cojson 0.13.16 → 0.13.18

package/src/tests/permissions.test.ts

@@ -5,14 +5,15 @@ import { WasmCrypto } from "../crypto/WasmCrypto.js";
 import { expectGroup } from "../typeUtils/expectGroup.js";
 import {
   connectTwoPeers,
+  createAccountInNode,
   createThreeConnectedNodes,
   createTwoConnectedNodes,
   groupWithTwoAdmins,
   groupWithTwoAdminsHighLevel,
-  hotSleep,
   loadCoValueOrFail,
   newGroup,
   newGroupHighLevel,
+  waitFor,
 } from "./testUtils.js";
 
 const Crypto = await WasmCrypto.create();
@@ -29,17 +30,12 @@ test("Added admin can add a third admin to a group", () => {
   const { groupCore, otherAdmin, node } = groupWithTwoAdmins();
 
   const groupAsOtherAdmin = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        otherAdmin,
-        Crypto.newRandomSessionID(otherAdmin.id),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(otherAdmin),
   );
 
   expect(groupAsOtherAdmin.get(otherAdmin.id)).toEqual("admin");
 
-  const thirdAdmin = node.createAccount();
+  const thirdAdmin = createAccountInNode(groupAsOtherAdmin.core.node);
 
   groupAsOtherAdmin.set(thirdAdmin.id, "admin", "trusting");
   expect(groupAsOtherAdmin.get(thirdAdmin.id)).toEqual("admin");
@@ -49,15 +45,10 @@ test("Added adming can add a third admin to a group (high level)", () => {
   const { group, otherAdmin } = groupWithTwoAdminsHighLevel();
 
   const groupAsOtherAdmin = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        otherAdmin,
-        Crypto.newRandomSessionID(otherAdmin.id),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(otherAdmin),
   );
 
-  const thirdAdmin = groupAsOtherAdmin.core.node.createAccount();
+  const thirdAdmin = createAccountInNode(groupAsOtherAdmin.core.node);
 
   groupAsOtherAdmin.addMember(thirdAdmin, "admin");
 
@@ -75,12 +66,7 @@ test("Admins can't demote other admins in a group", () => {
   expect(groupContent.get(otherAdmin.id)).toEqual("admin");
 
   const groupAsOtherAdmin = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        otherAdmin,
-        Crypto.newRandomSessionID(otherAdmin.id),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(otherAdmin),
   );
 
   groupAsOtherAdmin.set(admin.id, "writer", "trusting");
@@ -91,12 +77,7 @@ test("Admins can't demote other admins in a group (high level)", () => {
   const { group, admin, otherAdmin } = groupWithTwoAdminsHighLevel();
 
   const groupAsOtherAdmin = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        otherAdmin,
-        Crypto.newRandomSessionID(otherAdmin.id),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(otherAdmin),
   );
 
   expect(() => groupAsOtherAdmin.addMemberInternal(admin.id, "writer")).toThrow(
@@ -108,7 +89,7 @@ test("Admins can't demote other admins in a group (high level)", () => {
 
 test("Admins an add writers to a group, who can't add admins, writers, or readers", () => {
   const { groupCore, node } = newGroup();
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   const groupContent = expectGroup(groupCore.getCurrentContent());
 
@@ -118,14 +99,12 @@ test("Admins an add writers to a group, who can't add admins, writers, or reader
   expect(groupContent.get(writer.id)).toEqual("writer");
 
   const groupAsWriter = expectGroup(
-    groupCore
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   expect(groupAsWriter.get(writer.id)).toEqual("writer");
 
-  const otherAgent = node.createAccount();
+  const otherAgent = createAccountInNode(node);
 
   groupAsWriter.set(otherAgent.id, "admin", "trusting");
   expect(groupAsWriter.get(otherAgent.id)).toBeUndefined();
@@ -140,20 +119,18 @@ test("Admins an add writers to a group, who can't add admins, writers, or reader
 test("Admins an add writers to a group, who can't add admins, writers, or readers (high level)", () => {
   const { group, node } = newGroupHighLevel();
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   group.addMember(writer, "writer");
   expect(group.get(writer.id)).toEqual("writer");
 
   const groupAsWriter = expectGroup(
-    group.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   expect(groupAsWriter.get(writer.id)).toEqual("writer");
 
-  const otherAgent = groupAsWriter.core.node.createAccount();
+  const otherAgent = createAccountInNode(groupAsWriter.core.node);
 
   expect(() => groupAsWriter.addMember(otherAgent, "admin")).toThrow(
     "Failed to set role",
@@ -170,7 +147,7 @@ test("Admins an add writers to a group, who can't add admins, writers, or reader
 
 test("Admins can add readers to a group, who can't add admins, writers, or readers", () => {
   const { groupCore, node } = newGroup();
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   const groupContent = expectGroup(groupCore.getCurrentContent());
 
@@ -178,14 +155,12 @@ test("Admins can add readers to a group, who can't add admins, writers, or reade
   expect(groupContent.get(reader.id)).toEqual("reader");
 
   const groupAsReader = expectGroup(
-    groupCore
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(groupAsReader.get(reader.id)).toEqual("reader");
 
-  const otherAgent = node.createAccount();
+  const otherAgent = createAccountInNode(node);
 
   groupAsReader.set(otherAgent.id, "admin", "trusting");
   expect(groupAsReader.get(otherAgent.id)).toBeUndefined();
@@ -201,20 +176,18 @@ test("Admins can add readers to a group, who can't add admins, writers, or reade
 test("Admins can add readers to a group, who can't add admins, writers, or readers (high level)", () => {
   const { group, node } = newGroupHighLevel();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   group.addMember(reader, "reader");
   expect(group.get(reader.id)).toEqual("reader");
 
   const groupAsReader = expectGroup(
-    group.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(groupAsReader.get(reader.id)).toEqual("reader");
 
