/** * Saasuluk API (Cloudflare) — CONFORMANCE suite. AUTO-GENERATED by @suluk/testgen from the v4 contract (OpenAPI 4.0.0-candidate). Do not edit. * * The contract's claims, made executable. Run it against a deployment: * SULUK_BASE_URL=https://saasuluk.saastemly.com bun test saasuluk-api-cloudflare-.conformance.test.ts * * It asserts the SERVER ENFORCES x-suluk-access on the real wire (73/97 ops are non-public and must * deny anon), smoke-tests declared statuses, validates 2xx bodies against their declared schemas, and checks every * declared cost is well-formed. x-suluk-access is the EXPECTATION; the WIRE is the truth — a green run proves the * two AGREE. The server is the only authz boundary (C022 inv.3); this never asserts over a projection. * * Optional positive-side checks: set SULUK_ADMIN_TOKEN / SULUK_USER_TOKEN to SYNTHETIC principals (never a * production credential) to also assert that a valid principal IS allowed through. * * Requires: `npm i @cfworker/json-schema` (for response-schema conformance) + a fetch-capable runtime. */ import { test, expect, describe } from "bun:test"; import { Validator } from "@cfworker/json-schema"; const BASE = (typeof process !== "undefined" && process.env.SULUK_BASE_URL) || "https://saasuluk.saastemly.com"; const ADMIN = typeof process !== "undefined" ? process.env.SULUK_ADMIN_TOKEN : undefined; const USER = typeof process !== "undefined" ? process.env.SULUK_USER_TOKEN : undefined; const isJson = (r: Response) => (r.headers.get("content-type") || "").includes("json"); function validate(schema: unknown, value: unknown) { return new Validator(schema as object, "2020-12").validate(value); } async function call(method: string, path: string, opts: { token?: string; body?: unknown } = {}): Promise { const headers: Record = {}; if (opts.token) headers.authorization = "Bearer " + opts.token; let body: string | undefined; if (opts.body !== undefined) { headers["content-type"] = "application/json"; body = JSON.stringify(opts.body); } return fetch(BASE + path, { method, headers, body }); } describe("analyticsRevenue [GET analytics/revenue] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/analytics/revenue"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/analytics/revenue", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/analytics/revenue"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(20) && 20 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("analyticsSummary [GET analytics/summary] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/analytics/summary"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/analytics/summary", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/analytics/summary"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(20) && 20 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("analyticsTopProducts [GET analytics/top-products] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/analytics/top-products"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/analytics/top-products", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/analytics/top-products"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(24) && 24 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteApiToken [DELETE apiToken/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/apiToken/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/apiToken/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/apiToken/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(118) && 118 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getApiToken [GET apiToken/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/apiToken/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/apiToken/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/apiToken/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateApiToken [PATCH apiToken/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/apiToken/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/apiToken/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/apiToken/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createApiToken [POST apiToken] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/apiToken", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/apiToken", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/apiToken", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listApiToken [GET apiToken] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/apiToken"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/apiToken", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/apiToken"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("generateAvatar [GET avatar] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/avatar"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/avatar"); expect([200], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/avatar"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"string"}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(2) && 2 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("connectBilling [POST billing/connect] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/billing/connect", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/billing/connect", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/billing/connect", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(160) && 160 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("openBillingPortal [POST billing/portal] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/billing/portal", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/billing/portal", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/billing/portal", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("reportUsage [POST billing/report] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/billing/report", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/billing/report", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/billing/report", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteBillingAccount [DELETE billingAccount/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/billingAccount/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/billingAccount/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/billingAccount/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(118) && 118 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getBillingAccount [GET billingAccount/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/billingAccount/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/billingAccount/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/billingAccount/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateBillingAccount [PATCH billingAccount/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/billingAccount/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/billingAccount/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/billingAccount/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createBillingAccount [POST billingAccount] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/billingAccount", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/billingAccount", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/billingAccount", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listBillingAccount [GET billingAccount] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/billingAccount"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/billingAccount", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/billingAccount"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteCart [DELETE cart/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/cart/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/cart/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/cart/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(121) && 121 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getCart [GET cart/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/cart/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/cart/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/cart/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(10) && 10 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateCart [PATCH cart/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/cart/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/cart/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/cart/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(135) && 135 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createCart [POST cart] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/cart", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/cart", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/cart", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(135) && 135 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listCart [GET cart] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/cart"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/cart", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/cart"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(10) && 