payment-kit 1.29.1 → 1.29.3

package/api/tests/libs/tenant-scanner.spec.ts

@@ -0,0 +1,120 @@
+// Phase 5 (W1′) — the tenant scanner is now a STRUCTURAL backstop, not a
+// fail-open denylist. These tests pin the new behavior:
+//   - the live api/src scan passes with ZERO violations and an EMPTY whitelist
+//     (the 151-file fail-open whitelist collapsed because Phase 3/4 made the
+//     invariants load-bearing);
+//   - assertion ② (raw query on a tenant table must bind a tenant) fires on an
+//     unguarded raw read and stays quiet on a guarded one / a non-tenant table.
+// Assertion ① (model must extend TenantModel) is exercised by the test-the-test
+// in logs/s5-e2e.log (revert a model to `extends Model` -> scanner exits 1).
+import { execFileSync } from 'child_process';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+
+const SCANNER = path.join(__dirname, '../../../scripts/scan-tenant-queries.js');
+const WHITELIST = path.join(__dirname, '../../../scripts/tenant-scan-whitelist.json');
+
+function runScanner(args: string[], env: Record<string, string> = {}): { exit: number; result: any } {
+  try {
+    const out = execFileSync('node', [SCANNER, '--json', ...args], {
+      encoding: 'utf8',
+      env: { ...process.env, ...env },
+    });
+    return { exit: 0, result: JSON.parse(out) };
+  } catch (err: any) {
+    return { exit: err.status ?? 1, result: JSON.parse(err.stdout || '{}') };
+  }
+}
+
+function writeFixture(name: string, content: string): string {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'scan-'));
+  const file = path.join(dir, name);
+  fs.writeFileSync(file, content);
+  return file;
+}
+
+describe('tenant scanner — structural backstop (phase 5)', () => {
+  it('the live api/src scan passes with zero violations and an empty whitelist', () => {
+    const { exit, result } = runScanner([]);
+    expect(exit).toBe(0);
+    expect(result.violations).toEqual([]);
+    expect(result.staleWhitelistEntries).toEqual([]);
+    // the fail-open 151-file whitelist has collapsed
+    const whitelist = JSON.parse(fs.readFileSync(WHITELIST, 'utf8'));
+    expect(whitelist).toEqual([]);
+  });
+
+  it('assertion ②: an unguarded raw read on a tenant table is flagged', () => {
+    const file = writeFixture(
+      'unguarded.ts',
+      `export const f = (s: any) => s.query("SELECT * FROM coupons WHERE livemode = 1");`
+    );
+    const { exit, result } = runScanner([file]);
+    expect(exit).toBe(1);
+    expect(result.violations[0].kind).toBe('raw-unguarded');
+  });
+
+  it('assertion ②: a tenant-bound raw read is NOT flagged', () => {
+    const file = writeFixture(
+      'guarded.ts',
+      `export const f = (s: any) => s.query("SELECT * FROM coupons WHERE instance_did = :instance_did");`
