backend-manager 5.7.0 → 5.7.2

package/CHANGELOG.md

@@ -14,6 +14,29 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - `Fixed` for any bug fixes.
 - `Security` in case of vulnerabilities.
 
+# [5.7.2] - 2026-06-18
+
+### Fixed
+- **Newsletter generation crash.** v5.5.0 refactored `marketing.beehiiv` → `marketing.newsletter` but missed renaming `beehiivConfig` at 3 sites in `newsletter.js` (lines 331, 336, 340). The `ReferenceError` crashed generation after all AI work completed, preventing the campaign doc from being written. Newsletter generation has been silently failing since June 6.
+- **HTTPS proxy silent failure.** `serve.js` `_startHttpsProxy` now returns a boolean. The caller uses `httpsReady` (not `httpsEnabled`) for port and env decisions, so when cert generation fails, the server correctly falls back to plain HTTP instead of setting `BEM_HTTPS_PORT` with no proxy listening.
+- **AI system prompt injection for array content blocks.** `normalizeOptions` now handles system messages with array content (content blocks) — prepends rules as a `{ type: 'text' }` block. Previously, the if/else-if chain fell through and rules were silently dropped.
+- **Setup retry loop treats warns as failures.** Added `warnCount` tracking; the `allPassed` check now includes warns (`testCount + warnCount === testTotal`). Warns no longer trigger unnecessary retries with `--retry N`.
+- **Copy-paste: `sender: 'electron-manager'` in setup IPC.** Changed to `'backend-manager'`.
+- **Test account creation race condition.** `deleteTestUsers` now uses the emulator's bulk-clear REST API instead of individual `deleteUser()` calls. Individual deletes triggered async on-delete handlers that could clobber freshly-created accounts (80-100% repro rate). Bulk clear eliminates the race entirely.
+- **Consent rules test value collision.** Changed test value from `'granted'` to `'forged'` so the write always differs from prior test state.
+- **`cancel-too-young` timestampUNIX convention.** `Date.now()` (milliseconds) → `Math.floor(Date.now() / 1000)` (seconds).
+
+### Added
+- **AI array-content test.** `normalize-options-structured-system-content-as-array-injects-rules` — covers the missing branch.
+- **Auth on-delete race condition test.** `test/events/auth-delete-race.js` — proves the emulator race (clobber without mitigation) and verifies both mitigation strategies (wait-for-gone, force-delete).
+- **Root package.json setup check.** Validates the project root `package.json` during `npx mgr setup`.
+
+# [5.7.1] - 2026-06-17
+
+### Added
+- **MCP shorthand URL.** MCP endpoint now accessible at `/mcp` in addition to `/backend-manager/mcp`. Hosting rewrites updated; consumer projects pick up on next `npx mgr setup`.
+- **`/register` hosting rewrite.** Dynamic client registration endpoint now included in the default hosting rewrite pattern.
+
 # [5.7.0] - 2026-06-17
 
 ### Added

package/PROGRESS.md

@@ -2,13 +2,31 @@
 > Agents and maintainers should update this file regularly to reflect the current state of the project.
 
 ## 🎯 Current Focus
-* **Goal:** MCP role-based tool scoping + consumer extensibility
-* **Current Phase:** Complete — all phases done, 44 tests passing, docs finalized
-* **Priority:** High
-* **Last Updated:** 2026-06-17 3:42 AM PDT
-* **Notes:** Ready to ship. Full OAuth flow verified in Claude Desktop. Role reassignment (16 admin / 2 user / 1 public), annotations, HTTPS serve, dynamic client registration all working.
+* **Goal:** Root package.json proxy for running scripts from project root
+* **Current Phase:** Implementation complete, untested in consumer
+* **Priority:** Medium
+* **Last Updated:** 2026-06-17 7:40 PM PDT
+* **Notes:** New setup test `root-package-json` generates a root `package.json` with proxy scripts so `npm test`/`npm start`/etc. work from the Firebase project root (not just `functions/`). Includes `preinstall` guard to block accidental `npm install` at root. Prior audit fixes still pending commit.
 
