7f8da3c98ad49a2ad1e187f3a67b546', 'Should use default template');
+        assert.equal(response.data.options.templateId, 'd-1cd2eee44b6340268c964cd7971d49b9', 'Should use default template (core/card)');
       },
     },
 

package/test/helpers/infer-contact.js

@@ -95,9 +95,9 @@ module.exports = {
       timeout: 30000,
 
       async run({ assert, Manager }) {
-        // This test requires a real OPENAI_API_KEY and running Manager
-        if (!process.env.OPENAI_API_KEY) {
-          return assert.fail('OPENAI_API_KEY not set');
+        // The library reads BACKEND_MANAGER_OPENAI_API_KEY; OPENAI_API_KEY is also accepted as a fallback.
+        if (!process.env.BACKEND_MANAGER_OPENAI_API_KEY && !process.env.OPENAI_API_KEY) {
+          return assert.fail('BACKEND_MANAGER_OPENAI_API_KEY not set');
         }
 
         const assistant = Manager.Assistant();

package/test/helpers/user.js

@@ -406,7 +406,7 @@ module.exports = {
         const user = createUser({});
         const expectedKeys = [
           'auth', 'subscription', 'roles', 'flags', 'affiliate',
-          'activity', 'api', 'usage', 'personal', 'oauth2', 'attribution', 'metadata',
+          'activity', 'api', 'usage', 'personal', 'oauth2', 'attribution', 'consent', 'metadata',
         ];
 
         for (const key of expectedKeys) {
@@ -421,7 +421,7 @@ module.exports = {
         const user = createUser({});
         const expectedKeys = [
           'auth', 'subscription', 'roles', 'flags', 'affiliate',
-          'activity', 'api', 'usage', 'personal', 'oauth2', 'attribution', 'metadata',
+          'activity', 'api', 'usage', 'personal', 'oauth2', 'attribution', 'consent', 'metadata',
         ];
 
         for (const key of Object.keys(user)) {
@@ -430,6 +430,245 @@ module.exports = {
       },
     },
 