-  const otherAgent = groupAsReader.core.node.createAccount();
+  const otherAgent = createAccountInNode(groupAsReader.core.node);
 
   expect(() => groupAsReader.addMember(otherAgent, "admin")).toThrow(
     "Failed to set role",
@@ -257,7 +230,7 @@ test("Admins can write to an object that is owned by their group (high level)",
 test("Writers can write to an object that is owned by their group", () => {
   const { node, groupCore } = newGroup();
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   const group = expectGroup(groupCore.getCurrentContent());
   group.set(writer.id, "writer", "trusting");
@@ -270,32 +243,25 @@ test("Writers can write to an object that is owned by their group", () => {
     ...Crypto.createdNowUnique(),
   });
 
-  const childObjectAsWriter = childObject.testWithDifferentAccount(
-    writer,
-    Crypto.newRandomSessionID(writer.id),
-  );
-
-  const childContentAsWriter = expectMap(
-    childObjectAsWriter.getCurrentContent(),
+  const childObjectAsWriter = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(writer),
   );
 
-  childContentAsWriter.set("foo", "bar", "trusting");
-  expect(childContentAsWriter.get("foo")).toEqual("bar");
+  childObjectAsWriter.set("foo", "bar", "trusting");
+  expect(childObjectAsWriter.get("foo")).toEqual("bar");
 });
 
 test("Writers can write to an object that is owned by their group (high level)", () => {
   const { node, group } = newGroupHighLevel();
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   group.addMember(writer, "writer");
 
   const childObject = group.createMap();
 
   const childObjectAsWriter = expectMap(
-    childObject.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   childObjectAsWriter.set("foo", "bar", "trusting");
@@ -305,7 +271,7 @@ test("Writers can write to an object that is owned by their group (high level)",
 test("Readers can not write to an object that is owned by their group", () => {
   const { node, groupCore } = newGroup();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   const group = expectGroup(groupCore.getCurrentContent());
   group.set(reader.id, "reader", "trusting");
@@ -318,32 +284,26 @@ test("Readers can not write to an object that is owned by their group", () => {
     ...Crypto.createdNowUnique(),
   });
 
-  const childObjectAsReader = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
-  );
-
-  const childContentAsReader = expectMap(
-    childObjectAsReader.getCurrentContent(),
+  const childObjectAsReader = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
-  childContentAsReader.set("foo", "bar", "trusting");
-  expect(childContentAsReader.get("foo")).toBeUndefined();
+  childObjectAsReader.set("foo", "bar", "trusting");
+  childObjectAsReader.set("foo", "bar", "trusting");
+  expect(childObjectAsReader.get("foo")).toBeUndefined();
 });
 
 test("Readers can not write to an object that is owned by their group (high level)", () => {
   const { node, group } = newGroupHighLevel();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   group.addMember(reader, "reader");
 
   const childObject = group.createMap();
 
   const childObjectAsReader = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   childObjectAsReader.set("foo", "bar", "trusting");
@@ -401,7 +361,7 @@ test("Admins can set group read key and then use it to create and read private t
 test("Admins can set group read key and then writers can use it to create and read private transactions in owned objects", () => {
   const { node, groupCore, admin } = newGroup();
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   const { secret: readKey, id: readKeyID } = Crypto.newRandomKeySecret();
 
@@ -443,34 +403,28 @@ test("Admins can set group read key and then writers can use it to create and re
     ...Crypto.createdNowUnique(),
   });
 
-  const childObjectAsWriter = childObject.testWithDifferentAccount(
-    writer,
-    Crypto.newRandomSessionID(writer.id),
+  const childObjectAsWriter = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   expect(childObject.getCurrentReadKey().secret).toEqual(readKey);
+  expect(childObjectAsWriter.core.getCurrentReadKey().secret).toEqual(readKey);
 
-  const childContentAsWriter = expectMap(
-    childObjectAsWriter.getCurrentContent(),
-  );
-
-  childContentAsWriter.set("foo", "bar", "private");
-  expect(childContentAsWriter.get("foo")).toEqual("bar");
+  childObjectAsWriter.set("foo", "bar", "private");
+  expect(childObjectAsWriter.get("foo")).toEqual("bar");
 });
 
 test("Admins can set group read key and then writers can use it to create and read private transactions in owned objects (high level)", () => {
   const { node, group } = newGroupHighLevel();
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
 
   group.addMember(writer, "writer");
 
   const childObject = group.createMap();
 
   const childObjectAsWriter = expectMap(
-    childObject.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   childObjectAsWriter.set("foo", "bar", "private");
@@ -480,7 +434,7 @@ test("Admins can set group read key and then writers can use it to create and re
 test("Admins can set group read key and then use it to create private transactions in owned objects, which readers can read", () => {
   const { node, groupCore, admin } = newGroup();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   const { secret: readKey, id: readKeyID } = Crypto.newRandomKeySecret();
 
@@ -527,24 +481,18 @@ test("Admins can set group read key and then use it to create private transactio
   childContent.set("foo", "bar", "private");
   expect(childContent.get("foo")).toEqual("bar");
 
-  const childObjectAsReader = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
-  );
-
-  expect(childObjectAsReader.getCurrentReadKey().secret).toEqual(readKey);
-
-  const childContentAsReader = expectMap(
-    childObjectAsReader.getCurrentContent(),
+  const childObjectAsReader = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
-  expect(childContentAsReader.get("foo")).toEqual("bar");
+  expect(childObjectAsReader.core.getCurrentReadKey().secret).toEqual(readKey);
+  expect(childObjectAsReader.get("foo")).toEqual("bar");
 });
 
 test("Admins can set group read key and then use it to create private transactions in owned objects, which readers can read (high level)", () => {
   const { node, group } = newGroupHighLevel();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   group.addMember(reader, "reader");
 
