npm - pgserve - Versions diffs - 1.2.0 → 2.0.0 - Mend

pgserve 1.2.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

package/.genie/brainstorms/pgserve-v2/DESIGN.md +174 -0
package/.genie/wishes/pgserve-v2/BRIEF-from-genie-pgserve.md +99 -0
package/.genie/wishes/pgserve-v2/WISH.md +442 -0
package/.genie/wishes/release-system-genie-pattern/WISH.md +9 -9
package/.genie/wishes/release-system-genie-pattern/validation.md +43 -10
package/.github/workflows/ci.yml +8 -4
package/.github/workflows/version.yml +2 -2
package/CHANGELOG.md +150 -0
package/README.md +186 -1
package/bin/pglite-server.js +253 -1
package/eslint.config.js +2 -0
package/package.json +1 -1
package/src/admin-client.js +171 -0
package/src/audit.js +168 -0
package/src/control-db.js +313 -0
package/src/daemon-control.js +408 -0
package/src/daemon-shared.js +18 -0
package/src/daemon-tcp.js +296 -0
package/src/daemon.js +629 -0
package/src/fingerprint.js +453 -0
package/src/gc.js +351 -0
package/src/index.js +11 -0
package/src/protocol.js +131 -0
package/src/router.js +8 -0
package/src/tenancy.js +75 -0
package/src/tokens.js +102 -0
package/tests/audit.test.js +189 -0
package/tests/control-db.test.js +285 -0
package/tests/daemon-fingerprint-integration.test.js +109 -0
package/tests/daemon-pr24-regression.test.js +201 -0
package/tests/fingerprint.test.js +249 -0
package/tests/fixtures/240-orphan-seed.sql +30 -0
package/tests/orphan-cleanup.test.js +390 -0
package/tests/tcp-listen.test.js +368 -0
package/tests/tenancy.test.js +403 -0

package/tests/audit.test.js ADDED Viewed

@@ -0,0 +1,189 @@
+/**
+ * Tests for src/audit.js — JSONL writer with rotation + syslog target.
+ *
+ * Tests use temp dirs under /tmp; nothing touches the user's real
+ * `~/.pgserve/audit.log`. The syslog test stubs `logger` via PATH so we
+ * don't depend on (or pollute) the host's syslog daemon.
+ */
+import { test, expect, beforeEach, afterEach } from 'bun:test';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import {
+  audit,
+  configureAudit,
+  readAuditTarget,
+  AUDIT_EVENTS,
+  _internals,
+} from '../src/audit.js';
+let scratchDir;
+beforeEach(() => {
+  scratchDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pgserve-audit-test-'));
+  configureAudit({
+    logFile: path.join(scratchDir, 'audit.log'),
+    target: 'file',
+  });
+});
+afterEach(() => {
+  try {
+    fs.rmSync(scratchDir, { recursive: true, force: true });
+  } catch { /* noop */ }
+});
+test('audit() appends a JSON line per event', () => {
+  audit(AUDIT_EVENTS.DB_CREATED, { fingerprint: 'abc123def456', db: 'app_demo_abc123def456' });
+  audit(AUDIT_EVENTS.CONNECTION_ROUTED, { fingerprint: 'abc123def456', peer_pid: 1234 });
+  const logFile = path.join(scratchDir, 'audit.log');
+  const lines = fs.readFileSync(logFile, 'utf8').trim().split('\n');
+  expect(lines.length).toBe(2);
+  const r1 = JSON.parse(lines[0]);
+  expect(r1.event).toBe('db_created');
+  expect(r1.fingerprint).toBe('abc123def456');
+  expect(typeof r1.ts).toBe('string');
+  expect(new Date(r1.ts).toString()).not.toBe('Invalid Date');
+  const r2 = JSON.parse(lines[1]);
+  expect(r2.event).toBe('connection_routed');
+  expect(r2.peer_pid).toBe(1234);
+});
+test('audit() refuses unknown events', () => {
+  expect(() => audit('definitely_not_a_real_event', {})).toThrow(/unknown event/);
+});
+test('audit() creates the parent directory if missing', () => {
+  const nested = path.join(scratchDir, 'nested', 'sub', 'audit.log');
+  audit(AUDIT_EVENTS.DB_CREATED, { fingerprint: 'a'.repeat(12) }, { logFile: nested });
+  expect(fs.existsSync(nested)).toBe(true);
+});
+test('all v2.0 event names are exported (incl. Group 6 tcp_*)', () => {
+  expect(Object.values(AUDIT_EVENTS).sort()).toEqual([
+    'connection_denied_fingerprint_mismatch',
+    'connection_routed',
+    'db_created',
+    'db_persist_honored',
+    'db_reaped_liveness',
+    'db_reaped_ttl',
+    'enforcement_kill_switch_used',
+    'tcp_token_denied',
+    'tcp_token_issued',
+    'tcp_token_used',
+  ]);
+});
+test('rotation kicks in once existing file crosses 50 MB', () => {
+  const logFile = path.join(scratchDir, 'audit.log');
+  // Use a sparse file to simulate a 50 MB log without writing 50 MB.