10 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteCategory [DELETE category/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/category/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/category/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/category/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(118) && 118 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getCategory [GET category/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/category/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateCategory [PATCH category/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/category/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/category/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/category/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createCategory [POST category] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/category", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/category", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/category", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listCategory [GET category] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/category"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/category"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/category"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"name":{"type":"string","maxLength":100,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"slug":{"type":"string","maxLength":80,"pattern":"^[a-z0-9]+(?:-[a-z0-9]+)*$"}},"required":["name","slug"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("confirmCheckout [POST checkout/confirm] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/checkout/confirm", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(30) && 30 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("checkout [POST checkout/order] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/checkout/order", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(180) && 180 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("payCheckout [POST checkout/pay] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/checkout/pay", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(190) && 190 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteContactSubmission [DELETE contactSubmission/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/contactSubmission/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/contactSubmission/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/contactSubmission/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(115) && 115 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getContactSubmission [GET contactSubmission/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/contactSubmission/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/contactSubmission/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/contactSubmission/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateContactSubmission [PATCH contactSubmission/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/contactSubmission/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/contactSubmission/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/contactSubmission/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createContactSubmission [POST contactSubmission] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/contactSubmission", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listContactSubmission [GET contactSubmission] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/contactSubmission"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/contactSubmission", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/contactSubmission"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("validateDiscount [POST discount/validate] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/discount/validate", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(10) && 10 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteDiscountCode [DELETE discountCode/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/discountCode/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/discountCode/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/discountCode/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(118) && 118 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getDiscountCode [GET discountCode/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/discountCode/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/discountCode/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/discountCode/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateDiscountCode [PATCH discountCode/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/discountCode/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/discountCode/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/discountCode/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createDiscountCode [POST discountCode] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/discountCode", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/discountCode", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/discountCode", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listDiscountCode [GET discountCode] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/discountCode"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/discountCode", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/discountCode"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteFaq [DELETE faq/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/faq/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/faq/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/faq/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(115) && 115 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getFaq [GET faq/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/faq/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateFaq [PATCH faq/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/faq/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/faq/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/faq/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createFaq [POST faq] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/faq", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/faq", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/faq", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listFaq [GET faq] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/faq"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/faq"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/faq"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"question":{"type":"string","maxLength":300,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"answer":{"type":"string","maxLength":2000,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f\\u007f]*$"},"sortOrder":{"type":"integer","minimum":0,"maximum":100000},"isActive":{"type":"boolean"}},"required":["question","answer"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteMedia [DELETE media/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/media/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/media/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/media/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(115) && 115 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getMedia [GET media/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/media/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateMedia [PATCH media/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/media/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/media/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/media/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createMedia [POST media] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/media", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/media", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/media", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listMedia [GET media] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/media"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/media"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/media"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"url":{"type":"string","format":"uri"},"alt":{"type":"string","maxLength":300,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"width":{"anyOf":[{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},{"type":"null"}]},"height":{"anyOf":[{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},{"type":"null"}]}},"required":["url","alt"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("subscribeNewsletter [POST newsletter/subscribe] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/newsletter/subscribe", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteNewsletterSubscriber [DELETE newsletterSubscriber/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/newsletterSubscriber/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/newsletterSubscriber/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/newsletterSubscriber/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(115) && 