@@ -554,9 +502,7 @@ test("Admins can set group read key and then use it to create private transactio
   expect(childObject.get("foo")).toEqual("bar");
 
   const childContentAsReader = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(childContentAsReader.get("foo")).toEqual("bar");
@@ -565,9 +511,9 @@ test("Admins can set group read key and then use it to create private transactio
 test("Admins can set group read key and then use it to create private transactions in owned objects, which readers can read, even with a separate later revelation for the same read key", () => {
   const { node, groupCore, admin } = newGroup();
 
-  const reader1 = node.createAccount();
+  const reader1 = createAccountInNode(node);
 
-  const reader2 = node.createAccount();
+  const reader2 = createAccountInNode(node);
 
   const { secret: readKey, id: readKeyID } = Crypto.newRandomKeySecret();
 
@@ -614,18 +560,12 @@ test("Admins can set group read key and then use it to create private transactio
   childContent.set("foo", "bar", "private");
   expect(childContent.get("foo")).toEqual("bar");
 
-  const childObjectAsReader1 = childObject.testWithDifferentAccount(
-    reader1,
-    Crypto.newRandomSessionID(reader1.id),
-  );
-
-  expect(childObjectAsReader1.getCurrentReadKey().secret).toEqual(readKey);
-
-  const childContentAsReader1 = expectMap(
-    childObjectAsReader1.getCurrentContent(),
+  const childObjectAsReader1 = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader1),
   );
 
-  expect(childContentAsReader1.get("foo")).toEqual("bar");
+  expect(childObjectAsReader1.core.getCurrentReadKey().secret).toEqual(readKey);
+  expect(childObjectAsReader1.get("foo")).toEqual("bar");
 
   const revelation3 = Crypto.seal({
     message: readKey,
@@ -639,26 +579,20 @@ test("Admins can set group read key and then use it to create private transactio
 
   groupContent.set(`${readKeyID}_for_${reader2.id}`, revelation3, "trusting");
 
-  const childObjectAsReader2 = childObject.testWithDifferentAccount(
-    reader2,
-    Crypto.newRandomSessionID(reader2.id),
+  const childObjectAsReader2 = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader2),
   );
 
-  expect(childObjectAsReader2.getCurrentReadKey().secret).toEqual(readKey);
-
-  const childContentAsReader2 = expectMap(
-    childObjectAsReader2.getCurrentContent(),
-  );
-
-  expect(childContentAsReader2.get("foo")).toEqual("bar");
+  expect(childObjectAsReader2.core.getCurrentReadKey().secret).toEqual(readKey);
+  expect(childObjectAsReader2.get("foo")).toEqual("bar");
 });
 
 test("Admins can set group read key and then use it to create private transactions in owned objects, which readers can read, even with a separate later revelation for the same read key (high level)", () => {
   const { node, group } = newGroupHighLevel();
 
-  const reader1 = node.createAccount();
+  const reader1 = createAccountInNode(node);
 
-  const reader2 = node.createAccount();
+  const reader2 = createAccountInNode(node);
 
   group.addMember(reader1, "reader");
 
@@ -668,21 +602,15 @@ test("Admins can set group read key and then use it to create private transactio
   expect(childObject.get("foo")).toEqual("bar");
 
   const childContentAsReader1 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader1, Crypto.newRandomSessionID(reader1.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader1),
   );
-
   expect(childContentAsReader1.get("foo")).toEqual("bar");
 
   group.addMember(reader2, "reader");
 
   const childContentAsReader2 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader2, Crypto.newRandomSessionID(reader2.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader2),
   );
-
   expect(childContentAsReader2.get("foo")).toEqual("bar");
 });
 
@@ -798,7 +726,7 @@ test("Admins can set group read key, make a private transaction in an owned obje
 
   expect(childContent.get("foo")).toEqual("bar");
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   const { secret: readKey2, id: readKeyID2 } = Crypto.newRandomKeySecret();
 
@@ -846,19 +774,13 @@ test("Admins can set group read key, make a private transaction in an owned obje
   childContent.set("foo2", "bar2", "private");
   expect(childContent.get("foo2")).toEqual("bar2");
 
-  const childObjectAsReader = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
-  );
-
-  expect(childObjectAsReader.getCurrentReadKey().secret).toEqual(readKey2);
-
-  const childContentAsReader = expectMap(
-    childObjectAsReader.getCurrentContent(),
+  const childObjectAsReader = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
-  expect(childContentAsReader.get("foo")).toEqual("bar");
-  expect(childContentAsReader.get("foo2")).toEqual("bar2");
+  expect(childObjectAsReader.core.getCurrentReadKey().secret).toEqual(readKey2);
+  expect(childObjectAsReader.get("foo")).toEqual("bar");
+  expect(childObjectAsReader.get("foo2")).toEqual("bar2");
 });
 
 test("Admins can set group read key, make a private transaction in an owned object, rotate the read key, add a reader, make another private transaction in the owned object, and both can be read by the reader (high level)", () => {
@@ -877,7 +799,7 @@ test("Admins can set group read key, make a private transaction in an owned obje
 
   expect(childObject.core.getCurrentReadKey()).not.toEqual(firstReadKey);
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
   group.addMember(reader, "reader");
 