 ## 📌 Active Task List
+* [ ] Phase 3: Post-audit bug fixes
+  * [x] Newsletter ReferenceError: `beehiivConfig` → `newsletterRoleConfig` (committed v5.7.1)
+  * [x] HTTPS proxy: `serve.js` returns boolean, caller uses `httpsReady` not `httpsEnabled`
+  * [x] AI normalizeOptions: array-content system messages now get rules injected
+  * [x] Setup warn handling: `warnCount` tracked separately, warns don't trigger retry
+  * [x] Copy-paste fix: `sender: 'electron-manager'` → `'backend-manager'`
+  * [x] Test: AI array-content-blocks test added + passing (20/20)
+  * [x] Fix: consent rules test — write `'forged'` instead of `'granted'` to avoid value collision with prior email-preferences tests
+  * [x] Fix: `cancel-too-young` account `timestampUNIX` uses seconds (was ms)
+  * [x] Fix: auth on-delete race condition — `deleteTestUsers` uses emulator bulk-clear REST API instead of individual `deleteUser()` calls (eliminates async on-delete triggers that clobbered freshly-created accounts)
+  * [x] Diagnostic: auth-delete-race test — proved the race condition (80-100% clobber rate without mitigation), removed after fix verified
+  * [ ] Commit + publish framework fixes
+  * [ ] Deploy somiibo-backend + advance stuck sendAt
+* [ ] Phase 4: Root package.json proxy scripts
+  * [x] Task 4.1: Create `root-package-json.js` setup test (proxies `projectScripts` with `cd functions &&` prefix + `preinstall` guard)
+  * [x] Task 4.2: Register in setup test index (after `npm-project-scripts`)
+  * [ ] Task 4.3: Test in consumer project (`npx mgr setup` from ultimate-jekyll-backend)
+  * [ ] Task 4.4: Verify `npm test` / `npm start` work from project root
 
 ## ✅ Completed Task List
 * [x] Phase 1: MCP role-based tool scoping + consumer extensibility

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "backend-manager",
-  "version": "5.7.0",
+  "version": "5.7.2",
   "description": "Quick tools for developing Firebase functions",
   "main": "src/manager/index.js",
   "bin": {

package/src/cli/commands/serve.js

@@ -38,10 +38,11 @@ class ServeCommand extends BaseCommand {
     // Start Stripe webhook forwarding in background
     this.startStripeWebhookForwarding();
 
-    // Start HTTPS proxy if enabled
-    if (httpsEnabled) {
-      await this._startHttpsProxy(port, internalPort, projectDir);
-    }
+    // Start HTTPS proxy if enabled. If certs can't be obtained, fall back to
+    // plain HTTP — don't set BEM_HTTPS_PORT or redirect to the internal port.
+    const httpsReady = httpsEnabled
+      ? await this._startHttpsProxy(port, internalPort, projectDir)
+      : false;
 
     // Set up log file in the project directory.
     const logPath = this.getLogsPath('dev.log');
@@ -88,13 +89,13 @@ class ServeCommand extends BaseCommand {
     this.log(chalk.gray(`  Logs saving to: ${logPath}\n`));
 
     // Execute with tee to log file
-    const firebasePort = httpsEnabled ? internalPort : port;
+    const firebasePort = httpsReady ? internalPort : port;
     const firebaseEnv = {
       ...process.env,
       FORCE_COLOR: '1',
     };
 
-    if (httpsEnabled) {
+    if (httpsReady) {
       // Internal calls (getApiUrl → BEMClient) loop through the HTTPS proxy with a self-signed cert
       firebaseEnv.NODE_TLS_REJECT_UNAUTHORIZED = '0';
       firebaseEnv.BEM_HTTPS_PORT = String(port);
@@ -148,7 +149,7 @@ class ServeCommand extends BaseCommand {
     if (!certs) {
       this.log(chalk.yellow('  HTTPS disabled — could not obtain certificates.'));
       this.log(chalk.yellow('  Install mkcert for trusted local HTTPS: brew install mkcert && mkcert -install\n'));
-      return;
+      return false;
     }
 
     const options = {
@@ -190,6 +191,8 @@ class ServeCommand extends BaseCommand {
     proxy.on('error', (err) => {
       this.log(chalk.red(`  HTTPS proxy error: ${err.message}`));
     });
+
+    return true;
   }
 