+    );
+    const { exit, result } = runScanner([file]);
+    expect(exit).toBe(0);
+    expect(result.violations).toEqual([]);
+  });
+
+  it('assertion ②: a DDL statement on a tenant table is exempt (not flagged)', () => {
+    const file = writeFixture(
+      'ddl.ts',
+      `export const f = (s: any) => s.query('ALTER TABLE "coupons" ADD COLUMN foo TEXT');`
+    );
+    const { exit } = runScanner([file]);
+    expect(exit).toBe(0);
+  });
+
+  it('assertion ②: a raw read on a NON-tenant table is not flagged', () => {
+    const file = writeFixture('jobs.ts', `export const f = (s: any) => s.query("SELECT * FROM jobs WHERE id = 1");`);
+    const { exit } = runScanner([file]);
+    expect(exit).toBe(0);
+  });
+
+  it('Security: DDL is judged by the statement verb — a SELECT cannot hide behind /* CREATE */', () => {
+    const file = writeFixture(
+      'evasion.ts',
+      `export const f = (s: any) => s.query("SELECT * FROM coupons WHERE id=1 /* CREATE */");`
+    );
+    const { exit, result } = runScanner([file]);
+    expect(exit).toBe(1);
+    expect(result.violations[0].kind).toBe('raw-unguarded');
+  });
+
+  it('Bad input: an unparseable (binary / non-utf8) file fails loudly, never a silent skip', () => {
+    const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'scan-'));
+    const file = path.join(dir, 'binary.ts');
+    fs.writeFileSync(file, Buffer.from([0x53, 0x45, 0x00, 0x01, 0xff, 0xfe]));
+    const { exit, result } = runScanner([file]);
+    expect(exit).toBe(1);
+    expect(result.violations[0].kind).toBe('unreadable');
+  });
+
+  it('Bad input: a whitelist entry pointing at a non-existent file is reported stale (exit 1)', () => {
+    const wl = writeFixture('wl.json', JSON.stringify([{ file: 'api/src/store/models/does-not-exist.ts', reason: 'x' }]));
+    const { exit, result } = runScanner([], { TENANT_SCAN_WHITELIST: wl });
+    expect(exit).toBe(1);
+    expect(result.staleWhitelistEntries).toContain('api/src/store/models/does-not-exist.ts');
+  });
+
+  it('Security: a wildcard whitelist entry cannot swallow a real violation (exact-path match only)', () => {
+    const violating = writeFixture(
+      'leak.ts',
+      `export const f = (s: any) => s.query("SELECT * FROM coupons WHERE id=1");`
+    );
+    // a glob-looking entry must NOT match the violating file by prefix/wildcard
+    const wl = writeFixture('wl2.json', JSON.stringify([{ file: 'api/src/**', reason: 'wildcard attempt' }]));
+    const { exit, result } = runScanner([violating], { TENANT_SCAN_WHITELIST: wl });
+    expect(exit).toBe(1);
+    expect(result.violations.some((v: any) => v.kind === 'raw-unguarded')).toBe(true);
+  });
+});