@@ -885,9 +807,7 @@ test("Admins can set group read key, make a private transaction in an owned obje
   expect(childObject.get("foo2")).toEqual("bar2");
 
   const childContentAsReader = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(childContentAsReader.get("foo")).toEqual("bar");
@@ -901,12 +821,9 @@ test("only admins can add agent ids", () => {
   const inviteID = Crypto.getAgentID(inviteSecret);
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   groupAsInvite.set(inviteID, "adminInvite", "trusting");
@@ -926,9 +843,9 @@ test("Admins can set group read rey, make a private transaction in an owned obje
 
   const groupContent = expectGroup(groupCore.getCurrentContent());
   const { secret: readKey, id: readKeyID } = Crypto.newRandomKeySecret();
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
-  const reader2 = node.createAccount();
+  const reader2 = createAccountInNode(node);
 
   const revelation1 = Crypto.seal({
     message: readKey,
@@ -980,23 +897,17 @@ test("Admins can set group read rey, make a private transaction in an owned obje
   childContent.set("foo", "bar", "private");
   expect(childContent.get("foo")).toEqual("bar");
 
-  let childObjectAsReader = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
+  let childObjectAsReader = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
-  expect(expectMap(childObjectAsReader.getCurrentContent()).get("foo")).toEqual(
-    "bar",
-  );
+  expect(childObjectAsReader.get("foo")).toEqual("bar");
 
-  let childObjectAsReader2 = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
+  let childObjectAsReader2 = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader2),
   );
 
-  expect(
-    expectMap(childObjectAsReader2.getCurrentContent()).get("foo"),
-  ).toEqual("bar");
+  expect(childObjectAsReader2.get("foo")).toEqual("bar");
 
   const { secret: readKey2, id: readKeyID2 } = Crypto.newRandomKeySecret();
 
@@ -1041,21 +952,15 @@ test("Admins can set group read rey, make a private transaction in an owned obje
   expect(childContent.get("foo2")).toEqual("bar2");
 
   // TODO: make sure these instances of coValues sync between each other so this isn't necessary?
-  childObjectAsReader = childObject.testWithDifferentAccount(
-    reader,
-    Crypto.newRandomSessionID(reader.id),
+  childObjectAsReader = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
-  childObjectAsReader2 = childObject.testWithDifferentAccount(
-    reader2,
-    Crypto.newRandomSessionID(reader2.id),
+  childObjectAsReader2 = expectMap(
+    childObject.contentInClonedNodeWithDifferentAccount(reader2),
   );
 
-  expect(
-    expectMap(childObjectAsReader.getCurrentContent()).get("foo2"),
-  ).toBeUndefined();
-  expect(
-    expectMap(childObjectAsReader2.getCurrentContent()).get("foo2"),
-  ).toEqual("bar2");
+  expect(childObjectAsReader.get("foo2")).toBeUndefined();
+  expect(childObjectAsReader2.get("foo2")).toEqual("bar2");
 });
 
 test("Admins can set group read rey, make a private transaction in an owned object, rotate the read key, add two readers, rotate the read key again to kick out one reader, make another private transaction in the owned object, and only the remaining reader can read both transactions (high level)", async () => {
@@ -1072,9 +977,9 @@ test("Admins can set group read rey, make a private transaction in an owned obje
 
   const secondReadKey = childObject.core.getCurrentReadKey();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
 
-  const reader2 = node.createAccount();
+  const reader2 = createAccountInNode(node);
 
   group.addMember(reader, "reader");
   group.addMember(reader2, "reader");
@@ -1090,9 +995,7 @@ test("Admins can set group read rey, make a private transaction in an owned obje
   expect(childObject.get("foo3")).toEqual("bar3");
 
   const childContentAsReader2 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(reader2, Crypto.newRandomSessionID(reader2.id))
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(reader2),
   );
 
   expect(childContentAsReader2.get("foo")).toEqual("bar");
@@ -1101,9 +1004,7 @@ test("Admins can set group read rey, make a private transaction in an owned obje
 
   expect(
     expectMap(
-      childObject.core
-        .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-        .getCurrentContent(),
+      childObject.core.contentInClonedNodeWithDifferentAccount(reader),
     ).get("foo3"),
   ).toBeUndefined();
 });
@@ -1167,12 +1068,9 @@ test("Admins can create an adminInvite, which can add an admin", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedAdminSecret = Crypto.newRandomAgentSecret();
@@ -1215,9 +1113,8 @@ test("Admins can create an adminInvite, which can add an admin (high-level)", as
   const invitedAdminSecret = Crypto.newRandomAgentSecret();
   const invitedAdminID = Crypto.getAgentID(invitedAdminSecret);
 
-  const nodeAsInvitedAdmin = node.testWithDifferentAccount(
+  const nodeAsInvitedAdmin = node.cloneWithDifferentAccount(
     new ControlledAgent(invitedAdminSecret, Crypto),
-    Crypto.newRandomSessionID(invitedAdminID),
   );
 
   await nodeAsInvitedAdmin.acceptInvite(group.id, inviteSecret);
@@ -1277,12 +1174,9 @@ test("Admins can create a writerInvite, which can add a writer", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
@@ -1325,9 +1219,8 @@ test("Admins can create a writerInvite, which can add a writer (high-level)", as
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
   const invitedWriterID = Crypto.getAgentID(invitedWriterSecret);
 
-  const nodeAsInvitedWriter = node.testWithDifferentAccount(
+  const nodeAsInvitedWriter = node.cloneWithDifferentAccount(
     new ControlledAgent(invitedWriterSecret, Crypto),
-    Crypto.newRandomSessionID(invitedWriterID),
   );
 
   await nodeAsInvitedWriter.acceptInvite(group.id, inviteSecret);
@@ -1380,12 +1273,9 @@ test("Admins can create a readerInvite, which can add a reader", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedReaderSecret = Crypto.newRandomAgentSecret();
@@ -1418,9 +1308,8 @@ test("Admins can create a readerInvite, which can add a reader (high-level)", as
   const invitedReaderSecret = Crypto.newRandomAgentSecret();
   const invitedReaderID = Crypto.getAgentID(invitedReaderSecret);
 