   async _getHttpsCerts(projectDir) {

package/src/cli/commands/setup-tests/hosting-rewrites.js

@@ -5,7 +5,7 @@ const _ = require('lodash');
 // The expected source pattern for bm_api hosting rewrite
 // Includes /backend-manager/* routes and root-level MCP OAuth paths
 // that Claude Chat sends directly (e.g. /authorize, /token, /.well-known/*)
-const BM_API_SOURCE = '{/backend-manager,/backend-manager/**,/.well-known/oauth-protected-resource,/.well-known/oauth-authorization-server,/authorize,/token}';
+const BM_API_SOURCE = '{/backend-manager,/backend-manager/**,/mcp,/mcp/**,/.well-known/oauth-protected-resource,/.well-known/oauth-authorization-server,/authorize,/token,/register}';
 
 class HostingRewritesTest extends BaseTest {
   getName() {

package/src/cli/commands/setup-tests/index.js

@@ -15,6 +15,7 @@ const FirebaseAdminTest = require('./firebase-admin');
 const FirebaseFunctionsTest = require('./firebase-functions');
 const BackendManagerTest = require('./backend-manager');
 const NpmProjectScriptsTest = require('./npm-project-scripts');
+const RootPackageJsonTest = require('./root-package-json');
 const BemConfigTest = require('./bem-config');
 const ProjectIdConsistencyTest = require('./project-id-consistency');
 const ServiceAccountTest = require('./service-account');
@@ -60,6 +61,7 @@ function getTests(context) {
     new FirebaseFunctionsTest(context),
     new BackendManagerTest(context),
     new NpmProjectScriptsTest(context),
+    new RootPackageJsonTest(context),
     new BemConfigTest(context),
     new ServiceAccountTest(context),
     new ProjectIdConsistencyTest(context),

package/src/cli/commands/setup-tests/root-package-json.js

@@ -0,0 +1,57 @@
+const BaseTest = require('./base-test');
+const jetpack = require('fs-jetpack');
+const path = require('path');
+
+class RootPackageJsonTest extends BaseTest {
+  getName() {
+    return 'root package.json proxy scripts';
+  }
+
+  async run() {
+    const rootPath = path.join(this.self.firebaseProjectPath, 'package.json');
+
+    if (!jetpack.exists(rootPath)) {
+      return false;
+    }
+
+    const rootPkg = JSON.parse(jetpack.read(rootPath));
+    const expectedScripts = this._getExpectedScripts();
+    const rootScripts = rootPkg.scripts || {};
+
+    for (const [name, command] of Object.entries(expectedScripts)) {
+      if (rootScripts[name] !== command) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  async fix() {
+    const rootPath = path.join(this.self.firebaseProjectPath, 'package.json');
+    const existing = jetpack.exists(rootPath) ? JSON.parse(jetpack.read(rootPath)) : {};
+    const expectedScripts = this._getExpectedScripts();
+
+    existing.name = existing.name || `${this.context.package.name || 'functions'}-root`;
+    existing.private = true;
+    existing.scripts = Object.assign(existing.scripts || {}, expectedScripts);
+
+    jetpack.write(rootPath, JSON.stringify(existing, null, 2));
+  }
+
+  _getExpectedScripts() {
+    const bemPackage = require('../../../../package.json');
+    const projectScripts = bemPackage.projectScripts || {};
+    const scripts = {};
+
+    for (const [name, command] of Object.entries(projectScripts)) {
+      scripts[name] = `cd functions && ${command}`;
+    }
+
+    scripts.preinstall = `echo "\\n  Dependencies live in functions/ — run:\\n    cd functions && npm install\\n" && exit 1`;
+
+    return scripts;
+  }
+}
+
+module.exports = RootPackageJsonTest;

package/src/cli/commands/setup.js

@@ -31,10 +31,11 @@ class SetupCommand extends BaseCommand {
       // Reset counters so each attempt starts fresh
       self.testCount = 0;
       self.testTotal = 0;
+      self.warnCount = 0;
 
       await this.runSetup();
 