+  const fd = fs.openSync(logFile, 'w');
+  fs.ftruncateSync(fd, _internals.ROTATE_THRESHOLD_BYTES);
+  fs.closeSync(fd);
+  audit(AUDIT_EVENTS.DB_CREATED, { fingerprint: 'r'.repeat(12) });
+  // Original file rotated to .1, fresh file holds the new line.
+  expect(fs.existsSync(`${logFile}.1`)).toBe(true);
+  const fresh = fs.readFileSync(logFile, 'utf8');
+  expect(fresh.trim().split('\n').length).toBe(1);
+  expect(JSON.parse(fresh.trim()).event).toBe('db_created');
+  // The rotated file is the original 50 MB sparse file.
+  expect(fs.statSync(`${logFile}.1`).size).toBe(_internals.ROTATE_THRESHOLD_BYTES);
+});
+test('rotation cascades up to KEEP files and drops the eldest', () => {
+  const logFile = path.join(scratchDir, 'audit.log');
+  // Pre-populate audit.log.1 ... audit.log.5 with distinct markers.
+  for (let i = 1; i <= _internals.ROTATE_KEEP; i++) {
+    fs.writeFileSync(`${logFile}.${i}`, `slot-${i}\n`);
+  }
+  // And the live audit.log just under threshold.
+  const fd = fs.openSync(logFile, 'w');
+  fs.ftruncateSync(fd, _internals.ROTATE_THRESHOLD_BYTES);
+  fs.closeSync(fd);
+  audit(AUDIT_EVENTS.DB_CREATED, { fingerprint: 'q'.repeat(12) });
+  // .5 (was "slot-5") dropped; .4 → .5; .3 → .4; .2 → .3; .1 → .2; live → .1.
+  expect(fs.readFileSync(`${logFile}.5`, 'utf8').trim()).toBe('slot-4');
+  expect(fs.readFileSync(`${logFile}.4`, 'utf8').trim()).toBe('slot-3');
+  expect(fs.readFileSync(`${logFile}.3`, 'utf8').trim()).toBe('slot-2');
+  expect(fs.readFileSync(`${logFile}.2`, 'utf8').trim()).toBe('slot-1');
+  expect(fs.statSync(`${logFile}.1`).size).toBe(_internals.ROTATE_THRESHOLD_BYTES);
+});
+test('audit({target:"syslog"}) spawns logger -t pgserve-audit', async () => {
+  // Stub `logger` by prepending a temp shim to PATH.
+  const shimDir = path.join(scratchDir, 'shim');
+  fs.mkdirSync(shimDir, { recursive: true });
+  const marker = path.join(scratchDir, 'logger-calls.txt');
+  const shimPath = path.join(shimDir, 'logger');
+  fs.writeFileSync(
+    shimPath,
+    `#!/usr/bin/env bash
+# Capture argv to a marker file so the test can verify the spawn.
+printf '%s\\n' "$*" >> "${marker}"
+`,
+    { mode: 0o755 },
+  );
+  const oldPath = process.env.PATH;
+  process.env.PATH = `${shimDir}:${oldPath}`;
+  try {
+    audit(
+      AUDIT_EVENTS.CONNECTION_ROUTED,
+      { fingerprint: 's'.repeat(12) },
+      { target: 'syslog' },
+    );
+    // logger is spawned async; poll briefly for the marker.