115 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getNewsletterSubscriber [GET newsletterSubscriber/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/newsletterSubscriber/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/newsletterSubscriber/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/newsletterSubscriber/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateNewsletterSubscriber [PATCH newsletterSubscriber/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/newsletterSubscriber/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/newsletterSubscriber/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/newsletterSubscriber/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createNewsletterSubscriber [POST newsletterSubscriber] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("POST", "/newsletterSubscriber", { body: {} }); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listNewsletterSubscriber [GET newsletterSubscriber] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("GET", "/newsletterSubscriber"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/newsletterSubscriber", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/newsletterSubscriber"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(6) && 6 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteOrder [DELETE order/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/order/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/order/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/order/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(136) && 136 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getOrder [GET order/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/order/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/order/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/order/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(12) && 12 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateOrder [PATCH order/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/order/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/order/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/order/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(160) && 160 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createOrder [POST order] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/order", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/order", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/order", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(160) && 160 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listOrder [GET order] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/order"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/order", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/order"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(12) && 12 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deletePost [DELETE post/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/post/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/post/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/post/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(127) && 127 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getPost [GET post/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/post/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updatePost [PATCH post/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/post/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/post/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/post/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(145) && 145 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createPost [POST post] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/post", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/post", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/post", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(145) && 145 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listPost [GET post] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/post"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/post"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/post"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"title":{"type":"string","maxLength":200,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"slug":{"type":"string","maxLength":120,"pattern":"^[a-z0-9]+(?:-[a-z0-9]+)*$"},"excerpt":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"body":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"status":{"type":"string","enum":["draft","published"]},"publishedAt":{"anyOf":[{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},{"type":"null"}]},"authorId":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"coverImageUrl":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]}},"required":["title","slug"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteProduct [DELETE product/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/product/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/product/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/product/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(127) && 127 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getProduct [GET product/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/product/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(10) && 10 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateProduct [PATCH product/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/product/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/product/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/product/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(145) && 145 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createProduct [POST product] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/product", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/product", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/product", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(145) && 145 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listProduct [GET product] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/product"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/product"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/product"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"name":{"type":"string","maxLength":160,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"slug":{"type":"string","maxLength":100,"pattern":"^[a-z0-9]+(?:-[a-z0-9]+)*$"},"description":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"priceCents":{"type":"integer","minimum":0,"maximum":1000000000},"categoryId":{"anyOf":[{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},{"type":"null"}]},"inventory":{"type":"integer","minimum":0,"maximum":1000000},"imageUrl":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"status":{"type":"string","enum":["draft","published"]},"stripePriceId":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]}},"required":["name","slug"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(10) && 10 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteProject [DELETE project/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/project/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/project/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/project/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(124) && 124 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getProject [GET project/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/project/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/project/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/project/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(12) && 12 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateProject [PATCH project/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/project/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/project/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/project/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createProject [POST project] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/project", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/project", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/project", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listProject [GET project] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/project"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/project", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/project"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(12) && 12 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("recommendRelated [GET recommendations/{productId}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/recommendations/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(16) && 16 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("markReviewHelpful [POST