-      const allPassed = self.testCount === self.testTotal;
+      const allPassed = self.testCount + self.warnCount === self.testTotal;
       if (allPassed) {
         return;
       }
@@ -142,10 +143,10 @@ class SetupCommand extends BaseCommand {
     // Notify parent if exists
     if (process.send) {
       process.send({
-        sender: 'electron-manager',
+        sender: 'backend-manager',
         command: 'setup:complete',
         payload: {
-          passed: self.testCount === self.testTotal,
+          passed: self.testCount + self.warnCount === self.testTotal,
         }
       });
     }

package/src/cli/index.js

@@ -41,6 +41,7 @@ Main.prototype.process = async function (args) {
   self.firebaseProjectPath = self.firebaseProjectPath.match(/\/functions$/) ? self.firebaseProjectPath.replace(/\/functions$/, '') : self.firebaseProjectPath;
   self.testCount = 0;
   self.testTotal = 0;
+  self.warnCount = 0;
   self.default = {};
   self.packageJSON = require('../../package.json');
   self.default.version = self.packageJSON.version;
@@ -199,6 +200,7 @@ Main.prototype.test = async function(name, fn, fix, args) {
   // (an array of pre-formatted lines) set by the caller.
   if (passed === 'warn') {
     self.testTotal++;
+    self.warnCount++;
     printLine(self.testTotal, 'warn', '');
     const details = (args && typeof args.details === 'function') ? args.details() : (args && args.details) || [];
     for (const line of details) {

package/src/manager/index.js

@@ -1335,7 +1335,7 @@ function requireJSON5(file, throwError) {
  * @returns {string|null} - Normalized MCP route path, or null if not MCP
  */
 function resolveMcpRoutePath(routePath) {
-  // Direct MCP paths (via /backend-manager/mcp/*)
+  // Direct MCP paths (via /mcp/* or /backend-manager/mcp/*)
   if (routePath === 'mcp' || routePath.startsWith('mcp/')) {
     return routePath;
   }

package/src/manager/libraries/ai/index.js

@@ -167,7 +167,12 @@ function normalizeOptions(opts) {
       out.messages = opts.messages.map((m, i) => i === systemIdx
         ? { ...m, content: existing ? `${rules}\n\n${existing}` : rules }
         : m);
-    } else if (systemIdx < 0) {
+    } else if (systemIdx >= 0) {
+      // Content is an array of content blocks — prepend rules as a text block
+      out.messages = opts.messages.map((m, i) => i === systemIdx
+        ? { ...m, content: [{ type: 'text', text: rules }, ...(Array.isArray(m.content) ? m.content : [])] }
+        : m);
+    } else {
       out.messages = [{ role: 'system', content: rules }, ...opts.messages];
     }
 

package/src/manager/libraries/email/generators/newsletter.js

@@ -328,16 +328,16 @@ async function generate(Manager, assistant, settings, opts = {}) {
   //     post-creation API requires Enterprise plan), but we ship it anyway
   //     so the day we upgrade to Enterprise it Just Works. Failure is logged,
   //     never thrown — the rest of the pipeline (GH archive, Firestore doc)
-  //     succeeds regardless. beehiivConfig was already resolved at the top
+  //     succeeds regardless. newsletterRoleConfig was already resolved at the top
   //     of the function for the initial enabled-check.
   let beehiivPostId = null;
   let beehiivFailureReason = null;
 
-  if (host === 'github' && beehiivConfig?.enabled) {
+  if (host === 'github' && newsletterRoleConfig?.enabled) {
     try {
       const beehiivProvider = require('../providers/beehiiv.js');
       const result = await beehiivProvider.createPost({
-        publicationId: beehiivConfig.publicationId,  // explicit — avoids singleton-Manager dependency
+        publicationId: newsletterRoleConfig.publicationId,  // explicit — avoids singleton-Manager dependency
         title:         structure.subject,
         subject:       structure.subject,
         preheader:     structure.preheader,

package/src/test/fixtures/firebase-project/firebase.json

@@ -8,7 +8,7 @@
     ],
     "rewrites": [
       {
-        "source": "{/backend-manager,/backend-manager/**,/.well-known/oauth-protected-resource,/.well-known/oauth-authorization-server,/authorize,/token}",
+        "source": "{/backend-manager,/backend-manager/**,/mcp,/mcp/**,/.well-known/oauth-protected-resource,/.well-known/oauth-authorization-server,/authorize,/token,/register}",
         "function": "bm_api"
       }
     ]