+    const deadline = Date.now() + 2000;
+    while (!fs.existsSync(marker) && Date.now() < deadline) {
+      await new Promise(r => setTimeout(r, 25));
+    }
+    expect(fs.existsSync(marker)).toBe(true);
+    const contents = fs.readFileSync(marker, 'utf8');
+    expect(contents).toContain('-t pgserve-audit');
+    expect(contents).toContain('"event":"connection_routed"');
+  } finally {
+    process.env.PATH = oldPath;
+  }
+});
+test('audit({target:"syslog"}) swallows missing logger binary', () => {
+  // Point PATH at an empty dir → `logger` cannot be found → no throw.
+  const empty = path.join(scratchDir, 'empty');
+  fs.mkdirSync(empty);
+  const oldPath = process.env.PATH;
+  process.env.PATH = empty;
+  try {
+    expect(() =>
+      audit(
+        AUDIT_EVENTS.CONNECTION_ROUTED,
+        { fingerprint: 'z'.repeat(12) },
+        { target: 'syslog' },
+      ),
+    ).not.toThrow();
+  } finally {
+    process.env.PATH = oldPath;
+  }
+});
+test('readAuditTarget reads pgserve.audit.target from package.json', () => {
+  const pkgFile = path.join(scratchDir, 'package.json');
+  fs.writeFileSync(
+    pkgFile,
+    JSON.stringify({ name: 'demo', pgserve: { audit: { target: 'syslog' } } }),
+  );
+  expect(readAuditTarget(pkgFile)).toBe('syslog');
+  fs.writeFileSync(pkgFile, JSON.stringify({ name: 'demo' }));
+  expect(readAuditTarget(pkgFile)).toBe('file');
+  // Missing file → file (default).
+  expect(readAuditTarget(path.join(scratchDir, 'missing.json'))).toBe('file');
+});

package/tests/control-db.test.js ADDED Viewed

@@ -0,0 +1,285 @@
+/**
+ * Tests for src/control-db.js — pgserve_meta schema + accessors.
+ *
+ * Boots an ephemeral pgserve router (memory mode), connects via node-pg
+ * to the default `postgres` database, and exercises every exported function.
+ */
+import { test, expect, beforeAll, afterAll } from 'bun:test';
+import fs from 'fs';
+import pg from 'pg';
+import { startMultiTenantServer } from '../src/index.js';
+import {
+  ensureMetaSchema,
+  recordDbCreated,
+  touchLastConnection,
+  markPersist,
+  forEachReapable,
+  deleteMetaRow,
+  addAllowedToken,
+  revokeAllowedToken,
+  verifyToken,
+  findRowByFingerprint,
+} from '../src/control-db.js';
+const { Client } = pg;
+const TEST_DATA_DIR = './test-data-control-db';
+const PORT = 15561;
+let router;
+let client;
+function cleanupDataDir() {
+  if (fs.existsSync(TEST_DATA_DIR)) {
+    fs.rmSync(TEST_DATA_DIR, { recursive: true, force: true });
+  }
+}
+beforeAll(async () => {
+  cleanupDataDir();
+  router = await startMultiTenantServer({
+    port: PORT,
+    baseDir: TEST_DATA_DIR,
+    logLevel: 'warn',
+  });
+  client = new Client({
+    host: '127.0.0.1',
+    port: PORT,
+    database: 'postgres',
+    user: 'postgres',
+    password: 'postgres',
+  });
+  await client.connect();
+  await client.query('DROP TABLE IF EXISTS pgserve_meta');
+});
+afterAll(async () => {
+  try { await client.end(); } catch { /* noop */ }
+  try { await router.stop(); } catch { /* noop */ }
+  cleanupDataDir();
+});
+test('ensureMetaSchema creates table on first call', async () => {
+  await ensureMetaSchema(client);
+  const r = await client.query(`
+    SELECT column_name FROM information_schema.columns
+    WHERE table_name = 'pgserve_meta'
+    ORDER BY ordinal_position
+  `);
+  const columns = r.rows.map(row => row.column_name);
+  expect(columns).toEqual([
+    'database_name',
+    'fingerprint',
+    'peer_uid',
+    'package_realpath',
+    'created_at',
+    'last_connection_at',
+    'liveness_pid',
+    'persist',
+    'allowed_tokens',
+  ]);
+});
+test('ensureMetaSchema is idempotent', async () => {
+  await ensureMetaSchema(client);
+  await ensureMetaSchema(client);
+  // No throw — schema unchanged.