package/api/tests/middlewares/hono/cdn.spec.ts

@@ -0,0 +1,70 @@
+// Phase 1 (express→hono) — hono cdn fork. Rewrites asset URLs to the CDN host on
+// outgoing HTML in production; inert for JSON /api responses (the only surface in
+// Phases 1-3). The transform core (AssetHostTransformer) is the real SDK util;
+// only the config env (assetCdnHost / componentDid) is mocked here.
+import { Hono } from 'hono';
+
+jest.mock('@blocklet/sdk/lib/config', () => ({
+  __esModule: true,
+  env: { assetCdnHost: 'cdn.example.com', componentDid: 'z-comp' },
+}));
+
+// eslint-disable-next-line import/first
+import { cdn } from '../../../src/middlewares/hono/cdn';
+
+const ASSET = '/.blocklet/proxy/z-comp/app.js';
+const HTML = `<html><head><script src="${ASSET}"></script></head><body>hi</body></html>`;
+
+const prevServiceEnv = process.env.ABT_NODE_SERVICE_ENV;
+beforeAll(() => {
+  process.env.ABT_NODE_SERVICE_ENV = 'production';
+});
+afterAll(() => {
+  if (prevServiceEnv === undefined) delete process.env.ABT_NODE_SERVICE_ENV;
+  else process.env.ABT_NODE_SERVICE_ENV = prevServiceEnv;
+});
+
+function buildApp() {
+  const app = new Hono();
+  app.use('*', cdn());
+  app.get('/page', (c) => c.html(HTML));
+  app.get('/api/data', (c) => c.json({ asset: ASSET })); // JSON must NOT be rewritten
+  return app;
+}
+
+const get = (app: Hono, p: string, accept = 'text/html') =>
+  app.fetch(new Request(`http://x${p}`, { headers: { accept } }));
+
+describe('hono cdn — happy path', () => {
+  it('rewrites HTML asset URLs to the CDN host in production', async () => {
+    const res = await get(buildApp(), '/page');
+    const body = await res.text();
+    expect(body).toContain('//cdn.example.com/.blocklet/proxy/z-comp/app.js');
+    expect(body).not.toMatch(/"\/\.blocklet\/proxy\/z-comp\/app\.js"/); // original quoted path is gone
+  });
+});
+
+describe('hono cdn — security / inert for API', () => {
+  it('does NOT rewrite a JSON response (content-type guard — inert for /api)', async () => {
+    const res = await get(buildApp(), '/api/data', 'application/json');
+    const body = await res.json();
+    expect(body.asset).toBe(ASSET); // untouched
+  });
+
+  it('does NOT rewrite when the client does not accept html', async () => {
+    const res = await get(buildApp(), '/page', 'application/json');
+    const body = await res.text();
+    // not html-accepting → shouldProcess false → original asset path retained
+    expect(body).toContain(`"${ASSET}"`);
+  });
+});
+
+describe('hono cdn — bad input (non-production inert)', () => {
+  it('does NOT rewrite outside production', async () => {
+    delete process.env.ABT_NODE_SERVICE_ENV;
+    const res = await get(buildApp(), '/page');
+    const body = await res.text();
+    expect(body).toContain(`"${ASSET}"`); // original retained
+    process.env.ABT_NODE_SERVICE_ENV = 'production';
+  });
+});