package/src/test/test-accounts.js

@@ -413,7 +413,7 @@ const JOURNEY_ACCOUNTS = {
     email: '_test.cancel-too-young@{domain}',
     properties: {
       roles: {},
-      subscription: { product: { id: 'premium', name: 'Premium' }, status: 'active', expires: getFutureExpires(), cancellation: { pending: false }, payment: { processor: 'test', resourceId: 'sub_test_fake', startDate: { timestamp: new Date().toISOString(), timestampUNIX: Date.now() } } },
+      subscription: { product: { id: 'premium', name: 'Premium' }, status: 'active', expires: getFutureExpires(), cancellation: { pending: false }, payment: { processor: 'test', resourceId: 'sub_test_fake', startDate: { timestamp: new Date().toISOString(), timestampUNIX: Math.floor(Date.now() / 1000) } } },
     },
   },
   // Dedicated accounts for portal validation tests
@@ -837,31 +837,72 @@ async function deleteTestUsers(admin, extraAccounts) {
   // Wipe the entire emulator Firestore up front (guarded to emulator-only).
   await flushEmulatorFirestore(admin);
 
-  // Delete all known test accounts in parallel (built-in + project-defined).
-  const allAccounts = { ...TEST_ACCOUNTS, ...(extraAccounts || {}) };
+  // Clear auth users via the emulator's bulk-clear REST API instead of
+  // individual deleteUser() calls. Individual deletes trigger auth:on-delete
+  // for EACH user, and those triggers fire asynchronously — a late on-delete
+  // can land AFTER the subsequent createTestAccounts() on-create and clobber
+  // the freshly-written doc (80% repro rate in stress tests). The bulk API
+  // clears the auth store without triggering event handlers at all.
+  const authHost = process.env.FIREBASE_AUTH_EMULATOR_HOST;
+  const projectId = process.env.GCLOUD_PROJECT || 'demo-test';
+
+  if (authHost) {
+    try {
+      const url = `http://${authHost}/emulator/v1/projects/${projectId}/accounts`;
+      await fetch(url, { method: 'DELETE' });
+
+      // Count all known accounts as deleted (the bulk API doesn't return per-user results)
+      const allAccounts = { ...TEST_ACCOUNTS, ...(extraAccounts || {}) };
+      results.deleted = Object.values(allAccounts).map(a => a.uid);
+    } catch (e) {
+      // Bulk clear failed — fall back to individual deletes
+      const allAccounts = { ...TEST_ACCOUNTS, ...(extraAccounts || {}) };
+      await _deleteAccountsIndividually(admin, allAccounts, results);
+    }
+  } else {
+    // Not running against emulator — fall back to individual deletes
+    const allAccounts = { ...TEST_ACCOUNTS, ...(extraAccounts || {}) };
+    await _deleteAccountsIndividually(admin, allAccounts, results);
+  }
+
+  // Realtime Database: wipe the `_test` namespace in full. (The Firestore-wide
+  // flush already ran in flushEmulatorFirestore() at the start of this function.)
+  // `admin.database()` throws synchronously when no Database URL is configured,
+  // so guard the whole thing — RTDB is optional for a project.
+  try {
+    await admin.database().ref('_test').remove();
+  } catch (e) {
+    // RTDB not configured / no database URL — ignore.
+  }
+
+  return {
+    success: results.failed.length === 0,
+    deleted: results.deleted.length,
+    skipped: results.skipped.length,
+    failed: results.failed.length,
+    errors: results.failed,
+  };
+}
+
+async function _deleteAccountsIndividually(admin, allAccounts, results) {
   await Promise.all(
     Object.values(allAccounts).map(async (account) => {
       try {
-        // Delete Firebase Auth user (triggers on-delete which handles Firestore doc + count)
         await admin.auth().deleteUser(account.uid);
 
-        // Wait for on-delete handler to delete the Firestore doc
         const maxWait = 10000;
         const interval = 200;
         let waited = 0;
 
         while (waited < maxWait) {
           const doc = await admin.firestore().doc(`users/${account.uid}`).get();
-
           if (!doc.exists) {
             break;
           }
-
           await new Promise(resolve => setTimeout(resolve, interval));
           waited += interval;
         }
 