+  const r = await client.query(`SELECT count(*)::int AS n FROM pgserve_meta`);
+  expect(r.rows[0].n).toBe(0);
+});
+test('recordDbCreated inserts a row + select round-trip', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1000,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 4242,
+    persist: false,
+  });
+  const r = await client.query(`SELECT * FROM pgserve_meta WHERE database_name = $1`, [
+    'app_demo_abc123def456',
+  ]);
+  expect(r.rows.length).toBe(1);
+  const row = r.rows[0];
+  expect(row.fingerprint).toBe('abc123def456');
+  expect(row.peer_uid).toBe(1000);
+  expect(row.package_realpath).toBe('/home/me/proj/package.json');
+  expect(row.liveness_pid).toBe(4242);
+  expect(row.persist).toBe(false);
+  expect(row.created_at).toBeInstanceOf(Date);
+  expect(row.last_connection_at).toBeInstanceOf(Date);
+});
+test('recordDbCreated upserts on conflict (database_name PK)', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1000,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 4242,
+  });
+  // Re-insert with new peerUid + livenessPid → must upsert.
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_abc123def456',
+    fingerprint: 'abc123def456',
+    peerUid: 1001,
+    packageRealpath: '/home/me/proj/package.json',
+    livenessPid: 9999,
+    persist: true,
+  });
+  const r = await client.query(`SELECT peer_uid, liveness_pid, persist FROM pgserve_meta`);
+  expect(r.rows.length).toBe(1);
+  expect(r.rows[0].peer_uid).toBe(1001);
+  expect(r.rows[0].liveness_pid).toBe(9999);
+  expect(r.rows[0].persist).toBe(true);
+});
+test('touchLastConnection bumps last_connection_at and liveness_pid', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_x_111111111111',
+    fingerprint: '111111111111',
+    peerUid: 1000,
+    livenessPid: 100,
+  });
+  const before = await client.query(
+    `SELECT last_connection_at, liveness_pid FROM pgserve_meta WHERE database_name = $1`,
+    ['app_x_111111111111'],
+  );
+  // Sleep briefly so now() advances visibly.
+  await new Promise(r => setTimeout(r, 50));
+  await touchLastConnection(client, {
+    databaseName: 'app_x_111111111111',
+    livenessPid: 200,
+  });
+  const after = await client.query(
+    `SELECT last_connection_at, liveness_pid FROM pgserve_meta WHERE database_name = $1`,
+    ['app_x_111111111111'],
+  );
+  expect(after.rows[0].liveness_pid).toBe(200);
+  expect(after.rows[0].last_connection_at.getTime()).toBeGreaterThan(
+    before.rows[0].last_connection_at.getTime(),
+  );
+});
+test('markPersist toggles persist flag', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_p_222222222222',
+    fingerprint: '222222222222',
+    peerUid: 1000,
+  });
+  await markPersist(client, 'app_p_222222222222', true);
+  let r = await client.query(`SELECT persist FROM pgserve_meta WHERE database_name = $1`, [
+    'app_p_222222222222',
+  ]);
+  expect(r.rows[0].persist).toBe(true);
+  await markPersist(client, 'app_p_222222222222', false);
+  r = await client.query(`SELECT persist FROM pgserve_meta WHERE database_name = $1`, [
+    'app_p_222222222222',
+  ]);
+  expect(r.rows[0].persist).toBe(false);
+});
+test('forEachReapable yields only persist=false rows in last_connection_at order', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  // Older row first, newer row second; persistent row separately.