-  const nodeAsInvitedReader = node.testWithDifferentAccount(
+  const nodeAsInvitedReader = node.cloneWithDifferentAccount(
     new ControlledAgent(invitedReaderSecret, Crypto),
-    Crypto.newRandomSessionID(invitedReaderID),
   );
 
   await nodeAsInvitedReader.acceptInvite(group.id, inviteSecret);
@@ -1473,12 +1362,9 @@ test("WriterInvites can not invite admins", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedAdminSecret = Crypto.newRandomAgentSecret();
@@ -1527,12 +1413,9 @@ test("ReaderInvites can not invite admins", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedAdminSecret = Crypto.newRandomAgentSecret();
@@ -1581,12 +1464,9 @@ test("ReaderInvites can not invite writers", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
@@ -1635,12 +1515,9 @@ test("WriteOnlyInvites can not invite writers", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
@@ -1689,12 +1566,9 @@ test("WriteOnlyInvites can not invite admins", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
@@ -1743,12 +1617,9 @@ test("WriteOnlyInvites can invite writeOnly", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   const invitedWriterSecret = Crypto.newRandomAgentSecret();
@@ -1797,12 +1668,9 @@ test("WriteOnlyInvites can set writeKeys", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   groupAsInvite.set(`writeKeyFor_${admin.id}`, readKeyID, "trusting");
@@ -1848,12 +1716,9 @@ test("Invites can't override key revelations", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   groupAsInvite.set(
@@ -1903,12 +1768,9 @@ test("WriteOnlyInvites can't override writeKeys", () => {
   group.set(`${readKeyID}_for_${inviteID}`, revelationForInvite, "trusting");
 
   const groupAsInvite = expectGroup(
-    groupCore
-      .testWithDifferentAccount(
-        new ControlledAgent(inviteSecret, Crypto),
-        Crypto.newRandomSessionID(inviteID),
-      )
-      .getCurrentContent(),
+    groupCore.contentInClonedNodeWithDifferentAccount(
+      new ControlledAgent(inviteSecret, Crypto),
+    ),
   );
 
   groupAsInvite.set(`writeKeyFor_${admin.id}`, readKeyID, "trusting");
@@ -1947,12 +1809,7 @@ test("Can give read permission to 'everyone'", () => {
   const newAccount = new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto);
 
   const childContent2 = expectMap(
-    childObject
-      .testWithDifferentAccount(
-        newAccount,
-        Crypto.newRandomSessionID(newAccount.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(newAccount),
   );
 
   expect(childContent2.get("foo")).toEqual("bar");
@@ -1973,12 +1830,7 @@ test("Can give read permissions to 'everyone' (high-level)", async () => {
   const newAccount = new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto);
 
   const childContent2 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(
-        new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto),
-        Crypto.newRandomSessionID(newAccount.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(newAccount),
   );
 
   expect(childContent2.get("foo")).toEqual("bar");
@@ -2011,12 +1863,7 @@ test("Can give write permission to 'everyone'", async () => {
   const newAccount = new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto);
 
   const childContent2 = expectMap(
-    childObject
-      .testWithDifferentAccount(
-        newAccount,
-        Crypto.newRandomSessionID(newAccount.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(newAccount),
   );
 
   // TODO: resolve race condition
@@ -2043,12 +1890,7 @@ test("Can give write permissions to 'everyone' (high-level)", async () => {
   const newAccount = new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto);
 
   const childContent2 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(
-        newAccount,
-        Crypto.newRandomSessionID(newAccount.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(newAccount),
   );
 
   connectTwoPeers(group.core.node, childContent2.core.node, "server", "server");
@@ -2074,11 +1916,11 @@ test("Writers, readers and invitees can not set parent extensions", () => {
   const { group, node } = newGroupHighLevel();
   const parentGroup = node.createGroup();
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
-  const adminInvite = node.createAccount();
-  const writerInvite = node.createAccount();
-  const readerInvite = node.createAccount();
+  const writer = createAccountInNode(node);
+  const reader = createAccountInNode(node);
+  const adminInvite = createAccountInNode(node);
+  const writerInvite = createAccountInNode(node);
+  const readerInvite = createAccountInNode(node);
 
   group.addMember(writer, "writer");
   group.addMember(reader, "reader");
@@ -2087,54 +1929,35 @@ test("Writers, readers and invitees can not set parent extensions", () => {
   group.addMember(readerInvite, "readerInvite");
 
   const groupAsWriter = expectGroup(
-    group.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   groupAsWriter.set(`parent_${parentGroup.id}`, "extend", "trusting");
   expect(groupAsWriter.get(`parent_${parentGroup.id}`)).toBeUndefined();
 
   const groupAsReader = expectGroup(
-    group.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   groupAsReader.set(`parent_${parentGroup.id}`, "extend", "trusting");
   expect(groupAsReader.get(`parent_${parentGroup.id}`)).toBeUndefined();
 
   const groupAsAdminInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        adminInvite,
-        Crypto.newRandomSessionID(adminInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(adminInvite),
   );
 
   groupAsAdminInvite.set(`parent_${parentGroup.id}`, "extend", "trusting");
   expect(groupAsAdminInvite.get(`parent_${parentGroup.id}`)).toBeUndefined();
 
   const groupAsWriterInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        writerInvite,
-        Crypto.newRandomSessionID(writerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writerInvite),
   );
 
   groupAsWriterInvite.set(`parent_${parentGroup.id}`, "extend", "trusting");
   expect(groupAsWriterInvite.get(`parent_${parentGroup.id}`)).toBeUndefined();
 