-        // Fallback: if on-delete didn't complete in time, delete the doc directly
         if (waited >= maxWait) {
           await admin.firestore().doc(`users/${account.uid}`).delete().catch(() => {});
         }
@@ -869,7 +910,6 @@ async function deleteTestUsers(admin, extraAccounts) {
         results.deleted.push(account.uid);
       } catch (error) {
         if (error.code === 'auth/user-not-found') {
-          // Auth user doesn't exist, but Firestore doc might still exist - clean it up
           await admin.firestore().doc(`users/${account.uid}`).delete().catch(() => {});
           results.skipped.push(account.uid);
         } else {
@@ -878,24 +918,6 @@ async function deleteTestUsers(admin, extraAccounts) {
       }
     })
   );
-
-  // Realtime Database: wipe the `_test` namespace in full. (The Firestore-wide
-  // flush already ran in flushEmulatorFirestore() at the start of this function.)
-  // `admin.database()` throws synchronously when no Database URL is configured,
-  // so guard the whole thing — RTDB is optional for a project.
-  try {
-    await admin.database().ref('_test').remove();
-  } catch (e) {
-    // RTDB not configured / no database URL — ignore.
-  }
-
-  return {
-    success: results.failed.length === 0,
-    deleted: results.deleted.length,
-    skipped: results.skipped.length,
-    failed: results.failed.length,
-    errors: results.failed,
-  };
 }
 
 /**

package/test/events/auth-delete-race.js

@@ -0,0 +1,201 @@
+const uuid = require('uuid');
+
+/**
+ * Test: auth:on-delete race condition
+ *
+ * Proves the emulator's async on-delete trigger clobbers freshly-recreated docs
+ * when you don't wait for it to settle, and that the mitigation strategies work.
+ *
+ * The production fix uses the emulator's bulk-clear REST API in deleteTestUsers()
+ * to avoid triggering on-delete at all during test setup.
+ */
+module.exports = {
+  description: 'auth:on-delete race condition (create → delete → recreate)',
+  type: 'group',
+  timeout: 120000,
+
+  tests: [
+    {
+      name: 'baseline-create-and-verify',
+      async run({ Manager, assert }) {
+        const admin = Manager.libraries.admin;
+        const testUid = '_test-race-baseline';
+        const testEmail = '_test.race-baseline@test.com';
+        const userRef = admin.firestore().doc(`users/${testUid}`);
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+
+        await admin.auth().createUser({
+          uid: testUid,
+          email: testEmail,
+          password: uuid.v4(),
+          emailVerified: true,
+        });
+
+        const ready = await pollUntilReady(userRef);
+        assert.ok(ready, 'on-create should complete and write api keys');
+
+        const doc = await userRef.get();
+        assert.ok(doc.data()?.api?.clientId, 'doc should have api.clientId');
+        assert.ok(doc.data()?.api?.privateKey, 'doc should have api.privateKey');
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+      },
+    },
+
+    {
+      name: 'no-wait-gets-clobbered',
+      async run({ Manager, assert }) {
+        const admin = Manager.libraries.admin;
+        const testUid = '_test-race-no-wait';
+        const testEmail = '_test.race-no-wait@test.com';
+        const userRef = admin.firestore().doc(`users/${testUid}`);
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+
+        // Create and wait for doc to be fully ready
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        assert.ok(await pollUntilReady(userRef), 'First create should produce api keys');
+
+        // Delete auth user — do NOT wait for doc to disappear — then recreate
+        await admin.auth().deleteUser(testUid);
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        await pollUntilReady(userRef);
+
+        // The late on-delete clobbers the doc within a few seconds
+        await sleep(3000);
+        const doc = await userRef.get();
+        const survived = doc.exists && !!(doc.data()?.api?.clientId);
+
+        assert.ok(!survived, 'Doc should be clobbered by late on-delete (proves the race exists)');
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+      },
+    },
+
+    {
+      name: 'wait-for-gone-survives',
+      async run({ Manager, assert }) {
+        const admin = Manager.libraries.admin;
+        const testUid = '_test-race-wait-gone';
+        const testEmail = '_test.race-wait-gone@test.com';
+        const userRef = admin.firestore().doc(`users/${testUid}`);
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        assert.ok(await pollUntilReady(userRef), 'First create should produce api keys');
+
+        // Delete and WAIT for doc to disappear before recreating
+        await admin.auth().deleteUser(testUid);
+        await pollUntilGone(userRef);
+
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        assert.ok(await pollUntilReady(userRef), 'Second create should produce api keys');
+
+        await sleep(3000);
+        const doc = await userRef.get();
+        const survived = doc.exists && !!(doc.data()?.api?.clientId);
+
+        assert.ok(survived, 'Doc should survive when we wait for on-delete to settle first');
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+      },
+    },
+
+    {
+      name: 'force-delete-doc-survives',
+      async run({ Manager, assert }) {
+        const admin = Manager.libraries.admin;
+        const testUid = '_test-race-force-del';
+        const testEmail = '_test.race-force-del@test.com';
+        const userRef = admin.firestore().doc(`users/${testUid}`);
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        assert.ok(await pollUntilReady(userRef), 'First create should produce api keys');
+
+        // Delete auth user AND force-delete the Firestore doc, then pause
+        await admin.auth().deleteUser(testUid);
+        await userRef.delete().catch(() => {});
+        await sleep(500);
+
+        await admin.auth().createUser({
+          uid: testUid, email: testEmail,
+          password: uuid.v4(), emailVerified: true,
+        });
+        assert.ok(await pollUntilReady(userRef), 'Second create should produce api keys');
+
+        await sleep(3000);
+        const doc = await userRef.get();
+        const survived = doc.exists && !!(doc.data()?.api?.clientId);
+
+        assert.ok(survived, 'Doc should survive when we force-delete the doc before recreating');
+
+        await admin.auth().deleteUser(testUid).catch(() => {});
+        await pollUntilGone(userRef);
+      },
+    },
+  ],
+};
+
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+async function pollUntilReady(userRef, maxWait = 15000) {
+  const interval = 300;
+  let waited = 0;
+
+  while (waited < maxWait) {
+    const doc = await userRef.get();
+    const data = doc.exists ? doc.data() : null;
+    if (data?.metadata?.tag === 'auth:on-create' && data.api?.clientId && data.api?.privateKey) {
+      return true;
+    }
+    await sleep(interval);
+    waited += interval;
+  }
+
+  return false;
+}
+
+async function pollUntilGone(userRef, maxWait = 10000) {
+  const interval = 200;
+  let waited = 0;
+
+  while (waited < maxWait) {
+    const doc = await userRef.get();
+    if (!doc.exists) {
+      return true;
+    }
+    await sleep(interval);
+    waited += interval;
+  }
+
+  await userRef.delete().catch(() => {});
+  return false;
+}