+  await client.query(
+    `INSERT INTO pgserve_meta (database_name, fingerprint, peer_uid, last_connection_at, persist)
+     VALUES
+       ('app_a_aaaaaaaaaaaa', 'aaaaaaaaaaaa', 1000, now() - interval '2 hours', false),
+       ('app_b_bbbbbbbbbbbb', 'bbbbbbbbbbbb', 1000, now() - interval '1 hour',  false),
+       ('app_c_cccccccccccc', 'cccccccccccc', 1000, now(),                       true)`,
+  );
+  const seen = [];
+  for await (const row of forEachReapable(client, { now: new Date() })) {
+    seen.push(row.databaseName);
+  }
+  expect(seen).toEqual(['app_a_aaaaaaaaaaaa', 'app_b_bbbbbbbbbbbb']);
+});
+test('deleteMetaRow removes the row', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_del_333333333333',
+    fingerprint: '333333333333',
+    peerUid: 1000,
+  });
+  await deleteMetaRow(client, 'app_del_333333333333');
+  const r = await client.query(`SELECT count(*)::int AS n FROM pgserve_meta`);
+  expect(r.rows[0].n).toBe(0);
+});
+test('recordDbCreated rejects bad input', async () => {
+  await expect(recordDbCreated(client, { fingerprint: 'x', peerUid: 1 })).rejects.toThrow(
+    /databaseName required/,
+  );
+  await expect(recordDbCreated(client, { databaseName: 'd', peerUid: 1 })).rejects.toThrow(
+    /fingerprint required/,
+  );
+  await expect(
+    recordDbCreated(client, { databaseName: 'd', fingerprint: 'f', peerUid: 'nope' }),
+  ).rejects.toThrow(/peerUid must be number/);
+});
+test('addAllowedToken refuses unknown fingerprint', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await expect(
+    addAllowedToken(client, { fingerprint: 'deadbeef0000', tokenId: 'tk1', tokenHash: 'h1' }),
+  ).rejects.toThrow(/no pgserve_meta row/);
+});
+test('addAllowedToken appends, verifyToken finds it, revokeAllowedToken removes it', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_demo_4444aabbccdd',
+    fingerprint: '4444aabbccdd',
+    peerUid: 1000,
+  });
+  await addAllowedToken(client, {
+    fingerprint: '4444aabbccdd',
+    tokenId: 'aaaa1111',
+    tokenHash: 'hash-1',
+  });
+  await addAllowedToken(client, {
+    fingerprint: '4444aabbccdd',
+    tokenId: 'bbbb2222',
+    tokenHash: 'hash-2',
+  });
+  const row = await findRowByFingerprint(client, '4444aabbccdd');
+  expect(row).not.toBeNull();
+  expect(row.allowedTokens.length).toBe(2);
+  expect(row.allowedTokens.map(t => t.id).sort()).toEqual(['aaaa1111', 'bbbb2222']);
+  const ok = await verifyToken(client, { fingerprint: '4444aabbccdd', tokenHash: 'hash-2' });
+  expect(ok).toEqual({ tokenId: 'bbbb2222', databaseName: 'app_demo_4444aabbccdd' });
+  const miss = await verifyToken(client, { fingerprint: '4444aabbccdd', tokenHash: 'no-such' });
+  expect(miss).toBeNull();
+  const affected = await revokeAllowedToken(client, 'aaaa1111');
+  expect(affected).toBe(1);
+  const after = await findRowByFingerprint(client, '4444aabbccdd');
+  expect(after.allowedTokens.map(t => t.id)).toEqual(['bbbb2222']);
+});
+test('revokeAllowedToken returns 0 for unknown id', async () => {
+  await client.query('TRUNCATE pgserve_meta');
+  await recordDbCreated(client, {
+    databaseName: 'app_x_5555aabbccdd',
+    fingerprint: '5555aabbccdd',
+    peerUid: 1000,
+  });
+  const affected = await revokeAllowedToken(client, 'nonexistent');
+  expect(affected).toBe(0);
+});

package/tests/daemon-fingerprint-integration.test.js ADDED Viewed

@@ -0,0 +1,109 @@
+/**
+ * Daemon × fingerprint integration test (Group 3, deliverable 2).