   const groupAsReaderInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        readerInvite,
-        Crypto.newRandomSessionID(readerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(readerInvite),
   );
 
   groupAsReaderInvite.set(`parent_${parentGroup.id}`, "extend", "trusting");
@@ -2183,27 +2006,23 @@ test("Writers, readers and writeOnly can set child extensions", () => {
   const { group, node } = newGroupHighLevel();
   const childGroup = node.createGroup();
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
-  const writeOnly = node.createAccount();
+  const writer = createAccountInNode(node);
+  const reader = createAccountInNode(node);
+  const writeOnly = createAccountInNode(node);
 
   group.addMember(writer, "writer");
   group.addMember(reader, "reader");
   group.addMember(writeOnly, "writeOnly");
 
   const groupAsWriter = expectGroup(
-    group.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   groupAsWriter.set(`child_${childGroup.id}`, "extend", "trusting");
   expect(groupAsWriter.get(`child_${childGroup.id}`)).toEqual("extend");
 
   const groupAsReader = expectGroup(
-    group.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   groupAsReader.set(`child_${childGroup.id}`, "extend", "trusting");
@@ -2214,45 +2033,30 @@ test("Invitees can not set child extensions", () => {
   const { group, node } = newGroupHighLevel();
   const childGroup = node.createGroup();
 
-  const adminInvite = node.createAccount();
-  const writerInvite = node.createAccount();
-  const readerInvite = node.createAccount();
+  const adminInvite = createAccountInNode(node);
+  const writerInvite = createAccountInNode(node);
+  const readerInvite = createAccountInNode(node);
 
   group.addMember(adminInvite, "adminInvite");
   group.addMember(writerInvite, "writerInvite");
   group.addMember(readerInvite, "readerInvite");
 
   const groupAsAdminInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        adminInvite,
-        Crypto.newRandomSessionID(adminInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(adminInvite),
   );
 
   groupAsAdminInvite.set(`child_${childGroup.id}`, "extend", "trusting");
   expect(groupAsAdminInvite.get(`child_${childGroup.id}`)).toBeUndefined();
 
   const groupAsWriterInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        writerInvite,
-        Crypto.newRandomSessionID(writerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writerInvite),
   );
 
   groupAsWriterInvite.set(`child_${childGroup.id}`, "extend", "trusting");
   expect(groupAsWriterInvite.get(`child_${childGroup.id}`)).toBeUndefined();
 
   const groupAsReaderInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        readerInvite,
-        Crypto.newRandomSessionID(readerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(readerInvite),
   );
 
   groupAsReaderInvite.set(`child_${childGroup.id}`, "extend", "trusting");
@@ -2265,11 +2069,11 @@ test("Member roles are inherited by child groups (except invites)", () => {
 
   group.set(`parent_${parentGroup.id}`, "extend", "trusting");
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
-  const adminInvite = node.createAccount();
-  const writerInvite = node.createAccount();
-  const readerInvite = node.createAccount();
+  const writer = createAccountInNode(node);
+  const reader = createAccountInNode(node);
+  const adminInvite = createAccountInNode(node);
+  const writerInvite = createAccountInNode(node);
+  const readerInvite = createAccountInNode(node);
 
   parentGroup.addMember(writer, "writer");
   parentGroup.addMember(reader, "reader");
@@ -2298,11 +2102,11 @@ test("Member roles are inherited by grand-children groups (except invites)", ()
   group.set(`parent_${parentGroup.id}`, "extend", "trusting");
   parentGroup.set(`parent_${grandParentGroup.id}`, "extend", "trusting");
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
-  const adminInvite = node.createAccount();
-  const writerInvite = node.createAccount();
-  const readerInvite = node.createAccount();
+  const writer = createAccountInNode(node);
+  const reader = createAccountInNode(node);
+  const adminInvite = createAccountInNode(node);
+  const writerInvite = createAccountInNode(node);
+  const readerInvite = createAccountInNode(node);
 
   grandParentGroup.addMember(writer, "writer");
   grandParentGroup.addMember(reader, "reader");
@@ -2344,7 +2148,7 @@ test("Admins can reveal parent read keys to child groups", () => {
   expect(group.get(`${readKeyID}_for_${parentReadKeyID}`)).toEqual(encrypted);
 });
 
-test("Writers, readers and invites can't reveal parent read keys to child groups", () => {
+test("Writers can't reveal parent read keys to child groups", () => {
   const { group, node } = newGroupHighLevel();
   const parentGroup = node.createGroup();
 
@@ -2361,22 +2165,11 @@ test("Writers, readers and invites can't reveal parent read keys to child groups
   // eslint-disable-next-line @typescript-eslint/no-explicit-any
   const encrypted = "fake_encrypted_key_secret" as any;
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
-  const adminInvite = node.createAccount();
-  const writerInvite = node.createAccount();
-  const readerInvite = node.createAccount();
-
+  const writer = createAccountInNode(node);
   group.addMember(writer, "writer");
-  group.addMember(reader, "reader");
-  group.addMember(adminInvite, "adminInvite");
-  group.addMember(writerInvite, "writerInvite");
-  group.addMember(readerInvite, "readerInvite");
 
   const groupAsWriter = expectGroup(
-    group.core
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   groupAsWriter.set(
@@ -2387,11 +2180,30 @@ test("Writers, readers and invites can't reveal parent read keys to child groups
   expect(
     groupAsWriter.get(`${readKeyID}_for_${parentReadKeyID}`),
   ).toBeUndefined();
+});
+
+test("Readers can't reveal parent read keys to child groups", () => {
+  const { group, node } = newGroupHighLevel();
+  const parentGroup = node.createGroup();
+
+  const parentReadKeyID = parentGroup.get("readKey");
+  if (!parentReadKeyID) {
+    throw new Error("Can't get parent group read key");
+  }
+
+  const readKeyID = group.get("readKey");
+  if (!readKeyID) {
+    throw new Error("Can't get group read key");
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const encrypted = "fake_encrypted_key_secret" as any;
+
+  const reader = createAccountInNode(node);
+  group.addMember(reader, "reader");
 