package/api/tests/middlewares/hono/context.spec.ts

@@ -0,0 +1,113 @@
+// Phase 1 (express→hono) — hono ensureI18n + contextMiddleware fork. Mirrors the
+// express tenant-middleware spec: single-point Host→tenant resolution, raw Host
+// only, multi-mode fail-closed. Driven via app.fetch with an explicit host
+// header (the fork reads c.req.header('host') — never a proxy header).
+import { Hono } from 'hono';
+import { ensureI18n, contextMiddleware } from '../../../src/middlewares/hono/context';
+import { getInstanceDid } from '../../../src/libs/context';
+import { getDefaultInstanceDid } from '../../../src/libs/tenant';
+import {
+  setIdentityDriver,
+  createDefaultIdentityDriver,
+  type IdentityDriver,
+} from '../../../src/libs/drivers/identity';
+
+const TENANT_A = 'did:abt:zHOSTA';
+const TENANT_B = 'did:abt:zHOSTB';
+
+function buildApp() {
+  const app = new Hono();
+  app.use('*', ensureI18n());
+  app.use('*', contextMiddleware());
+  app.get('/whoami', (c) => c.json({ tenant: getInstanceDid(), locale: c.get('locale') }));
+  return app;
+}
+
+const get = (app: Hono, host: string, extra: Record<string, string> = {}, path = '/whoami') =>
+  app.fetch(new Request(`http://${host}${path}`, { headers: { host, ...extra } }));
+
+afterEach(() => {
+  delete process.env.PAYMENT_TENANT_MODE;
+  setIdentityDriver(createDefaultIdentityDriver());
+});
+
+describe('hono ensureI18n', () => {
+  it('sets locale from ?locale and defaults to en', async () => {
+    const app = buildApp();
+    expect((await (await get(app, 'x.example.com', {}, '/whoami?locale=zh')).json()).locale).toBe('zh');
+    expect((await (await get(app, 'x.example.com')).json()).locale).toBe('en');
+  });
+});
+
+describe('hono contextMiddleware — single mode (default test env)', () => {
+  it('resolves to the default tenant regardless of host', async () => {
+    const app = buildApp();
+    const expected = getDefaultInstanceDid();
+    expect((await (await get(app, 'a.example.com')).json()).tenant).toBe(expected);
+    expect((await (await get(app, 'other.example.com')).json()).tenant).toBe(expected);
+  });
+});
+
+describe('hono contextMiddleware — multi mode (Host→tenant, fail-closed)', () => {
+  const identity: IdentityDriver = {
+    resolveInstanceDidForHost(host) {
+      if (host === 'a.example.com') return TENANT_A;
+      if (host === 'b.example.com') return TENANT_B;
+      return null;
+    },
+  };
+
+  beforeEach(() => {
+    process.env.PAYMENT_TENANT_MODE = 'multi';
+    setIdentityDriver(identity);
+  });
+
+  it('two hosts see two tenants (data isolation)', async () => {
+    const app = buildApp();
+    expect((await (await get(app, 'a.example.com')).json()).tenant).toBe(TENANT_A);
+    expect((await (await get(app, 'b.example.com')).json()).tenant).toBe(TENANT_B);
+  });
+
+  it('unknown host fails closed 400 + error code, no tenant leak', async () => {
+    const r = await get(buildApp(), 'unknown.example.com');
+    expect(r.status).toBe(400);
+    const body = await r.json();
+    expect(body.error.code).toBe('TENANT_HOST_UNRESOLVED');
+    expect(body.tenant).toBeUndefined();
+  });
+
+  it('SECURITY: a forged X-Forwarded-Host cannot change resolution (raw Host only)', async () => {
+    const r = await get(buildApp(), 'a.example.com', { 'x-forwarded-host': 'b.example.com' });
+    expect((await r.json()).tenant).toBe(TENANT_A);
+  });
+
+  it('SECURITY: X-Forwarded-Host pointing at a known tenant cannot rescue an unknown raw Host', async () => {
+    const r = await get(buildApp(), 'unknown.example.com', { 'x-forwarded-host': 'a.example.com' });
+    expect(r.status).toBe(400);
+  });
+
+  it('an empty / malformed Host fails closed without crashing', async () => {
+    // host supplied via the Host header (fixed URL) so an empty/garbage value
+    // does not break URL construction; the fork reads c.req.header('host').
+    const app = buildApp();
+    const empty = await app.fetch(new Request('http://req.local/whoami', { headers: { host: '' } }));
+    expect(empty.status).toBe(400);
+    const garbage = await app.fetch(new Request('http://req.local/whoami', { headers: { host: ':::garbage:::' } }));
+    expect(garbage.status).toBe(400);
+  });
+
+  it('a 4xx-rejected request never reaches the route handler (no write)', async () => {
+    let handlerRuns = 0;
+    const app = new Hono();
+    app.use('*', contextMiddleware());
+    app.get('/whoami', (c) => {
+      handlerRuns += 1;
+      return c.json({ tenant: getInstanceDid() });
+    });
+    const r = await app.fetch(
+      new Request('http://unknown.example.com/whoami', { headers: { host: 'unknown.example.com' } })
+    );
+    expect(r.status).toBe(400);
+    expect(handlerRuns).toBe(0);
+  });
+});