+ *
+ * Verifies that PgserveDaemon.handleSocketOpen calls handleControlAccept on
+ * every accept, producing a `connection_routed` audit entry whose fingerprint
+ * is the documented 12-hex blob.
+ *
+ * Boots a real daemon (with isolated controlSocketDir + auditLogFile), dials
+ * the control socket via Bun.connect, and tails the audit log.
+ */
+import { describe, test, expect } from 'bun:test';
+import fs from 'fs';
+import os from 'os';
+import path from 'path';
+import {
+  PgserveDaemon,
+  resolveControlSocketPath,
+  resolvePidLockPath,
+} from '../src/daemon.js';
+import { createLogger } from '../src/logger.js';
+import { AUDIT_EVENTS, configureAudit } from '../src/audit.js';
+function silentLogger() {
+  return createLogger({ level: 'warn' });
+}
+function makeIsolated(tag) {
+  const dir = path.join(os.tmpdir(), `pgserve-daemon-fp-${tag}-${process.pid}-${Date.now()}`);
+  fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  return dir;
+}
+function readAuditLines(logFile) {
+  if (!fs.existsSync(logFile)) return [];
+  return fs.readFileSync(logFile, 'utf8')
+    .split('\n')
+    .filter(Boolean)
+    .map((l) => JSON.parse(l));
+}
+describe('Group 3 — daemon emits connection_routed on accept', () => {
+  test('handleSocketOpen derives fingerprint and audits connection_routed', async () => {
+    const dir = makeIsolated('routed');
+    const auditLogFile = path.join(dir, 'audit.log');
+    const daemon = new PgserveDaemon({
+      controlSocketDir: dir,
+      controlSocketPath: resolveControlSocketPath(dir),
+      pidLockPath: resolvePidLockPath(dir),
+      pgPort: 16100,
+      auditLogFile,
+      auditTarget: 'file',
+      logger: silentLogger(),
+    });
+    await daemon.start();
+    try {
+      // Dial the control socket. We don't need to push a real PG startup
+      // message — the accept hook fires the moment the connection opens,
+      // before any handshake bytes are needed.
+      const acceptedFingerprint = await new Promise((resolve, reject) => {
+        const timer = setTimeout(() => reject(new Error('timeout waiting for accept')), 2000);
+        daemon.once('accept', ({ fingerprint }) => {
+          clearTimeout(timer);
+          resolve(fingerprint);
+        });
+        Bun.connect({
+          unix: daemon.controlSocketPath,
+          socket: {
+            open(s) { s.end(); },
+            data() {},
+            close() {},
+            error(_s, err) { clearTimeout(timer); reject(err); },
+          },
+        }).catch((err) => { clearTimeout(timer); reject(err); });
+      });
+      expect(acceptedFingerprint).toBeDefined();
+      expect(acceptedFingerprint.fingerprint).toMatch(/^[0-9a-f]{12}$/);
+      // Allow the audit appendFileSync to flush. Poll briefly.
+      const deadline = Date.now() + 1000;
+      let entries = [];
+      while (Date.now() < deadline) {
+        entries = readAuditLines(auditLogFile);
+        if (entries.length > 0) break;
+        await new Promise((r) => setTimeout(r, 25));
+      }
+      expect(entries.length).toBeGreaterThan(0);
+      const routed = entries.find((e) => e.event === AUDIT_EVENTS.CONNECTION_ROUTED);
+      expect(routed).toBeDefined();
+      expect(routed.fingerprint).toMatch(/^[0-9a-f]{12}$/);
+      expect(routed.fingerprint).toBe(acceptedFingerprint.fingerprint);
+      expect(routed.peer_uid).toBe(process.getuid());
+      expect(typeof routed.peer_pid).toBe('number');
+      expect(['package', 'script']).toContain(routed.mode);
+    } finally {
+      await daemon.stop();
+      // Reset audit module's mutable defaults so other tests aren't affected.
+      configureAudit({
+        logFile: path.join(os.homedir(), '.pgserve', 'audit.log'),
+        target: process.env.PGSERVE_AUDIT_TARGET || 'file',
+      });
+      fs.rmSync(dir, { recursive: true, force: true });
+    }
+  });
+});