   const groupAsReader = expectGroup(
-    group.core
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   groupAsReader.set(
@@ -2402,14 +2214,30 @@ test("Writers, readers and invites can't reveal parent read keys to child groups
   expect(
     groupAsReader.get(`${readKeyID}_for_${parentReadKeyID}`),
   ).toBeUndefined();
+});
+
+test.skip("Admin invites can't reveal parent read keys to child groups", () => {
+  const { group, node } = newGroupHighLevel();
+  const parentGroup = node.createGroup();
+
+  const parentReadKeyID = parentGroup.get("readKey");
+  if (!parentReadKeyID) {
+    throw new Error("Can't get parent group read key");
+  }
+
+  const readKeyID = group.get("readKey");
+  if (!readKeyID) {
+    throw new Error("Can't get group read key");
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const encrypted = "fake_encrypted_key_secret" as any;
+
+  const adminInvite = createAccountInNode(node);
+  group.addMember(adminInvite, "adminInvite");
 
   const groupAsAdminInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        adminInvite,
-        Crypto.newRandomSessionID(adminInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(adminInvite),
   );
 
   groupAsAdminInvite.set(
@@ -2420,14 +2248,30 @@ test("Writers, readers and invites can't reveal parent read keys to child groups
   expect(
     groupAsAdminInvite.get(`${readKeyID}_for_${parentReadKeyID}`),
   ).toBeUndefined();
+});
+
+test.skip("Writer invites can't reveal parent read keys to child groups", () => {
+  const { group, node } = newGroupHighLevel();
+  const parentGroup = node.createGroup();
+
+  const parentReadKeyID = parentGroup.get("readKey");
+  if (!parentReadKeyID) {
+    throw new Error("Can't get parent group read key");
+  }
+
+  const readKeyID = group.get("readKey");
+  if (!readKeyID) {
+    throw new Error("Can't get group read key");
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const encrypted = "fake_encrypted_key_secret" as any;
+
+  const writerInvite = createAccountInNode(node);
+  group.addMember(writerInvite, "writerInvite");
 
   const groupAsWriterInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        writerInvite,
-        Crypto.newRandomSessionID(writerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(writerInvite),
   );
 
   groupAsWriterInvite.set(
@@ -2438,14 +2282,30 @@ test("Writers, readers and invites can't reveal parent read keys to child groups
   expect(
     groupAsWriterInvite.get(`${readKeyID}_for_${parentReadKeyID}`),
   ).toBeUndefined();
+});
+
+test.skip("Reader invites can't reveal parent read keys to child groups", () => {
+  const { group, node } = newGroupHighLevel();
+  const parentGroup = node.createGroup();
+
+  const parentReadKeyID = parentGroup.get("readKey");
+  if (!parentReadKeyID) {
+    throw new Error("Can't get parent group read key");
+  }
+
+  const readKeyID = group.get("readKey");
+  if (!readKeyID) {
+    throw new Error("Can't get group read key");
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  const encrypted = "fake_encrypted_key_secret" as any;
+
+  const readerInvite = createAccountInNode(node);
+  group.addMember(readerInvite, "readerInvite");
 
   const groupAsReaderInvite = expectGroup(
-    group.core
-      .testWithDifferentAccount(
-        readerInvite,
-        Crypto.newRandomSessionID(readerInvite.currentAgentID()),
-      )
-      .getCurrentContent(),
+    group.core.contentInClonedNodeWithDifferentAccount(readerInvite),
   );
 
   groupAsReaderInvite.set(
@@ -2490,8 +2350,8 @@ test("Writers and readers in a parent group can read from an object owned by a c
 
   group.set(`${readKeyID}_for_${parentReadKeyID}`, encrypted, "trusting");
 
-  const writer = node.createAccount();
-  const reader = node.createAccount();
+  const writer = createAccountInNode(node);
+  const reader = createAccountInNode(node);
   parentGroup.addMember(writer, "writer");
   parentGroup.addMember(reader, "reader");
 
@@ -2508,17 +2368,13 @@ test("Writers and readers in a parent group can read from an object owned by a c
   expect(childContent.get("foo")).toEqual("bar");
 
   const childContentAsWriter = expectMap(
-    childObject
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   expect(childContentAsWriter.get("foo")).toEqual("bar");
 
   const childContentAsReader = expectMap(
-    childObject
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(childContentAsReader.get("foo")).toEqual("bar");
@@ -2556,7 +2412,7 @@ test("Writers in a parent group can write to an object owned by a child group",
 
   group.set(`${readKeyID}_for_${parentReadKeyID}`, encrypted, "trusting");
 