package/api/tests/middlewares/hono/csrf.spec.ts

@@ -0,0 +1,136 @@
+// Phase 1 (express→hono) — hono csrf fork parity with @blocklet/sdk csrf.
+// The crypto core is reused verbatim, so tokens are interchangeable across
+// engines. BLOCKLET_APP_SK (csrf secret) is set by tools/jest-setup.js, so we
+// assert COMPUTED consistency (response token == sign(secret, loginToken)),
+// never a fixed byte string.
+import { Hono } from 'hono';
+// eslint-disable-next-line import/no-extraneous-dependencies
+import { sign, getCsrfSecret } from '@blocklet/sdk/lib/util/csrf';
+import { csrf } from '../../../src/middlewares/hono/csrf';
+
+const LOGIN = 'login_token_abc.payload.sig';
+
+function buildApp() {
+  const app = new Hono();
+  app.use('*', csrf());
+  app.get('/api/ping', (c) => c.json({ ok: true }));
+  app.post('/api/mutate', (c) => c.json({ mutated: true }));
+  app.post('/api/mcp/call', (c) => c.json({ mcp: true }));
+  return app;
+}
+
+const parseCsrfCookie = (res: Response): string | null => {
+  const raw = res.headers.get('set-cookie') || '';
+  const m = raw.match(/x-csrf-token=([^;]+)/);
+  return m ? decodeURIComponent(m[1] as string) : null;
+};
+
+describe('hono csrf — happy path', () => {
+  it('GET with login_token issues x-csrf-token == SDK sign(secret, loginToken)', async () => {
+    const app = buildApp();
+    const res = await app.fetch(new Request('http://x/api/ping', { headers: { cookie: `login_token=${LOGIN}` } }));
+    expect(res.status).toBe(200);
+    expect(parseCsrfCookie(res)).toBe(sign(getCsrfSecret(), LOGIN));
+  });
+
+  it('POST with matching cookie + header is allowed', async () => {
+    const token = sign(getCsrfSecret(), LOGIN);
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mutate', {
+        method: 'POST',
+        headers: { cookie: `login_token=${LOGIN}; x-csrf-token=${token}`, 'x-csrf-token': token },
+      })
+    );
+    expect(res.status).toBe(200);
+  });
+});
+
+describe('hono csrf — bad input + security', () => {
+  it('POST with a mismatched header is rejected 403', async () => {
+    const token = sign(getCsrfSecret(), LOGIN);
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mutate', {
+        method: 'POST',
+        headers: { cookie: `login_token=${LOGIN}; x-csrf-token=${token}`, 'x-csrf-token': 'tampered' },
+      })
+    );
+    expect(res.status).toBe(403);
+  });
+
+  it('POST without login_token is skipped (parity with SDK shouldVerifyToken)', async () => {
+    const app = buildApp();
+    const res = await app.fetch(new Request('http://x/api/mutate', { method: 'POST' }));
+    expect(res.status).toBe(200);
+  });
+
+  it('POST with login_token but no existing x-csrf-token cookie is skipped (SDK only enforces when cookie present)', async () => {
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mutate', { method: 'POST', headers: { cookie: `login_token=${LOGIN}` } })
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it('a /mcp path is never verified (skip)', async () => {
+    const token = sign(getCsrfSecret(), LOGIN);
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mcp/call', {
+        method: 'POST',
+        headers: { cookie: `login_token=${LOGIN}; x-csrf-token=${token}`, 'x-csrf-token': 'tampered' },
+      })
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it('a DID Wallet connect request (arcwallet user-agent) is skipped', async () => {
+    const token = sign(getCsrfSecret(), LOGIN);
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mutate', {
+        method: 'POST',
+        headers: {
+          cookie: `login_token=${LOGIN}; x-csrf-token=${token}`,
+          'x-csrf-token': 'tampered',
+          'user-agent': 'ArcWallet/2.9.0 (iOS)',
+        },
+      })
+    );
+    expect(res.status).toBe(200);
+  });
+
+  it('a token an express SDK issued verifies under the hono port (interoperable)', async () => {
+    const expressIssued = sign(getCsrfSecret(), LOGIN);
+    const app = buildApp();
+    const res = await app.fetch(
+      new Request('http://x/api/mutate', {
+        method: 'POST',
+        headers: { cookie: `login_token=${LOGIN}; x-csrf-token=${expressIssued}`, 'x-csrf-token': expressIssued },
+      })
+    );
+    expect(res.status).toBe(200);
+  });
+});
+
+describe('hono csrf — data damage (cookie attributes)', () => {
+  it('the issued cookie carries SameSite=Strict and Secure (parity with express res.cookie)', async () => {
+    const app = buildApp();
+    const res = await app.fetch(new Request('http://x/api/ping', { headers: { cookie: `login_token=${LOGIN}` } }));
+    const raw = res.headers.get('set-cookie') || '';
+    expect(raw).toMatch(/SameSite=Strict/i);
+    expect(raw).toMatch(/Secure/i);
+  });
+});
+
+describe('hono csrf — data leak (secret never serialized)', () => {
+  it('the raw csrf secret never appears in any response header or body', async () => {
+    const secret = getCsrfSecret();
+    const app = buildApp();
+    const res = await app.fetch(new Request('http://x/api/ping', { headers: { cookie: `login_token=${LOGIN}` } }));
+    const headerDump = [...res.headers.entries()].map(([k, v]) => `${k}:${v}`).join('\n');
+    expect(headerDump).not.toContain(secret); // only the signed token (an HMAC of it) is exposed
+    expect(await res.text()).not.toContain(secret);
+  });
+});