+    // ─── Consent (legal + marketing) ───
+
+    {
+      name: 'consent-defaults-revoked-with-null-leaves',
+      async run({ assert }) {
+        const user = createUser({});
+
+        // Legal
+        assert.equal(user.consent.legal.status, 'revoked', 'consent.legal.status defaults to revoked');
+        assert.equal(user.consent.legal.grantedAt.timestamp, null, 'legal.grantedAt.timestamp defaults to null');
+        assert.equal(user.consent.legal.grantedAt.timestampUNIX, null, 'legal.grantedAt.timestampUNIX defaults to null');
+        assert.equal(user.consent.legal.grantedAt.source, null, 'legal.grantedAt.source defaults to null');
+        assert.equal(user.consent.legal.grantedAt.ip, null, 'legal.grantedAt.ip defaults to null');
+        assert.equal(user.consent.legal.grantedAt.text, null, 'legal.grantedAt.text defaults to null');
+
+        // Marketing
+        assert.equal(user.consent.marketing.status, 'revoked', 'consent.marketing.status defaults to revoked');
+        assert.equal(user.consent.marketing.grantedAt.timestamp, null, 'marketing.grantedAt.timestamp defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.timestampUNIX, null, 'marketing.grantedAt.timestampUNIX defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.source, null, 'marketing.grantedAt.source defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.ip, null, 'marketing.grantedAt.ip defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.text, null, 'marketing.grantedAt.text defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.timestamp, null, 'marketing.revokedAt.timestamp defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.timestampUNIX, null, 'marketing.revokedAt.timestampUNIX defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.source, null, 'marketing.revokedAt.source defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.ip, null, 'marketing.revokedAt.ip defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.text, null, 'marketing.revokedAt.text defaults to null');
+      },
+    },
+
+    {
+      name: 'consent-objects-always-present-even-on-empty-input',
+      async run({ assert }) {
+        const user = createUser({});
+
+        assert.ok(user.consent, 'consent object exists');
+        assert.ok(user.consent.legal, 'consent.legal exists');
+        assert.ok(user.consent.legal.grantedAt, 'consent.legal.grantedAt object exists (not null)');
+        assert.ok(user.consent.marketing, 'consent.marketing exists');
+        assert.ok(user.consent.marketing.grantedAt, 'consent.marketing.grantedAt object exists (not null)');
+        assert.ok(user.consent.marketing.revokedAt, 'consent.marketing.revokedAt object exists (not null)');
+      },
+    },
+
+    {
+      name: 'consent-granted-marketing-preserves-fields',
+      async run({ assert }) {
+        const user = createUser({
+          consent: {
+            legal: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: 'I agree to the Terms of Service and Privacy Policy.',
+              },
+            },
+            marketing: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: 'Send me product updates and newsletters.',
+              },
+            },
+          },
+        });
+
+        assert.equal(user.consent.legal.status, 'granted', 'legal.status preserved');
+        assert.equal(user.consent.legal.grantedAt.timestamp, '2026-05-15T12:00:00.000Z', 'legal grantedAt.timestamp preserved');
+        assert.equal(user.consent.legal.grantedAt.timestampUNIX, 1779235200, 'legal grantedAt.timestampUNIX preserved');
+        assert.equal(user.consent.legal.grantedAt.source, 'signup', 'legal grantedAt.source preserved');
+        assert.equal(user.consent.legal.grantedAt.ip, '1.2.3.4', 'legal grantedAt.ip preserved');
+        assert.equal(
+          user.consent.legal.grantedAt.text,
+          'I agree to the Terms of Service and Privacy Policy.',
+          'legal grantedAt.text preserved'
+        );
+
+        assert.equal(user.consent.marketing.status, 'granted', 'marketing.status preserved');
+        assert.equal(user.consent.marketing.grantedAt.source, 'signup', 'marketing grantedAt.source preserved');
+        assert.equal(user.consent.marketing.grantedAt.text, 'Send me product updates and newsletters.', 'marketing grantedAt.text preserved');
+
+        // revokedAt still defaults to all nulls (not touched by input)
+        assert.equal(user.consent.marketing.revokedAt.timestamp, null, 'marketing revokedAt.timestamp defaults to null');
+        assert.equal(user.consent.marketing.revokedAt.source, null, 'marketing revokedAt.source defaults to null');
+      },
+    },
+
+    {
+      name: 'consent-marketing-declined-at-signup',
+      async run({ assert }) {
+        const user = createUser({
+          consent: {
+            legal: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: 'I agree to the Terms of Service and Privacy Policy.',
+              },
+            },
+            marketing: {
+              status: 'revoked',
+              revokedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: null,
+              },
+            },
+          },
+        });
+
+        assert.equal(user.consent.legal.status, 'granted', 'legal.status granted');
+        assert.equal(user.consent.marketing.status, 'revoked', 'marketing.status revoked');
+        assert.equal(user.consent.marketing.grantedAt.timestamp, null, 'marketing grantedAt.timestamp is null (never granted)');
+        assert.equal(user.consent.marketing.grantedAt.source, null, 'marketing grantedAt.source is null');
+        assert.equal(user.consent.marketing.revokedAt.timestamp, '2026-05-15T12:00:00.000Z', 'marketing revokedAt.timestamp preserved');
+        assert.equal(user.consent.marketing.revokedAt.source, 'signup', 'marketing revokedAt.source preserved');
+        assert.equal(user.consent.marketing.revokedAt.ip, '1.2.3.4', 'marketing revokedAt.ip preserved');
+        assert.equal(user.consent.marketing.revokedAt.text, null, 'marketing revokedAt.text is null for decline');
+      },
+    },
+
+    {
+      name: 'consent-revoked-then-regranted-keeps-prior-revokedAt',
+      async run({ assert }) {
+        const user = createUser({
+          consent: {
+            marketing: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-07-01T00:00:00.000Z',
+                timestampUNIX: 1783785600,
+                source: 'account-page',
+                ip: '5.6.7.8',
+                text: 'Send me product updates and newsletters.',
+              },
+              revokedAt: {
+                timestamp: '2026-06-12T00:00:00.000Z',
+                timestampUNIX: 1781251200,
+                source: 'sendgrid-webhook',
+                ip: null,
+                text: null,
+              },
+            },
+          },
+        });
+
+        assert.equal(user.consent.marketing.status, 'granted', 'status is granted (latest action)');
+        assert.equal(user.consent.marketing.grantedAt.timestamp, '2026-07-01T00:00:00.000Z', 'grantedAt reflects most recent grant');
+        assert.equal(user.consent.marketing.grantedAt.source, 'account-page', 'grantedAt.source is account-page');
+        // revokedAt still reflects the prior revoke — informational
+        assert.equal(user.consent.marketing.revokedAt.timestamp, '2026-06-12T00:00:00.000Z', 'revokedAt preserves prior revoke');
+        assert.equal(user.consent.marketing.revokedAt.source, 'sendgrid-webhook', 'revokedAt.source preserves prior source');
+      },
+    },
+
+    {
+      name: 'consent-partial-input-fills-missing-leaves-with-null',
+      async run({ assert }) {
+        const user = createUser({
+          consent: {
+            marketing: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                source: 'signup',
+              },
+            },
+          },
+        });
+
+        assert.equal(user.consent.marketing.status, 'granted', 'marketing.status preserved');
+        assert.equal(user.consent.marketing.grantedAt.timestamp, '2026-05-15T12:00:00.000Z', 'grantedAt.timestamp preserved');
+        assert.equal(user.consent.marketing.grantedAt.source, 'signup', 'grantedAt.source preserved');
+        // Missing leaves default to null
+        assert.equal(user.consent.marketing.grantedAt.timestampUNIX, null, 'missing grantedAt.timestampUNIX defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.ip, null, 'missing grantedAt.ip defaults to null');
+        assert.equal(user.consent.marketing.grantedAt.text, null, 'missing grantedAt.text defaults to null');
+        // Legal not provided — gets full defaults
+        assert.equal(user.consent.legal.status, 'revoked', 'untouched legal defaults to revoked');
+        assert.equal(user.consent.legal.grantedAt.timestamp, null, 'untouched legal grantedAt.timestamp is null');
+      },
+    },
+
+    {
+      name: 'consent-round-trip-preserves-shape',
+      async run({ assert }) {
+        const grantedDoc = {
+          consent: {
+            legal: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: 'I agree to the Terms of Service.',
+              },
+            },
+            marketing: {
+              status: 'granted',
+              grantedAt: {
+                timestamp: '2026-05-15T12:00:00.000Z',
+                timestampUNIX: 1779235200,
+                source: 'signup',
+                ip: '1.2.3.4',
+                text: 'Send me updates.',
+              },
+              revokedAt: {
+                timestamp: null,
+                timestampUNIX: null,
+                source: null,
+                ip: null,
+                text: null,
+              },
+            },
+          },
+        };
+
+        // First pass — resolve from raw input
+        const user1 = createUser(grantedDoc);
+
+        // Second pass — resolve from the resolved doc (simulates Firestore read-back)
+        const user2 = createUser(user1);
+
+        assert.deepEqual(user1.consent, user2.consent, 'consent round-trips identically');
+      },
+    },
+
     // ─── Unique/generated values ───
 
     {