package/test/helpers/ai-tools-format.js

@@ -346,5 +346,38 @@ module.exports = {
         assert.equal(out.message?.content, 'hello', 'message carries last user turn');
       },
     },
+
+    {
+      name: 'normalize-options-structured-system-content-as-array-injects-rules',
+      async run({ assert }) {
+        const messages = [
+          {
+            role: 'system',
+            content: [
+              { type: 'text', text: 'existing instruction' },
+              { type: 'image', source: { type: 'url', url: 'https://example.com/img.png' } },
+            ],
+          },
+          { role: 'user', content: 'check order 1' },
+          { role: 'assistant', toolCalls: [{ id: 'c1', name: 'check_order', arguments: {} }] },
+          { role: 'tool', toolCallId: 'c1', content: 'shipped' },
+        ];
+        const out = normalizeOptions({ messages });
+
+        assert.equal(out.messages.length, 4, 'no turns added or dropped');
+        assert.equal(Array.isArray(out.messages[0].content), true, 'system content stays as array');
+        assert.equal(out.messages[0].content[0].type, 'text', 'rules prepended as text block');
+        assert.equal(
+          out.messages[0].content[0].text.includes(SYSTEM_PROMPT_INJECTIONS[0]),
+          true,
+          'system rules injected into prepended text block',
+        );
+        assert.equal(out.messages[0].content[1].type, 'text', 'original text block preserved');
+        assert.equal(out.messages[0].content[1].text, 'existing instruction', 'original text content intact');
+        assert.equal(out.messages[0].content[2].type, 'image', 'original image block preserved');
+        assert.deepEqual(out.messages[2], messages[2], 'toolCalls turn untouched');
+        assert.deepEqual(out.messages[3], messages[3], 'tool result turn untouched');
+      },
+    },
   ],
 };

package/test/rules/user.js

@@ -246,10 +246,13 @@ module.exports = {
         // Should fail - consent is protected (only signup route + webhook
         // processors can mutate it server-side; a client write would let a
         // user retroactively forge their own consent record).
+        // Use a value that can't match any prior state — earlier tests
+        // (email-preferences) may have set marketing.status to 'granted',
+        // and writing the SAME value is a no-op the rules correctly allow.
         await rules.expectFailure(
           db.doc(`users/${uid}`).set({
             consent: {
-              marketing: { status: 'granted' },
+              marketing: { status: 'forged' },
             },
           }, { merge: true })
         );