-  const writer = node.createAccount();
+  const writer = createAccountInNode(node);
   parentGroup.addMember(writer, "writer");
 
   const childObject = node.createCoValue({
@@ -2567,9 +2423,7 @@ test("Writers in a parent group can write to an object owned by a child group",
   });
 
   const childContentAsWriter = expectMap(
-    childObject
-      .testWithDifferentAccount(writer, Crypto.newRandomSessionID(writer.id))
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(writer),
   );
 
   childContentAsWriter.set("foo", "bar", "private");
@@ -2738,7 +2592,7 @@ test("Calling extend on group sets up parent and child references and reveals ch
 
   expect(group.get(`${childReadKeyID}_for_${parentReadKeyID}`)).toBeDefined();
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
   parentGroup.addMember(reader, "reader");
 
   const childObject = node.createCoValue({
@@ -2752,9 +2606,7 @@ test("Calling extend on group sets up parent and child references and reveals ch
   childMap.set("foo", "bar", "private");
 
   const childContentAsReader = expectMap(
-    childObject
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(childContentAsReader.get("foo")).toEqual("bar");
@@ -2773,7 +2625,7 @@ test("Calling extend to create grand-child groups parent and child references an
   expect(parentGroup.get(`child_${group.id}`)).toEqual("extend");
   expect(grandParentGroup.get(`child_${parentGroup.id}`)).toEqual("extend");
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
   grandParentGroup.addMember(reader, "reader");
 
   const childObject = node.createCoValue({
@@ -2787,9 +2639,7 @@ test("Calling extend to create grand-child groups parent and child references an
   childMap.set("foo", "bar", "private");
 
   const childContentAsReader = expectMap(
-    childObject
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    childObject.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(childContentAsReader.get("foo")).toEqual("bar");
@@ -2884,8 +2734,8 @@ test("revoking write access to parent group", async () => {
 
   // Create an account (`alice`) that can write to the parent group
   // Create an account (`bob`) that can write to the child group
-  const alice = node.createAccount();
-  const bob = node.createAccount();
+  const alice = createAccountInNode(node);
+  const bob = createAccountInNode(node);
   parentGroup.addMember(alice, "writer");
   group.addMember(bob, "writer");
 
@@ -2897,9 +2747,7 @@ test("revoking write access to parent group", async () => {
     ...Crypto.createdNowUnique(),
   });
   const bobMap = expectMap(
-    mapCore
-      .testWithDifferentAccount(bob, Crypto.newRandomSessionID(bob.id))
-      .getCurrentContent(),
+    mapCore.contentInClonedNodeWithDifferentAccount(bob),
   );
 
   // `bob` sets `foo` to `bar`
@@ -2908,9 +2756,7 @@ test("revoking write access to parent group", async () => {
   expect(bobMap.get("foo")).toEqual("bar");
 
   const aliceMap = expectMap(
-    mapCore
-      .testWithDifferentAccount(alice, Crypto.newRandomSessionID(alice.id))
-      .getCurrentContent(),
+    mapCore.contentInClonedNodeWithDifferentAccount(alice),
   );
   // `alice` sets `foo` to `baz`
   aliceMap.set("foo", "baz", "private");
@@ -2926,9 +2772,7 @@ test("revoking write access to parent group", async () => {
   expect(bobMap.get("foo")).toEqual("abc");
 
   const aliceMapAfterUnextend = expectMap(
-    mapCore
-      .testWithDifferentAccount(alice, Crypto.newRandomSessionID(alice.id))
-      .getCurrentContent(),
+    mapCore.contentInClonedNodeWithDifferentAccount(alice),
   );
   // `alice` attempts to set `foo` to `def`, but fails
   expect(() => aliceMapAfterUnextend.set("foo", "def", "private")).toThrow(
@@ -3052,11 +2896,15 @@ test("a user should have write access if the parent group has everyone as a writ
 
   childMap.set("foo", "bar", "private");
 
+  await new Promise((resolve) => setTimeout(resolve, 10));
+
   const mapOnNode2 = await loadCoValueOrFail(node2.node, childMap.id);
 
   mapOnNode2.set("foo", "baz", "private");
 
-  expect(mapOnNode2.get("foo")).toEqual("baz");
+  await waitFor(async () => {
+    expect(mapOnNode2.get("foo")).toEqual("baz");
+  });
 });
 
 test("High-level permissions work correctly when a group is extended", async () => {
@@ -3065,7 +2913,7 @@ test("High-level permissions work correctly when a group is extended", async ()
 
   group.extend(parentGroup);
 
-  const reader = node.createAccount();
+  const reader = createAccountInNode(node);
   parentGroup.addMember(reader, "reader");
 
   const mapCore = node.createCoValue({
@@ -3080,9 +2928,7 @@ test("High-level permissions work correctly when a group is extended", async ()
   map.set("foo", "bar", "private");
 
   const mapAsReader = expectMap(
-    mapCore
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    mapCore.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(mapAsReader.get("foo")).toEqual("bar");
@@ -3097,9 +2943,7 @@ test("High-level permissions work correctly when a group is extended", async ()
   map.set("foo", "baz", "private");
 
   const mapAsReaderAfterRemove = expectMap(
-    mapCore
-      .testWithDifferentAccount(reader, Crypto.newRandomSessionID(reader.id))
-      .getCurrentContent(),
+    mapCore.contentInClonedNodeWithDifferentAccount(reader),
   );
 
   expect(mapAsReaderAfterRemove.get("foo")).not.toEqual("baz");
@@ -3183,12 +3027,7 @@ test("Can revoke read permission from 'everyone'", async () => {
   // Create a new account to verify access
   const newAccount = new ControlledAgent(Crypto.newRandomAgentSecret(), Crypto);
   const childContent = expectMap(
-    childObject.core
-      .testWithDifferentAccount(
-        newAccount,
-        Crypto.newRandomSessionID(newAccount.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(newAccount),
   );
 
   // Verify the new account can read
@@ -3205,12 +3044,7 @@ test("Can revoke read permission from 'everyone'", async () => {
     Crypto,
   );
   const childContent2 = expectMap(
-    childObject.core
-      .testWithDifferentAccount(
-        newAccount2,
-        Crypto.newRandomSessionID(newAccount2.currentAgentID()),
-      )
-      .getCurrentContent(),
+    childObject.core.contentInClonedNodeWithDifferentAccount(newAccount2),
   );
 
   // Verify the new account cannot read after revocation