package/api/tests/middlewares/hono/fallback.spec.ts

@@ -0,0 +1,67 @@
+// Phase 1 (express→hono) — hono fallback fork. SPA index.html with OG meta +
+// theme injection. Ported verbatim from the SDK; only req/res → hono. Inert
+// until SPA serving moves off the bridge (Phase 4); unit-tested here.
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import { Hono } from 'hono';
+import { fallback } from '../../../src/middlewares/hono/fallback';
+
+const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'hono-fallback-'));
+const INDEX = path.join(dir, 'index.html');
+
+beforeAll(() => {
+  fs.writeFileSync(INDEX, '<html><head><title>orig</title></head><body>app</body></html>');
+});
+afterAll(() => fs.rmSync(dir, { recursive: true, force: true }));
+
+function buildApp() {
+  const app = new Hono();
+  app.use('*', fallback('index.html', { root: dir }));
+  app.get('*', (c) => c.text('not-fallback', 404));
+  return app;
+}
+
+const get = (app: Hono, p: string, accept = 'text/html') =>
+  app.fetch(new Request(`http://x${p}`, { headers: { accept } }));
+
+describe('hono fallback — happy path', () => {
+  it('serves the index.html with OG + theme injection for an html GET', async () => {
+    const res = await get(buildApp(), '/some/spa/route');
+    expect(res.status).toBe(200);
+    expect(res.headers.get('content-type')).toMatch(/text\/html/);
+    const body = await res.text();
+    expect(body).toContain('<meta property="og:image"'); // OG injected
+    expect(body).toContain('app'); // original body preserved
+    expect(res.headers.get('X-Cache')).toBe('MISS');
+    expect(res.headers.get('ETag')).toBeTruthy();
+  });
+
+  it('a second identical request is served from cache (X-Cache HIT)', async () => {
+    const app = buildApp();
+    await get(app, '/cached/route');
+    const res2 = await get(app, '/cached/route');
+    expect(res2.headers.get('X-Cache')).toBe('HIT');
+  });
+});
+
+describe('hono fallback — bad input (does not take over non-html / resource)', () => {
+  it('passes through (next) when the client does not accept html', async () => {
+    const res = await get(buildApp(), '/spa', 'application/json');
+    expect(res.status).toBe(404);
+    expect(await res.text()).toBe('not-fallback');
+  });
+
+  it('passes through for a resource path (e.g. .png)', async () => {
+    const res = await get(buildApp(), '/logo.png');
+    expect(res.status).toBe(404);
+    expect(await res.text()).toBe('not-fallback');
+  });
+
+  it('passes through for a non-GET/HEAD method', async () => {
+    const res = await buildApp().fetch(
+      new Request('http://x/spa', { method: 'POST', headers: { accept: 'text/html' } })
+    );
+    expect(res.status).toBe(404);
+  });
+});

package/api/tests/middlewares/hono/pipeline.spec.ts

@@ -0,0 +1,47 @@
+// express→hono — native pipeline INTEGRATION test.
+//
+// Drives the REAL buildHonoApp + configureNativePipeline (the test stub
+// /api/__e2e/echo is mounted under NODE_ENV=test) and proves native routes get
+// the full app-shell chain (cors→xss→csrf→ensureI18n→cdn→context): csrf issues a
+// token, i18n sets locale, xss sanitizes body but NOT query.
+//
+// Phase 4: the catch-all loopback bridge is gone (hono is the only entry), so the
+// former "bridge isolation" assertions were removed along with the express
+// backend they exercised.
+// eslint-disable-next-line import/no-extraneous-dependencies
+import { sign, getCsrfSecret } from '@blocklet/sdk/lib/util/csrf';
+import { buildHonoApp } from '../../../src/service';
+import { configureNativePipeline } from '../../../src/middlewares/hono/pipeline';
+
+let app: ReturnType<typeof buildHonoApp>;
+
+beforeAll(() => {
+  app = buildHonoApp(configureNativePipeline);
+});
+
+const call = (path: string, init?: RequestInit) => app.fetch(new Request(`http://app.local${path}`, init));
+
+describe('native pipeline — full chain on a native route', () => {
+  it('csrf issues a token + i18n sets locale on GET /api/__e2e/echo', async () => {
+    const login = 'login_token_pipeline.aaa.bbb';
+    const res = await call('/api/__e2e/echo?locale=fr', { headers: { cookie: `login_token=${login}` } });
+    expect(res.status).toBe(200);
+    // csrf ran: Set-Cookie x-csrf-token == sign(secret, login)
+    const setCookie = res.headers.get('set-cookie') || '';
+    expect(setCookie).toContain(`x-csrf-token=${encodeURIComponent(sign(getCsrfSecret(), login))}`);
+    // i18n ran: locale echoed
+    expect((await res.json()).locale).toBe('fr');
+  });
+
+  it('xss sanitizes the body but NOT the query (locked §7 narrowing)', async () => {
+    const res = await call('/api/__e2e/echo?q=%3Cscript%3Ealert(1)%3C%2Fscript%3E', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ name: '<script>alert(1)</script>hi' }),
+    });
+    const body = await res.json();
+    expect(body.body.name).not.toContain('<script>');
+    expect(body.body.name).toContain('hi');
+    expect(body.query).toBe('<script>alert(1)</script>'); // query un-sanitized
+  });
+});