review/{id}/helpful] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/review/1/helpful"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/review/1/helpful", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/review/1/helpful"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteReview [DELETE review/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/review/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/review/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/review/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(124) && 124 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getReview [GET review/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/review/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateReview [PATCH review/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/review/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/review/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/review/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createReview [POST review] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/review", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/review", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/review", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(140) && 140 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listReview [GET review] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/review"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/review"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/review"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"productId":{"type":"integer","minimum":1,"maximum":1000000000000},"customerId":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"rating":{"type":"integer","minimum":1,"maximum":5},"title":{"type":"string","maxLength":160,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"body":{"anyOf":[{"type":"string","maxLength":1024,"pattern":"^[^\\u0000-\\u0008\\u000b\\u000c\\u000e-\\u001f]*$"},{"type":"null"}]},"status":{"type":"string","enum":["pending","published"]},"helpfulCount":{"type":"integer","minimum":0,"maximum":1000000000},"createdAt":{"anyOf":[{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},{"type":"null"}]}},"required":["productId","title"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("search [GET search] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/search"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/search"); expect([200], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/search"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"object"}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(14) && 14 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("revokeToken [POST tokens/{id}/revoke] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/tokens/1/revoke"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/tokens/1/revoke", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/tokens/1/revoke"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(120) && 120 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createToken [POST tokens/create] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/tokens/create", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/tokens/create", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/tokens/create", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteVariant [DELETE variant/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/variant/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/variant/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/variant/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(118) && 118 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getVariant [GET variant/{id}] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/variant/1"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateVariant [PATCH variant/{id}] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/variant/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/variant/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/variant/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createVariant [POST variant] · admin", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: admin, verified on the wire — not the facet)", async () => { const r = await call("POST", "/variant", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a admin op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_ADMIN_TOKEN)", async () => { const tok = ADMIN; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/variant", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/variant", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(130) && 130 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listVariant [GET variant] · anyone", () => { test("access — public: anon is NOT auth-blocked (x-suluk-access: anyone, verified on the wire)", async () => { const r = await call("GET", "/variant"); expect([401, 403], "a public op must be reachable by anon — got " + r.status).not.toContain(r.status); }); test("status — returns a declared status", async () => { const r = await call("GET", "/variant"); expect([200,500], "undeclared status " + r.status).toContain(r.status); }); test("conformance — a 2xx body validates against the declared response schema", async () => { const r = await call("GET", "/variant"); if (r.status >= 300 || !isJson(r)) return; const v = validate({"type":"array","items":{"type":"object","properties":{"id":{"type":"integer","minimum":-9007199254740991,"maximum":9007199254740991},"productId":{"type":"integer","minimum":1,"maximum":1000000000000},"title":{"type":"string","maxLength":160,"pattern":"^[^<>\\u0000-\\u001f\\u007f]*$"},"priceCents":{"type":"integer","minimum":0,"maximum":1000000000},"inventory":{"type":"integer","minimum":0,"maximum":1000000}},"required":["productId","title"],"additionalProperties":false}}, await r.json()); expect(v.valid, "response body does not conform: " + JSON.stringify(v.errors?.slice(0, 3))).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("deleteWishlistItem [DELETE wishlistItem/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("DELETE", "/wishlistItem/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("DELETE", "/wishlistItem/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("DELETE", "/wishlistItem/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(115) && 115 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("getWishlistItem [GET wishlistItem/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/wishlistItem/1"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/wishlistItem/1", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/wishlistItem/1"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("updateWishlistItem [PATCH wishlistItem/{id}] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("PATCH", "/wishlistItem/1", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("PATCH", "/wishlistItem/1", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("PATCH", "/wishlistItem/1", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("createWishlistItem [POST wishlistItem] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("POST", "/wishlistItem", { body: {} }); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("POST", "/wishlistItem", { token: tok, body: {} }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("POST", "/wishlistItem", { body: {} }); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(125) && 125 >= 0, "x-suluk-cost is malformed").toBe(true); }); }); describe("listWishlistItem [GET wishlistItem] · authenticated", () => { test("access — ENFORCED: anon gets NO success (x-suluk-access: authenticated, verified on the wire — not the facet)", async () => { const r = await call("GET", "/wishlistItem"); // the server is the boundary (C022 inv.3): a non-public op must DENY anon. Success here is a real hole. expect([200, 201, 204], "anon succeeded on a authenticated op — the server is NOT enforcing x-suluk-access").not.toContain(r.status); }); test("access — admin/owner principal reaches it (positive; skipped without SULUK_USER_TOKEN)", async () => { const tok = USER; if (!tok) return; // optional: provide a synthetic principal token to assert the positive side const r = await call("GET", "/wishlistItem", { token: tok }); expect([401, 403], "a valid principal was rejected (status " + r.status + ")").not.toContain(r.status); }); test("error-conformance — a denied request returns a well-formed Problem Details body (RFC-9457)", async () => { const r = await call("GET", "/wishlistItem"); if (r.status < 400) return; // a success here is already flagged by the access test above const body = isJson(r) ? await r.json() : {}; // the shared @suluk/hono envelope: title (string) + status (number) === HTTP status (isProblemDetails shape). expect(typeof body.title === "string" && body.status === r.status, "deny body is not RFC-9457 Problem Details: " + JSON.stringify(body)).toBe(true); }); test("cost — declares a well-formed x-suluk-cost", () => { expect(Number.isFinite(8) && 8 >= 0, "x-suluk-cost is malformed").toBe(true); }); });